Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please Help - random popups, and constant high CPU usage

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please Help - random popups, and constant high CPU usage

Unread postby GenericUser » March 14th, 2009, 11:04 pm

My computer has been running extremely slow, and something is causing my computer to constantly try and connect to some malicious website. If I do not block internet explorer with my firewall, then pop-ups will continue to fill my desktop. To me it seems like rundll32.exe is running some suspicious looking files such as veditoyo.dll, gunalahe.dll, burazahe.dll, Fmazupise.dll, and Irureyesogufut.dat. Though I don't really know if these are legitimate or not.
Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:19 PM, on 3/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\STOPzilla!\SZOptions.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.simtel.net/product.php[id]66509[SiteID]simtel.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7939d851-acab-48e4-8674-9274e1da9bde} - C:\WINDOWS\system32\sewadojo.dll
O2 - BHO: {5f3a96f2-3708-a15b-2964-ce15ff52785b} - {b58725ff-51ec-4692-b51a-80732f69a3f5} - C:\WINDOWS\system32\vklzcn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [Gruqoviloxeg] rundll32.exe "C:\WINDOWS\Fmazupise.dll",e
O4 - HKLM\..\Run: [Kvosibebax] rundll32.exe "C:\WINDOWS\Irureyesogufut.dat",e
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jamulumegi] Rundll32.exe "C:\WINDOWS\system32\veditoyo.dll",s
O4 - HKLM\..\Run: [e00882c8] rundll32.exe "C:\WINDOWS\system32\gunalahe.dll",b
O4 - HKLM\..\Run: [CPMe33bb154] Rundll32.exe "c:\windows\system32\burazahe.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [jamulumegi] Rundll32.exe "C:\WINDOWS\system32\veditoyo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Shortcut to Alarm Clock Pro.exe.lnk = C:\Program Files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\dawesiye.dll vklzcn.dll c:\windows\system32\burazahe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 12815 bytes
GenericUser
Active Member
 
Posts: 11
Joined: March 14th, 2009, 10:59 pm
Advertisement
Register to Remove

Re: Please Help - random popups, and constant high CPU usage

Unread postby muppy03 » March 18th, 2009, 3:15 am

Hello and welcome to the Malware Removal Forums

I will be assisting you with your Malware issues.

IMPORTANT

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean!
  • If you have any questions or are unsure in anyway, please let me know. I will try my best to help you!
  • Please reply to this thread. Do not start a new topic.
  • As I am still in training, everything that I post to you, must be checked by one of the teachers. Therefore, there may be a slight delay between posts.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please Help - random popups, and constant high CPU usage

Unread postby muppy03 » March 18th, 2009, 6:38 am

Hi There

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-


  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please Help - random popups, and constant high CPU usage

Unread postby GenericUser » March 18th, 2009, 3:20 pm

Here is the uninstall list (the other two logs are on their way):

3ivx D4 4.5.1 Decoder (remove only)
7-Zip 4.57
Ad-Aware
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Audition 3.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe Captivate 3
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Presenter 7
Adobe Presenter 7
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Alarm Clock Pro
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audacity 1.2.6
AVG 7.5
Bonjour
Camtasia Studio 5
CDDRV_Installer
Cisco Systems VPN Client 5.0.03.0530
Collab
Critical Update for Windows Media Player 11 (KB959772)
Dev-C++ 5 beta 9 release (4.9.9.2)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Ext2 IFS 1.11 for Windows XP
FileZilla Client 3.0.10
FL Studio 8
FLAC 1.2.1b (remove only)
FLV Player 1.3.3
Free M4a to MP3 Converter 6.0
GTK+ Runtime 2.12.8 rev a (remove only)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP Product Assistant
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
Ice Crystal
IconPackager
IconPackager
IL Download Manager
InfraRecorder
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KhalInstallWrapper
Logitech SetPoint
Maple 11
mCore
mDriver
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.0.7)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
PDF Settings
PhotoNow! 1.0
Picture Package Music Transfer
Pidgin
PixiePack Codec Pack
PoiZone
PowerDirector
PowerDVD Ultra
QuickTime
RadLight MPC DirectShow Filter (remove only)
Rainmeter (remove only)
Rhapsody Player Engine
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Setting Utility Series
SigmaTel Audio
Skype™ 3.8
SmartSound Quicktracks Plugin
SnagIt 8
SnagIt 9
Songbird 0.5 (20080325)
Sony Media Manager 2.2
Sony Picture Utility
Sony USB Driver
Sony Utilities DLL
SoulSeek Client 156c
SpywareBlaster 4.1
SSH Secure Shell
STOPzilla
SUPERAntiSpyware Free Edition
Sygate Personal Firewall
Toxic Biohazard
UltraMon
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VAIO Event Service
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6i
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Driver Package - NVIDIA (nv) Display (03/06/2006 8.4.1.8)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip 11.1
Wireless Switch Setting Utility
ZoneAlarm
GenericUser
Active Member
 
Posts: 11
Joined: March 14th, 2009, 10:59 pm

Re: Please Help - random popups, and constant high CPU usage

Unread postby GenericUser » March 18th, 2009, 6:56 pm

Here are the next logs:

Malwarebytes' Anti-Malware 1.34
Database version: 1864
Windows 5.1.2600 Service Pack 3

3/18/2009 4:29:40 PM
mbam-log-2009-03-18 (16-29-40).txt

Scan type: Full Scan (C:\|H:\|)
Objects scanned: 208194
Time elapsed: 3 hour(s), 9 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 9
Registry Keys Infected: 12
Registry Values Infected: 7
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dawesiye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gidogudi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sewadojo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\veditoyo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\fanudugu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gxvmmy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\zedomoje.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bndqlv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Irureyesogufut.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a7de9b2b-20ed-4969-8ad5-0123ed1473dd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7de9b2b-20ed-4969-8ad5-0123ed1473dd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7939d851-acab-48e4-8674-9274e1da9bde} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7939d851-acab-48e4-8674-9274e1da9bde} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7939d851-acab-48e4-8674-9274e1da9bde} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7de9b2b-20ed-4969-8ad5-0123ed1473dd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b58725ff-51ec-4692-b51a-80732f69a3f5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e00882c8 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jamulumegi (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpme33bb154 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gruqoviloxeg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kvosibebax (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dawesiye.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\dawesiye.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dawesiye.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\fanudugu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\fanudugu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\bndqlv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gidogudi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\idugodig.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gunalahe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ehalanug.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wibakihi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ihikabiw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\veditoyo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\fanudugu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sewadojo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dawesiye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gxvmmy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\zedomoje.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bafoline.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Irureyesogufut.dat (Trojan.Agent) -> Delete on reboot.

info.txt logfile of random's system information tool 1.05 2009-03-18 16:51:37

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 Decoder (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1 Decoder\uninstall.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe Captivate 3-->MsiExec.exe /X{2E7B6B00-5ECD-49A1-8FD4-4B647C5D8027}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Presenter 7-->msiexec /I {4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}
Adobe Presenter 7-->MsiExec.exe /I{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alarm Clock Pro-->MsiExec.exe /I{8FDB70DA-EE57-40F1-ADEA-4FD99ABA30E2}
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Camtasia Studio 5-->MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Cisco Systems VPN Client 5.0.03.0530-->MsiExec.exe /X{4C271126-C295-4828-A901-5910AE0C258B}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Ext2 IFS 1.11 for Windows XP-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 130 Ext2Ifs_for_NT501.inf
FileZilla Client 3.0.10-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -ISnyHDANk.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Imaging Device Functions 6.1-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Ice Crystal-->"C:\WINDOWS\Ice Crystal Uninstaller\unins000.exe"
IconPackager-->"C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}\IconPackager.exe" REMOVE=TRUE MODIFY=FALSE
IconPackager-->C:\Documents and Settings\All Users\Application Data\{8CC5CF4A-124E-41BA-B58C-A41F05BE09CC}\IconPackager.exe
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maple 11-->"E:\Maple\Uninstall_Maple 11\Uninstall Maple 11.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC-->C:\Program Files\mIRC2\uninstall.exe _?=C:\Program Files\mIRC2
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
PowerDVD Ultra-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RadLight MPC DirectShow Filter (remove only)-->"C:\WINDOWS\system32\RadLightMPCUninstall.exe"
Rainmeter (remove only)-->"C:\Program Files\Rainmeter\uninst.exe"
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\Setup.exe" -l0x9 UNINSTALL
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SnagIt 8-->MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
SnagIt 9-->MsiExec.exe /I{2FADA80A-5D89-4CC8-9ED7-445527754A83}
Songbird 0.5 (20080325)-->"C:\Program Files\Songbird\Songbird-Uninstall.exe"
Sony Media Manager 2.2-->MsiExec.exe /X{2B5A75F0-FD85-4094-AB00-94902398D192}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\Setup.exe" -l0x9
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
STOPzilla-->MsiExec.exe /X{7A5E68D5-DEA7-4067-B191-B4AE756C057B}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
UltraMon-->MsiExec.exe /I{E67FF1A2-23C1-4102-84E9-42115F77AD32}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\Setup.exe" -l0x9
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Driver Package - NVIDIA (nv) Display (03/06/2006 8.4.1.8)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\nvsz_96DEE84EA7FC437278B58F57CF0B63744FF96BB7\nvsz.inf
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Wireless Switch Setting Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\Setup.exe" -l0x9
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: AVG 7.5.557
FW: Sygate Personal Firewall

