windows security_disabled

[xXSightlessXx]

hi, i'm hoping you can help me.i'm a pretty advid computer user but i've exhausted all of what i can think of to fix this pesky problem. spybot s&d keeps telling me: Microsoft.WindowsSecurityCenter_disabled. i've tried manually reenabling the security center onlyto have it disabled a few moments later.any suggestions would be helpful.i'm currently running a Windows 7 32 bit.

DDS:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Jayson at 16:22:33.24 on Mon 01/24/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3327.2339 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxdxcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jayson\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - Spybot-S&D IE Protection
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jayson\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\jayson\appdata\roaming\mozilla\firefox\profiles\cofmquyk.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-21 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-21 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-21 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-17 40384]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-12-31 66080]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-10-16 1183232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-31 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]

=============== Created Last 30 ================

2011-01-23 05:56:30 208896 ----a-w- c:\windows\system32\lxdxgrd.dll
2011-01-23 05:52:46 81920 ----a-w- c:\windows\system32\lxdxcaps.dll
2011-01-23 05:52:46 782336 ----a-w- c:\windows\system32\lxdxdrs.dll
2011-01-20 07:36:06 26112 ----a-w- c:\windows\system32\ddmon7-32.dll
2011-01-20 07:35:34 -------- d-----w- c:\users\jayson\appdata\roaming\deskUNPDF
2011-01-20 07:07:52 18944 ----a-r- c:\users\jayson\appdata\roaming\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe
2011-01-20 06:40:08 -------- d-----w- c:\users\jayson\appdata\roaming\Foxit Software
2011-01-20 05:43:26 -------- d-----w- c:\users\jayson\appdata\local\AdventureTools
2011-01-20 02:53:17 -------- d-----w- c:\users\jayson\appdata\local\Adobe
2011-01-20 02:30:44 -------- d-----w- c:\users\jayson\appdata\local\ElevatedDiagnostics
2011-01-20 00:06:57 -------- d-----w- c:\program files\CCleaner
2011-01-19 23:57:43 -------- d-----w- c:\users\jayson\appdata\local\PackageAware
2011-01-19 23:51:01 98304 --sha-r- c:\windows\system32\FDResPubf.dll
2011-01-18 18:07:41 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b1559753-70d5-4c29-b7a8-f9abdfadec59}\mpengine.dll
2011-01-10 04:32:52 -------- d-----w- C:\logs
2011-01-10 04:32:50 147968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdxdrpp.dll
2011-01-10 04:32:24 40960 ----a-w- c:\windows\system32\lxdxvs.dll
2010-12-30 02:21:11 -------- d-----w- c:\program files\common files\DVDVideoSoft
2010-12-30 01:49:11 -------- d-----w- c:\users\jayson\appdata\roaming\FrostWire
2010-12-29 07:23:41 -------- d-----w- c:\users\jayson\appdata\roaming\LolClient
2010-12-29 07:17:18 -------- d-----w- C:\Riot Games
2010-12-28 07:57:38 -------- d-----w- c:\users\jayson\appdata\roaming\runic games
2010-12-27 04:57:59 -------- d-sh--w- c:\progra~2\SecuROM

==================== Find3M ====================

2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 02:04:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll
2010-10-30 06:47:51 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-30 06:47:46 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-30 06:47:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

============= FINISH: 16:23:11.32 ===============

Spybot S&D Scan:
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-12-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-01-18 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-01-18 Includes\Spyware.sbi (*)
2011-01-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-01-18 Includes\TrojansC-02.sbi (*)
2011-01-13 Includes\TrojansC-03.sbi (*)
2011-01-11 Includes\TrojansC-04.sbi (*)
2011-01-17 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Thanks for the help.

sorry, here's the attachment

[Blade81]

Hi,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes:

• Run Spybot-S&D in Advanced Mode
• If it is not already set to do this, go to the Mode menu
  select
  Advanced Mode
  
• On the left hand side, click on Tools
• Then click on the Resident icon in the list
• Uncheck
  Resident TeaTimer
  and OK any prompts.
• Restart your computer

Run Spybot, update & scan and fix found items.

[xXSightlessXx]

i disabled the teatimer, ran new scan, tried to renable my security center. sadly it turned back off moments later.

[Blade81]

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[xXSightlessXx]

Alright Combofix told me the following.

ComboFix 11-01-25.05 - Jayson 01/26/2011 13:32:39.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3327.2518 [GMT -5:00]
Running from: c:\users\Jayson\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT
-------\Service_RkHit


((((((((((((((((((((((((( Files Created from 2010-12-26 to 2011-01-26 )))))))))))))))))))))))))))))))
.

2011-01-26 04:46 . 2011-01-26 06:23 -------- d-----w- c:\users\Jayson\AppData\Local\PMB Files
2011-01-26 04:46 . 2011-01-26 04:46 -------- d-----w- c:\programdata\PMB Files
2011-01-26 04:46 . 2011-01-26 04:46 -------- d-----w- c:\program files\Pando Networks
2011-01-24 21:21 . 2011-01-24 21:22 -------- d-----w- c:\program files\ERUNT
2011-01-23 05:56 . 2009-10-16 23:03 208896 ----a-w- c:\windows\system32\lxdxgrd.dll
2011-01-23 05:52 . 2009-08-19 19:06 81920 ----a-w- c:\windows\system32\lxdxcaps.dll
2011-01-23 05:52 . 2009-08-19 19:06 782336 ----a-w- c:\windows\system32\lxdxdrs.dll
2011-01-20 07:36 . 2010-03-30 16:09 26112 ----a-w- c:\windows\system32\ddmon7-32.dll
2011-01-20 07:35 . 2011-01-20 07:36 -------- d-----w- c:\users\Jayson\AppData\Roaming\deskUNPDF
2011-01-20 07:07 . 2011-01-20 07:07 18944 ----a-r- c:\users\Jayson\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-01-20 06:40 . 2011-01-20 07:28 -------- d-----w- c:\users\Jayson\AppData\Roaming\Foxit Software
2011-01-20 05:43 . 2011-01-20 05:43 -------- d-----w- c:\users\Jayson\AppData\Local\AdventureTools
2011-01-20 02:53 . 2011-01-20 07:28 -------- d-----w- c:\users\Jayson\AppData\Local\Adobe
2011-01-20 02:30 . 2011-01-20 04:34 -------- d-----w- c:\users\Jayson\AppData\Local\ElevatedDiagnostics
2011-01-20 00:06 . 2011-01-20 00:06 -------- d-----w- c:\program files\CCleaner
2011-01-19 23:57 . 2011-01-19 23:57 -------- d-----w- c:\users\Jayson\AppData\Local\PackageAware
2011-01-19 23:51 . 2011-01-19 23:51 98304 --sha-r- c:\windows\system32\FDResPubf.dll
2011-01-18 18:07 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1559753-70D5-4C29-B7A8-F9ABDFADEC59}\mpengine.dll
2011-01-10 04:32 . 2011-01-10 04:32 -------- d-----w- C:\logs
2011-01-10 04:32 . 2009-10-16 23:12 147968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdxdrpp.dll
2011-01-10 04:32 . 2008-02-28 00:15 40960 ----a-w- c:\windows\system32\lxdxvs.dll
2011-01-01 00:15 . 2011-01-07 05:18 -------- d-----w- c:\users\Jayson\AppData\Roaming\NCH Swift Sound
2010-12-30 02:21 . 2010-12-31 23:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-12-30 01:49 . 2011-01-09 03:19 -------- d-----w- c:\users\Jayson\AppData\Roaming\FrostWire
2010-12-29 07:23 . 2010-12-29 07:23 -------- d-----w- c:\users\Jayson\AppData\Roaming\LolClient
2010-12-29 07:17 . 2011-01-26 06:20 -------- d-----w- C:\Riot Games
2010-12-28 07:57 . 2010-12-28 07:57 -------- d-----w- c:\users\Jayson\AppData\Roaming\runic games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-07-22 01:00 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-22 01:01 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-22 01:01 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-22 01:01 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-22 01:01 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-22 01:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-31 20:06 . 2010-07-22 01:00 38848 ----a-w- c:\windows\avastSS.scr
2010-12-13 23:56 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-12-13 23:56 . 2009-08-18 16:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-12 23:53 . 2010-04-23 12:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52 . 2010-12-16 04:27 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-16 04:27 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-16 04:27 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-16 04:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 02:04 . 2010-03-01 02:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-02 04:41 . 2010-12-16 04:27 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-16 04:27 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-16 04:27 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-16 04:27 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-16 04:27 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-16 04:27 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-30 06:48 . 2010-10-30 06:48 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-30 06:47 . 2010-10-30 06:47 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-30 06:47 . 2010-10-30 06:47 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-30 06:47 . 2010-10-30 06:47 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Jayson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2008-06-13 16:04 107176 ----a-w- c:\program files\Lexmark 3600-4600 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdxmon.exe]
2008-06-13 16:04 668328 ----a-w- c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-10-16 1183232]

.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\cofmquyk.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CE8SIIFGSU - c:\users\Jayson\AppData\Local\Temp\Ftx.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-01-26 13:46:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-26 18:46

Pre-Run: 267,650,920,448 bytes free
Post-Run: 267,695,951,872 bytes free

- - End Of File - - 7090E7F6506829AAE5629ABD23C55420

DDS Had this to say.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Jayson at 13:48:30.38 on Wed 01/26/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3327.2448 [GMT -5:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxdxcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jayson\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - Spybot-S&D IE Protection
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jayson\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\jayson\appdata\roaming\mozilla\firefox\profiles\cofmquyk.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-21 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-21 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-21 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-17 40384]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-31 1153368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-12-31 66080]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-10-16 1183232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]

=============== Created Last 30 ================

2011-01-26 18:42:51 -------- d-----w- C:\$RECYCLE.BIN
2011-01-26 18:41:11 -------- d-----w- c:\users\jayson\appdata\local\temp
2011-01-26 18:31:45 98816 ----a-w- c:\windows\sed.exe
2011-01-26 18:31:45 89088 ----a-w- c:\windows\MBR.exe
2011-01-26 18:31:45 256512 ----a-w- c:\windows\PEV.exe
2011-01-26 18:31:45 161792 ----a-w- c:\windows\SWREG.exe
2011-01-26 04:46:43 -------- d-----w- c:\users\jayson\appdata\local\PMB Files
2011-01-26 04:46:43 -------- d-----w- c:\progra~2\PMB Files
2011-01-26 04:46:15 -------- d-----w- c:\program files\Pando Networks
2011-01-23 05:56:30 208896 ----a-w- c:\windows\system32\lxdxgrd.dll
2011-01-23 05:52:46 81920 ----a-w- c:\windows\system32\lxdxcaps.dll
2011-01-23 05:52:46 782336 ----a-w- c:\windows\system32\lxdxdrs.dll
2011-01-20 07:36:06 26112 ----a-w- c:\windows\system32\ddmon7-32.dll
2011-01-20 07:35:34 -------- d-----w- c:\users\jayson\appdata\roaming\deskUNPDF
2011-01-20 07:07:52 18944 ----a-r- c:\users\jayson\appdata\roaming\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe
2011-01-20 06:40:08 -------- d-----w- c:\users\jayson\appdata\roaming\Foxit Software
2011-01-20 05:43:26 -------- d-----w- c:\users\jayson\appdata\local\AdventureTools
2011-01-20 02:53:17 -------- d-----w- c:\users\jayson\appdata\local\Adobe
2011-01-20 02:30:44 -------- d-----w- c:\users\jayson\appdata\local\ElevatedDiagnostics
2011-01-20 00:06:57 -------- d-----w- c:\program files\CCleaner
2011-01-19 23:57:43 -------- d-----w- c:\users\jayson\appdata\local\PackageAware
2011-01-19 23:51:01 98304 --sha-r- c:\windows\system32\FDResPubf.dll
2011-01-18 18:07:41 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b1559753-70d5-4c29-b7a8-f9abdfadec59}\mpengine.dll
2011-01-10 04:32:52 -------- d-----w- C:\logs
2011-01-10 04:32:50 147968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdxdrpp.dll
2011-01-10 04:32:24 40960 ----a-w- c:\windows\system32\lxdxvs.dll
2010-12-30 02:21:11 -------- d-----w- c:\program files\common files\DVDVideoSoft
2010-12-30 01:49:11 -------- d-----w- c:\users\jayson\appdata\roaming\FrostWire
2010-12-29 07:23:41 -------- d-----w- c:\users\jayson\appdata\roaming\LolClient
2010-12-29 07:17:18 -------- d-----w- C:\Riot Games
2010-12-28 07:57:38 -------- d-----w- c:\users\jayson\appdata\roaming\runic games

==================== Find3M ====================

2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 02:04:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll
2010-10-30 06:47:51 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-30 06:47:46 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-30 06:47:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

============= FINISH: 13:48:53.84 ===============

[Blade81]

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://forums.spybot.info/showthread.php?p=394861#post394861
Suspect::[76]
c:\windows\system32\FDResPubf.dll
Folder::
c:\users\Jayson\AppData\Roaming\FrostWire

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

* Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is UNchecked.
• Click Scan
• Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

[xXSightlessXx]

My apologies, i did not get a report from the online scanner. It DID say that "No Threats were Found"

Combofix
ComboFix 11-01-26.01 - Jayson 01/27/2011 2:54.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3327.2407 [GMT -5:00]
Running from: c:\users\Jayson\Downloads\ComboFix.exe
Command switches used :: c:\users\Jayson\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

file zipped: c:\windows\System32\FDResPubf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jayson\AppData\Roaming\FrostWire
c:\users\Jayson\AppData\Roaming\FrostWire\.AppSpecialShare\dragonball.torrent
c:\users\Jayson\AppData\Roaming\FrostWire\.AppSpecialShare\hostiles.txt.19.zip
c:\users\Jayson\AppData\Roaming\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\.certs
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\.keystore
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\.lock
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\active\A55603E3B98FB51FD05FB2ED3FBC2B2C6D254C6E.dat
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\active\A55603E3B98FB51FD05FB2ED3FBC2B2C6D254C6E.dat.bak
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\active\cache.dat
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\active\E5CB82E174DEAB1E23ED6E32EB0A26C244BF33DB.dat
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\active\E5CB82E174DEAB1E23ED6E32EB0A26C244BF33DB.dat.bak
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\azureus.config
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\azureus.config.bak
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\azureus.statistics
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\azureus.statistics.bak
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\dht\addresses.dat
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\dht\contacts.dat
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\dht\diverse.dat
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\dht\general.dat
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\dht\version.dat
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\downloads.config
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\downloads.config.bak
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\ipfilter.cache
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\logs\debug_1.log
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\logs\save\1294543137791_debug_1.log
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\net\pm_7132.dat
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\net\pm_default.dat
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\tmp\AZU6829249097718891731.tmp
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\torrents\dragonball.torrent
c:\users\Jayson\AppData\Roaming\FrostWire\azureus\torrents\hostiles.txt.19.zip.torrent
c:\users\Jayson\AppData\Roaming\FrostWire\createtimes.cache
c:\users\Jayson\AppData\Roaming\FrostWire\downloads.dat
c:\users\Jayson\AppData\Roaming\FrostWire\fileurns.bak
c:\users\Jayson\AppData\Roaming\FrostWire\fileurns.cache
c:\users\Jayson\AppData\Roaming\FrostWire\filters.props
c:\users\Jayson\AppData\Roaming\FrostWire\frostwire.props
c:\users\Jayson\AppData\Roaming\FrostWire\gnutella.net
c:\users\Jayson\AppData\Roaming\FrostWire\hostiles.dat
c:\users\Jayson\AppData\Roaming\FrostWire\hostiles.txt
c:\users\Jayson\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners\220x500frostwire_tshirt_blue_pink1.jpg
c:\users\Jayson\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners\220x500frostwire_tshirt_blue_pink2.jpg
c:\users\Jayson\AppData\Roaming\FrostWire\installation.props
c:\users\Jayson\AppData\Roaming\FrostWire\intent.props
c:\users\Jayson\AppData\Roaming\FrostWire\library.dat
c:\users\Jayson\AppData\Roaming\FrostWire\mojito.props
c:\users\Jayson\AppData\Roaming\FrostWire\overlays.dat
c:\users\Jayson\AppData\Roaming\FrostWire\overlays\default_now_on_android.png
c:\users\Jayson\AppData\Roaming\FrostWire\overlays\frostclick_default_overlay.jpg
c:\users\Jayson\AppData\Roaming\FrostWire\questions.props
c:\users\Jayson\AppData\Roaming\FrostWire\responses.cache
c:\users\Jayson\AppData\Roaming\FrostWire\seenMessages.dat
c:\users\Jayson\AppData\Roaming\FrostWire\spam.dat
c:\users\Jayson\AppData\Roaming\FrostWire\tables.props
c:\users\Jayson\AppData\Roaming\FrostWire\themes\frostwirePro_theme.fwtp
c:\users\Jayson\AppData\Roaming\FrostWire\themes\frostwirePro_theme\theme.txt
c:\users\Jayson\AppData\Roaming\FrostWire\themes\frostwirePro_theme\version.txt
c:\users\Jayson\AppData\Roaming\FrostWire\version.xml
c:\users\Jayson\AppData\Roaming\FrostWire\xml\data\audio.sxml2

.
((((((((((((((((((((((((( Files Created from 2010-12-27 to 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-27 08:02 . 2011-01-27 08:02 -------- d-----w- c:\users\Jayson\AppData\Local\temp
2011-01-27 08:02 . 2011-01-27 08:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-26 19:28 . 2011-01-26 19:28 -------- d-----w- c:\program files\Microsoft XNA
2011-01-26 04:46 . 2011-01-26 06:23 -------- d-----w- c:\users\Jayson\AppData\Local\PMB Files
2011-01-26 04:46 . 2011-01-26 04:46 -------- d-----w- c:\programdata\PMB Files
2011-01-26 04:46 . 2011-01-26 04:46 -------- d-----w- c:\program files\Pando Networks
2011-01-24 21:21 . 2011-01-24 21:22 -------- d-----w- c:\program files\ERUNT
2011-01-23 05:56 . 2009-10-16 23:03 208896 ----a-w- c:\windows\system32\lxdxgrd.dll
2011-01-23 05:52 . 2009-08-19 19:06 81920 ----a-w- c:\windows\system32\lxdxcaps.dll
2011-01-23 05:52 . 2009-08-19 19:06 782336 ----a-w- c:\windows\system32\lxdxdrs.dll
2011-01-20 07:36 . 2010-03-30 16:09 26112 ----a-w- c:\windows\system32\ddmon7-32.dll
2011-01-20 07:35 . 2011-01-20 07:36 -------- d-----w- c:\users\Jayson\AppData\Roaming\deskUNPDF
2011-01-20 07:07 . 2011-01-20 07:07 18944 ----a-r- c:\users\Jayson\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-01-20 06:40 . 2011-01-20 07:28 -------- d-----w- c:\users\Jayson\AppData\Roaming\Foxit Software
2011-01-20 05:43 . 2011-01-20 05:43 -------- d-----w- c:\users\Jayson\AppData\Local\AdventureTools
2011-01-20 02:53 . 2011-01-20 07:28 -------- d-----w- c:\users\Jayson\AppData\Local\Adobe
2011-01-20 02:30 . 2011-01-20 04:34 -------- d-----w- c:\users\Jayson\AppData\Local\ElevatedDiagnostics
2011-01-20 00:06 . 2011-01-20 00:06 -------- d-----w- c:\program files\CCleaner
2011-01-19 23:57 . 2011-01-19 23:57 -------- d-----w- c:\users\Jayson\AppData\Local\PackageAware
2011-01-19 23:51 . 2011-01-19 23:51 98304 --sha-r- c:\windows\system32\FDResPubf.dll
2011-01-18 18:07 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1559753-70D5-4C29-B7A8-F9ABDFADEC59}\mpengine.dll
2011-01-10 04:32 . 2011-01-10 04:32 -------- d-----w- C:\logs
2011-01-10 04:32 . 2009-10-16 23:12 147968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdxdrpp.dll
2011-01-10 04:32 . 2008-02-28 00:15 40960 ----a-w- c:\windows\system32\lxdxvs.dll
2011-01-01 00:15 . 2011-01-07 05:18 -------- d-----w- c:\users\Jayson\AppData\Roaming\NCH Swift Sound
2010-12-30 02:21 . 2010-12-31 23:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-12-29 07:23 . 2010-12-29 07:23 -------- d-----w- c:\users\Jayson\AppData\Roaming\LolClient
2010-12-29 07:17 . 2011-01-26 06:20 -------- d-----w- C:\Riot Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-07-22 01:00 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-07-22 01:01 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-07-22 01:01 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-07-22 01:01 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-07-22 01:01 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-07-22 01:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-31 20:06 . 2010-07-22 01:00 38848 ----a-w- c:\windows\avastSS.scr
2010-12-13 23:56 . 2009-08-18 16:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-12-13 23:56 . 2009-08-18 16:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-12 23:53 . 2010-04-23 12:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52 . 2010-12-16 04:27 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-16 04:27 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-16 04:27 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-16 04:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 02:04 . 2010-03-01 02:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-02 04:41 . 2010-12-16 04:27 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-16 04:27 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-16 04:27 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-16 04:27 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-16 04:27 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-16 04:27 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-30 06:48 . 2010-10-30 06:48 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-30 06:47 . 2010-10-30 06:47 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-30 06:47 . 2010-10-30 06:47 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-30 06:47 . 2010-10-30 06:47 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Jayson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2008-06-13 16:04 107176 ----a-w- c:\program files\Lexmark 3600-4600 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdxmon.exe]
2008-06-13 16:04 668328 ----a-w- c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 594600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-10-16 1183232]

.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Jayson\AppData\Roaming\Mozilla\Firefox\Profiles\cofmquyk.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-27 03:03:34
ComboFix-quarantined-files.txt 2011-01-27 08:03
ComboFix2.txt 2011-01-26 18:46

Pre-Run: 267,445,268,480 bytes free
Post-Run: 267,381,624,832 bytes free

- - End Of File - - E0077C7D8A107EE193E07158B58A765A

DDS

DDS (Ver_10-12-12.02) - NTFSx86
Run by Jayson at 14:03:16.52 on Thu 01/27/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3327.2500 [GMT -5:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\lxdxcoms.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Jayson\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - Spybot-S&D IE Protection
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jayson\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\jayson\appdata\roaming\mozilla\firefox\profiles\cofmquyk.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-21 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-21 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-21 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-17 40384]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-31 1153368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-12-31 66080]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2009-10-16 1183232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]

=============== Created Last 30 ================

2011-01-27 08:05:59 -------- d-----w- c:\program files\ESET
2011-01-27 08:03:56 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-27 08:03:54 -------- d-----w- c:\users\jayson\appdata\local\temp
2011-01-26 19:28:33 -------- d-----w- c:\program files\Microsoft XNA
2011-01-26 18:31:45 98816 ----a-w- c:\windows\sed.exe
2011-01-26 18:31:45 89088 ----a-w- c:\windows\MBR.exe
2011-01-26 18:31:45 256512 ----a-w- c:\windows\PEV.exe
2011-01-26 18:31:45 161792 ----a-w- c:\windows\SWREG.exe
2011-01-26 04:46:43 -------- d-----w- c:\users\jayson\appdata\local\PMB Files
2011-01-26 04:46:43 -------- d-----w- c:\progra~2\PMB Files
2011-01-26 04:46:15 -------- d-----w- c:\program files\Pando Networks
2011-01-23 05:56:30 208896 ----a-w- c:\windows\system32\lxdxgrd.dll
2011-01-23 05:52:46 81920 ----a-w- c:\windows\system32\lxdxcaps.dll
2011-01-23 05:52:46 782336 ----a-w- c:\windows\system32\lxdxdrs.dll
2011-01-20 07:36:06 26112 ----a-w- c:\windows\system32\ddmon7-32.dll
2011-01-20 07:35:34 -------- d-----w- c:\users\jayson\appdata\roaming\deskUNPDF
2011-01-20 07:07:52 18944 ----a-r- c:\users\jayson\appdata\roaming\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe
2011-01-20 06:40:08 -------- d-----w- c:\users\jayson\appdata\roaming\Foxit Software
2011-01-20 05:43:26 -------- d-----w- c:\users\jayson\appdata\local\AdventureTools
2011-01-20 02:53:17 -------- d-----w- c:\users\jayson\appdata\local\Adobe
2011-01-20 02:30:44 -------- d-----w- c:\users\jayson\appdata\local\ElevatedDiagnostics
2011-01-20 00:06:57 -------- d-----w- c:\program files\CCleaner
2011-01-19 23:57:43 -------- d-----w- c:\users\jayson\appdata\local\PackageAware
2011-01-19 23:51:01 98304 --sha-r- c:\windows\system32\FDResPubf.dll
2011-01-18 18:07:41 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b1559753-70d5-4c29-b7a8-f9abdfadec59}\mpengine.dll
2011-01-10 04:32:52 -------- d-----w- C:\logs
2011-01-10 04:32:50 147968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdxdrpp.dll
2011-01-10 04:32:24 40960 ----a-w- c:\windows\system32\lxdxvs.dll
2010-12-30 02:21:11 -------- d-----w- c:\program files\common files\DVDVideoSoft
2010-12-29 07:23:41 -------- d-----w- c:\users\jayson\appdata\roaming\LolClient
2010-12-29 07:17:18 -------- d-----w- C:\Riot Games

==================== Find3M ====================

2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 02:04:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll
2010-10-30 06:47:51 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-30 06:47:46 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-30 06:47:46 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

============= FINISH: 14:03:49.98 ===============

[Blade81]

Hi,

Please look for c:\CF-submit.htm file. Double click it and follow the instructions.

[xXSightlessXx]

i've submitted the file as the html asked, i would like to point out i am no longer having a problem with the security center. i think the last combofix may have seen to that.

[Blade81]

Hi,

Delete c:\windows\system32\FDResPubf.dll file (if found).

If no other issues let's see the final steps then


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.



Now lets uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• hosts file:
  
  • Every version of windows has a hosts file as part of them.
  • In a very basic sense, they are used to locate webpages.
  • We can customize a hosts file so that it blocks certain webpages.
  • However, it can slow down certain computers.
  • This is why using a hosts file is optional!!
  
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  
  2. Click the start button (at the lower left hand corner of your screen)
  3. Click run
  4. In the dialog box, type services.msc
  5. hit enter, then locate dns client
  6. Highlight it, then double-click it.
  7. On the dropdown box, change the setting from automatic to manual.
  8. Click ok
  
  
• Download and run Secunia Personal Software Inspector (PSI) and fix its findings.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade