Help! I'm having some crazy issues.

**Wildman0420** · 2009-08-10, 18:46

DDS (Ver_09-07-30.01) - NTFSx86
Run by Tim at 12:37:27.82 on Mon 08/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1332 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\NDP30SP2-KB958483-x86.exe
c:\04c5c7f96ec14cf236ae2e45b0\HotFixInstaller.exe
c:\WINDOWS\system32\MsiExec.exe
c:\WINDOWS\system32\MsiExec.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
C:\Documents and Settings\Tim\Desktop\wildman.com
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\documents and settings\tim\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bitmet~1.lnk - c:\program files\codebox\bitmeter\BitMeter2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mfwakeys.lnk - c:\program files\motu\firewire audio\MFWAKeys.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227469912828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\vjlg1qxr.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\tim\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\tim\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 527f4a3f;527f4a3f;c:\windows\system32\drivers\527f4a3f.sys [2009-8-6 119372]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-9 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-9 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-9 138680]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-7-27 2560]
R2 lplnbrx;lplnbrx;c:\windows\system32\drivers\hnzftgwsif.sys [2009-8-6 76544]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-9 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-9 352920]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-2-17 33792]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-11-23 26488]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-23 110080]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2009-3-6 22891]
S3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2009-2-17 17024]
S3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2009-2-17 22656]
S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\MotuFWA.sys [2009-2-17 111616]
S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2009-3-6 49024]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

=============== Created Last 30 ================

2009-08-10 12:37 <DIR> --d----- C:\04c5c7f96ec14cf236ae2e45b0
2009-08-10 12:30 <DIR> --d----- C:\00269b811530a16cff
2009-08-10 12:14 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-10 12:05 <DIR> a-dshr-- C:\cmdcons
2009-08-10 12:04 216,064 a------- c:\windows\PEV.exe
2009-08-10 12:04 161,792 a------- c:\windows\SWREG.exe
2009-08-10 12:04 98,816 a------- c:\windows\sed.exe
2009-08-09 18:54 0 a------- c:\documents and settings\tim\jagex_runescape_preferences.dat
2009-08-09 18:54 <DIR> --d----- c:\windows\.jagex_cache_32
2009-08-08 12:01 <DIR> --d----- c:\docume~1\tim\applic~1\Malwarebytes
2009-08-08 12:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 12:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-08 12:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 05:09 <DIR> --d----- c:\program files\trend micro
2009-08-07 01:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-08-07 01:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-08-07 01:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-08-07 01:42 <DIR> --d----- c:\docume~1\tim\applic~1\GetRightToGo
2009-08-06 17:31 9,021,376 a------- C:\windows-kb890830-v2.12.exe
2009-08-06 17:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-06 16:07 <DIR> --d----- c:\docume~1\tim\applic~1\PC Tools
2009-08-06 10:10 76,544 a------- c:\windows\system32\drivers\hnzftgwsif.sys
2009-08-06 10:01 <DIR> --d----- c:\windows\system32\CatRoot
2009-08-06 10:00 119,372 a------- c:\windows\system32\drivers\527f4a3f.sys
2009-08-06 10:00 2 a------- C:\611933923
2009-08-04 12:56 <DIR> --d----- c:\program files\City Interactive
2009-08-04 04:44 <DIR> --d----- c:\program files\Vendetta Online
2009-08-03 02:58 <DIR> --d----- c:\program files\Driving Simulator 2009
2009-07-28 05:18 <DIR> --d----- c:\docume~1\tim\applic~1\LucasArts
2009-07-28 05:15 <DIR> --d----- c:\program files\Secret Of Monkey Island SE
2009-07-27 03:05 126,976 a------- c:\windows\lcmmfu.cpl
2009-07-27 03:05 1,369 a--sh--- c:\windows\system32\mmf.sys
2009-07-27 03:05 48,640 a------- c:\windows\mmfs.dll
2009-07-27 03:05 2,560 a------- c:\windows\Runservice.exe
2009-07-27 02:55 <DIR> --d----- c:\program files\Battlefront
2009-07-13 21:39 <DIR> --d----- c:\program files\Virtual Earth 3D

==================== Find3M ====================

2009-08-09 19:28 189,104 a------- c:\windows\system32\PnkBstrB.exe
2009-08-09 18:56 139,584 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-08 22:23 281,760 a------- c:\windows\system32\drivers\atksgt.sys
2009-07-08 22:23 25,888 a------- c:\windows\system32\drivers\lirsgt.sys
2009-07-08 20:30 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-13 16:17 22,328 a------- c:\docume~1\tim\applic~1\PnkBstrK.sys
2009-06-13 16:16 669,184 a------- c:\windows\system32\pbsvc.exe
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-01 18:28 6,442 a------- c:\windows\system32\ealregsnapshot1.reg
2006-06-24 10:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 12:37:52.31 ===============

**Blade81** · 2009-08-10, 19:42

Hi,

Download & run Norton removal tool to get rid of Norton remnants.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://forums.spybot.info/showthread.php?t=50602&page=3

Driver::
527f4a3f
lplnbrx

Collect::
c:\windows\system32\drivers\hnzftgwsif.sys
c:\windows\system32\drivers\527f4a3f.sys

File::
C:\611933923

Folder::
c:\documents and settings\Tim\Application Data\uTorrent
c:\program files\LimeWire
c:\documents and settings\Tim\Application Data\LimeWire
c:\Program Files\BitLord

DirLook::
C:\04c5c7f96ec14cf236ae2e45b0
C:\00269b811530a16cff

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitLord\\BitLord.exe"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

_________

Update Adobe Reader version with updates 9.1.2 + 9.1.3 here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 15.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u15-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

__________________

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

**Wildman0420** · 2009-08-10, 23:29

DDS (Ver_09-07-30.01) - NTFSx86
Run by Tim at 17:27:59.90 on Mon 08/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1421 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\runservice.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Tim\Desktop\wildman.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\documents and settings\tim\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bitmet~1.lnk - c:\program files\codebox\bitmeter\BitMeter2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mfwakeys.lnk - c:\program files\motu\firewire audio\MFWAKeys.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227469912828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\vjlg1qxr.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\tim\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\tim\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-9 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-9 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-9 138680]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-7-27 2560]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-9 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-9 352920]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-2-17 33792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-23 110080]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2009-3-6 22891]
S3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2009-2-17 17024]
S3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2009-2-17 22656]
S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\MotuFWA.sys [2009-2-17 111616]
S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2009-3-6 49024]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

=============== Created Last 30 ================

2009-08-10 15:11 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-10 15:09 <DIR> --d----- c:\documents and settings\tim\.SunDownloadManager
2009-08-10 14:42 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-08-10 14:42 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-10 14:39 <DIR> --d----- c:\program files\XBox 360 Controller for Windows Software
2009-08-10 12:33 <DIR> --d----- C:\872c84c2d43db5fa508fd58bed5c3cee
2009-08-10 12:33 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-10 12:14 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-10 12:05 <DIR> a-dshr-- C:\cmdcons
2009-08-10 12:04 216,064 a------- c:\windows\PEV.exe
2009-08-10 12:04 161,792 a------- c:\windows\SWREG.exe
2009-08-10 12:04 98,816 a------- c:\windows\sed.exe
2009-08-09 18:54 0 a------- c:\documents and settings\tim\jagex_runescape_preferences.dat
2009-08-09 18:54 <DIR> --d----- c:\windows\.jagex_cache_32
2009-08-08 12:01 <DIR> --d----- c:\docume~1\tim\applic~1\Malwarebytes
2009-08-08 12:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 12:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-08 12:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 05:09 <DIR> --d----- c:\program files\trend micro
2009-08-07 01:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-08-07 01:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-08-07 01:42 <DIR> --d----- c:\docume~1\tim\applic~1\GetRightToGo
2009-08-06 17:31 9,021,376 a------- C:\windows-kb890830-v2.12.exe
2009-08-06 17:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-06 16:07 <DIR> --d----- c:\docume~1\tim\applic~1\PC Tools
2009-08-06 10:10 76,544 a------- c:\windows\system32\drivers\hnzftgwsif.sys
2009-08-06 10:01 <DIR> --d----- c:\windows\system32\CatRoot
2009-08-06 10:00 119,372 a------- c:\windows\system32\drivers\527f4a3f.sys
2009-08-06 10:00 2 a------- C:\611933923
2009-08-04 12:56 <DIR> --d----- c:\program files\City Interactive
2009-08-04 04:44 <DIR> --d----- c:\program files\Vendetta Online
2009-08-03 02:58 <DIR> --d----- c:\program files\Driving Simulator 2009
2009-07-28 05:18 <DIR> --d----- c:\docume~1\tim\applic~1\LucasArts
2009-07-28 05:15 <DIR> --d----- c:\program files\Secret Of Monkey Island SE
2009-07-27 03:05 126,976 a------- c:\windows\lcmmfu.cpl
2009-07-27 03:05 1,369 a--sh--- c:\windows\system32\mmf.sys
2009-07-27 03:05 48,640 a------- c:\windows\mmfs.dll
2009-07-27 03:05 2,560 a------- c:\windows\Runservice.exe
2009-07-27 02:55 <DIR> --d----- c:\program files\Battlefront
2009-07-13 21:39 <DIR> --d----- c:\program files\Virtual Earth 3D

==================== Find3M ====================

2009-08-10 15:11 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-09 19:28 189,104 a------- c:\windows\system32\PnkBstrB.exe
2009-08-09 18:56 139,584 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-08 22:23 281,760 a------- c:\windows\system32\drivers\atksgt.sys
2009-07-08 22:23 25,888 a------- c:\windows\system32\drivers\lirsgt.sys
2009-07-08 20:30 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-13 16:17 22,328 a------- c:\docume~1\tim\applic~1\PnkBstrK.sys
2009-06-13 16:16 669,184 a------- c:\windows\system32\pbsvc.exe
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-01 18:28 6,442 a------- c:\windows\system32\ealregsnapshot1.reg
2006-06-24 10:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 17:28:15.48 ===============

**Blade81** · 2009-08-11, 17:02

Hi,

Did you do other steps yet? DDS log shows that ComboFix related steps weren't taken yet. Please do all listed there and post requested logs. Let me know if there're any problems preventing you from following the steps.

**Wildman0420** · 2009-08-11, 21:35

Ok,
Ran your scropt through combofix, this is the log:

ComboFix 09-08-10.01 - Tim 08/11/2009 15:02.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1611 [GMT -4:00]
Running from: c:\documents and settings\Tim\Desktop\wildman.exe
Command switches used :: c:\documents and settings\Tim\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"C:\611933923"

file zipped: c:\windows\system32\drivers\527f4a3f.sys
file zipped: c:\windows\system32\drivers\hnzftgwsif.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
c:\documents and settings\Tim\Application Data\uTorrent

.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-10 19:11 . 2009-08-10 19:11 -------- d-----w- c:\program files\Java
2009-08-10 19:09 . 2009-08-10 19:09 -------- d-----w- c:\documents and settings\Tim\.SunDownloadManager
2009-08-10 18:39 . 2009-08-10 18:39 -------- d-----w- c:\program files\XBox 360 Controller for Windows Software
2009-08-10 16:33 . 2009-08-10 16:33 -------- d-----w- C:\872c84c2d43db5fa508fd58bed5c3cee
2009-08-10 16:33 . 2009-08-10 16:40 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-09 22:54 . 2009-08-09 22:54 0 ----a-w- c:\documents and settings\Tim\jagex_runescape_preferences.dat
2009-08-09 22:54 . 2009-08-09 22:54 -------- d-----w- c:\windows\.jagex_cache_32
2009-08-09 21:04 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-09 21:04 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-09 21:04 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-09 21:04 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-09 21:04 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-09 21:04 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-09 21:04 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-09 21:04 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-09 21:04 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-08 16:01 . 2009-08-08 16:01 -------- d-----w- c:\documents and settings\Tim\Application Data\Malwarebytes
2009-08-08 16:01 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 16:01 . 2009-08-10 14:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 16:01 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 09:09 . 2009-08-08 09:09 -------- d-----w- c:\program files\trend micro
2009-08-07 05:52 . 2009-08-07 05:52 -------- d-----w- c:\documents and settings\Tim\Local Settings\Application Data\Symantec
2009-08-07 05:48 . 2009-08-07 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-07 05:44 . 2009-08-10 18:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-07 05:42 . 2009-08-07 05:50 -------- d-----w- c:\documents and settings\Tim\Application Data\GetRightToGo
2009-08-06 21:39 . 2009-08-06 21:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-06 21:31 . 2009-08-06 21:31 9021376 ----a-w- C:\windows-kb890830-v2.12.exe
2009-08-06 21:01 . 2009-08-06 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-06 20:07 . 2009-08-06 20:07 -------- d-----w- c:\documents and settings\Tim\Application Data\PC Tools
2009-08-06 18:28 . 2009-08-06 18:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-08-06 14:10 . 2009-08-11 19:02 76544 ----a-w- c:\windows\system32\drivers\hnzftgwsif.sys
2009-08-06 14:01 . 2009-08-06 14:08 -------- d-----w- c:\windows\system32\CatRoot
2009-08-06 14:00 . 2009-08-11 19:02 119372 ----a-w- c:\windows\system32\drivers\527f4a3f.sys
2009-08-04 16:56 . 2009-08-04 16:56 -------- d-----w- c:\program files\City Interactive
2009-08-04 08:44 . 2009-08-07 08:38 -------- d-----w- c:\program files\Vendetta Online
2009-08-03 06:58 . 2009-08-07 08:42 -------- d-----w- c:\program files\Driving Simulator 2009
2009-07-28 09:18 . 2009-07-28 09:18 -------- d-----w- c:\documents and settings\Tim\Application Data\LucasArts
2009-07-28 09:15 . 2009-07-28 09:18 -------- d-----w- c:\program files\Secret Of Monkey Island SE
2009-07-27 07:05 . 2009-08-11 12:58 1369 --sha-w- c:\windows\system32\mmf.sys
2009-07-27 07:05 . 2009-07-27 07:05 48640 ----a-w- c:\windows\mmfs.dll
2009-07-27 07:05 . 2009-07-27 07:05 2560 ----a-w- c:\windows\Runservice.exe
2009-07-27 06:55 . 2009-07-27 06:55 -------- d-----w- c:\program files\Battlefront
2009-07-27 06:50 . 2009-07-27 06:50 -------- d-----w- c:\documents and settings\Tim\Local Settings\Application Data\Gas Powered Games
2009-07-17 07:31 . 2009-07-17 07:31 -------- d-----w- c:\documents and settings\Tim\Local Settings\Application Data\Ubisoft
2009-07-17 07:24 . 2009-07-17 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-07-14 04:13 . 2009-08-11 16:35 -------- d-----w- c:\documents and settings\Tim\Application Data\vlc
2009-07-14 01:41 . 2009-07-14 01:41 -------- d-----w- c:\documents and settings\Tim\Local Settings\Application Data\assembly
2009-07-14 01:39 . 2009-07-14 01:39 -------- d-----w- c:\documents and settings\Tim\Local Settings\Application Data\IsolatedStorage
2009-07-14 01:39 . 2009-07-14 01:39 -------- d-----w- c:\program files\Virtual Earth 3D

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 19:07 . 2009-01-09 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitmeter2
2009-08-11 19:07 . 2008-12-10 08:21 -------- d-----w- c:\program files\PeerGuardian2
2009-08-11 18:57 . 2008-11-23 21:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-11 18:57 . 2008-11-23 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-11 16:40 . 2008-11-23 21:51 -------- d-----w- c:\program files\Paint Shop Pro 6
2009-08-11 13:01 . 2008-11-23 20:10 -------- d-----w- c:\program files\lg_fwupdate
2009-08-10 21:40 . 2009-01-09 02:47 -------- d-----w- c:\documents and settings\Tim\Application Data\dvdcss
2009-08-10 19:11 . 2008-12-20 16:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-10 19:05 . 2008-11-23 21:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-10 18:42 . 2009-08-10 18:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-08-10 18:42 . 2009-08-10 18:42 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-10 16:41 . 2008-11-23 20:15 20056 ----a-w- c:\documents and settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 23:28 . 2008-12-26 21:35 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-09 22:56 . 2008-12-26 21:36 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-07 08:43 . 2008-12-14 20:13 -------- d-----w- c:\program files\EA GAMES
2009-08-07 08:40 . 2009-06-02 02:16 -------- d-----w- c:\program files\Ubisoft
2009-08-07 08:40 . 2008-11-23 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 08:36 . 2009-07-03 05:55 -------- d--h--w- c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2009-08-07 08:34 . 2009-07-02 03:19 -------- d-----w- c:\program files\Nobilis
2009-08-07 08:32 . 2009-07-02 03:38 -------- d-----w- c:\program files\1C Company
2009-08-07 08:26 . 2009-07-01 08:16 -------- d-----w- c:\program files\ZenoClash
2009-08-06 21:43 . 2009-01-11 07:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-06 16:18 . 2009-06-16 05:14 21040 ----a-w- c:\documents and settings\Nicole\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-02 06:07 . 2009-02-25 17:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 12:52 . 2009-01-14 11:40 -------- d-----w- c:\program files\Telltale Games
2009-07-28 09:51 . 2008-12-23 00:50 -------- d-----w- c:\program files\LucasArts
2009-07-19 15:45 . 2009-06-16 05:14 -------- d-----w- c:\documents and settings\Nicole\Application Data\BitMeter2
2009-07-17 05:19 . 2009-07-10 05:21 -------- d-----w- c:\program files\Velvet Assassin
2009-07-09 02:31 . 2009-07-09 02:31 -------- d-----w- c:\documents and settings\Tim\Application Data\Ubisoft
2009-07-09 02:23 . 2009-03-05 00:59 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-07-09 02:23 . 2009-03-05 00:59 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-07-09 01:13 . 2008-12-26 06:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-09 00:30 . 2008-12-26 21:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-06 09:40 . 2008-11-23 22:07 -------- d-----w- c:\program files\DivX
2009-07-06 09:40 . 2009-07-03 22:19 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-06 07:13 . 2008-12-21 22:52 -------- d-----w- c:\program files\Codemasters
2009-07-04 21:44 . 2009-03-13 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-07-04 06:09 . 2009-01-26 19:46 -------- d-----w- c:\program files\Google
2009-07-03 06:49 . 2009-07-03 06:49 -------- d-----w- c:\program files\Flagship Studios
2009-07-03 05:54 . 2009-07-02 08:27 -------- d-----w- c:\program files\Sins of a Solar Empire
2009-07-03 05:52 . 2008-11-24 00:40 -------- d-----w- c:\program files\Stardock Games
2009-07-02 08:21 . 2009-06-21 09:02 -------- d-----w- c:\program files\Hinterland
2009-07-02 03:03 . 2009-07-02 03:03 -------- d-----w- c:\program files\Strategy First
2009-07-02 02:39 . 2009-07-02 02:39 -------- d-----w- c:\program files\Sierra
2009-07-01 07:39 . 2009-07-01 07:30 -------- d-----w- c:\program files\Postal2STP
2009-07-01 05:32 . 2008-12-27 19:08 -------- d-----w- c:\program files\Bethesda Softworks
2009-07-01 04:46 . 2008-12-26 06:52 -------- d-----w- c:\program files\Activision
2009-07-01 02:12 . 2009-05-10 06:23 127872 ----a-w- c:\documents and settings\Tim\Application Data\Move Networks\uninstall.exe
2009-07-01 02:12 . 2009-01-15 04:35 -------- d-----w- c:\documents and settings\Tim\Application Data\Move Networks
2009-07-01 02:12 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Tim\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-07-01 02:12 . 2009-07-01 02:06 1685856 ----a-w- c:\documents and settings\Tim\Application Data\Move Networks\MoveMediaPlayerWinSilent_071503000010.exe
2009-06-29 16:12 . 2008-04-14 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-29 07:57 . 2009-06-29 07:57 -------- d-----w- c:\program files\Common Files\DirectX
2009-06-23 07:19 . 2009-06-23 07:19 -------- d-----w- c:\program files\Mad Scientist Productions
2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Tim\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-14 07:25 . 2009-06-14 07:25 126 ----a-w- c:\documents and settings\Tim\Local Settings\Application Data\fusioncache.dat
2009-06-13 20:17 . 2008-12-26 21:36 22328 ----a-w- c:\documents and settings\Tim\Application Data\PnkBstrK.sys
2009-06-13 20:17 . 2008-12-26 21:36 22328 ----a-w- c:\documents and settings\Tim\Application Data\PnkBstrK.sys
2009-06-13 20:16 . 2009-01-25 22:22 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-13 17:14 . 2009-06-13 17:14 390664 ----a-w- c:\documents and settings\Tim\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-03 19:09 . 2008-04-14 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 22:28 . 2009-03-12 00:29 6442 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-05-26 17:00 . 2009-05-26 17:00 10134 ----a-r- c:\documents and settings\Tim\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\00269b811530a16cff ----

---- Directory of C:\04c5c7f96ec14cf236ae2e45b0 ----

------- Sigcheck -------

[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 16:23 828928 4C6B4138165A4C53FE8A5B1D809526C3 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[7] 2008-04-14 12:00 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ie7\wininet.dll
[-] 2007-08-13 23:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3gdr\wininet.dll
[-] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3qfe\wininet.dll
[-] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll
[-] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\wininet.dll
[-] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll
[-] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2GDR\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2QFE\wininet.dll
[-] 2009-06-29 16:12 827392 A39B7BA7AB9B1CC2A0009F59772DB83C c:\windows\system32\wininet.dll
[-] 2009-06-29 16:12 827392 A39B7BA7AB9B1CC2A0009F59772DB83C c:\windows\system32\dllcache\wininet.dll

[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 20:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 21:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 12:00 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 12:00 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[-] 2008-06-23 16:01 3594240 28B8231CA8D55FC85E027A57C90F5C88 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-08-26 09:08 3594752 25CC085720EE3617FD1F8AB9E2F7CAB2 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-10-16 20:24 3595264 B74F31A4BD83797D7A083F922169287D c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 06:26 3594752 C79FAD61CD4A26ED5AA8C16D991C6FBD c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2009-01-16 16:24 3596288 CC9D001B7370B292C35B366CA05B12B4 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2009-02-21 07:39 3596800 1BB754AB47B327DE8DBF2FA18C36357C c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 04:49 3598336 C6FD770D518FB024245A0EE217D72BC1 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 13:31 3600384 F6098CC1B1C3858D53F20F3CB5774F3B c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[7] 2008-04-14 12:00 3066880 A706E122B398FE1AB85CB9B75D044223 c:\windows\ie7\mshtml.dll
[-] 2007-08-13 23:54 3578368 C6EC2493346ED8888A549F59210A8ED3 c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-06-24 15:57 3592192 EC936148284F557F19C333178768109B c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-08-27 18:54 3593216 1AD035E04A7068EC2820B055A3131ED8 c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-10-17 07:08 3593216 EACAEDEF6FA2A969DE5B36190D45396F c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-12-13 06:40 3593216 121EC39A64D64205A88C2C45B034B455 c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2009-01-17 02:35 3594752 3B413267DA8AE71C20E5EF3E54F74728 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-02-20 18:09 3595264 C7C3E41CC2F6EB4A629FE2184136C098 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-04-29 04:56 3596288 2B4315EC9E3124408A2A5074C4B97700 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2008-08-20 05:30 3067904 507BDA42F7DB8209C0F0B3556A043491 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3gdr\mshtml.dll
[-] 2008-08-20 04:58 3067904 BD45470B132A0F98596277323D9F2E5A c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3qfe\mshtml.dll
[-] 2008-08-27 18:54 3593216 1AD035E04A7068EC2820B055A3131ED8 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\mshtml.dll
[-] 2008-08-26 09:08 3594752 25CC085720EE3617FD1F8AB9E2F7CAB2 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\mshtml.dll
[-] 2009-05-13 05:15 5936128 EEAADAA744B20E68CF5EB4FBB4F8AFA9 c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll
[-] 2009-05-13 05:10 5936128 1290E417BF806185CC7B2845E78A104E c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll
[-] 2008-06-24 15:57 3592192 EC936148284F557F19C333178768109B c:\windows\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2GDR\mshtml.dll
[-] 2008-06-23 16:01 3594240 28B8231CA8D55FC85E027A57C90F5C88 c:\windows\SoftwareDistribution\Download\b4e75dba041bc21ee94fbcfa88cb49de\SP2QFE\mshtml.dll
[-] 2009-07-19 13:33 3597824 758C8BEDAB7CE5F9070C85E2E57CBD80 c:\windows\system32\mshtml.dll
[-] 2009-07-19 13:33 3597824 758C8BEDAB7CE5F9070C85E2E57CBD80 c:\windows\system32\dllcache\mshtml.dll

[-] 2009-02-09 10:56 401408 9222562D44021B988B9F9F62207FB6F2 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 12:00 399360 2589FE6015A316C0F5D5112B4DA7B509 c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\system32\rpcss.dll
[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\system32\dllcache\rpcss.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-08-10_18.55.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-08-10 18:55 . 2009-08-10 18:55 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2009-08-11 12:58 . 2009-08-11 12:58 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2009-08-11 12:58 . 2009-08-11 12:58 16384 c:\windows\Temp\Perflib_Perfdata_5b4.dat
- 2008-11-29 02:02 . 2009-06-01 21:12 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-08-10 19:07 . 2009-08-11 14:51 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-08-10 19:11 . 2009-08-10 19:11 149280 c:\windows\system32\javaws.exe
+ 2009-08-10 19:11 . 2009-08-10 19:11 145184 c:\windows\system32\javaw.exe
+ 2009-08-10 19:11 . 2009-08-10 19:11 145184 c:\windows\system32\java.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-08-10 19:11 . 2009-08-10 19:11 1757696 c:\windows\Installer\84716.msi
+ 2009-08-10 19:05 . 2009-08-10 19:05 3938816 c:\windows\Installer\844ab.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-06-25 1578736]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-21 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-21 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-21 143360]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-11-23 548864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-19 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]

c:\documents and settings\Tim\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-12-5 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-23 113664]
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2008-6-29 1462272]
MFWAKeys.lnk - c:\program files\MOTU\FireWire Audio\MFWAKeys.exe [2009-2-17 102400]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Tim\\Desktop\\WiCKED-DOW2\\DOW2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\EA GAMES\\Mercenaries 2 World in Flames\\Mercenaries2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57533:TCP"= 57533:TCP:Pando Media Booster
"57533:UDP"= 57533:UDP:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"= c:\program files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player
"c:\\Program Files\\Freelancer\\EXE\\Freelancer.exe"= c:\program files\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer
"c:\\WINDOWS\\system32\\PnkBstrA.exe"= c:\windows\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"c:\\WINDOWS\\system32\\PnkBstrB.exe"= c:\windows\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"= c:\program files\Codemasters\DiRT\DiRT.exe:*:Disabled:DiRT Executable
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"= c:\program files\Codemasters\GRID\GRID.exe:*:Enabled:GRID
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= c:\program files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= c:\program files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
"c:\\Documents and Settings\\Tim\\Desktop\\WiCKED-DOW2\\DOW2.exe"= c:\documents and settings\Tim\Desktop\WiCKED-DOW2\DOW2.exe:*:Disabled:DOW2
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= c:\program files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
"c:\\Program Files\\EA GAMES\\Mercenaries 2 World in Flames\\Mercenaries2.exe"= c:\program files\EA GAMES\Mercenaries 2 World in Flames\Mercenaries2.exe:*:Enabled:Mercenaries 2: World in Flames
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= c:\program files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP"= 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"57533:TCP"= 57533:TCP:*:Enabled:Pando Media Booster
"57533:UDP"= 57533:UDP:*:Enabled:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/9/2009 5:04 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/9/2009 5:04 PM 20560]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/27/2009 3:05 AM 2560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2/17/2009 3:35 PM 33792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [11/23/2008 4:03 PM 110080]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [3/6/2009 2:44 PM 22891]
S3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2/17/2009 3:30 PM 17024]
S3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2/17/2009 3:30 PM 22656]
S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\MotuFWA.sys [2/17/2009 3:30 PM 111616]
S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [3/6/2009 2:44 PM 49024]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts

.
Contents of the 'Scheduled Tasks' folder

2009-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\vjlg1qxr.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Tim\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Tim\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 15:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-2111687655-1417001333-1003\Software\SecuROM\License information*]
"datasecu"=hex:2f,e9,e7,8b,71,e7,b3,a8,ed,eb,4f,37,6f,c6,4e,2e,10,1a,78,bf,67,
b0,89,4e,e4,25,d5,69,0d,17,2a,2f,4a,e0,df,7c,83,2e,c5,79,bd,be,2d,49,34,5d,\
"rkeysecu"=hex:39,8e,b4,03,43,b1,cb,7f,cd,57,48,f4,e3,f0,30,67

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"

[HKEY_LOCAL_MACHINE\softwareSoftware\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f

[HKEY_LOCAL_MACHINE\softwareSoftware\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\B7F5EA513569EA3E98352E3A3D1D6A3D]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,a6,93,a9,25,23,fb,66,
2c,77,d8,5d,6a,fe,59,6e,ef
"2"=hex:84,e0,11,4a,54,77,0e,d0
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:58,eb,3b,8d,af,31,32,62,22,1b,23,79,6d,f4,12,c1,db,b4,20,3e,7f,80,2a,
0f,6a,a6,22,9f,10,4c,a5,77,df,44,a4,37,10,4b,bc,75,d7,98,0e,82,a4,8d,85,b3,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2e,4e,96,8c,7e,a3,52,
64,c9,4f,a5,f8,51,27,e9,29,77,5c,86,6d,0a,20,f9,c7,d0,f6,13,82,1b,05,61,d1,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Completion time: 2009-08-11 15:10
ComboFix-quarantined-files.txt 2009-08-11 19:10
ComboFix2.txt 2009-08-10 19:00
ComboFix3.txt 2009-08-10 16:15

Pre-Run: 339,019,460,608 bytes free
Post-Run: 339,058,253,824 bytes free

430 --- E O F --- 2009-08-10 16:38
Upload was successful

After I ran this, I couldn't get internet to run. I'd try to go to control panle to netowrk connections, and it would freeze. I did a restore to the latest point and then ran a dds.

**Wildman0420** · 2009-08-11, 21:37

DDS (Ver_09-07-30.01) - NTFSx86
Run by Tim at 15:31:28.34 on Tue 08/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1368 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\runservice.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\MOTU\FireWire Audio\MFWAKeys.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tim\Desktop\wildman.com
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\6b4e49f1a78b9558feeb103a07b06a32\update\update.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\documents and settings\tim\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bitmet~1.lnk - c:\program files\codebox\bitmeter\BitMeter2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mfwakeys.lnk - c:\program files\motu\firewire audio\MFWAKeys.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227469912828
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\vjlg1qxr.default\
FF - prefs.js: browser.startup.homepage - hxxp://forums.spybot.info/
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\tim\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\tim\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-9 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-9 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-8-9 138680]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-7-27 2560]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-8-9 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-8-9 352920]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-2-17 33792]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-23 110080]
S3 MEITUNER;FireBus MPEG2TS Tuner Subunit Device;c:\windows\system32\drivers\meistb.sys [2009-3-6 22891]
S3 MFWAMIDI;MOTU FireWire Audio MIDI;c:\windows\system32\drivers\MFWAMIDI.sys [2009-2-17 17024]
S3 MFWAWAVE;MOTU FireWire Audio Wave;c:\windows\system32\drivers\MFWAWave.sys [2009-2-17 22656]
S3 MotuFWA;MotuFWA;c:\windows\system32\drivers\MotuFWA.sys [2009-2-17 111616]
S3 MSPANEL;AVC Panel Device;c:\windows\system32\drivers\mstapeo.sys [2009-3-6 49024]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

=============== Created Last 30 ================

2009-08-11 15:28 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-08-11 15:13 <DIR> --d----- C:\RECYCLER(2)
2009-08-10 15:09 <DIR> --d----- c:\documents and settings\tim\.SunDownloadManager
2009-08-10 14:42 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-08-10 14:42 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-10 14:39 <DIR> --d----- c:\program files\XBox 360 Controller for Windows Software
2009-08-10 12:33 <DIR> --d----- C:\872c84c2d43db5fa508fd58bed5c3cee
2009-08-10 12:33 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-10 12:14 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-10 12:05 <DIR> a-dshr-- C:\cmdcons
2009-08-10 12:04 216,064 a------- c:\windows\PEV.exe
2009-08-10 12:04 161,792 a------- c:\windows\SWREG.exe
2009-08-10 12:04 98,816 a------- c:\windows\sed.exe
2009-08-09 18:54 0 a------- c:\documents and settings\tim\jagex_runescape_preferences.dat
2009-08-09 18:54 <DIR> --d----- c:\windows\.jagex_cache_32
2009-08-08 12:01 <DIR> --d----- c:\docume~1\tim\applic~1\Malwarebytes
2009-08-08 12:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 12:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-08 12:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 05:09 <DIR> --d----- c:\program files\trend micro
2009-08-07 01:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-08-07 01:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-08-07 01:42 <DIR> --d----- c:\docume~1\tim\applic~1\GetRightToGo
2009-08-06 17:31 9,021,376 a------- C:\windows-kb890830-v2.12.exe
2009-08-06 17:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-06 16:07 <DIR> --d----- c:\docume~1\tim\applic~1\PC Tools
2009-08-06 10:10 76,544 a------- c:\windows\system32\drivers\hnzftgwsif.sys
2009-08-06 10:01 <DIR> --d----- c:\windows\system32\CatRoot
2009-08-06 10:00 119,372 a------- c:\windows\system32\drivers\527f4a3f.sys
2009-08-06 10:00 2 a------- C:\611933923
2009-08-04 12:56 <DIR> --d----- c:\program files\City Interactive
2009-08-04 04:44 <DIR> --d----- c:\program files\Vendetta Online
2009-08-03 02:58 <DIR> --d----- c:\program files\Driving Simulator 2009
2009-07-28 05:18 <DIR> --d----- c:\docume~1\tim\applic~1\LucasArts
2009-07-28 05:15 <DIR> --d----- c:\program files\Secret Of Monkey Island SE
2009-07-27 03:05 126,976 a------- c:\windows\lcmmfu.cpl
2009-07-27 03:05 1,369 a--sh--- c:\windows\system32\mmf.sys
2009-07-27 03:05 1,369 a--sh--- c:\windows\system32\mmf(2).sys
2009-07-27 03:05 48,640 a------- c:\windows\mmfs.dll
2009-07-27 03:05 2,560 a------- c:\windows\Runservice.exe
2009-07-27 02:55 <DIR> --d----- c:\program files\Battlefront
2009-07-13 21:39 <DIR> --d----- c:\program files\Virtual Earth 3D

==================== Find3M ====================

2009-08-09 19:28 189,104 a------- c:\windows\system32\PnkBstrB.exe
2009-08-09 18:56 139,584 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-08 22:23 281,760 a------- c:\windows\system32\drivers\atksgt.sys
2009-07-08 22:23 25,888 a------- c:\windows\system32\drivers\lirsgt.sys
2009-07-08 20:30 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-06-29 12:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 12:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 12:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-13 16:17 22,328 a------- c:\docume~1\tim\applic~1\PnkBstrK.sys
2009-06-13 16:16 669,184 a------- c:\windows\system32\pbsvc.exe
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-01 18:28 6,442 a------- c:\windows\system32\ealregsnapshot1.reg
2006-06-24 10:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe

============= FINISH: 15:32:05.59 ===============

**Blade81** · 2009-08-12, 06:29

Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
c:\windows\system32\drivers\hnzftgwsif.sys
c:\windows\system32\drivers\527f4a3f.sys
C:\611933923

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Kaspersky online scanner seems to have issues on vendor side so I'm asking you to use alternative scanner.

Download the latest version of Kaspersky Virus Removal Tool

* Close all other applications and double-click and run the installer.
* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
* If malware is detected, don't remove anything.
* After the scan finishes, don't neutralize anything.
* In the Scan window click the Reports button and select Save to file.
* Name the report AVPT.txt, and save it to the Desktop.
* Close AVPTool.
* You will be prompted if you want to uninstall the program; click Yes.
* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

**Blade81** · 2009-08-19, 17:23

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

Thread: Help! I'm having some crazy issues.

Thread Tools

Display

Here we go!

dds

Posting Permissions