System event log

Computer Name: OLDIRTYBARSTARD
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{38E1F909-94EA-46A7-8C94-78F6FB1B6D2C} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 24345
Source Name: Tcpip
Time Written: 20090214224025.000000-420
Event Type: information
User:

Computer Name: OLDIRTYBARSTARD
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{38E1F909-94EA-46A7-8C94-78F6FB1B6D2C} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 24344
Source Name: Tcpip
Time Written: 20090214224020.000000-420
Event Type: information
User:

Computer Name: OLDIRTYBARSTARD
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{38E1F909-94EA-46A7-8C94-78F6FB1B6D2C} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 24343
Source Name: Tcpip
Time Written: 20090214224015.000000-420
Event Type: information
User:

Computer Name: OLDIRTYBARSTARD
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{38E1F909-94EA-46A7-8C94-78F6FB1B6D2C} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 24342
Source Name: Tcpip
Time Written: 20090214224005.000000-420
Event Type: information
User:

Computer Name: OLDIRTYBARSTARD
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{38E1F909-94EA-46A7-8C94-78F6FB1B6D2C} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 24341
Source Name: Tcpip
Time Written: 20090214224000.000000-420
Event Type: information
User:

Application event log

Computer Name: OLDIRTYBARSTARD
Event Code: 1
Message: Service started

Record Number: 1516
Source Name: AVGEMS
Time Written: 20080613002816.000000-360
Event Type: information
User:

Computer Name: OLDIRTYBARSTARD
Event Code: 0
Message:
Record Number: 1515
Source Name: RichVideo
Time Written: 20080613002816.000000-360
Event Type: information
User:

Computer Name: OLDIRTYBARSTARD
Event Code: 0
Message:
Record Number: 1514
Source Name: RegSrvc
Time Written: 20080613002816.000000-360
Event Type: information
User:

Computer Name: OLDIRTYBARSTARD
Event Code: 1
Message:
Record Number: 1513
Source Name: Bonjour Service
Time Written: 20080613002815.000000-360
Event Type: information
User:

Computer Name: OLDIRTYBARSTARD
Event Code: 1
Message: Service started

Record Number: 1512
Source Name: Avg7UpdSvc
Time Written: 20080613002815.000000-360
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"KMP_DUPLICATE_LIB_OK"=TRUE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Anthony at 2009-03-18 16:51:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (9%) free of 32 GB
Total RAM: 1022 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:30 PM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Documents and Settings\Anthony\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Anthony.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.simtel.net/product.php[id]66509[SiteID]simtel.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [jamulumegi] Rundll32.exe "C:\WINDOWS\system32\veditoyo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Shortcut to Alarm Clock Pro.exe.lnk = C:\Program Files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\burazahe.dll c:\windows\system32\pipibuju.dll bndqlv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 12296 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-602162358-839522115-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-09-16 66888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
ZILLAbar Browser Helper Object - C:\Program Files\STOPzilla!\SZSG.dll [2009-03-12 247232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
STOPzilla Browser Helper Object - C:\Program Files\STOPzilla!\SZIEBHO.dll [2009-03-12 222656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-09-16 161096]
{98828DED-A591-462F-83BA-D2F62A68B8B8} - STOPzilla - C:\Program Files\STOPzilla!\SZSG.dll [2009-03-12 247232]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-06 7557120]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-11-17 118784]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-20 32768]
"Switcher.exe"=C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [2005-11-24 167936]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2009-02-24 590848]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-23 136600]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"UltraMon"=C:\Program Files\UltraMon\UltraMon.exe [2006-10-12 304640]
"SysMetrix"=C:\Program Files\SysMetrix\SysMetrix.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-11 342312]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-04-23 22058792]
"Google Update"=C:\Documents [2008-05-09 390]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-02-17 1830128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
SnagIt 9.lnk - C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
VPN Client.lnk - C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Anthony\Start Menu\Programs\Startup
Pidgin.lnk - C:\Program Files\Pidgin\pidgin.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe
Shortcut to Alarm Clock Pro.exe.lnk - C:\Program Files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" c:\windows\system32\burazahe.dll c:\windows\system32\pipibuju.dll bndqlv.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2007-11-15 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2005-05-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll [2008-05-15 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\CyberLink\PowerDirector\PDR.exe"="C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Maple 11\jre\bin\maple.exe"="C:\Program Files\Maple 11\jre\bin\maple.exe:*:Enabled:Maple 11"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\Anthony\Desktop\Eclipse - Java\eclipse\eclipse.exe"="C:\Documents and Settings\Anthony\Desktop\Eclipse - Java\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Adobe\Flex Builder 3\jre\bin\javaw.exe"="C:\Program Files\Adobe\Flex Builder 3\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\lcds\jrun4\bin\jrun.exe"="C:\lcds\jrun4\bin\jrun.exe:*:Enabled:JRun JAR Launcher"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Anthony\Desktop\eclipse-SDK-3.4-win32\eclipse\eclipse.exe"="C:\Documents and Settings\Anthony\Desktop\eclipse-SDK-3.4-win32\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\mIRC2\mirc.exe"="C:\Program Files\mIRC2\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"E:\Maple\jre\bin\maple.exe"="E:\Maple\jre\bin\maple.exe:*:Enabled:Maple 11"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe"="C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe:*:Enabled:SZServer"
"C:\WINDOWS\system32\HPZipm12.exe"="C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4534b51e-0867-11dd-b62a-0013a90a5089}]
shell\AutoRun\command - I:\system\viewer\Viewer.exe
shell\View your videos\command - I:\system\viewer\Viewer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ccc8c41-f967-11dc-b60c-0013a90a5089}]
shell\AutoRun\command - E:\LaunchU3.exe


======List of files/folders created in the last 1 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\yawelibi.dll
2009-03-18 16:44:36 ----D---- C:\rsit
2009-03-18 13:15:38 ----D---- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2009-03-18 13:15:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-18 13:15:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-15 21:31:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-15 21:30:52 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-15 21:30:51 ----D---- C:\Documents and Settings\Anthony\Application Data\SUPERAntiSpyware.com
2009-03-15 19:56:54 ----D---- C:\WINDOWS\4C271126C2954828A9015910AE0C258B.TMP
2009-03-15 19:25:14 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-03-15 19:25:08 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-03-15 19:25:08 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-03-15 19:24:59 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-03-15 19:24:54 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-03-15 19:24:52 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-03-15 19:24:52 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-03-15 19:24:51 ----A---- C:\WINDOWS\system32\~GLH0014.TMP
2009-03-15 19:24:12 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-03-15 19:07:45 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-03-15 19:07:40 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-03-15 19:07:37 ----A---- C:\WINDOWS\system32\~GLH0013.TMP
2009-03-15 19:05:03 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-03-15 18:15:46 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-03-15 13:27:52 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-15 13:26:18 ----D---- C:\Program Files\SpywareBlaster
2009-03-15 13:22:07 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-15 13:20:59 ----D---- C:\Program Files\Lavasoft
2009-03-15 13:20:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-03-14 20:40:13 ----D---- C:\Program Files\Trend Micro
2009-03-14 14:05:48 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-03-14 14:04:16 ----D---- C:\Program Files\STOPzilla!
2009-03-14 14:04:15 ----D---- C:\Program Files\Common Files\iS3
2009-03-14 14:04:13 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-03-12 01:12:42 ----D---- C:\Program Files\iPod
2009-03-12 01:12:30 ----D---- C:\Program Files\iTunes
2009-03-12 01:12:30 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-11 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 03:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 03:02:40 ----D---- C:\lc3
2009-03-04 15:33:18 ----RA---- C:\WINDOWS\system32\SZIO5.dll
2009-03-04 15:32:20 ----RA---- C:\WINDOWS\system32\SZBase5.dll
2009-03-04 15:31:54 ----RA---- C:\WINDOWS\system32\SZComp5.dll
2009-03-02 21:59:43 ----D---- C:\Program Files\Koingo Software
2009-02-26 04:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-25 01:31:13 ----A---- C:\WINDOWS\system32\WMIMPLEX.dll
2009-02-25 01:31:13 ----A---- C:\WINDOWS\system32\maplec.dll

======List of files/folders modified in the last 1 months======

2009-03-18 16:51:04 ----D---- C:\Documents and Settings\Anthony\Application Data\.purple
2009-03-18 16:48:44 ----D---- C:\WINDOWS\Temp
2009-03-18 16:41:19 ----D---- C:\WINDOWS\system32\drivers
2009-03-18 16:40:18 ----D---- C:\Program Files\Mozilla Firefox
2009-03-18 16:39:21 ----D---- C:\WINDOWS\system32
2009-03-18 16:39:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-18 16:37:10 ----D---- C:\Documents and Settings\Anthony\Application Data\skypePM
2009-03-18 16:33:41 ----D---- C:\WINDOWS
2009-03-18 16:32:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-18 16:30:26 ----D---- C:\WINDOWS\Prefetch
2009-03-18 13:15:05 ----RD---- C:\Program Files
2009-03-18 12:48:43 ----D---- C:\Documents and Settings\Anthony\Application Data\AVG7
2009-03-16 20:32:27 ----D---- C:\Documents and Settings\Anthony\Application Data\U3
2009-03-16 19:07:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-15 23:51:16 ----HD---- C:\WINDOWS\inf
2009-03-15 21:31:37 ----SHD---- C:\WINDOWS\Installer
2009-03-15 21:31:31 ----HD---- C:\Config.Msi
2009-03-15 21:29:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-15 19:42:42 ----D---- C:\WINDOWS\Internet Logs
2009-03-15 19:04:44 ----D---- C:\WINDOWS\WinSxS
2009-03-15 18:53:20 ----D---- C:\Documents and Settings\Anthony\Application Data\Skype
2009-03-15 13:24:52 ----SD---- C:\WINDOWS\Tasks
2009-03-15 13:24:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-14 14:09:55 ----D---- C:\Documents and Settings\Anthony\Application Data\mIRC
2009-03-14 14:04:15 ----D---- C:\Program Files\Common Files
2009-03-12 21:40:16 ----D---- C:\Program Files\mIRC
2009-03-12 01:12:41 ----D---- C:\Program Files\Common Files\Apple
2009-03-12 01:10:43 ----D---- C:\Program Files\Bonjour
2009-03-12 01:09:58 ----D---- C:\Program Files\QuickTime
2009-03-11 03:06:28 ----D---- C:\Documents and Settings\Anthony\Application Data\uTorrent
2009-03-11 03:01:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-11 03:01:15 ----A---- C:\WINDOWS\imsins.BAK
2009-03-10 20:24:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 16:58:12 ----A---- C:\WINDOWS\win.ini
2009-03-06 13:41:19 ----D---- C:\Program Files\Soulseek
2009-03-02 03:16:39 ----D---- C:\Documents and Settings\Anthony\Application Data\SSH
2009-02-25 01:31:12 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-03-17 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-03-17 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-03-17 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-03-17 10760]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-01-20 179584]
R1 IfsMount;IfsMount; C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2007-12-29 49536]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-03-17 21275]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-03-17 4960]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-22 108767]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-06 3644160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\system32\DRIVERS\SonyNC.sys [2000-11-09 48896]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-17 1076472]
R3 ti21sony;ti21sony; C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 226304]
R3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvm321;Sony Visual Communication Camera VGP-VCC1; C:\WINDOWS\System32\Drivers\usbvm321.sys [2005-10-25 232448]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-11-04 43552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-03-17 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-03-17 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-03-17 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-04-17 1528608]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-23 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-06 143428]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2009-03-04 57344]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2005-05-20 153600]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-11 656168]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-22 651720]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
GenericUser
Active Member
 
Posts: 11
Joined: March 14th, 2009, 10:59 pm

Re: Please Help - random popups, and constant high CPU usage

Unread postby muppy03 » March 19th, 2009, 5:18 am

Hi GenericUser,

If you have not done so already please REBOOT your computer so MBAM can finish cleaning some of the infected files on your computer.

Can you tell me what Ice Crystal is. Is it something you recognize?

MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

SoulSeek Client 156c
uTorrent


I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Run a new HJT scan when finished and post the log back here.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

P2P programs also open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders them insecure, and access to the computer is left open even when the program is not in use. Therefore, the system's security is compromised.

So be aware that it's not just what's downloaded with P2P programs that creates problems, just having the program installed is like leaving all the doors to your house unlocked.

Please reply with:-


  • New HJT log
  • Answer to above questions.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please Help - random popups, and constant high CPU usage

Unread postby GenericUser » March 19th, 2009, 5:37 am

Ice Crystal is not something I recognize.

Edit: Nevermind, Ice Crystal is just a screensaver.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:06 AM, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.simtel.net/product.php[id]66509[SiteID]simtel.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [jamulumegi] Rundll32.exe "C:\WINDOWS\system32\veditoyo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Shortcut to Alarm Clock Pro.exe.lnk = C:\Program Files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\burazahe.dll c:\windows\system32\pipibuju.dll bndqlv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 12338 bytes
GenericUser
Active Member
 
Posts: 11
Joined: March 14th, 2009, 10:59 pm

Re: Please Help - random popups, and constant high CPU usage

Unread postby muppy03 » March 19th, 2009, 6:51 am

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please reply with:-


  • Combofix log

User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please Help - random popups, and constant high CPU usage

Unread postby GenericUser » March 19th, 2009, 4:41 pm

ComboFix 09-03-18.01 - Anthony 2009-03-19 14:15:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.352 [GMT -6:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
FW: Sygate Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents
C:\test.txt
c:\windows\system32\yawelibi.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-19 14:22 . 2009-03-19 14:22 240 --a------ c:\windows\system32\drivers\kgpcpy.cfg
2009-03-18 16:44 . 2009-03-18 16:51 <DIR> d-------- C:\rsit
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 13:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 13:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-16 03:34 . 2009-03-16 03:34 22,734 --a------ c:\windows\system32\AAWService_2009_03_16_03_34_29.dmp
2009-03-15 22:20 . 2009-03-15 22:20 0 --a------ c:\windows\system32\AAWService_2009_03_15_22_20_54.dmp
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-15 21:30 . 2009-03-15 21:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-15 21:30 . 2009-03-15 21:30 <DIR> d-------- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com
2009-03-15 19:56 . 2009-03-15 19:58 <DIR> d-------- c:\windows\4C271126C2954828A9015910AE0C258B.TMP
2009-03-15 19:29 . 2009-03-15 19:29 21,891 --a------ c:\windows\system32\AAWService_2009_03_15_19_29_31.dmp
2009-03-15 19:24 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-03-15 19:24 . 2009-03-15 19:25 348,220 --a------ c:\windows\system32\vsconfig.xml
2009-03-15 19:24 . 2008-11-13 15:18 107,408 --a------ c:\windows\system32\~GLH0014.TMP
2009-03-15 19:08 . 2009-03-15 19:08 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-03-15 19:07 . 2009-03-15 19:55 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-03-15 19:07 . 2008-11-13 15:18 107,408 --a------ c:\windows\system32\~GLH0013.TMP
2009-03-15 18:20 . 2009-03-15 18:20 0 --a------ c:\windows\system32\AAWService_2009_03_15_18_20_28.dmp
2009-03-15 18:15 . 2009-03-09 13:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-15 13:27 . 2009-03-15 13:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 13:26 . 2009-03-15 13:26 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-15 13:24 . 2009-03-09 13:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-15 13:22 . 2009-03-15 13:22 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-15 13:20 . 2009-03-15 13:20 <DIR> d-------- c:\program files\Lavasoft
2009-03-15 13:20 . 2009-03-15 13:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-14 20:40 . 2009-03-14 20:40 <DIR> d-------- c:\program files\Trend Micro
2009-03-14 14:05 . 2009-03-19 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-14 14:04 . 2009-03-14 14:04 <DIR> d-------- c:\program files\STOPzilla!
2009-03-14 14:04 . 2009-03-14 14:04 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-14 14:04 . 2009-03-19 14:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-12 01:12 . 2009-03-12 01:13 <DIR> d-------- c:\program files\iTunes
2009-03-12 01:12 . 2009-03-12 01:12 <DIR> d-------- c:\program files\iPod
2009-03-12 01:12 . 2009-03-12 01:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-10 03:02 . 2009-03-10 03:02 <DIR> d-------- C:\lc3
2009-03-04 15:33 . 2009-03-04 15:33 17,408 -ra------ c:\windows\system32\SZIO5.dll
2009-03-04 15:32 . 2009-03-04 15:32 294,912 -ra------ c:\windows\system32\SZBase5.dll
2009-03-04 15:31 . 2009-03-04 15:31 540,672 -ra------ c:\windows\system32\SZComp5.dll
2009-03-02 21:59 . 2009-03-02 21:59 <DIR> d-------- c:\program files\Koingo Software
2009-02-25 15:29 . 2009-02-25 15:29 54,912 -ra------ c:\windows\system32\drivers\SZKG.sys
2009-02-25 01:31 . 2009-02-25 01:31 147,456 --a------ c:\windows\system32\WMIMPLEX.dll
2009-02-25 01:31 . 2009-02-25 01:31 36,864 --a------ c:\windows\system32\maplec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 20:16 --------- d-----w c:\documents and settings\Anthony\Application Data\.purple
2009-03-19 20:04 --------- d-----w c:\documents and settings\Anthony\Application Data\AVG7
2009-03-19 14:04 --------- d-----w c:\documents and settings\Anthony\Application Data\skypePM
2009-03-19 09:35 --------- d-----w c:\program files\Soulseek
2009-03-17 02:32 --------- d-----w c:\documents and settings\Anthony\Application Data\U3
2009-03-16 03:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-16 00:53 --------- d-----w c:\documents and settings\Anthony\Application Data\Skype
2009-03-14 20:09 --------- d-----w c:\documents and settings\Anthony\Application Data\mIRC
2009-03-13 03:40 --------- d-----w c:\program files\mIRC
2009-03-12 07:12 --------- d-----w c:\program files\Common Files\Apple
2009-03-12 07:10 --------- d-----w c:\program files\Bonjour
2009-03-12 07:09 --------- d-----w c:\program files\QuickTime
2009-03-11 09:06 --------- d-----w c:\documents and settings\Anthony\Application Data\uTorrent
2009-03-02 09:16 --------- d-----w c:\documents and settings\Anthony\Application Data\SSH
2009-02-02 22:48 --------- d-----w c:\program files\Common Files\Deterministic Networks
2008-06-06 04:26 604 ---ha-w c:\program files\STLL Notifier
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"Google Update"="c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-06 7557120]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-17 219136]

c:\documents and settings\Anthony\Start Menu\Programs\Startup\
Pidgin.lnk - c:\program files\Pidgin\pidgin.exe [2008-02-29 44658]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-01-21 118784]
Shortcut to Alarm Clock Pro.exe.lnk - c:\program files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe [2009-02-26 12503023]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-24 784912]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-09-16 6825288]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-02-02 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 18:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Anthony\\Desktop\\eclipse-SDK-3.4-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\iS3\\Anti-Spyware\\SZServer.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Cisco VPN Client Split Tunnel
"10000:TCP"= 10000:TCP:Cisco VPN Client IPSec TCP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-15 64160]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-02-25 54912]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2008-03-17 179584]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2008-03-17 49536]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-03-17 226304]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4534b51e-0867-11dd-b62a-0013a90a5089}]
\Shell\AutoRun\command - i:\system\viewer\Viewer.exe
\Shell\View your videos\command - i:\system\viewer\Viewer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ccc8c41-f967-11dc-b60c-0013a90a5089}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:06]

2009-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-602162358-839522115-1003.job
- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 14:44]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-SysMetrix - c:\program files\SysMetrix\SysMetrix.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.simtel.net/product.php[id]66509[SiteID]simtel.net
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\9bc3a7bi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\9bc3a7bi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 14:23:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"=""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-602162358-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(1392)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\TechSmith\SnagIt 9\TscHelp.exe
c:\program files\TechSmith\SnagIt 9\SnagPriv.exe
c:\program files\TechSmith\SnagIt 9\SnagItEditor.exe
.
**************************************************************************
.
Completion time: 2009-03-19 14:32:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-19 20:32:02

Pre-Run: 2,758,950,912 bytes free
Post-Run: 5,064,155,136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

289 --- E O F --- 2009-03-11 09:01:21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:22 PM, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.simtel.net/product.php[id]66509[SiteID]simtel.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Shortcut to Alarm Clock Pro.exe.lnk = C:\Program Files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 12013 bytes
GenericUser
Active Member
 
Posts: 11
Joined: March 14th, 2009, 10:59 pm

Re: Please Help - random popups, and constant high CPU usage

Unread postby muppy03 » March 20th, 2009, 8:51 am

Hi GenericUser,

How is the pop up and re-direct situation going?

Very Important! Temporarily disable ALL your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

DISABLE AVG 7
Please open the AVG Control Center program by double-clicking on the "AVG Resident Shield" component. (looks like this:Image ) in the system tray.
  • Deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
AVG Resident shield is disabled.
When you need to enable the AVG Resident Shield again, just open the AVG Control Center program, double-click on the "AVG Resident Shield" component and select the "Turn on AVG Resident Shield" checkmark and save the setting.


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File:: 
    c:\windows\system32\drivers\kgpcpy.cfg
    
    Folder::
    c:\program files\Soulseek
    c:\documents and settings\Anthony\Application Data\uTorrent.
    
    Driver:: 
    kgpcpy
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Make sure that all browser windows are closed.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to re-enter your passwords at all sites where a cookie is used to recognize you when you visit). Click the Empty Selected button.

If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Uncheck Cookies if you do not want them deleted.
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.


If you use Opera browser
    Click Opera at the top and choose: Select All
    Uncheck Cookies if you do not want them deleted
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NEXT Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply


Please reply with:-


  • New HJT log
  • Combofix log
  • Kaspersky report
  • Answer to how computer is going now









.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please Help - random popups, and constant high CPU usage

Unread postby GenericUser » March 20th, 2009, 4:03 pm

Hey muppy03, my computer is running much quicker and the pop-ups have stopped, so thank you very much for your help so far!

Here are the logs:

