spybot wont start

[brian480]

here are the results

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 1, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 01, 2009 14:54:12
Records in database: 2735799
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 60125
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:55:13


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Program Files\SGPSA\BHO.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.ifr 1
C:\WINDOWS\Downloaded Installations\{CA96CAAA-F816-4CB5-9676-6A3FCCB81468}\Spycheck Antispyware.msi Infected: not-a-virus:FraudTool.Win32.FastAntiSpyware.a 1

Selected area has been scanned.



ComboFix 09-08-31.03 - ALLEN 09/01/2009 13:26.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.546 [GMT 1:00]
Running from: c:\documents and settings\change me\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.text
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-09-01 10:36 . 2009-09-01 10:36 -------- d-----w- c:\program files\Trend Micro
2009-08-31 20:10 . 2009-08-31 20:10 117760 ----a-w- c:\documents and settings\change me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-31 20:08 . 2009-09-01 12:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\documents and settings\change me\Application Data\SUPERAntiSpyware.com
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\SUPERAntiSpyware.com
2009-08-31 20:08 . 2009-08-31 20:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-31 18:20 . 2009-08-31 18:20 9830 ----a-w- C:\exefix.reg
2009-08-31 17:42 . 2009-08-31 17:42 -------- d-----w- c:\program files\Windows Defender
2009-08-31 17:10 . 2009-08-31 17:10 -------- d-----w- c:\documents and settings\admin\Application Data\Yahoo!
2009-08-31 17:04 . 2009-08-31 17:04 -------- d-sh--w- c:\documents and settings\admin\PrivacIE
2009-08-31 17:03 . 2009-08-31 17:03 19576 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 17:03 . 2009-08-31 17:03 -------- d-sh--w- c:\documents and settings\admin\IETldCache
2009-08-31 17:00 . 2009-08-31 17:04 -------- d-----w- c:\documents and settings\admin
2009-08-31 14:17 . 2009-08-31 14:17 -------- d-----w- c:\program files\Windows X
2009-08-31 14:15 . 2009-08-31 14:35 -------- d-----w- c:\program files\a-squared Free
2009-08-31 13:21 . 2009-08-31 13:21 -------- d-----w- c:\documents and settings\change me\Local Settings\Application Data\Runscanner.net
2009-08-31 13:13 . 2009-08-31 13:13 -------- d-----w- c:\program files\ESET
2009-08-31 13:02 . 2009-08-31 13:02 65536 ----a-r- c:\documents and settings\change me\Application Data\Microsoft\Installer\{A6F4DE62-BA95-45B5-B27D-39E5ABB4E77D}\NewShortcut1_6D307F405A8B42488CCA5C8E4FA8753B.exe
2009-08-31 13:02 . 2009-08-31 13:02 10134 ----a-r- c:\documents and settings\change me\Application Data\Microsoft\Installer\{A6F4DE62-BA95-45B5-B27D-39E5ABB4E77D}\ARPPRODUCTICON.exe
2009-08-31 13:02 . 2009-08-31 13:02 -------- d-----w- c:\program files\Hydra Networks
2009-08-31 13:02 . 2009-08-31 14:17 -------- d-----w- c:\windows\Downloaded Installations
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec(2)(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee(4)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec(4)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Real(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HiddenSecretsNightmare(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU(3)
2009-08-31 12:31 . 2009-08-31 12:31 -------- d--h--w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}(3)
2009-08-31 11:32 . 2009-08-31 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee(2)
2009-08-31 10:36 . 2009-08-31 12:25 -------- d-----w- c:\program files\Exterminate It!
2009-08-31 09:03 . 2009-08-31 09:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
2009-08-31 08:49 . 2009-08-31 08:59 -------- d-----w- c:\program files\EsetOnlineScanner
2009-08-31 08:41 . 2009-08-31 08:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-31 08:03 . 2009-08-31 08:31 -------- d-----w- c:\windows\BDOSCAN8
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\documents and settings\change me\Application Data\PlayFirst
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-08-30 18:02 . 2009-08-30 18:02 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\PlayFirst
2009-08-30 17:40 . 2009-08-30 17:40 -------- d-----w- c:\program files\The Mystery of the Mary Celeste
2009-08-30 17:40 . 2009-08-30 17:40 -------- d-----w- c:\windows\The Mystery of the Mary Celeste
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\documents and settings\change me\Application Data\Malwarebytes
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Malwarebytes
2009-08-30 05:43 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-30 05:43 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-30 05:43 . 2009-08-30 05:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 04:50 . 2009-06-10 21:11 342016 ------w- c:\windows\system32\MC14.exe
2009-08-30 04:50 . 2009-05-12 18:13 585728 ------w- c:\windows\system32\AReadyLB.dll
2009-08-30 04:50 . 2009-05-12 18:13 53248 ------w- c:\windows\system32\BBInstaller.exe
2009-08-30 04:50 . 2009-05-12 18:13 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
2009-08-30 04:50 . 2009-08-30 04:50 -------- d-----w- c:\program files\J River
2009-08-30 04:49 . 2009-08-30 04:50 -------- d-----w- c:\documents and settings\change me\Application Data\J River
2009-08-30 04:49 . 2009-08-30 04:50 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\J River
2009-08-29 17:16 . 2009-08-29 17:16 -------- d-----w- c:\documents and settings\change me\Application Data\GlarySoft
2009-08-29 17:16 . 2009-08-29 17:16 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\GlarySoft
2009-08-29 17:14 . 2009-08-29 17:14 -------- d-----w- c:\program files\Glary Utilities
2009-08-29 17:01 . 2009-08-29 17:01 -------- d-----w- c:\documents and settings\change me\Application Data\DAEMON Tools Pro
2009-08-29 17:01 . 2009-08-29 17:01 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\DAEMON Tools Pro
2009-08-29 16:51 . 2009-08-29 16:51 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-29 15:55 . 2009-08-29 15:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-29 12:48 . 2009-08-29 12:48 4141117 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2009-08-29 12:48 . 2009-08-29 12:48 6516755 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-08-29 12:44 . 2009-08-29 12:44 15884 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\azitunes\libProcessAccess.dll
2009-08-29 12:44 . 2009-08-29 12:44 102400 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll
2009-08-28 16:30 . 2009-08-28 19:06 -------- d-----w- c:\program files\Common Files\Real
2009-08-28 14:21 . 2009-08-28 14:21 -------- d-----w- c:\documents and settings\change me\Application Data\TuneUp Software
2009-08-28 14:21 . 2009-08-28 14:21 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\TuneUp Software
2009-08-28 13:43 . 2009-08-28 13:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-28 13:43 . 2009-08-28 13:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-08-28 12:44 . 2009-08-28 12:57 -------- d-----w- c:\documents and settings\change me\Application Data\Smart PC Solutions
2009-08-28 12:44 . 2009-08-28 12:57 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Smart PC Solutions
2009-08-28 05:09 . 2009-08-28 05:09 10684866 ----a-w- c:\documents and settings\change me\Application Data\Azureus\plugins\azump\mplayer.exe
2009-08-27 17:34 . 2009-08-27 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-08-27 17:34 . 2009-08-31 12:04 -------- d-----w- c:\documents and settings\change me\Application Data\Azureus
2009-08-27 17:34 . 2009-08-31 12:04 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Azureus
2009-08-27 17:34 . 2009-09-01 10:32 -------- d-----w- c:\program files\Vuze
2009-08-27 11:37 . 2009-08-31 11:09 -------- d-----w- c:\documents and settings\change me\.housecall6.6
2009-08-26 23:23 . 2009-08-27 00:07 -------- d-----w- c:\documents and settings\change me\Application Data\.ABC
2009-08-26 23:23 . 2009-08-27 00:07 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\.ABC
2009-08-26 15:46 . 2009-08-31 13:03 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-26 08:50 . 2009-08-26 08:50 -------- d-----w- c:\program files\Xilisoft
2009-08-25 09:10 . 2009-08-25 09:10 -------- d-----w- c:\documents and settings\change me\Application Data\Ahead
2009-08-25 09:10 . 2009-08-25 09:10 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Ahead
2009-08-25 08:54 . 2003-10-08 09:51 1298432 ----a-w- c:\windows\UNNMP.exe
2009-08-25 08:54 . 2003-10-08 09:51 1298432 ----a-w- c:\windows\UNNMP(3).exe
2009-08-25 08:54 . 2003-10-08 09:51 1298432 ----a-w- c:\windows\UNNMP(2).exe
2009-08-25 08:44 . 2009-08-25 15:09 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-25 07:57 . 2009-08-25 07:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-25 07:57 . 2009-08-25 07:57 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-25 07:57 . 2009-08-25 07:57 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-25 07:57 . 2009-08-25 07:57 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 07:56 . 2009-09-01 08:05 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-25 07:56 . 2009-08-25 07:56 -------- d-----w- c:\program files\AVG
2009-08-25 07:55 . 2009-09-01 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-25 07:46 . 2009-08-25 07:46 -------- d-----w- c:\documents and settings\change me\Application Data\AVG8
2009-08-25 07:46 . 2009-08-25 07:46 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\AVG8
2009-08-24 07:58 . 2009-08-24 08:02 47360 ----a-w- c:\documents and settings\change me\Application Data\pcouffin.sys
2009-08-24 07:58 . 2009-08-24 07:58 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-24 07:58 . 2009-08-24 08:02 -------- d-----w- c:\documents and settings\change me\Application Data\Vso
2009-08-24 07:58 . 2009-08-24 08:02 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Vso
2009-08-23 07:00 . 2009-08-23 07:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-23 06:52 . 2009-08-23 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2009-08-23 06:52 . 2008-08-06 01:50 606208 ----a-w- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\bin\setupresENU.dll
2009-08-23 06:52 . 2008-08-05 13:42 4717040 ----a-w- c:\documents and settings\All Users\Application Data\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\setup.exe
2009-08-23 06:43 . 2009-08-23 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-08-23 06:37 . 2009-08-23 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-22 19:45 . 2009-08-22 19:45 -------- d-----w- c:\documents and settings\change me\Application Data\Azuaz Games
2009-08-22 19:45 . 2009-08-22 19:45 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Azuaz Games
2009-08-22 19:36 . 2009-08-22 19:36 -------- d-----w- c:\program files\GameTop.com
2009-08-22 06:25 . 2009-08-22 06:25 -------- d-----w- c:\program files\Defraggler
2009-08-21 16:58 . 2009-08-21 16:58 -------- d-----w- c:\program files\CCleaner
2009-08-21 09:12 . 2001-08-17 12:48 12160 -c----w- c:\windows\system32\dllcache\mouhid.sys
2009-08-21 09:12 . 2001-08-17 12:48 12160 ------w- c:\windows\system32\drivers\mouhid.sys
2009-08-20 06:51 . 2009-08-20 06:51 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-20 06:51 . 2009-08-20 06:51 -------- d-----w- C:\4fff99b4a3a7072f67382f9eaf43c24f
2009-08-17 08:17 . 2009-08-29 13:02 -------- d-----w- c:\program files\VS Revo Group
2009-08-16 11:00 . 2009-08-16 11:00 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Avanquest
2009-08-15 12:44 . 2009-08-15 12:45 -------- d--h--w- c:\windows\ie8
2009-08-15 11:12 . 2009-08-15 12:44 -------- dc----w- c:\windows\ie8(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 11:07 . 2009-06-27 09:59 -------- d-----w- c:\program files\DNA
2009-09-01 11:06 . 2009-06-27 09:59 -------- d-----w- c:\documents and settings\change me\Application Data\DNA
2009-09-01 11:06 . 2009-06-27 09:59 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\DNA
2009-08-31 15:26 . 2009-06-14 07:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec(2)
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HiddenSecretsNightmare
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-08-31 12:42 . 2009-08-31 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-08-31 12:42 . 2009-08-31 12:42 -------- d--h--w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-08-30 08:20 . 2009-07-28 16:20 -------- d-----w- c:\program files\MpcStar
2009-08-29 18:30 . 2009-06-09 11:37 -------- d-----w- c:\program files\Yahoo!
2009-08-28 17:10 . 2009-06-09 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-28 17:10 . 2009-06-09 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-28 14:21 . 2009-06-28 22:49 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-28 13:19 . 2009-07-16 10:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-27 00:31 . 2009-05-30 14:41 19576 -c--a-w- c:\documents and settings\change me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 08:02 . 2009-08-24 07:58 47360 ----a-w- c:\docume~1\CHANGE~1\APPLIC~1\pcouffin.sys
2009-08-23 14:56 . 2009-07-21 09:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-23 12:26 . 2009-07-14 15:15 1034056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-23 06:52 . 2009-06-09 11:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-23 06:39 . 2009-06-09 11:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-21 16:49 . 2009-06-14 19:00 411368 -c----w- c:\windows\system32\deploytk.dll
2009-08-17 09:55 . 2009-06-21 09:47 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-17 08:29 . 2009-06-09 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-15 22:04 . 2009-06-23 14:31 -------- d-----w- c:\program files\Lx_cats
2009-08-15 20:33 . 2009-06-14 07:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 09:06 . 2009-07-08 15:26 -------- d-----w- c:\program files\Intel
2009-08-15 07:42 . 2009-07-25 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\page
2009-08-13 14:44 . 2009-07-14 09:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-11 15:00 . 2009-08-11 15:00 0 ------w- c:\windows\system32\drivers\Msft_User_M4iPodWPDDriver_01_07_00.Wdf
2009-08-11 15:00 . 2009-08-11 15:00 0 ------w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-08-09 20:02 . 2009-06-09 11:42 -------- d-----w- c:\documents and settings\change me\Application Data\Motive
2009-08-09 20:02 . 2009-06-09 11:42 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Motive
2009-08-09 09:10 . 2009-06-10 06:36 -------- d-----w- c:\documents and settings\change me\Application Data\Media Player Classic
2009-08-09 09:10 . 2009-06-10 06:36 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Media Player Classic
2009-08-07 10:40 . 2009-07-07 16:34 -------- d-----w- c:\program files\Microsoft.NET
2009-08-05 09:47 . 2009-07-28 16:27 -------- d-----w- c:\documents and settings\change me\Application Data\CometNetwork
2009-08-05 09:47 . 2009-07-28 16:27 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\CometNetwork
2009-08-05 09:01 . 2004-08-04 12:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-05 07:48 . 2009-06-09 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-02 20:07 . 2009-06-09 20:24 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-02 15:50 . 2009-08-31 17:00 38208 ----a-w- c:\documents and settings\admin\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-08-02 10:04 . 2009-08-01 10:50 239 ----a-w- c:\windows\PowerReg.dat
2009-07-28 16:35 . 2009-07-28 16:22 -------- d-----w- c:\documents and settings\change me\Application Data\TigerPlayer
2009-07-28 16:35 . 2009-07-28 16:22 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\TigerPlayer
2009-07-28 16:27 . 2009-07-28 16:27 0 ----a-w- c:\windows\nsreg.dat
2009-07-28 09:20 . 2009-07-28 08:47 -------- d-----w- c:\program files\ffdshow
2009-07-28 08:57 . 2009-06-12 07:18 -------- d-----w- c:\program files\SourceTec
2009-07-26 09:26 . 2009-07-14 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-26 07:55 . 2009-07-26 07:55 3888 ------w- c:\windows\system32\drivers\NTHANDLE.SYS
2009-07-24 09:22 . 2009-07-24 09:22 -------- d-----w- c:\program files\Search Guard Plus
2009-07-24 06:50 . 2009-07-21 10:46 -------- d-----w- c:\program files\iolo
2009-07-24 06:50 . 2009-07-21 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-07-21 13:28 . 2009-07-20 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2009-07-21 13:28 . 2009-07-20 14:51 -------- d-----w- c:\documents and settings\change me\Application Data\Systweak
2009-07-21 13:28 . 2009-07-20 14:51 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Systweak
2009-07-21 11:05 . 2009-07-21 00:21 518 ----a-w- c:\documents and settings\change me\Application Data\iolo\Registry\Last\restore.bat
2009-07-21 00:19 . 2009-07-21 00:19 1531 ----a-w- c:\documents and settings\change me\Application Data\iolo\restore.bat
2009-07-21 00:13 . 2009-07-21 00:01 -------- d-----w- c:\documents and settings\change me\Application Data\iolo
2009-07-21 00:13 . 2009-07-21 00:01 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\iolo
2009-07-21 00:06 . 2009-07-21 00:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-07-21 00:02 . 2009-07-21 00:02 74703 ------w- c:\windows\system32\mfc45.dll
2009-07-20 20:59 . 2004-08-04 12:00 182656 -c----w- c:\windows\system32\drivers\ndis.sys
2009-07-20 18:20 . 2009-07-20 18:20 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-07-20 18:20 . 2009-06-09 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-20 15:08 . 2009-07-20 15:06 30996544 ----a-w- c:\documents and settings\change me\Application Data\Systweak\ASO 2\UpdateASPnew.exe
2009-07-19 18:17 . 2009-07-19 18:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\agi
2009-07-19 18:15 . 2009-07-19 18:15 339968 ------w- c:\windows\system32\pythoncom25.dll
2009-07-19 18:15 . 2009-07-19 18:15 114688 ------w- c:\windows\system32\pywintypes25.dll
2009-07-19 18:15 . 2009-07-19 18:15 2117632 ------w- c:\windows\system32\python25.dll
2009-07-17 19:23 . 2009-07-17 19:23 -------- d-----w- c:\documents and settings\change me\Application Data\Windows Live Writer
2009-07-17 19:23 . 2009-07-17 19:23 -------- d-----w- c:\docume~1\CHANGE~1\APPLIC~1\Windows Live Writer
2009-07-17 19:22 . 2009-06-09 18:40 -------- d-----w- c:\program files\Windows Live
2009-07-17 19:21 . 2009-07-17 19:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-17 19:01 . 2004-08-04 12:00 58880 ------w- c:\windows\system32\atl.dll
2009-07-17 17:58 . 2009-07-17 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-07-17 09:56 . 2009-06-12 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-16 13:17 . 2009-07-06 18:18 1474832 ------w- c:\windows\system32\drivers\sfi.dat
2009-07-14 14:41 . 2009-07-14 13:55 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-14 14:03 . 2009-07-14 14:03 -------- d-----w- c:\program files\MSXML 6.0
2009-07-14 13:53 . 2009-07-14 13:53 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2009-07-14 13:51 . 2009-07-14 13:51 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-07-14 08:21 . 2009-07-14 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-07-13 22:43 . 2007-12-31 10:31 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-13 13:22 . 2009-07-13 13:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-11 17:24 . 2009-06-09 11:36 -------- d-----w- c:\program files\Common Files\Motive
2009-07-09 10:37 . 2009-07-09 10:37 -------- d-----w- c:\program files\Microsoft SDKs
2009-07-08 14:48 . 2009-07-08 14:48 23600 ------w- c:\windows\system32\drivers\TVICHW32.SYS
2009-07-08 14:28 . 2009-07-08 14:28 -------- d-----w- c:\program files\Intel Corporation
2009-07-08 13:50 . 2009-07-08 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-07-08 13:50 . 2009-07-08 13:50 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-07-06 03:40 . 2009-08-15 09:04 2838454 ----a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2009-07-06 03:40 . 2009-08-15 09:04 2838454 ----a-w- c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}(3)\speedupmypc2009.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-25 2007832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 07:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Search Protection"=c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25766:TCP"= 25766:TCP:BitComet 25766 TCP
"25766:UDP"= 25766:UDP:BitComet 25766 UDP
"65535:TCP"= 65535:TCP:BitComet 65535 TCP
"65535:UDP"= 65535:UDP:BitComet 65535 UDP
"12863:TCP"= 12863:TCP:BitComet 12863 TCP
"12863:UDP"= 12863:UDP:BitComet 12863 UDP
"20422:TCP"= 20422:TCP:BitComet 20422 TCP
"20422:UDP"= 20422:UDP:BitComet 20422 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/25/2009 08:57 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/25/2009 08:57 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 16:06 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/25/2009 08:56 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/25/2009 08:56 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [7/17/2009 20:22 55152]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R3 CAM1690;USB 2.0 Compliance JPEG Video Camera;c:\windows\system32\drivers\cam1690.sys [4/10/2008 11:31 177280]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [6/23/2009 16:07 99248]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 19:19 13592]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [7/28/2009 15:17 16512]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [8/10/2009 07:03 42432]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 18:08 533360]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/4/2004 13:00 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 16:06 7408]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 01:28 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 03:23 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-29 15:09]

2009-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-436374069-725345543-1003Core.job
- c:\documents and settings\change me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-10 07:33]

2009-09-01 c:\windows\Tasks\User_Feed_Synchronization-{C696E61C-6D6E-4E34-97DF-FF9D5594657B}.job
- c:\windows\system32\msfeedssync.exe [2007-12-31 03:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.bt.yahoo.com/
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com
LSP: c:\windows\system32\SecureNet.dll
Trusted Zone: motive.com\pbttbc.bt
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 13:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,84,93,df,33,82,70,46,8e,9b,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8d,84,93,df,33,82,70,46,8e,9b,18,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-01 13:35
ComboFix-quarantined-files.txt 2009-09-01 12:35
ComboFix2.txt 2009-09-01 07:17

Pre-Run: 102,125,826,048 bytes free
Post-Run: 102,122,090,496 bytes free

394 --- E O F --- 2009-09-01 06:47



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:25, on 9/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe

--
End of file - 8440 bytes

[Bio-Hazard]

Hello!

Do NOT attach the logs, please post them even if it takes several posts to make.

Remove programs

• Click Start
• Go to Control Panel
• Go to Add/Remove Programs
• Find and click Remove for the following (if present):
  
  Spycheck Antispyware

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.



Remove HijackThis entries

• Run HijackThis
• Click on the Scan button
• Put a check beside all of the items listed below (if present):
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} -
  
• Close all open windows and browsers/email etc...
• Click on the Fix Checked button
• When completed close the application.

Back Up registry with ERUNT

• Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
• Click on the erunt-setup.exe
• Follow the prompts to install ERUNT
• Choose language
• A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO
  
  
  
• Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe




Download and run OTM

Download OTM by Old Timer and save it to your Desktop.

• Double-click OTM.exe to run it.
• Paste the following code under the area. Do not include the word Code.

Code:

:Files
C:\exefix.reg
c:\program files\DNA
c:\documents and settings\Administrator\Application Data\DNA
c:\documents and settings\change me\Application Data\Azureus
c:\documents and settings\All Users\Application Data\Azureus
c:\docume~1\CHANGE~1\APPLIC~1\Azureus
c:\program files\Vuze
c:\program files\Exterminate It!
c:\documents and settings\change me\Application Data\Smart PC Solutions
c:\docume~1\CHANGE~1\APPLIC~1\Smart PC Solutions
c:\documents and settings\change me\Application Data\.ABC
c:\docume~1\CHANGE~1\APPLIC~1\.ABC
C:\WINDOWS\Downloaded Installations\{CA96CAAA-F816-4CB5-9676-6A3FCCB81468}\Spycheck Antispyware.msi

:Reg
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Vuze\\Azureus.exe"=-
"c:\\Program Files\\DNA\\btdna.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25766:TCP"=-
"25766:UDP"=-
"65535:TCP"=-
"65535:UDP"=-
"12863:TCP"=-
"12863:UDP"=-
"20422:TCP"=-
"20422:UDP"=-

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Alternate download link 1
  Alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  
  • Make sure the Perform Full Scan option is selected.
  • Then click on the Scan button.
  
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and Scan in progress will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say The scan completed successfully. Click 'Show Results' to display all objects found.
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

• Malwarebytes Antimalware log
• OTM Log
• A fresh HijackThis Log ( after all the above has been done)
• A description of how your computer is behaving

[brian480]

Malwarebytes' Anti-Malware 1.40
Database version: 2726
Windows 5.1.2600 Service Pack 3

9/1/2009 19:21:38
mbam-log-2009-09-01 (19-21-38).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 162441
Time elapsed: 47 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
All processes killed
========== FILES ==========
C:\exefix.reg moved successfully.
c:\program files\DNA\plugins moved successfully.
c:\program files\DNA moved successfully.
c:\documents and settings\Administrator\Application Data\DNA moved successfully.
c:\documents and settings\change me\Application Data\Azureus\torrents moved successfully.
c:\documents and settings\change me\Application Data\Azureus\tmp moved successfully.
c:\documents and settings\change me\Application Data\Azureus\subs moved successfully.
c:\documents and settings\change me\Application Data\Azureus\shares moved successfully.
c:\documents and settings\change me\Application Data\Azureus\plugins\vuzexcode\tmp moved successfully.
c:\documents and settings\change me\Application Data\Azureus\plugins\vuzexcode\profiles moved successfully.
c:\documents and settings\change me\Application Data\Azureus\plugins\vuzexcode moved successfully.
c:\documents and settings\change me\Application Data\Azureus\plugins\azupnpav moved successfully.
c:\documents and settings\change me\Application Data\Azureus\plugins\azump\mplayer moved successfully.
c:\documents and settings\change me\Application Data\Azureus\plugins\azump moved successfully.
c:\documents and settings\change me\Application Data\Azureus\plugins\azitunes moved successfully.
c:\documents and settings\change me\Application Data\Azureus\plugins moved successfully.
c:\documents and settings\change me\Application Data\Azureus\net moved successfully.
c:\documents and settings\change me\Application Data\Azureus\media\azpd moved successfully.
c:\documents and settings\change me\Application Data\Azureus\media moved successfully.
c:\documents and settings\change me\Application Data\Azureus\logs\save moved successfully.
c:\documents and settings\change me\Application Data\Azureus\logs moved successfully.
c:\documents and settings\change me\Application Data\Azureus\dht moved successfully.
c:\documents and settings\change me\Application Data\Azureus\devices moved successfully.
c:\documents and settings\change me\Application Data\Azureus\cache moved successfully.
c:\documents and settings\change me\Application Data\Azureus\active moved successfully.
c:\documents and settings\change me\Application Data\Azureus moved successfully.
c:\documents and settings\All Users\Application Data\Azureus moved successfully.
File/Folder c:\docume~1\CHANGE~1\APPLIC~1\Azureus not found.
c:\program files\Vuze\plugins\azemp\mplayer moved successfully.
c:\program files\Vuze\plugins\azemp moved successfully.
c:\program files\Vuze\plugins moved successfully.
c:\program files\Vuze moved successfully.
c:\program files\Exterminate It!\dbs moved successfully.
c:\program files\Exterminate It! moved successfully.
c:\documents and settings\change me\Application Data\Smart PC Solutions moved successfully.
File/Folder c:\docume~1\CHANGE~1\APPLIC~1\Smart PC Solutions not found.
c:\documents and settings\change me\Application Data\.ABC\icons moved successfully.
c:\documents and settings\change me\Application Data\.ABC moved successfully.
File/Folder c:\docume~1\CHANGE~1\APPLIC~1\.ABC not found.
C:\WINDOWS\Downloaded Installations\{CA96CAAA-F816-4CB5-9676-6A3FCCB81468}\Spycheck Antispyware.msi moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 5859 bytes

User: All Users

User: change me
->Temp folder emptied: 78454153 bytes
->Temporary Internet Files folder emptied: 57336447 bytes
->Java cache emptied: 128020 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 22016 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 8482 bytes

Total Files Cleaned = 129.66 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09012009_182351

Files moved on Reboot...

Registry entries deleted on Reboot...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:34, on 9/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe

--
End of file - 8465 bytes
windows defender still wont start and spy bot wont start i keep getting windows updates for windows mallicious software removal tool i install it fine then pops up again to install again

[Bio-Hazard]

Download and run Win32kDiag

• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
• When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Download and use fr33.exe

• Please download this FILE
• Place fr33.exe into Windows Defender folder
• Locate and then using your mouse, drag windows defnder exefile into fr33.exe.
• That shall free it
  
  Repeat the same with Sbybot.

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

• Win32kDiag.txt
• A fresh HijackThis Log ( after all the above has been done)
• A description of how your computer is behaving

[brian480]

Log file is located at: C:\Documents and Settings\change me\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\system32\MRT.exe

[1] 2009-07-29 17:49:16 24281536 C:\WINDOWS\system32\MRT.exe ()





Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:43, on 9/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

--
End of file - 8358 bytes
there both working great now just my updates still doing the same (i install them fine then it prompts me to install them again) thank you so much Bio-Hazard

[Bio-Hazard]

Hello!

Are you able to get other windows updates? Is this problem only with windows mallicious software removal tool?


Download and use fr33.exe

• Place fr33.exe into C:\WINDOWS\system32 folder
• Locate and then using your mouse, drag MRT.exe[ exefile into fr33.exe.
• That shall free it

Let me know how it went.

[brian480]

thank you i done as you said then tried to install the update again it worked great thanks i went onto microsoft update and tried to install optional update which was in hardware for my mouse it downloaded fine then as it tried to install the computer shut itself of it tried to resart 3 times then took me to the start in safe mode page. which i tried would not start again i started it in most recent good ---- sorry cant remember the rest i tried another update search 4.0 for xp that downloaded and installed great i dont know why my pc done that its never happened before

[Bio-Hazard]

Hello!

So how are things running now? Are you experiencing any problems?

Can you post a new Hijakthis log for me to see.

[brian480]

hello
tried the computer this morning everything seems fine had a number of security updates which installed fine. Here's the log you asked for Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:45:15, on 9/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

--
End of file - 8438 bytes

Thank you once again bio-hazard

[brian480]

hello Bio-Hazard can you tell me why mcaffee is still runnin on my computer i just noticed it reading through the logs there. I had bt-Mcaffee internet security but deleted it a few month ago