my IE explorer has been hijacked. accidently deleted spybot and cant get it back.

**stonedanimal** · 2009-07-30, 19:52

DDS (Ver_09-06-26.01) - NTFSx86
Run by Nick at 12:49:17.29 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1505 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Logitech\Profiler\LWEmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://search.myidentitydefender.com/smallsearch.html
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ALi5289] c:\program files\uli5289\ALi5289.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
StartupFolder: c:\docume~1\nick\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~2.lnk - c:\program files\belkin corporation\belkin wireless network monitor utility and driver (usb)\BelkinWlanMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208918179561
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://convergysworkathome.com/AppHardT.CAB
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2008-4-22 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2008-4-22 45056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-25 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-1-2 84992]
R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [2002-12-28 8416]
R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [2002-12-28 95328]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2008-4-22 28672]
S2 gupdate1c98890794b6b46;Google Update Service (gupdate1c98890794b6b46);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; [x]
S2 nlaagcrf;nlaagcrf;c:\windows\system32\drivers\fpqgk.sys --> c:\windows\system32\drivers\fpqgk.sys [?]
S3 SonyPVP1;Sony PTP USB Lower Filter driver;c:\windows\system32\drivers\SonyPVP1.sys [2009-6-19 6920]

=============== Created Last 30 ================

2009-07-29 19:55 <DIR> --d----- c:\docume~1\nick\applic~1\BitTorrent
2009-07-29 14:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-29 13:10 <DIR> --d----- c:\docume~1\nick\applic~1\Malwarebytes
2009-07-29 02:53 <DIR> --d----- c:\program files\AskBarDis
2009-07-29 01:52 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 01:52 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-29 01:52 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-29 01:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 04:23 <DIR> --d----- c:\program files\D-Tools
2009-07-26 03:51 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-07-24 01:36 <DIR> -cd----- C:\EPSON
2009-07-24 00:42 800 a------- c:\windows\hpinfo.lnk
2009-07-24 00:41 376 a------- c:\windows\mozregistry.dat
2009-07-24 00:41 <DIR> --d----- c:\program files\hp deskjet 825c series
2009-07-23 00:58 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-07-22 21:18 <DIR> --d----- c:\windows\system32\Adobe
2009-07-21 17:28 <DIR> --d----- c:\program files\AC3Filter
2009-07-18 15:27 <DIR> --d----- c:\program files\AIM6
2009-07-15 15:55 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-07-15 15:55 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-07-09 12:02 <DIR> --d----- c:\program files\Realtek AC97
2009-07-09 10:42 4,096 a------- c:\windows\system32\crash
2009-07-03 19:32 <DIR> --d----- c:\program files\Alex Feinman
2009-07-01 13:10 <DIR> --dsh--- c:\documents and settings\nick\IECompatCache
2009-06-30 22:53 <DIR> --d----- c:\windows\ie8updates
2009-06-30 22:47 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-30 22:47 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-30 18:44 559,161 ac------ C:\AnalysisLog.sr0
2009-06-30 18:30 2,269,232 a------- c:\windows\prototypef.exe
2009-06-30 18:02 <DIR> --dsh--- c:\windows\ftpcache
2009-06-30 17:54 <DIR> --d----- c:\program files\Activision

==================== Find3M ====================

2009-07-29 18:35 138,832 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-29 18:35 202,024 a------- c:\windows\system32\PnkBstrB.exe
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-02 17:29 119,296 a------- c:\windows\system32\zlib.dll
2009-06-21 11:10 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 20:54 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-06-12 20:54 17,212 a------- c:\windows\system32\SIntf32.dll
2009-06-12 20:54 12,067 a------- c:\windows\system32\SIntf16.dll
2009-06-04 06:37 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-04 06:37 499,712 a------- c:\windows\system32\msvcp71.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 10:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-15 22:39 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-05-15 22:38 335,872 a------- c:\windows\system32\ati2dvag.dll
2009-05-15 22:18 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-05-15 22:17 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-05-15 22:17 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-05-15 22:17 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-05-15 22:17 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-05-15 22:15 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-05-15 22:14 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-05-15 22:07 2,987,136 a------- c:\windows\system32\ati3duag.dll
2009-05-15 21:55 11,423,744 a------- c:\windows\system32\atioglxx.dll
2009-05-15 21:54 2,122,624 a------- c:\windows\system32\ativvaxx.dll
2009-05-15 21:54 887,724 a------- c:\windows\system32\ativva6x.dat
2009-05-15 21:51 311,296 a------- c:\windows\system32\atiiiexx.dll
2009-05-15 21:38 49,664 a------- c:\windows\system32\atimpc32.dll
2009-05-15 21:38 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-05-15 21:33 479,232 a------- c:\windows\system32\atikvmag.dll
2009-05-15 21:31 139,264 a------- c:\windows\system32\atiadlxx.dll
2009-05-15 21:31 17,408 a------- c:\windows\system32\atitvo32.dll
2009-05-15 21:26 376,832 a------- c:\windows\system32\atiok3x2.dll
2009-05-15 21:24 651,264 a------- c:\windows\system32\ati2cqag.dll
2009-05-15 20:35 45,056 a------- c:\windows\system32\aticalrt.dll
2009-05-15 20:34 45,056 a------- c:\windows\system32\aticalcl.dll
2009-05-15 20:33 3,158,016 a------- c:\windows\system32\aticaldd.dll
2009-05-15 20:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-05 14:33 118,784 a------- c:\windows\system32\atibtmon.exe
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2009-03-26 17:54 22,328 a------- c:\docume~1\nick\applic~1\PnkBstrK.sys
2008-06-12 02:27 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061220080613\index.dat

============= FINISH: 12:49:51.46 ===============

**stonedanimal** · 2009-07-30, 19:52

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/22/2008 9:12:16 PM
System Uptime: 7/29/2009 4:38:20 PM (20 hours ago)

Motherboard: | | 939Dual-SATA2
Processor: AMD Athlon(tm) 64 Processor 3400+ | CPUSocket | 2200/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 9.446 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP417: 5/11/2009 5:19:25 PM - Avg8 Update
RP418: 5/11/2009 11:29:22 PM - System Checkpoint
RP419: 5/13/2009 12:55:45 PM - Avg8 Update
RP420: 5/14/2009 2:00:17 AM - Software Distribution Service 3.0
RP421: 5/15/2009 2:08:33 AM - System Checkpoint
RP422: 5/17/2009 4:04:51 PM - System Checkpoint
RP423: 5/18/2009 1:59:55 PM - Avg8 Update
RP424: 5/18/2009 2:00:37 PM - Avg8 Update
RP425: 5/19/2009 11:57:19 PM - System Checkpoint
RP426: 5/21/2009 5:06:49 PM - Installed Realtek AC'97 Audio
RP427: 5/22/2009 6:22:30 PM - System Checkpoint
RP428: 5/23/2009 6:27:15 PM - System Checkpoint
RP429: 5/25/2009 2:34:31 AM - System Checkpoint
RP430: 5/25/2009 11:57:58 PM - Removed Ad-Aware
RP431: 5/26/2009 12:04:12 AM - Removed AVG 8.5
RP432: 5/26/2009 12:04:40 AM - Installed AVG 8.5
RP433: 5/26/2009 12:04:59 AM - Removed ISO Recorder
RP434: 5/27/2009 1:45:38 AM - System Checkpoint
RP435: 5/28/2009 3:28:43 PM - Installed Java(TM) 6 Update 13
RP436: 5/28/2009 3:31:58 PM - Installed Java(TM) 6 Update 13
RP437: 5/28/2009 3:33:28 PM - Installed Java(TM) 6 Update 13
RP438: 5/29/2009 11:22:45 PM - System Checkpoint
RP439: 5/30/2009 11:34:53 PM - System Checkpoint
RP440: 6/1/2009 12:53:41 AM - System Checkpoint
RP441: 6/2/2009 1:38:26 AM - System Checkpoint
RP442: 6/3/2009 2:30:23 AM - System Checkpoint
RP443: 6/4/2009 3:31:08 AM - System Checkpoint
RP444: 6/5/2009 4:09:03 AM - System Checkpoint
RP445: 6/7/2009 12:47:45 AM - System Checkpoint
RP446: 6/8/2009 4:37:07 PM - System Checkpoint
RP447: 6/9/2009 11:24:56 PM - System Checkpoint
RP448: 6/10/2009 10:02:18 AM - Software Distribution Service 3.0
RP449: 6/10/2009 10:20:18 AM - Installed Java(TM) 6 Update 14
RP450: 6/11/2009 10:41:47 AM - System Checkpoint
RP451: 6/11/2009 6:36:55 PM - Installed SPORE™
RP452: 6/11/2009 10:31:40 PM - Removed SPORE™
RP453: 6/12/2009 6:10:11 PM - Installed SPORE™ Creature Creator Trial Edition
RP454: 6/12/2009 7:03:22 PM - Configured SPORE™ Creature Creator Trial Edition
RP455: 6/12/2009 9:02:40 PM - Removed Crysis(R).
RP456: 6/12/2009 9:03:48 PM - Removed GameSpy Comrade.
RP457: 6/12/2009 9:32:06 PM - Removed SPORE™ Creature Creator Trial Edition
RP458: 6/13/2009 4:39:44 PM - Installed SPORE™
RP459: 6/14/2009 11:40:07 AM - Installed SPORE™
RP460: 6/16/2009 1:49:11 AM - System Checkpoint
RP461: 6/17/2009 11:48:10 PM - Configured SPORE™
RP462: 6/19/2009 5:53:51 PM - Unsigned driver install
RP463: 6/20/2009 11:27:41 AM - Installed DirectX
RP464: 6/20/2009 11:09:45 PM - Installed Project64 1.6
RP465: 6/21/2009 11:10:22 AM - SPTD setup V1.58
RP466: 6/22/2009 11:22:38 AM - System Checkpoint
RP467: 6/23/2009 11:35:37 AM - System Checkpoint
RP468: 6/24/2009 6:29:21 PM - System Checkpoint
RP469: 6/24/2009 8:09:13 PM - Installed Prototype(TM)
RP470: 6/24/2009 8:17:58 PM - Removed SPORE™
RP471: 6/24/2009 8:26:25 PM - Installed Prototype(TM)
RP472: 6/24/2009 8:33:48 PM - Installed Prototype(TM)
RP473: 6/24/2009 9:00:25 PM - Installed Prototype(TM)
RP474: 6/24/2009 9:01:11 PM - Installed Prototype(TM)
RP475: 6/24/2009 9:15:56 PM - Installed Prototype(TM)
RP476: 6/24/2009 9:21:11 PM - Installed Prototype(TM)
RP477: 6/24/2009 9:34:28 PM - Removed Prototype(TM)
RP478: 6/24/2009 9:37:27 PM - Removed Prototype(TM)
RP479: 6/24/2009 9:38:10 PM - Installed Prototype(TM)
RP480: 6/24/2009 11:49:45 PM - Removed Prototype(TM)
RP481: 6/25/2009 12:17:15 AM - Installed Prototype(TM)
RP482: 6/26/2009 2:40:41 AM - System Checkpoint
RP483: 6/26/2009 1:29:10 PM - Installed Pinnacle Game Profiler
RP484: 6/26/2009 1:41:53 PM - Installed DirectX
RP485: 6/27/2009 1:58:43 PM - System Checkpoint
RP486: 6/27/2009 5:15:23 PM - Configured Prototype(TM)
RP487: 6/28/2009 4:31:23 PM - Removed Steam
RP488: 6/30/2009 4:34:03 AM - Software Distribution Service 3.0
RP489: 6/30/2009 5:42:33 PM - Installed Prototype(TM)
RP490: 6/30/2009 5:54:05 PM - Installed Prototype(TM)
RP491: 6/30/2009 10:52:06 PM - Software Distribution Service 3.0
RP492: 7/3/2009 1:51:02 AM - System Checkpoint
RP493: 7/3/2009 7:32:41 PM - Installed ISO Recorder
RP494: 7/3/2009 10:20:53 PM - Removed Pinnacle Game Profiler
RP495: 7/4/2009 11:08:13 PM - System Checkpoint
RP496: 7/6/2009 12:38:13 AM - System Checkpoint
RP497: 7/7/2009 2:07:17 AM - System Checkpoint
RP498: 7/8/2009 2:17:48 AM - System Checkpoint
RP499: 7/9/2009 4:17:45 AM - System Checkpoint
RP500: 7/9/2009 12:02:25 PM - Installed Realtek AC'97 Audio
RP501: 7/10/2009 2:39:30 PM - System Checkpoint
RP502: 7/11/2009 9:59:11 PM - System Checkpoint
RP503: 7/12/2009 10:19:01 PM - System Checkpoint
RP504: 7/15/2009 4:07:21 PM - Software Distribution Service 3.0
RP505: 7/16/2009 8:53:08 PM - System Checkpoint
RP506: 7/17/2009 10:41:53 PM - System Checkpoint
RP507: 7/19/2009 4:03:51 AM - System Checkpoint
RP508: 7/20/2009 4:18:28 AM - System Checkpoint
RP509: 7/21/2009 4:47:32 AM - System Checkpoint
RP510: 7/27/2009 5:21:55 AM - System Checkpoint
RP511: 7/28/2009 5:22:36 AM - System Checkpoint
RP512: 7/29/2009 6:29:29 AM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
AIM 6
Alarm 2.0.4
ALi mini IDE driver
Apple Software Update
Ask Toolbar
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
AutoUpdate
Belkin Wireless Network Monitor Utility and Driver (USB)
Belkin Wireless USB Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Critical Update for Windows Media Player 11 (KB959772)
Crysis Wars(R)
Crysis Wars(R) Patch
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Manager 2.3.7
EA Download Manager
Eusing Free Registry Cleaner
File Splitter and Joiner (FFSJ v3.2)
Free Create-Burn ISO Image v2.0
Google Earth
Google Update Helper
Google Updater
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
hp deskjet 825c series (Remove only)
ImagXpress
IOGEAR Bluetooth Software
ISO Recorder
Java(TM) 6 Update 14
Logitech Gaming Software
Magic ISO Maker v5.5 (build 0276)
MagicDisc 2.6.93
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Xbox 360 Accessories 1.1
MKV Splitter
MSXML 4.0 SP2 (KB954430)
MyIdentityDefender Toolbar (CyberDefender Corporation)
neroxml
Project64 1.6
Prototype(TM)
PunkBuster Services
Realtek AC'97 Audio
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Skins
Sonic Activation Module
Sony PTP USB Driver
Spybot - Search & Destroy
System Requirements Lab
TuxGuitar
ULi AGP Driver
ULi LAN Driver
ULi M5289 SATA Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Veoh Web Player
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

7/29/2009 3:44:14 PM, error: Service Control Manager [7000] - The nlaagcrf service failed to start due to the following error: The system cannot find the file specified.
7/29/2009 2:43:28 PM, error: System Error [1003] - Error code 000000fc, parameter1 f78deb30, parameter2 0abe4163, parameter3 f78dea98, parameter4 00000001.
7/29/2009 2:41:57 PM, error: System Error [1003] - Error code 000000fc, parameter1 f78dab30, parameter2 13058163, parameter3 f78daa98, parameter4 00000001.
7/29/2009 2:06:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips
7/29/2009 2:05:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/29/2009 2:05:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/29/2009 10:43:36 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
7/25/2009 12:07:01 PM, error: m5289 [9] - The device, \Device\Scsi\m52891, did not respond within the timeout period.
7/23/2009 2:46:06 PM, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the path specified.
7/23/2009 12:58:03 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

==== End Of File ===========================

**Shaba** · 2009-07-30, 21:17

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

**stonedanimal** · 2009-07-30, 22:34

fresh hijackthis log? what do you mean? the mbam?

**stonedanimal** · 2009-07-30, 23:02

ComboFix 09-07-29.04 - Nick 07/30/2009 15:49.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1674 [GMT -5:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix1.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\126096e0.msi
c:\windows\Installer\126096e4.msi
c:\windows\Installer\5bd79d.msi
c:\windows\KB8888239.log
c:\windows\system32\drivers\ESQULnuklnpmkfojneemosbodswdbbgyinbnc.sys
c:\windows\system32\ESQULatnlprjfdwjgnmrqldnupxcdaehrgcnl.dll
c:\windows\system32\ESQULnqovanvkporufyauwdtniatrlubkbjed.dll
c:\windows\system32\ESQULzcounter
c:\windows\system32\setup.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 00:55 . 2009-07-30 20:37 -------- d-----w- c:\documents and settings\Nick\Application Data\BitTorrent
2009-07-29 19:50 . 2009-07-29 21:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 19:05 . 2009-07-29 19:05 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2009-07-29 18:10 . 2009-07-29 18:10 -------- d-----w- c:\documents and settings\Nick\Application Data\Malwarebytes
2009-07-29 07:53 . 2009-07-29 18:04 -------- d-----w- c:\program files\AskBarDis
2009-07-29 06:52 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 06:52 . 2009-07-29 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-29 06:52 . 2009-07-29 06:52 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-29 06:52 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 09:23 . 2009-07-27 09:23 -------- d-----w- c:\program files\D-Tools
2009-07-26 08:51 . 2009-07-26 08:57 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\STOPzilla!
2009-07-24 06:36 . 2009-07-24 06:36 -------- dc----w- C:\EPSON
2009-07-24 05:41 . 2009-07-24 05:41 376 ----a-w- c:\windows\mozregistry.dat
2009-07-24 05:41 . 2009-07-24 05:42 -------- d-----w- c:\program files\hp deskjet 825c series
2009-07-24 05:41 . 2009-07-24 05:41 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-23 05:58 . 2009-07-23 05:58 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-07-23 02:18 . 2009-07-23 02:18 -------- d-----w- c:\windows\system32\Adobe
2009-07-22 23:19 . 2009-07-22 23:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-21 22:28 . 2009-07-21 22:28 -------- d-----w- c:\program files\AC3Filter
2009-07-19 05:07 . 2009-07-19 05:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-07-19 05:07 . 2009-07-19 05:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-18 20:28 . 2009-07-18 20:28 -------- d-----w- c:\documents and settings\Nick\Application Data\acccore
2009-07-18 20:28 . 2009-07-18 20:28 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\AOL OCP
2009-07-18 20:27 . 2009-07-18 20:28 -------- d-----w- c:\program files\AIM6
2009-07-15 20:55 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-07-15 20:55 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-09 17:02 . 2009-07-09 17:02 -------- d-----w- c:\program files\Realtek AC97
2009-07-04 00:32 . 2009-07-04 00:32 -------- d-----w- c:\program files\Alex Feinman
2009-07-01 18:10 . 2009-07-01 18:10 -------- d-sh--w- c:\documents and settings\Nick\IECompatCache
2009-07-01 03:53 . 2009-07-01 03:53 -------- d-----w- c:\windows\ie8updates
2009-07-01 03:47 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-01 03:47 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-30 23:30 . 2009-06-30 23:37 2269232 ----a-w- c:\windows\prototypef.exe
2009-06-30 23:02 . 2009-06-30 23:02 -------- d-sh--w- c:\windows\ftpcache
2009-06-30 22:54 . 2009-07-04 19:44 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 20:37 . 2008-11-03 16:43 -------- d-----w- c:\program files\BitTorrent
2009-07-30 12:10 . 2008-04-29 15:07 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-29 23:35 . 2008-10-22 22:12 138832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-29 23:35 . 2008-10-22 22:12 202024 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-29 19:51 . 2008-12-16 08:44 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-28 18:07 . 2008-11-03 16:43 -------- d-----w- c:\program files\DNA
2009-07-26 08:00 . 2009-03-26 22:53 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2009-07-23 19:42 . 2008-04-29 15:07 -------- d-----w- c:\program files\Google
2009-07-23 19:41 . 2008-12-16 08:40 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-22 21:18 . 2008-12-01 21:51 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-21 22:08 . 2008-05-06 05:15 -------- d-----w- c:\program files\DivX
2009-07-21 22:08 . 2009-04-05 06:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-21 21:55 . 2008-04-23 03:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-18 20:27 . 2008-04-26 04:12 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
2009-07-18 20:27 . 2008-04-26 04:12 -------- d-----w- c:\program files\Common Files\AOL
2009-07-17 01:09 . 2008-04-23 03:19 -------- d-----w- c:\program files\World of Warcraft
2009-07-03 17:09 . 2001-08-23 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 22:29 . 2009-01-15 06:54 119296 ----a-w- c:\windows\system32\zlib.dll
2009-06-30 23:01 . 2008-04-23 02:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 23:54 . 2008-10-29 18:33 -------- d-----w- c:\documents and settings\Nick\Application Data\IGN_DLM
2009-06-27 21:59 . 2009-06-21 19:35 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-26 18:41 . 2009-06-26 18:41 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-06-24 22:29 . 2009-06-24 22:29 -------- d-----w- c:\program files\Free Create-Burn ISO Image
2009-06-22 18:50 . 2009-06-21 04:09 -------- d-----w- c:\program files\Project64 1.6
2009-06-21 19:36 . 2009-06-21 19:35 -------- d-----w- c:\documents and settings\Nick\Application Data\DAEMON Tools Lite
2009-06-21 19:36 . 2008-05-04 15:16 -------- d-----w- c:\documents and settings\Nick\Application Data\DAEMON Tools
2009-06-21 19:35 . 2009-06-21 19:35 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
2009-06-21 16:18 . 2009-06-21 16:18 -------- d-----w- c:\program files\MagicISO
2009-06-21 16:14 . 2009-06-21 16:13 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-06-21 16:13 . 2009-06-21 16:13 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
2009-06-21 16:10 . 2008-05-04 15:16 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-21 16:10 . 2009-06-21 16:10 -------- d-----w- c:\documents and settings\Nick\Application Data\DAEMON Tools Pro
2009-06-20 18:16 . 2009-06-20 18:16 -------- d-----w- c:\program files\Common Files\DirectX
2009-06-18 05:54 . 2009-06-14 16:48 -------- d-----w- c:\documents and settings\Nick\Application Data\SPORE
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 19:29 . 2009-06-13 19:29 -------- d-----w- c:\program files\Download Manager
2009-06-13 01:54 . 2009-06-13 01:54 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-06-13 01:54 . 2009-06-13 01:54 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-06-13 01:54 . 2009-06-13 01:54 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-06-13 01:07 . 2009-06-12 23:10 -------- d-----w- c:\documents and settings\Nick\Application Data\SPORE Creature Creator
2009-06-13 00:56 . 2009-04-10 02:47 -------- d-----w- c:\program files\Little Big Adventure 2
2009-06-12 23:10 . 2009-01-03 09:51 -------- d-----w- c:\program files\Electronic Arts
2009-06-10 15:20 . 2009-05-28 20:33 -------- d-----w- c:\program files\Java
2009-06-04 11:37 . 2009-06-04 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-04 11:37 . 2009-06-04 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-03 19:09 . 2008-04-23 02:29 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 15:33 . 2008-12-01 19:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 03:58 . 2004-08-04 05:29 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2008-12-30 18:29 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2004-08-04 07:56 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2008-06-03 03:11 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2008-06-03 03:11 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2008-06-03 03:11 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2008-06-03 03:11 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2008-06-03 03:11 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2008-06-03 03:09 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2008-06-03 03:08 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2004-08-04 07:56 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2008-09-03 02:01 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2004-08-04 07:56 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2008-12-30 18:29 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2008-12-30 18:29 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:51 . 2008-12-30 18:30 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:38 . 2008-06-03 02:33 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:33 . 2008-06-03 02:29 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-05-16 02:31 . 2008-06-03 02:28 139264 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:31 . 2008-06-03 02:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-05-16 02:30 . 2008-06-03 02:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:26 . 2008-06-03 03:04 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-05-16 02:24 . 2004-08-04 07:56 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-05-16 01:35 . 2009-02-25 20:32 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 01:34 . 2009-02-25 20:32 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:33 . 2009-02-25 20:30 3158016 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-16 01:05 . 2009-01-03 06:02 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-05-07 15:32 . 2001-08-23 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 17:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-14 1103216]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-06 196608]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

c:\documents and settings\Nick\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-5-4 546816]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Belkin Wireless Network Monitor Utility (USB).lnk - c:\program files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe [2008-10-28 192512]
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"47972:UDP"= 47972:UDP:BitTorrent

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [4/22/2008 9:28 PM 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [4/22/2008 9:27 PM 45056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/25/2008 11:12 PM 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [1/2/2009 6:15 PM 84992]
R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [12/28/2002 12:16 PM 8416]
R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [12/28/2002 12:16 PM 95328]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [4/22/2008 9:27 PM 28672]
S2 gupdate1c98890794b6b46;Google Update Service (gupdate1c98890794b6b46);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2009 2:24 PM 133104]
S2 nlaagcrf;nlaagcrf;c:\windows\system32\drivers\fpqgk.sys --> c:\windows\system32\drivers\fpqgk.sys [?]
S3 SonyPVP1;Sony PTP USB Lower Filter driver;c:\windows\system32\drivers\SonyPVP1.sys [6/19/2009 5:49 PM 6920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Notify-avgrsstarter - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uSearch Bar = hxxp://search.myidentitydefender.com/smallsearch.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://convergysworkathome.com/AppHardT.CAB
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 15:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-515967899-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:81,55,03,81,ec,c7,19,f5,4e,ba,e3,46,35,45,9b,a4,f3,ad,33,e4,47,
3f,91,4d,dc,5e,99,e9,e5,2c,90,27,5f,f9,e6,09,87,0c,74,be,0f,f5,34,3c,69,f5,\
"rkeysecu"=hex:e0,b5,95,4a,da,0f,f5,1f,c0,72,c9,f1,a1,09,9d,ec
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-07-30 16:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 21:00

Pre-Run: 5,265,190,912 bytes free
Post-Run: 6,429,327,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

295 --- E O F --- 2009-07-29 20:47

**Shaba** · 2009-07-31, 06:09

As you don't have HijackThis installed, you can post a fresh DDS log instead

**stonedanimal** · 2009-07-31, 10:27

DDS (Ver_09-06-26.01) - NTFSx86
Run by Nick at 16:05:08.48 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1530 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Nick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ALi5289] c:\program files\uli5289\ALi5289.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
StartupFolder: c:\docume~1\nick\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~2.lnk - c:\program files\belkin corporation\belkin wireless network monitor utility and driver (usb)\BelkinWlanMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\usb f5d7050\wireless utility\Belkinwcui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208918179561
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://convergysworkathome.com/AppHardT.CAB
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2008-4-22 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [2008-4-22 45056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-25 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-1-2 84992]
R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [2002-12-28 8416]
R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [2002-12-28 95328]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2008-4-22 28672]
S2 gupdate1c98890794b6b46;Google Update Service (gupdate1c98890794b6b46);c:\program files\google\update\GoogleUpdate.exe [2009-2-6 133104]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; [x]
S2 nlaagcrf;nlaagcrf;c:\windows\system32\drivers\fpqgk.sys --> c:\windows\system32\drivers\fpqgk.sys [?]
S3 SonyPVP1;Sony PTP USB Lower Filter driver;c:\windows\system32\drivers\SonyPVP1.sys [2009-6-19 6920]

=============== Created Last 30 ================

2009-07-30 15:59 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-30 15:40 <DIR> acdshr-- C:\cmdcons
2009-07-30 15:39 219,648 a------- c:\windows\PEV.exe
2009-07-30 15:39 161,792 a------- c:\windows\SWREG.exe
2009-07-30 15:39 98,816 a------- c:\windows\sed.exe
2009-07-29 19:55 <DIR> --d----- c:\docume~1\nick\applic~1\BitTorrent
2009-07-29 14:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-29 13:10 <DIR> --d----- c:\docume~1\nick\applic~1\Malwarebytes
2009-07-29 02:53 <DIR> --d----- c:\program files\AskBarDis
2009-07-29 01:52 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 01:52 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-29 01:52 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-29 01:52 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 04:23 <DIR> --d----- c:\program files\D-Tools
2009-07-26 03:51 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-07-24 01:36 <DIR> -cd----- C:\EPSON
2009-07-24 00:42 800 a------- c:\windows\hpinfo.lnk
2009-07-24 00:41 376 a------- c:\windows\mozregistry.dat
2009-07-24 00:41 <DIR> --d----- c:\program files\hp deskjet 825c series
2009-07-23 00:58 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-07-22 21:18 <DIR> --d----- c:\windows\system32\Adobe
2009-07-21 17:28 <DIR> --d----- c:\program files\AC3Filter
2009-07-18 15:27 <DIR> --d----- c:\program files\AIM6
2009-07-15 15:55 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-07-15 15:55 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-07-09 12:02 <DIR> --d----- c:\program files\Realtek AC97
2009-07-09 10:42 4,096 a------- c:\windows\system32\crash
2009-07-03 19:32 <DIR> --d----- c:\program files\Alex Feinman
2009-07-01 13:10 <DIR> --dsh--- c:\documents and settings\nick\IECompatCache
2009-06-30 22:53 <DIR> --d----- c:\windows\ie8updates
2009-06-30 22:47 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-30 22:47 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-30 18:44 559,161 ac------ C:\AnalysisLog.sr0
2009-06-30 18:30 2,269,232 a------- c:\windows\prototypef.exe
2009-06-30 18:02 <DIR> --dsh--- c:\windows\ftpcache
2009-06-30 17:54 <DIR> --d----- c:\program files\Activision

==================== Find3M ====================

2009-07-29 18:35 138,832 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-29 18:35 202,024 a------- c:\windows\system32\PnkBstrB.exe
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-02 17:29 119,296 a------- c:\windows\system32\zlib.dll
2009-06-21 11:10 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 20:54 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-06-12 20:54 17,212 a------- c:\windows\system32\SIntf32.dll
2009-06-12 20:54 12,067 a------- c:\windows\system32\SIntf16.dll
2009-06-04 06:37 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-04 06:37 499,712 a------- c:\windows\system32\msvcp71.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 10:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-15 22:39 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-05-15 22:38 335,872 a------- c:\windows\system32\ati2dvag.dll
2009-05-15 22:18 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-05-15 22:17 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-05-15 22:17 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-05-15 22:17 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-05-15 22:17 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-05-15 22:15 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-05-15 22:14 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-05-15 22:07 2,987,136 a------- c:\windows\system32\ati3duag.dll
2009-05-15 21:55 11,423,744 a------- c:\windows\system32\atioglxx.dll
2009-05-15 21:54 2,122,624 a------- c:\windows\system32\ativvaxx.dll
2009-05-15 21:54 887,724 a------- c:\windows\system32\ativva6x.dat
2009-05-15 21:51 311,296 a------- c:\windows\system32\atiiiexx.dll
2009-05-15 21:38 49,664 a------- c:\windows\system32\atimpc32.dll
2009-05-15 21:38 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-05-15 21:33 479,232 a------- c:\windows\system32\atikvmag.dll
2009-05-15 21:31 139,264 a------- c:\windows\system32\atiadlxx.dll
2009-05-15 21:31 17,408 a------- c:\windows\system32\atitvo32.dll
2009-05-15 21:26 376,832 a------- c:\windows\system32\atiok3x2.dll
2009-05-15 21:24 651,264 a------- c:\windows\system32\ati2cqag.dll
2009-05-15 20:35 45,056 a------- c:\windows\system32\aticalrt.dll
2009-05-15 20:34 45,056 a------- c:\windows\system32\aticalcl.dll
2009-05-15 20:33 3,158,016 a------- c:\windows\system32\aticaldd.dll
2009-05-15 20:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-05 14:33 118,784 a------- c:\windows\system32\atibtmon.exe
2009-03-26 17:54 22,328 a------- c:\docume~1\nick\applic~1\PnkBstrK.sys
2008-06-12 02:27 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061220080613\index.dat

============= FINISH: 16:05:19.56 ===============

**stonedanimal** · 2009-07-31, 10:28

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/22/2008 9:12:16 PM
System Uptime: 7/30/2009 3:55:09 PM (1 hours ago)

Motherboard: | | 939Dual-SATA2
Processor: AMD Athlon(tm) 64 Processor 3400+ | CPUSocket | 2200/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 5.998 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP417: 5/11/2009 5:19:25 PM - Avg8 Update
RP418: 5/11/2009 11:29:22 PM - System Checkpoint
RP419: 5/13/2009 12:55:45 PM - Avg8 Update
RP420: 5/14/2009 2:00:17 AM - Software Distribution Service 3.0
RP421: 5/15/2009 2:08:33 AM - System Checkpoint
RP422: 5/17/2009 4:04:51 PM - System Checkpoint
RP423: 5/18/2009 1:59:55 PM - Avg8 Update
RP424: 5/18/2009 2:00:37 PM - Avg8 Update
RP425: 5/19/2009 11:57:19 PM - System Checkpoint
RP426: 5/21/2009 5:06:49 PM - Installed Realtek AC'97 Audio
RP427: 5/22/2009 6:22:30 PM - System Checkpoint
RP428: 5/23/2009 6:27:15 PM - System Checkpoint
RP429: 5/25/2009 2:34:31 AM - System Checkpoint
RP430: 5/25/2009 11:57:58 PM - Removed Ad-Aware
RP431: 5/26/2009 12:04:12 AM - Removed AVG 8.5
RP432: 5/26/2009 12:04:40 AM - Installed AVG 8.5
RP433: 5/26/2009 12:04:59 AM - Removed ISO Recorder
RP434: 5/27/2009 1:45:38 AM - System Checkpoint
RP435: 5/28/2009 3:28:43 PM - Installed Java(TM) 6 Update 13
RP436: 5/28/2009 3:31:58 PM - Installed Java(TM) 6 Update 13
RP437: 5/28/2009 3:33:28 PM - Installed Java(TM) 6 Update 13
RP438: 5/29/2009 11:22:45 PM - System Checkpoint
RP439: 5/30/2009 11:34:53 PM - System Checkpoint
RP440: 6/1/2009 12:53:41 AM - System Checkpoint
RP441: 6/2/2009 1:38:26 AM - System Checkpoint
RP442: 6/3/2009 2:30:23 AM - System Checkpoint
RP443: 6/4/2009 3:31:08 AM - System Checkpoint
RP444: 6/5/2009 4:09:03 AM - System Checkpoint
RP445: 6/7/2009 12:47:45 AM - System Checkpoint
RP446: 6/8/2009 4:37:07 PM - System Checkpoint
RP447: 6/9/2009 11:24:56 PM - System Checkpoint
RP448: 6/10/2009 10:02:18 AM - Software Distribution Service 3.0
RP449: 6/10/2009 10:20:18 AM - Installed Java(TM) 6 Update 14
RP450: 6/11/2009 10:41:47 AM - System Checkpoint
RP451: 6/11/2009 6:36:55 PM - Installed SPORE™
RP452: 6/11/2009 10:31:40 PM - Removed SPORE™
RP453: 6/12/2009 6:10:11 PM - Installed SPORE™ Creature Creator Trial Edition
RP454: 6/12/2009 7:03:22 PM - Configured SPORE™ Creature Creator Trial Edition
RP455: 6/12/2009 9:02:40 PM - Removed Crysis(R).
RP456: 6/12/2009 9:03:48 PM - Removed GameSpy Comrade.
RP457: 6/12/2009 9:32:06 PM - Removed SPORE™ Creature Creator Trial Edition
RP458: 6/13/2009 4:39:44 PM - Installed SPORE™
RP459: 6/14/2009 11:40:07 AM - Installed SPORE™
RP460: 6/16/2009 1:49:11 AM - System Checkpoint
RP461: 6/17/2009 11:48:10 PM - Configured SPORE™
RP462: 6/19/2009 5:53:51 PM - Unsigned driver install
RP463: 6/20/2009 11:27:41 AM - Installed DirectX
RP464: 6/20/2009 11:09:45 PM - Installed Project64 1.6
RP465: 6/21/2009 11:10:22 AM - SPTD setup V1.58
RP466: 6/22/2009 11:22:38 AM - System Checkpoint
RP467: 6/23/2009 11:35:37 AM - System Checkpoint
RP468: 6/24/2009 6:29:21 PM - System Checkpoint
RP469: 6/24/2009 8:09:13 PM - Installed Prototype(TM)
RP470: 6/24/2009 8:17:58 PM - Removed SPORE™
RP471: 6/24/2009 8:26:25 PM - Installed Prototype(TM)
RP472: 6/24/2009 8:33:48 PM - Installed Prototype(TM)
RP473: 6/24/2009 9:00:25 PM - Installed Prototype(TM)
RP474: 6/24/2009 9:01:11 PM - Installed Prototype(TM)
RP475: 6/24/2009 9:15:56 PM - Installed Prototype(TM)
RP476: 6/24/2009 9:21:11 PM - Installed Prototype(TM)
RP477: 6/24/2009 9:34:28 PM - Removed Prototype(TM)
RP478: 6/24/2009 9:37:27 PM - Removed Prototype(TM)
RP479: 6/24/2009 9:38:10 PM - Installed Prototype(TM)
RP480: 6/24/2009 11:49:45 PM - Removed Prototype(TM)
RP481: 6/25/2009 12:17:15 AM - Installed Prototype(TM)
RP482: 6/26/2009 2:40:41 AM - System Checkpoint
RP483: 6/26/2009 1:29:10 PM - Installed Pinnacle Game Profiler
RP484: 6/26/2009 1:41:53 PM - Installed DirectX
RP485: 6/27/2009 1:58:43 PM - System Checkpoint
RP486: 6/27/2009 5:15:23 PM - Configured Prototype(TM)
RP487: 6/28/2009 4:31:23 PM - Removed Steam
RP488: 6/30/2009 4:34:03 AM - Software Distribution Service 3.0
RP489: 6/30/2009 5:42:33 PM - Installed Prototype(TM)
RP490: 6/30/2009 5:54:05 PM - Installed Prototype(TM)
RP491: 6/30/2009 10:52:06 PM - Software Distribution Service 3.0
RP492: 7/3/2009 1:51:02 AM - System Checkpoint
RP493: 7/3/2009 7:32:41 PM - Installed ISO Recorder
RP494: 7/3/2009 10:20:53 PM - Removed Pinnacle Game Profiler
RP495: 7/4/2009 11:08:13 PM - System Checkpoint
RP496: 7/6/2009 12:38:13 AM - System Checkpoint
RP497: 7/7/2009 2:07:17 AM - System Checkpoint
RP498: 7/8/2009 2:17:48 AM - System Checkpoint
RP499: 7/9/2009 4:17:45 AM - System Checkpoint
RP500: 7/9/2009 12:02:25 PM - Installed Realtek AC'97 Audio
RP501: 7/10/2009 2:39:30 PM - System Checkpoint
RP502: 7/11/2009 9:59:11 PM - System Checkpoint
RP503: 7/12/2009 10:19:01 PM - System Checkpoint
RP504: 7/15/2009 4:07:21 PM - Software Distribution Service 3.0
RP505: 7/16/2009 8:53:08 PM - System Checkpoint
RP506: 7/17/2009 10:41:53 PM - System Checkpoint
RP507: 7/19/2009 4:03:51 AM - System Checkpoint
RP508: 7/20/2009 4:18:28 AM - System Checkpoint
RP509: 7/21/2009 4:47:32 AM - System Checkpoint
RP510: 7/27/2009 5:21:55 AM - System Checkpoint
RP511: 7/28/2009 5:22:36 AM - System Checkpoint
RP512: 7/29/2009 6:29:29 AM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
AIM 6
Alarm 2.0.4
ALi mini IDE driver
Apple Software Update
Ask Toolbar
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
AutoUpdate
Belkin Wireless Network Monitor Utility and Driver (USB)
Belkin Wireless USB Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Critical Update for Windows Media Player 11 (KB959772)
Crysis Wars(R)
Crysis Wars(R) Patch
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Download Manager 2.3.7
EA Download Manager
Eusing Free Registry Cleaner
File Splitter and Joiner (FFSJ v3.2)
Free Create-Burn ISO Image v2.0
Google Earth
Google Update Helper
Google Updater
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
hp deskjet 825c series (Remove only)
ImagXpress
IOGEAR Bluetooth Software
ISO Recorder
Java(TM) 6 Update 14
Logitech Gaming Software
Magic ISO Maker v5.5 (build 0276)
MagicDisc 2.6.93
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Xbox 360 Accessories 1.1
MKV Splitter
MSXML 4.0 SP2 (KB954430)
MyIdentityDefender Toolbar (CyberDefender Corporation)
neroxml
Project64 1.6
Prototype(TM)
PunkBuster Services
Realtek AC'97 Audio
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Skins
Sonic Activation Module
Sony PTP USB Driver
Spybot - Search & Destroy
System Requirements Lab
TuxGuitar
ULi AGP Driver
ULi LAN Driver
ULi M5289 SATA Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Veoh Web Player
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

7/30/2009 3:49:14 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
7/30/2009 3:42:03 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
7/29/2009 3:44:14 PM, error: Service Control Manager [7000] - The nlaagcrf service failed to start due to the following error: The system cannot find the file specified.
7/29/2009 2:43:28 PM, error: System Error [1003] - Error code 000000fc, parameter1 f78deb30, parameter2 0abe4163, parameter3 f78dea98, parameter4 00000001.
7/29/2009 2:41:57 PM, error: System Error [1003] - Error code 000000fc, parameter1 f78dab30, parameter2 13058163, parameter3 f78daa98, parameter4 00000001.
7/29/2009 2:06:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips
7/29/2009 2:05:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/29/2009 2:05:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/29/2009 10:43:36 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
7/25/2009 12:07:01 PM, error: m5289 [9] - The device, \Device\Scsi\m52891, did not respond within the timeout period.
7/23/2009 2:46:06 PM, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the path specified.
7/23/2009 12:58:03 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

==== End Of File ===========================

**Shaba** · 2009-07-31, 11:58

Uninstall this:

Ask Toolbar

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
nlaagcrf

Folder::
c:\documents and settings\Nick\Application Data\BitTorrent
c:\program files\AskBarDis
c:\program files\BitTorrent
c:\program files\DNA

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"47972:UDP"=-

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

**stonedanimal** · 2009-07-31, 21:17

ComboFix 09-07-31.01 - Nick 07/31/2009 13:59.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1535 [GMT -5:00]
Running from: c:\documents and settings\Nick\Desktop\FIXERS\ComboFix1.exe
Command switches used :: c:\documents and settings\Nick\Desktop\FIXERS\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nick\Application Data\BitTorrent
c:\documents and settings\Nick\Application Data\BitTorrent\dht.dat
c:\documents and settings\Nick\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Nick\Application Data\BitTorrent\End of Days (1999)- imacRuel1.avi.torrent
c:\documents and settings\Nick\Application Data\BitTorrent\End.Of.Days{AC3-5.1}DvdRip.Dino.avi.torrent
c:\documents and settings\Nick\Application Data\BitTorrent\resume.dat
c:\documents and settings\Nick\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Nick\Application Data\BitTorrent\rss.dat
c:\documents and settings\Nick\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Nick\Application Data\BitTorrent\settings.dat
c:\documents and settings\Nick\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Nick\Application Data\BitTorrent\Terminator Salvation 2009 TeleSync XviD-ExTrAScEnE.torrent
c:\documents and settings\Nick\Application Data\BitTorrent\Terminator.Salvation.DVDSCR.XViD-ANALSHiT.[www.FilmsBT.com].torrent
c:\documents and settings\Nick\Application Data\BitTorrent\Transformers.Revenge.Of.The.Fallen.TS.XviD-FLAWL3SS.torrent
c:\program files\BitTorrent
c:\program files\BitTorrent\12441-bittorrent.159a.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\13235-dna.8955.dmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_nlaagcrf

((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-29 19:50 . 2009-07-30 21:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 19:05 . 2009-07-29 19:05 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2009-07-29 18:10 . 2009-07-29 18:10 -------- d-----w- c:\documents and settings\Nick\Application Data\Malwarebytes
2009-07-29 06:52 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-29 06:52 . 2009-07-29 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-29 06:52 . 2009-07-29 06:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-29 06:52 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 09:23 . 2009-07-27 09:23 -------- d-----w- c:\program files\D-Tools
2009-07-26 08:51 . 2009-07-26 08:57 -------- dc----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-24 06:36 . 2009-07-24 06:36 -------- dc----w- C:\EPSON
2009-07-24 05:41 . 2009-07-24 05:41 376 ----a-w- c:\windows\mozregistry.dat
2009-07-24 05:41 . 2009-07-24 05:42 -------- d-----w- c:\program files\hp deskjet 825c series
2009-07-24 05:41 . 2009-07-24 05:41 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-23 05:58 . 2009-03-31 13:08 2789480 -c--a-w- c:\documents and settings\All Users\Application Data\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}\CrysisWars_patch5.exe
2009-07-23 05:58 . 2009-07-23 05:58 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2009-07-23 02:18 . 2009-07-23 02:18 -------- d-----w- c:\windows\system32\Adobe
2009-07-22 23:19 . 2009-07-22 23:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-21 22:28 . 2009-07-21 22:28 -------- d-----w- c:\program files\AC3Filter
2009-07-19 05:07 . 2009-07-19 05:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-07-19 05:07 . 2009-07-19 05:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-18 20:28 . 2009-07-18 20:28 -------- d-----w- c:\documents and settings\Nick\Application Data\acccore
2009-07-18 20:28 . 2009-07-18 20:28 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\AOL OCP
2009-07-18 20:27 . 2009-07-18 20:28 -------- d-----w- c:\program files\AIM6
2009-07-15 20:55 . 2008-04-13 17:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-07-15 20:55 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-07-09 17:02 . 2009-07-09 17:02 -------- d-----w- c:\program files\Realtek AC97
2009-07-04 00:33 . 2009-07-04 00:33 3638 ----a-r- c:\documents and settings\Nick\Application Data\Microsoft\Installer\{DFC6573E-124D-4026-BFA4-B433C9D3FF21}\_2cd672ae.exe
2009-07-04 00:32 . 2009-07-04 00:32 -------- d-----w- c:\program files\Alex Feinman

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 13:11 . 2008-04-29 15:07 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-30 21:25 . 2008-12-16 08:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-29 23:35 . 2008-10-22 22:12 138832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-29 23:35 . 2008-10-22 22:12 202024 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-26 08:00 . 2009-03-26 22:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2009-07-23 19:42 . 2008-04-29 15:07 -------- d-----w- c:\program files\Google
2009-07-23 19:41 . 2008-12-16 08:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-22 21:18 . 2008-12-01 21:51 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-21 22:08 . 2008-05-06 05:15 -------- d-----w- c:\program files\DivX
2009-07-21 22:08 . 2009-04-05 06:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-21 21:55 . 2008-04-23 03:19 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-18 20:27 . 2008-04-26 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-18 20:27 . 2008-04-26 04:12 -------- d-----w- c:\program files\Common Files\AOL
2009-07-17 01:09 . 2008-04-23 03:19 -------- d-----w- c:\program files\World of Warcraft
2009-07-04 19:44 . 2009-06-30 22:54 -------- d-----w- c:\program files\Activision
2009-07-03 17:09 . 2001-08-23 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 22:29 . 2009-01-15 06:54 119296 ----a-w- c:\windows\system32\zlib.dll
2009-06-30 23:37 . 2009-06-30 23:30 2269232 ----a-w- c:\windows\prototypef.exe
2009-06-30 23:01 . 2008-04-23 02:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 23:54 . 2008-10-29 18:33 -------- d-----w- c:\documents and settings\Nick\Application Data\IGN_DLM
2009-06-27 21:59 . 2009-06-21 19:35 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-26 18:41 . 2009-06-26 18:41 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-06-24 22:29 . 2009-06-24 22:29 -------- d-----w- c:\program files\Free Create-Burn ISO Image
2009-06-22 18:50 . 2009-06-21 04:09 -------- d-----w- c:\program files\Project64 1.6
2009-06-21 19:36 . 2009-06-21 19:35 -------- d-----w- c:\documents and settings\Nick\Application Data\DAEMON Tools Lite
2009-06-21 19:36 . 2008-05-04 15:16 -------- d-----w- c:\documents and settings\Nick\Application Data\DAEMON Tools
2009-06-21 19:35 . 2009-06-21 19:35 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-06-21 16:18 . 2009-06-21 16:18 -------- d-----w- c:\program files\MagicISO
2009-06-21 16:14 . 2009-06-21 16:13 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-06-21 16:13 . 2009-06-21 16:13 -------- dc----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-06-21 16:10 . 2008-05-04 15:16 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-21 16:10 . 2009-06-21 16:10 -------- d-----w- c:\documents and settings\Nick\Application Data\DAEMON Tools Pro
2009-06-21 04:09 . 2009-06-21 04:09 8854 ----a-r- c:\documents and settings\Nick\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-06-21 04:09 . 2009-06-21 04:09 40960 ----a-r- c:\documents and settings\Nick\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-06-21 04:09 . 2009-06-21 04:09 40960 ----a-r- c:\documents and settings\Nick\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-06-20 18:16 . 2009-06-20 18:16 -------- d-----w- c:\program files\Common Files\DirectX
2009-06-18 05:54 . 2009-06-14 16:48 -------- d-----w- c:\documents and settings\Nick\Application Data\SPORE
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 19:29 . 2009-06-13 19:29 -------- d-----w- c:\program files\Download Manager
2009-06-13 01:54 . 2009-06-13 01:54 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-06-13 01:54 . 2009-06-13 01:54 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-06-13 01:54 . 2009-06-13 01:54 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-06-13 01:07 . 2009-06-12 23:10 -------- d-----w- c:\documents and settings\Nick\Application Data\SPORE Creature Creator
2009-06-13 00:56 . 2009-04-10 02:47 -------- d-----w- c:\program files\Little Big Adventure 2
2009-06-12 23:10 . 2009-01-03 09:51 -------- d-----w- c:\program files\Electronic Arts
2009-06-10 15:20 . 2009-05-28 20:33 -------- d-----w- c:\program files\Java
2009-06-10 15:20 . 2009-06-10 15:20 152576 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 11:37 . 2009-06-04 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-04 11:37 . 2009-06-04 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-03 19:09 . 2008-04-23 02:29 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 03:35 . 2009-05-30 03:35 1915520 ----a-w- c:\documents and settings\Nick\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-28 20:33 . 2009-04-01 07:11 152576 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-21 15:33 . 2008-12-01 19:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 03:58 . 2004-08-04 05:29 4069888 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-05-16 03:39 . 2008-12-30 18:29 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:38 . 2004-08-04 07:56 335872 ----a-w- c:\windows\system32\ati2dvag.dll
2009-05-16 03:18 . 2008-06-03 03:11 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:17 . 2008-06-03 03:11 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:17 . 2008-06-03 03:11 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-05-16 03:17 . 2008-06-03 03:11 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:17 . 2008-06-03 03:11 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-05-16 03:15 . 2008-06-03 03:09 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-05-16 03:14 . 2008-06-03 03:08 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-05-16 03:07 . 2004-08-04 07:56 2987136 ----a-w- c:\windows\system32\ati3duag.dll
2009-05-16 02:55 . 2008-09-03 02:01 11423744 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:54 . 2004-08-04 07:56 2122624 ----a-w- c:\windows\system32\ativvaxx.dll
2009-05-16 02:54 . 2008-12-30 18:29 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-05-16 02:54 . 2008-12-30 18:29 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-05-16 02:51 . 2008-12-30 18:30 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-05-16 02:38 . 2009-05-16 02:38 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:38 . 2008-06-03 02:33 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:33 . 2008-06-03 02:29 479232 ----a-w- c:\windows\system32\atikvmag.dll
2009-05-16 02:31 . 2008-06-03 02:28 139264 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:31 . 2008-06-03 02:28 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-05-16 02:30 . 2008-06-03 02:27 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:26 . 2008-06-03 03:04 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-05-16 02:24 . 2004-08-04 07:56 651264 ----a-w- c:\windows\system32\ati2cqag.dll
2009-05-16 01:35 . 2009-02-25 20:32 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 01:34 . 2009-02-25 20:32 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:33 . 2009-02-25 20:30 3158016 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-16 01:05 . 2009-01-03 06:02 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-05-07 15:32 . 2001-08-23 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:33 . 2009-05-05 19:33 118784 ----a-w- c:\windows\system32\atibtmon.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-07-30_20.56.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-31 19:06 . 2009-07-31 19:06 16384 c:\windows\Temp\Perflib_Perfdata_844.dat
+ 2001-08-23 12:00 . 2009-07-30 21:00 71206 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-07-30 20:58 71206 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-07-30 21:00 441014 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-07-30 20:58 441014 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-05-19 3561720]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-14 1103216]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-06 196608]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

c:\documents and settings\Nick\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-5-4 546816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Network Monitor Utility (USB).lnk - c:\program files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver (USB)\BelkinWlanMonitor.exe [2008-10-28 192512]
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [4/22/2008 9:28 PM 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [4/22/2008 9:27 PM 45056]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/25/2008 11:12 PM 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [1/2/2009 6:15 PM 84992]
R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [12/28/2002 12:16 PM 8416]
R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [12/28/2002 12:16 PM 95328]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [4/22/2008 9:27 PM 28672]
S2 gupdate1c98890794b6b46;Google Update Service (gupdate1c98890794b6b46);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2009 2:24 PM 133104]
S3 SonyPVP1;Sony PTP USB Lower Filter driver;c:\windows\system32\drivers\SonyPVP1.sys [6/19/2009 5:49 PM 6920]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-26 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2009-03-26 22:53]

2009-07-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-29 00:43]

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 19:23]

2009-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://convergysworkathome.com/AppHardT.CAB
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 14:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-515967899-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:81,55,03,81,ec,c7,19,f5,4e,ba,e3,46,35,45,9b,a4,f3,ad,33,e4,47,
3f,91,4d,dc,5e,99,e9,e5,2c,90,27,5f,f9,e6,09,87,0c,74,be,0f,f5,34,3c,69,f5,\
"rkeysecu"=hex:e0,b5,95,4a,da,0f,f5,1f,c0,72,c9,f1,a1,09,9d,ec
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-07-31 14:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 19:11
ComboFix2.txt 2009-07-30 21:01

Pre-Run: 6,302,711,808 bytes free
Post-Run: 6,246,526,976 bytes free

302 --- E O F --- 2009-07-29 20:47

Thread: my IE explorer has been hijacked. accidently deleted spybot and cant get it back.

Thread Tools

Display

this is from that combofix thing

Tags for this Thread

Posting Permissions