ComboFix 09-03-19.02 - Anthony 2009-03-20 11:08:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.394 [GMT -6:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anthony\Desktop\CFScript.txt
AV: AVG 7.5.557 *On-access scanning disabled* (Outdated)
FW: Sygate Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\kgpcpy.cfg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anthony\Application Data\uTorrent.
c:\documents and settings\Anthony\Application Data\uTorrent.\[sv]Black.Label.Back.In.Black.DVDRip.vcd.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\[sv]Fallen.Ride.The.Sky.DVDrip.vcd.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\1994 - Illmatic (LOSSLESS).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\3rd Eye Vision.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\9thWonderandBuckshot-Chemistry-2005.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\A Colbert Christmas - The Greatest Gift of All! Soundtrack.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Adobe Photoshop CS3 Extended + Crack.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Adobe.Audition.v3.WinAll.Cracked-NoPE.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Alarm Clock Pro 8.47 [k'ed]_UB.zip.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Alpha.Dog[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Aphex Twin - I Care because You do.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Aqua Teen Hunger Force [Volume 5].torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Aqua Teen Hunger Force Colon Movie (2007) M337W4D DVDRiP KVCD BluX (TUS Release).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Aqua.Teen.Hunger.Force.Colon.Movie.Film.For.Theaters.DVDRip.XviD-DiAMOND.1.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Aqua.Teen.Hunger.Force.Colon.Movie.Film.For.Theaters.DVDRip.XviD-DiAMOND.2.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Aqua.Teen.Hunger.Force.Colon.Movie.Film.For.Theaters.DVDRip.XviD-DiAMOND.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Aqua.Teen.Hunger.Force.S05E05.DSRip.XviD-aAF.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Aqua.Teen.Hunger.Force.S05E09.DSR.XviD-OMiCRON.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Artificial.Intelligence.AI.2001.DVDRip.XviD.AC3.iNT-MF[www.moviex.info].torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\ATHF Colon Movie Film for Theaters.avi.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\ATHF.1.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\athf.avi.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\ATHF.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Atmosphere-When_Life_Gives_You_Lemons_You_Paint_That_Shit_Gold-2008-WHOA.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Avenged_Sevenfold-Avenged_Sevenfold-(Retail)-2007-FNT.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Beastie Boys - Licensed to Ill 1986 [FLAC] [h33t] - Kitlope.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Beastie Boys Discography.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Black Holes and Revelations.zip.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\blue scholars.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Carlos Santana - Greatest Hits [Pop][2008].torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Chameleon-Maynard Ferguson.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Chappelles.Show.DVDRip.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Clerks 2 DVDRip 720x Xvid AC3-HUFF.avi.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Cocky Comedy And Other Conversation Skills.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Cream - The Very Best of Cream.rar.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\CyberLink POWER DVD Ultra DELUXE(extended edition)(with serial key).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Dave Chappelle - Killin Them Softly.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\dht.dat
c:\documents and settings\Anthony\Application Data\uTorrent.\dht.dat.old
c:\documents and settings\Anthony\Application Data\uTorrent.\DJ Drama and Little Brother - Separate But Equal.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\DJ Mark Farina.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Dj Qbert's - Scratchlopedia Breaktannica.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\DJ Shadow - Entroducing....(1996).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\DJ_Skee the american godfather.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Earth, Wind & Fire Discography.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Elie.Wiesel-Night.(M.Wiesel.translation)_audiobook-Dork.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Emerica - This Is Skateboarding.mpg.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\F.M.A._Voltaire_-_Candide-4CD-1759-(Audiobook)-SE-2008-x3m.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Fear And Loathing In Las Vegas(Xvid) (Darkside_RG).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Fleetwood Mac - Fleetwood Mac - FLAC - HellraiserRG.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\FLEETWOOD MAC - THE VERY BEST OF.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Flobots_Fight With Tools.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Foundation - Thats Life(DvDRiP KkILLa.1.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Foundation - Thats Life(DvDRiP KkILLa.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\FruityLoops Studio 8.0 XXL Edition.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\FuckTeamFive.com - Jennifer Dark, Ashli Orion and Phoenix Marie.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Fugees - Blunted On Reality (1994).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Fugees - The Score.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Gran.Torino.2008.DvDRip.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\GZA_(Genius)-Pro_Tools-2008-WHOA.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Hancock.UNRATED.DVDRip.XviD-ARROW.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Harold & Kumar Escape from Guantanamo Bay [2008-DVDRip-H.264]-NewArtRiot.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Harold.and.Kumar.Escape.from.Guantanamo.Bay.SUBBED.CAM.XViD-PreVail.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\HolyGrail.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Human Giant - Season 1.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\I.Know.Who.Killed.Me[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\IcoPkager_v4.00-patch-Orthodox.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\IronMan.2008.TS.XviD-THS.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Its Always Sunny In Philadelphia.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Jake One - White Van Music [tRg Music Release].torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Jay-Z-Vol.2.Hard.Knock.Life[1998][MP3-OT]-FLAWL3SS.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Jay-Z - The Black Album Acapellas.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Jazz & Blues (pdf).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Jedi Mind Tricks-A History Of Violence-2008--Rawkus--Darkside_RG.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Jedi Mind Tricks - Instrumentals 2002.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Katt Williams - American Hustle (2007).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Ken Park [2002] [DVDRIP] [ENG].torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Led Zeppelin - Mothership 2007 [FLAC] (oan).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Lil Wayne - Tha Carter III (Instrumentals).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\LIl_Wayne-Tha_Carter_III-Special_Edition-2008-SP1200.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Little Brother - The Listening (2002).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Living Legends.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\m.c. chris.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\M.I.A-Kala (2007).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Madvillain - Madvillainy 2 The Madlib Remix (2008).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Maynard Ferguson MP3.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Maynard Ferguson.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Men Without Hats - Rhythm of Youth.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Mickey Avalon - Mickey Avalon (2005) - Copy.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Midtown-Living Well Is The Best Revenge.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Miles Davis - Birth of the Cool.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Minority_Report.avi.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\MURS 3_16 The 9th Edition - The End Of The Beginning.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Nas-Nastradamus-1999-iNT-OSM.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Nick.and.Norahs.Infinite.Playlist.REPACK.DVDRip.XviD-Larceny.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Office Space.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Ol' Dirty Bastard - 1999 - Nigga Please (320kbps) KindMetalRG.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Ol' Dirty Bastard - Return To The 36 Chambers.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\openSUSE-10.3-GM-DVD-i386-iso.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\People Under the Stairs Discography.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Pineapple.Express.2008.DVDSCR.XviD-HEFTY.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Pink Floyd - Dark Side Of The Moon (MFSL UHQR Vinyl Rip).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Pink Floyd - The Wall [MFSL UDCD 2-537] (1979)(flac).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Poison -2007- Discography.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Portishead - Dummy.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Prince & The Revolution - Parade - (1986) [FLAC-EAC-CUE].torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Prince & The Revolution - Purple Rain[cdrip]vbr[mp3]-darkjedi.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Prince And The New Revolution-Parade(Darkside_RG).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Queen - Discography.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Queen - The Game.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Qwel_and_Maker-The_Harvest-2004-CMS.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Raekwon - Only Built For Cuban Linx.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Rakim discography.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\resume.dat
c:\documents and settings\Anthony\Application Data\uTorrent.\resume.dat.old
c:\documents and settings\Anthony\Application Data\uTorrent.\Richard Pryor.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\rss.dat
c:\documents and settings\Anthony\Application Data\uTorrent.\rss.dat.old
c:\documents and settings\Anthony\Application Data\uTorrent.\Rza - Digi Snacks [2008].torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\RZA - The Formula for the Cure.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\RZA as Bobby Digital - In Stereo 1998 (FLAC).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Santana - Ultimate Santana [2007][CD+3 SkidVid_XviD+Cov].torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Scary_Movie_(2000)_-_SoulRedeemer.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\settings.dat
c:\documents and settings\Anthony\Application Data\uTorrent.\settings.dat.old
c:\documents and settings\Anthony\Application Data\uTorrent.\Sibelius 5.1 English.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Sibelius 5.2 Update.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Slackers.DVDRip.XviD-SWEpneT.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Snoop Dogg - Doggystyle.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Sony ACID Pro 6.0d Build 363.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Soul pack (Curtis Mayfield, Otis Redding, Percy Sledge, Sam Cooke.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\southernunderground.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Special Blends.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Steal This Album!.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Step Brothers[2008]DvDrip[Eng]-NikonXp.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Steve Miller Band - The Joker (XRCD).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\stones throw 101 - (dvd xvid rip) 2004.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Strange.Wilderness[2008]DvDrip-aXXo.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Superbad[2007][Unrated Editon]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\THE AMITYVILLE HORROR [1979-Eng-DVDrip]-haSak.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The Beatles - Magical Mystery Tour.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The Beatles - Sgt. Pepper's Lonely Hearts Club Band.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The Others 2001 DivX ENG.avi.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The Rolling Stones - Hot Rocks (1964-1971) (2002 - SACD Remastered).flac by JuLeBox.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The Roots-Rising Down[2008].torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The Sword - 2006 - Age of Winters.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The Velvet Underground-The Velvet Underground and Nico(Darkside_RG).torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The Velvet Underground - The Velvet Underground & Nico.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The.Dark.Knight.2008.DVDRip.XviD.AC3.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The.New.Guy.2002.WS.Int.DVDRip.XviD-DoggPound.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\The.Others[2001]DvDrip[Eng.Subs]-kirklestat.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\the_roots-5_albums.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\They're Only Chasing Safety [Special Edition].torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Things Fall Apart.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Total Training for Adobe Photoshop CS3 - Enhancing Digital Photographs.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Transworld - And Now.mp4.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\utorrent.lng
c:\documents and settings\Anthony\Application Data\uTorrent.\VA-Punk_Goes_Crunk-2008-SGV.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Walk.Hard-The.Dewey.Cox.Story[2007]DvDrip-aXXo.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Warren Zevon - Excitable Boy - FLAC - HellraiserRG.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Will Rap For Food.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Wonder.Showzen.XviD.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Wynton Marsalis - Classic Wynton.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Young Jeezy - The Recession.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Zach and Miri Make a Porno.torrent
c:\documents and settings\Anthony\Application Data\uTorrent.\Zion I - Mind over matter---Rawkus Darkside_RG.torrent
c:\program files\Soulseek
c:\program files\Soulseek\attributes.cfg
c:\program files\Soulseek\attrstrings.cfg
c:\program files\Soulseek\autoaway.cfg
c:\program files\Soulseek\chatrooms.cfg
c:\program files\Soulseek\chatui.cfg
c:\program files\Soulseek\dlbans.cfg
c:\program files\Soulseek\extensions.cfg
c:\program files\Soulseek\hotlist.cfg
c:\program files\Soulseek\ignores.cfg
c:\program files\Soulseek\login.cfg
c:\program files\Soulseek\pchat.cfg
c:\program files\Soulseek\port.cfg
c:\program files\Soulseek\queue.cfg
c:\program files\Soulseek\queue2.cfg
c:\program files\Soulseek\rcmnd.cfg
c:\program files\Soulseek\save.cfg
c:\program files\Soulseek\search.cfg
c:\program files\Soulseek\shared.cfg
c:\program files\Soulseek\ticker.cfg
c:\program files\Soulseek\transfersview.cfg
c:\program files\Soulseek\ui.cfg
c:\program files\Soulseek\userinfo.cfg
c:\program files\Soulseek\usernotes.cfg
c:\program files\Soulseek\wishlist.cfg
c:\windows\system32\drivers\kgpcpy.cfg

.
((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-19 14:32 . 2009-03-19 14:32 344 --a------ c:\windows\system32\drivers\kgpfr2.cfg
2009-03-18 16:44 . 2009-03-18 16:51 <DIR> d-------- C:\rsit
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 13:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 13:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-16 03:34 . 2009-03-16 03:34 22,734 --a------ c:\windows\system32\AAWService_2009_03_16_03_34_29.dmp
2009-03-15 22:20 . 2009-03-15 22:20 0 --a------ c:\windows\system32\AAWService_2009_03_15_22_20_54.dmp
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-15 21:30 . 2009-03-15 21:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-15 21:30 . 2009-03-15 21:30 <DIR> d-------- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com
2009-03-15 19:56 . 2009-03-15 19:58 <DIR> d-------- c:\windows\4C271126C2954828A9015910AE0C258B.TMP
2009-03-15 19:29 . 2009-03-15 19:29 21,891 --a------ c:\windows\system32\AAWService_2009_03_15_19_29_31.dmp
2009-03-15 19:24 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-03-15 19:24 . 2009-03-15 19:25 348,220 --a------ c:\windows\system32\vsconfig.xml
2009-03-15 19:24 . 2008-11-13 15:18 107,408 --a------ c:\windows\system32\~GLH0014.TMP
2009-03-15 19:08 . 2009-03-15 19:08 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-03-15 19:07 . 2009-03-15 19:55 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-03-15 19:07 . 2008-11-13 15:18 107,408 --a------ c:\windows\system32\~GLH0013.TMP
2009-03-15 18:20 . 2009-03-15 18:20 0 --a------ c:\windows\system32\AAWService_2009_03_15_18_20_28.dmp
2009-03-15 18:15 . 2009-03-09 13:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-15 13:27 . 2009-03-15 13:57 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 13:26 . 2009-03-15 13:26 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-15 13:24 . 2009-03-09 13:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-15 13:22 . 2009-03-15 13:22 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-15 13:20 . 2009-03-15 13:20 <DIR> d-------- c:\program files\Lavasoft
2009-03-15 13:20 . 2009-03-15 13:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-14 20:40 . 2009-03-14 20:40 <DIR> d-------- c:\program files\Trend Micro
2009-03-14 14:05 . 2009-03-20 10:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-14 14:04 . 2009-03-14 14:04 <DIR> d-------- c:\program files\STOPzilla!
2009-03-14 14:04 . 2009-03-14 14:04 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-14 14:04 . 2009-03-20 11:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-12 01:12 . 2009-03-12 01:13 <DIR> d-------- c:\program files\iTunes
2009-03-12 01:12 . 2009-03-12 01:12 <DIR> d-------- c:\program files\iPod
2009-03-12 01:12 . 2009-03-12 01:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-10 03:02 . 2009-03-10 03:02 <DIR> d-------- C:\lc3
2009-03-04 15:33 . 2009-03-04 15:33 17,408 -ra------ c:\windows\system32\SZIO5.dll
2009-03-04 15:32 . 2009-03-04 15:32 294,912 -ra------ c:\windows\system32\SZBase5.dll
2009-03-04 15:31 . 2009-03-04 15:31 540,672 -ra------ c:\windows\system32\SZComp5.dll
2009-03-02 21:59 . 2009-03-02 21:59 <DIR> d-------- c:\program files\Koingo Software
2009-02-25 15:29 . 2009-02-25 15:29 54,912 -ra------ c:\windows\system32\drivers\SZKG.sys
2009-02-25 01:31 . 2009-02-25 01:31 147,456 --a------ c:\windows\system32\WMIMPLEX.dll
2009-02-25 01:31 . 2009-02-25 01:31 36,864 --a------ c:\windows\system32\maplec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 14:06 --------- d-----w c:\documents and settings\Anthony\Application Data\skypePM
2009-03-20 14:00 --------- d-----w c:\documents and settings\Anthony\Application Data\AVG7
2009-03-19 20:28 --------- d-----w c:\documents and settings\Anthony\Application Data\.purple
2009-03-17 02:32 --------- d-----w c:\documents and settings\Anthony\Application Data\U3
2009-03-16 03:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-16 00:53 --------- d-----w c:\documents and settings\Anthony\Application Data\Skype
2009-03-14 20:09 --------- d-----w c:\documents and settings\Anthony\Application Data\mIRC
2009-03-13 03:40 --------- d-----w c:\program files\mIRC
2009-03-12 07:12 --------- d-----w c:\program files\Common Files\Apple
2009-03-12 07:10 --------- d-----w c:\program files\Bonjour
2009-03-12 07:09 --------- d-----w c:\program files\QuickTime
2009-03-02 09:16 --------- d-----w c:\documents and settings\Anthony\Application Data\SSH
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 19:55 126,976 ----a-r c:\windows\system32\IS3HTUI5.dll
2009-02-06 19:54 393,216 ----a-r c:\windows\system32\IS3DBA5.dll
2009-02-06 19:54 372,736 ----a-r c:\windows\system32\IS3UI5.dll
2009-02-06 19:53 61,440 ----a-r c:\windows\system32\IS3Hks5.dll
2009-02-06 19:53 23,040 ----a-r c:\windows\system32\IS3XDat5.dll
2009-02-06 19:53 221,184 ----a-r c:\windows\system32\IS3Win325.dll
2009-02-06 19:52 94,208 ----a-r c:\windows\system32\IS3Inet5.dll
2009-02-06 19:52 90,112 ----a-r c:\windows\system32\IS3Svc5.dll
2009-02-06 19:49 716,800 ----a-r c:\windows\system32\IS3Base5.dll
2009-02-02 22:48 --------- d-----w c:\program files\Common Files\Deterministic Networks
2008-12-24 00:24 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-06-06 04:26 604 ---ha-w c:\program files\STLL Notifier
.

((((((((((((((((((((((((((((( SnapShot@2009-03-19_14.31.05.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-18 18:44:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-20 02:00:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-18 18:44:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-20 02:00:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-25 18:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2009-03-19 09:26:53 68,710 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-19 20:27:27 68,710 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-19 09:26:53 418,862 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-19 20:27:27 418,862 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"Google Update"="c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-06 7557120]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-17 219136]

c:\documents and settings\Anthony\Start Menu\Programs\Startup\
Pidgin.lnk - c:\program files\Pidgin\pidgin.exe [2008-02-29 44658]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-01-21 118784]
Shortcut to Alarm Clock Pro.exe.lnk - c:\program files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe [2009-02-26 12503023]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-24 784912]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-09-16 6825288]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-02-02 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 18:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Anthony\\Desktop\\eclipse-SDK-3.4-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\iS3\\Anti-Spyware\\SZServer.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Cisco VPN Client Split Tunnel
"10000:TCP"= 10000:TCP:Cisco VPN Client IPSec TCP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-15 64160]
R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-02-25 54912]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2008-03-17 179584]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2008-03-17 49536]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-03-17 226304]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4534b51e-0867-11dd-b62a-0013a90a5089}]
\Shell\AutoRun\command - i:\system\viewer\Viewer.exe
\Shell\View your videos\command - i:\system\viewer\Viewer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ccc8c41-f967-11dc-b60c-0013a90a5089}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:06]

2009-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-602162358-839522115-1003.job
- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 14:44]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.simtel.net/product.php[id]66509[SiteID]simtel.net
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\9bc3a7bi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\9bc3a7bi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 11:12:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"=""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-602162358-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(1392)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
Completion time: 2009-03-20 11:14:11
ComboFix-quarantined-files.txt 2009-03-20 17:13:55
ComboFix2.txt 2009-03-19 20:32:08

Pre-Run: 5,295,816,704 bytes free
Post-Run: 5,278,130,176 bytes free

479 --- E O F --- 2009-03-20 09:02:21

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:09 PM, on 3/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.simtel.net/product.php[id]66509[SiteID]simtel.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Shortcut to Alarm Clock Pro.exe.lnk = C:\Program Files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 11814 bytes

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 20, 2009 18:42:55
Records in database: 1940571
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 116104
Threat name: 1
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:51:49


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
H:\anthony\.local\share\Trash\files\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
H:\anthony\.wine\drive_c\windows\temp\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
H:\anthony\.wine\drive_c\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1

The selected area was scanned.
GenericUser
Active Member
 
Posts: 11
Joined: March 14th, 2009, 10:59 pm

Re: Please Help - random popups, and constant high CPU usage

Unread postby muppy03 » March 21st, 2009, 7:56 pm

Backup the Registry

  • Download ERUNT
  • Save it to your desktop. Right click on the downloaded file(erunt.zip) and click Extract.Follow the prompts to extract the file.
  • Now click on the folder "erunt" and find and double click on the file called Erunt.exe
  • Click OK. Then Click OK again.
  • Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

NEXT Download FixPolicies.exe, a self-extracting ZIP archive, and save it to your Desktop.
You can get it from here:: http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.

NEXT

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File:: 
    c:\windows\system32\drivers\kgpfr2.cfg
    
    Driver:: 
    kgpfr2
    
    RegLockDel:: 
    [-HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~ *]
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with:-


  • Combofix log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please Help - random popups, and constant high CPU usage

Unread postby GenericUser » March 21st, 2009, 9:06 pm

ComboFix 09-03-19.02 - Anthony 2009-03-21 18:54:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.276 [GMT -6:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anthony\Desktop\CFScript2.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Sygate Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\kgpfr2.cfg
.

((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-21 12:11 . 2009-03-21 13:15 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-20 14:41 . 2009-03-21 17:54 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-20 14:41 . 2009-03-20 14:41 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-20 14:41 . 2009-03-20 14:41 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-20 14:41 . 2009-03-20 14:41 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-20 14:40 . 2009-03-20 14:40 <DIR> d-------- c:\program files\AVG
2009-03-20 14:40 . 2009-03-20 14:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-18 16:44 . 2009-03-18 16:51 <DIR> d-------- C:\rsit
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 13:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 13:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-16 03:34 . 2009-03-16 03:34 22,734 --a------ c:\windows\system32\AAWService_2009_03_16_03_34_29.dmp
2009-03-15 22:20 . 2009-03-15 22:20 0 --a------ c:\windows\system32\AAWService_2009_03_15_22_20_54.dmp
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-15 21:30 . 2009-03-15 21:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-15 21:30 . 2009-03-15 21:30 <DIR> d-------- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com
2009-03-15 19:56 . 2009-03-15 19:58 <DIR> d-------- c:\windows\4C271126C2954828A9015910AE0C258B.TMP
2009-03-15 19:29 . 2009-03-15 19:29 21,891 --a------ c:\windows\system32\AAWService_2009_03_15_19_29_31.dmp
2009-03-15 19:24 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-03-15 19:24 . 2009-03-15 19:25 348,220 --a------ c:\windows\system32\vsconfig.xml
2009-03-15 19:24 . 2008-11-13 15:18 107,408 --a------ c:\windows\system32\~GLH0014.TMP
2009-03-15 19:08 . 2009-03-15 19:08 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-03-15 19:07 . 2009-03-15 19:55 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-03-15 19:07 . 2008-11-13 15:18 107,408 --a------ c:\windows\system32\~GLH0013.TMP
2009-03-15 18:20 . 2009-03-15 18:20 0 --a------ c:\windows\system32\AAWService_2009_03_15_18_20_28.dmp
2009-03-15 18:15 . 2009-03-09 13:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-15 13:27 . 2009-03-21 14:45 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 13:26 . 2009-03-15 13:26 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-15 13:24 . 2009-03-09 13:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-15 13:22 . 2009-03-15 13:22 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-15 13:20 . 2009-03-15 13:20 <DIR> d-------- c:\program files\Lavasoft
2009-03-15 13:20 . 2009-03-15 13:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-14 20:40 . 2009-03-14 20:40 <DIR> d-------- c:\program files\Trend Micro
2009-03-14 14:05 . 2009-03-21 03:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-14 14:04 . 2009-03-14 14:04 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-14 14:04 . 2009-03-21 14:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-12 01:12 . 2009-03-12 01:13 <DIR> d-------- c:\program files\iTunes
2009-03-12 01:12 . 2009-03-12 01:12 <DIR> d-------- c:\program files\iPod
2009-03-12 01:12 . 2009-03-12 01:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-10 03:02 . 2009-03-10 03:02 <DIR> d-------- C:\lc3
2009-03-02 21:59 . 2009-03-02 21:59 <DIR> d-------- c:\program files\Koingo Software
2009-02-25 01:31 . 2009-02-25 01:31 147,456 --a------ c:\windows\system32\WMIMPLEX.dll
2009-02-25 01:31 . 2009-02-25 01:31 36,864 --a------ c:\windows\system32\maplec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 00:57 --------- d-----w c:\documents and settings\Anthony\Application Data\.purple
2009-03-21 22:00 --------- d-----w c:\documents and settings\Anthony\Application Data\skypePM
2009-03-21 21:32 --------- d-----w c:\documents and settings\Anthony\Application Data\Skype
2009-03-21 18:39 --------- d-----w c:\program files\Rainmeter
2009-03-17 02:32 --------- d-----w c:\documents and settings\Anthony\Application Data\U3
2009-03-16 03:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-14 20:09 --------- d-----w c:\documents and settings\Anthony\Application Data\mIRC
2009-03-13 03:40 --------- d-----w c:\program files\mIRC
2009-03-12 07:12 --------- d-----w c:\program files\Common Files\Apple
2009-03-12 07:10 --------- d-----w c:\program files\Bonjour
2009-03-12 07:09 --------- d-----w c:\program files\QuickTime
2009-03-02 09:16 --------- d-----w c:\documents and settings\Anthony\Application Data\SSH
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-02 22:48 --------- d-----w c:\program files\Common Files\Deterministic Networks
2008-12-24 00:24 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-06-06 04:26 604 ---ha-w c:\program files\STLL Notifier
.

((((((((((((((((((((((((((((( SnapShot@2009-03-19_14.31.05.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\3-21-2009\ERDNT.EXE
+ 2009-03-22 00:49:49 8,466,432 ----a-w c:\windows\ERDNT\3-21-2009\Users\00000001\NTUSER.DAT
+ 2009-03-22 00:49:49 221,184 ----a-w c:\windows\ERDNT\3-21-2009\Users\00000002\UsrClass.dat
- 2009-03-18 18:44:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-20 02:00:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-18 18:44:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-20 02:00:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-18 02:43:41 26,952 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-03-20 20:41:16 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-25 18:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
+ 2008-04-14 00:12:08 218,624 ----a-w c:\windows\system32\original_uxtheme.dll
- 2009-03-19 09:26:53 68,710 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-21 21:33:42 68,710 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-19 09:26:53 418,862 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-21 21:33:42 418,862 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-14 00:12:08 218,624 ----a-w c:\windows\system32\uxtheme.dll
+ 2008-04-26 01:41:38 218,624 ----a-w c:\windows\system32\uxtheme.dll
+ 2009-03-21 21:29:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3d8.dat
+ 2006-12-02 06:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"Google Update"="c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-30 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-06 7557120]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-20 1932568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Anthony\Start Menu\Programs\Startup\
Pidgin.lnk - c:\program files\Pidgin\pidgin.exe [2008-02-29 44658]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-01-21 118784]
Shortcut to Alarm Clock Pro.exe.lnk - c:\program files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe [2009-02-26 12503023]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-24 784912]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-09-16 6825288]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-02-02 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-20 14:41 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 18:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Anthony\\Desktop\\eclipse-SDK-3.4-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Cisco VPN Client Split Tunnel
"10000:TCP"= 10000:TCP:Cisco VPN Client IPSec TCP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-15 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-20 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-20 107912]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2008-03-17 179584]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2008-03-17 49536]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-20 298264]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-03-17 226304]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4534b51e-0867-11dd-b62a-0013a90a5089}]
\Shell\AutoRun\command - i:\system\viewer\Viewer.exe
\Shell\View your videos\command - i:\system\viewer\Viewer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ccc8c41-f967-11dc-b60c-0013a90a5089}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:06]

2009-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-602162358-839522115-1003.job
- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 14:44]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.simtel.net/product.php[id]66509[SiteID]simtel.net
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\9bc3a7bi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\9bc3a7bi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 18:59:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"=""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-602162358-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1324)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-03-21 19:01:08
ComboFix-quarantined-files.txt 2009-03-22 01:00:54
ComboFix2.txt 2009-03-20 17:14:12
ComboFix3.txt 2009-03-19 20:32:08

Pre-Run: 4,848,201,728 bytes free
Post-Run: 5,016,752,128 bytes free

269 --- E O F --- 2009-03-20 09:02:21
GenericUser
Active Member
 
Posts: 11
Joined: March 14th, 2009, 10:59 pm

Re: Please Help - random popups, and constant high CPU usage

Unread postby muppy03 » March 22nd, 2009, 4:20 pm

Hi Generic User,

The last fix didn’t do quite what I wanted it to so we will try again with slight changes. Please do in order.

NEXT Double-click to Open the Fix Policies Folder, and then double-click the file within: Fix_Policies.cmd.
A black box will briefly appear and then close.


NEXT Go to Start, Run and type regedit
Click on the following "+" signs, in sequence:
    HKEY_LOCAL_MACHINE
    Software
    Microsoft
    Windows
    Current version
    Installer
    UserData
    Local System
    Components


Right click on this key below "Components": h-€|ÿÿÿÿ¤•€|ù•A~ * and select permissions
In the Permissions/Policy Dialog, highlight your User name in the group or User list, then, in the bottom box, check the box under Full Control and Allow
Click Apply and OK
Now right click again on the same key labeled h-€|ÿÿÿÿ¤•€|ù•A~ * and choose delete.
Choose File, Exit to close the registry editor

Note If unsure in anyway, stop and ask


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    RegLock::
    [HKEY_USERS\S-1-5-21-117609710-602162358-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.




Please reply with:-


  • Combofix log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please Help - random popups, and constant high CPU usage

Unread postby GenericUser » March 22nd, 2009, 5:14 pm

AComboFix 09-03-19.02 - Anthony 2009-03-22 15:04:25.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.315 [GMT -6:00]
Running from: c:\documents and settings\Anthony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anthony\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Sygate Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-21 12:11 . 2009-03-22 12:08 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-20 14:41 . 2009-03-21 17:54 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-20 14:41 . 2009-03-20 14:41 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-20 14:41 . 2009-03-20 14:41 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-20 14:41 . 2009-03-20 14:41 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-20 14:40 . 2009-03-20 14:40 <DIR> d-------- c:\program files\AVG
2009-03-20 14:40 . 2009-03-20 14:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-18 16:44 . 2009-03-18 16:51 <DIR> d-------- C:\rsit
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-03-18 13:15 . 2009-03-18 13:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 13:15 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 13:15 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-16 03:34 . 2009-03-16 03:34 22,734 --a------ c:\windows\system32\AAWService_2009_03_16_03_34_29.dmp
2009-03-15 22:20 . 2009-03-15 22:20 0 --a------ c:\windows\system32\AAWService_2009_03_15_22_20_54.dmp
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-15 21:30 . 2009-03-15 21:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-15 21:30 . 2009-03-15 21:30 <DIR> d-------- c:\documents and settings\Anthony\Application Data\SUPERAntiSpyware.com
2009-03-15 19:56 . 2009-03-15 19:58 <DIR> d-------- c:\windows\4C271126C2954828A9015910AE0C258B.TMP
2009-03-15 19:29 . 2009-03-15 19:29 21,891 --a------ c:\windows\system32\AAWService_2009_03_15_19_29_31.dmp
2009-03-15 19:24 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-03-15 19:24 . 2009-03-15 19:25 348,220 --a------ c:\windows\system32\vsconfig.xml
2009-03-15 19:24 . 2008-11-13 15:18 107,408 --a------ c:\windows\system32\~GLH0014.TMP
2009-03-15 19:08 . 2009-03-15 19:08 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-03-15 19:07 . 2009-03-15 19:55 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-03-15 19:07 . 2008-11-13 15:18 107,408 --a------ c:\windows\system32\~GLH0013.TMP
2009-03-15 18:20 . 2009-03-15 18:20 0 --a------ c:\windows\system32\AAWService_2009_03_15_18_20_28.dmp
2009-03-15 18:15 . 2009-03-09 13:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-15 13:27 . 2009-03-21 14:45 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 13:26 . 2009-03-15 13:26 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-15 13:24 . 2009-03-09 13:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-15 13:22 . 2009-03-15 13:22 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-15 13:20 . 2009-03-15 13:20 <DIR> d-------- c:\program files\Lavasoft
2009-03-15 13:20 . 2009-03-15 13:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-14 20:40 . 2009-03-14 20:40 <DIR> d-------- c:\program files\Trend Micro
2009-03-14 14:05 . 2009-03-21 03:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-14 14:04 . 2009-03-14 14:04 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-14 14:04 . 2009-03-21 14:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-12 01:12 . 2009-03-12 01:13 <DIR> d-------- c:\program files\iTunes
2009-03-12 01:12 . 2009-03-12 01:12 <DIR> d-------- c:\program files\iPod
2009-03-12 01:12 . 2009-03-12 01:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-10 03:02 . 2009-03-10 03:02 <DIR> d-------- C:\lc3
2009-03-02 21:59 . 2009-03-02 21:59 <DIR> d-------- c:\program files\Koingo Software
2009-02-25 01:31 . 2009-02-25 01:31 147,456 --a------ c:\windows\system32\WMIMPLEX.dll
2009-02-25 01:31 . 2009-02-25 01:31 36,864 --a------ c:\windows\system32\maplec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 21:07 --------- d-----w c:\documents and settings\Anthony\Application Data\.purple
2009-03-22 14:00 --------- d-----w c:\documents and settings\Anthony\Application Data\skypePM
2009-03-21 21:32 --------- d-----w c:\documents and settings\Anthony\Application Data\Skype
2009-03-21 18:39 --------- d-----w c:\program files\Rainmeter
2009-03-17 02:32 --------- d-----w c:\documents and settings\Anthony\Application Data\U3
2009-03-16 03:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-14 20:09 --------- d-----w c:\documents and settings\Anthony\Application Data\mIRC
2009-03-13 03:40 --------- d-----w c:\program files\mIRC
2009-03-12 07:12 --------- d-----w c:\program files\Common Files\Apple
2009-03-12 07:10 --------- d-----w c:\program files\Bonjour
2009-03-12 07:09 --------- d-----w c:\program files\QuickTime
2009-03-02 09:16 --------- d-----w c:\documents and settings\Anthony\Application Data\SSH
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-02 22:48 --------- d-----w c:\program files\Common Files\Deterministic Networks
2008-12-24 00:24 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-06-06 04:26 604 ---ha-w c:\program files\STLL Notifier
.

((((((((((((((((((((((((((((( SnapShot@2009-03-19_14.31.05.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\3-21-2009\ERDNT.EXE
+ 2009-03-22 00:49:49 8,466,432 ----a-w c:\windows\ERDNT\3-21-2009\Users\00000001\NTUSER.DAT
+ 2009-03-22 00:49:49 221,184 ----a-w c:\windows\ERDNT\3-21-2009\Users\00000002\UsrClass.dat
- 2009-03-18 18:44:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-20 02:00:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-18 18:44:20 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-20 02:00:31 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-18 02:43:41 26,952 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-03-20 20:41:16 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-02-25 18:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
+ 2008-04-14 00:12:08 218,624 ----a-w c:\windows\system32\original_uxtheme.dll
- 2009-03-19 09:26:53 68,710 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-21 21:33:42 68,710 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-19 09:26:53 418,862 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-21 21:33:42 418,862 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-14 00:12:08 218,624 ----a-w c:\windows\system32\uxtheme.dll
+ 2008-04-26 01:41:38 218,624 ----a-w c:\windows\system32\uxtheme.dll
+ 2009-03-21 21:29:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3d8.dat
+ 2006-12-02 06:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"Google Update"="c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-30 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-06 7557120]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-20 1932568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Anthony\Start Menu\Programs\Startup\
Pidgin.lnk - c:\program files\Pidgin\pidgin.exe [2008-02-29 44658]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2006-01-21 118784]
Shortcut to Alarm Clock Pro.exe.lnk - c:\program files\Koingo Software\Alarm Clock Pro\Alarm Clock Pro.exe [2009-02-26 12503023]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-24 784912]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-09-16 6825288]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2009-02-02 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-08-03 394856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-20 14:41 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-20 18:42 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec_dec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Anthony\\Desktop\\eclipse-SDK-3.4-win32\\eclipse\\eclipse.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62515:UDP"= 62515:UDP:Cisco VPN Client Split Tunnel
"10000:TCP"= 10000:TCP:Cisco VPN Client IPSec TCP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-15 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-20 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-20 107912]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2008-03-17 179584]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2008-03-17 49536]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-20 298264]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-03-17 226304]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-09-24 3584]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4534b51e-0867-11dd-b62a-0013a90a5089}]
\Shell\AutoRun\command - i:\system\viewer\Viewer.exe
\Shell\View your videos\command - i:\system\viewer\Viewer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ccc8c41-f967-11dc-b60c-0013a90a5089}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:06]

2009-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-602162358-839522115-1003.job
- c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 14:44]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.simtel.net/product.php[id]66509[SiteID]simtel.net
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\9bc3a7bi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\documents and settings\Anthony\Application Data\Mozilla\Firefox\Profiles\9bc3a7bi.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Anthony\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 15:08:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"=""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1324)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2009-03-22 15:10:36
ComboFix-quarantined-files.txt 2009-03-22 21:10:21
ComboFix2.txt 2009-03-22 01:01:09
ComboFix3.txt 2009-03-20 17:14:12
ComboFix4.txt 2009-03-19 20:32:08

Pre-Run: 4,971,266,048 bytes free
Post-Run: 4,949,618,688 bytes free

262 --- E O F --- 2009-03-20 09:02:21
GenericUser
Active Member
 
Posts: 11
Joined: March 14th, 2009, 10:59 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 20 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware