help spybot won't open

John Conner · Dec 4, 2008

Ok here are my problems. I cannot get my spybot to open no matter what I try.

It cannot access the internet to update.

I cannot open any pages from google which has anything to do with anti virus or anti spyware--I am on a different computer. I just get routed to completely unrelated pages.

My AVG can no longer update--yet I can get online and surf. I have tried everything. Here is my hijack this logfile. Beneath that I havemy uninstall list. HELP PLEASE!

Logfile of HijackThis v1.99.1
Scan saved at 12:23:42 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Maken Change\Desktop\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - Unknown owner - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

THIS IS MY UNINSTALL LOG

7-Zip 4.42
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AirPlus G
ANIO Service
ANIWZCS2 Service
ArcSoft PhotoStudio 5.5
Audacity 1.2.5
AVG 8.0
BCL easyPDF Printer Driver 4.3
BitLord 1.1
BLM 2.7.7
Canon CanoScan LiDE 90 User Registration
Canon MP Navigator EX 1.0
Canon Utilities Solution Menu
CanoScan LiDE 90
CDisplay 1.8
ClickArt Fonts 4
Comcast High-Speed Internet Install Wizard
Comcast Toolbar
Correlate K-Map 3.9
CZ-Pdf2Txt V2.0 Demo
Desktop Doctor
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Flickr Uploadr 3.0.5
Free PDF to Word Doc Converter v1.1
GMail Drive Shell Extension
Google Earth
HijackThis 1.99.1
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
hp deskjet 3820 series
hp deskjet 3820 series (Remove only)
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
InterActual Player
Internet Speed Monitor
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Logitech Desktop Messenger
Logitech MouseWare 9.79
Logitech Resource Center
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft AntiSpyware
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (2.0.0.18)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Display Driver
OCR Software by I.R.I.S 7.0
palmOne
PeerGuardian 2.0
podAmigo 1.25
PowerDVD
PowerISO
Print Designer GOLD 8.5.1.0
QuickTime
RealPlayer
RegScrubXP 3.25
ScanSoft OmniPage SE 4
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 8 (KB911565)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Skype 2.5
Sound Solution 1.31b
Split and Tile Trial
Spybot - Search & Destroy
TBS WMP Plug-in
TUGZip 3.4
Uniblue RegistryBooster 2
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VeohTV BETA
VideoLAN VLC media player 0.8.6c
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WinAce Archiver
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
WM Recorder 11.2
Xvid 1.1.2 final uninstall
ZoneAlarm
ZoneAlarm Spy Blocker

pskelley · Dec 7, 2008

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.

Are you in charge of this computer? I see many issues and don't know if malware is hidden or not.
Have you removed anything from this HJT log or used the whitelist in HJT? If so, stop...I need to see the complete HJT log.

If you want help you will need to read and follow the directions carefully.

1) Read the directions, if you had you would not have posted an out of date HJT log. If you are having problems with Spybot, uninstall it until later. Once you have done that, then follow these directions to update HijackThis.

Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log. <<< Close HJT until I ask for a log later.

2) Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.

Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Reader 7.0 <<< out of date and being exploited, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows
http://www.foxitsoftware.com/pdf/rd_intro.php

BitLord 1.1 <<< uninstall this and all p2p programs on the computer, see this:
http://forums.spybot.info/showthread.php?t=282

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.

J2SE Runtime Environment 5.0 Update 6 <<< out of date, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Logitech Desktop Messenger <<< this resource hog gets installed with other Ligitech software, usually because the EULA is not red. If you don't use it, I suggest you uninstall it.

Mozilla Firefox (2.0.0.18) <<< out of date and a security issues, I suggest if you are going to run programs, you must keep them up to date:
http://www.mozilla.com/en-US/firefox/

Viewpoint Manager (Remove Only)
Viewpoint Media Player
Suggest you read this information and uninstall this:
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546

ZoneAlarm Spy Blocker <<< uninstall this (NOT ZONE ALARM) See the links:
http://securitygarden.blogspot.com/2007/12/beware-of-zonealarm.html
http://www.benedelman.org/spyware/installations/askjeeves-banner/
http://www.malwarebytes.org/forums/index.php?showtopic=3143

When you get to this point, post a new HJT log and tell me exactly what problems you are having. If you receive error messages I need those word for word.

Thanks

John Conner · Dec 8, 2008

thank you did everything you instructed

Line for line that I could.

1. Removed viewpoint manager and media player.
2. Removed Bitlord
3.Got and ran the Secunia PSI
4. Removed fake Zone Alarm Spy Blocker
5.Updated my mozilla.
6. Removed Logitech desktop manager.
7. Removed J2SE Runtime
8. Removed Adobe reader and switched to Foxit Reader.

I am on a different computer and only have the other one to do your suggestions.

I am in charge of this computer now--was my wifes.

I uninstalled Spybot.

Here are the exact problems I am having. Beneath that will be a HJT log I am running right now.

1. I could not open Spybot.
2. My AVG anti virus would not update and completely went on the fritz.
3. Any website I attempted to go to that mentioned spyware or virus or anything that could help me I was either told the server could not be reached--or forwarded to another site. This is still the case.
4. Periodically an ad will pop up telling me that my computer is not safe--take me to a website and promply would start a "free scan" and offers to download regardless of what button I press--I always say no.

Here is the current log. I have to put this on a flash drive and transfer it to this computer because the problem computer will not let me open this webpage. Thank you for any help. I am diligently following ever suggestion you make word for word.

This is the complete log--no editing.

Logfile of HijackThis v1.99.1
Scan saved at 8:50:34 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Maken Change\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - Unknown owner - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

John Conner · Dec 8, 2008

cannot access new hijack this

When I try goto the website you provided I get told that Firefox cannot establish a connection with download.bleepingcomputer.com

This is what happens whenever I try to goto a security related website or try to do an update.

pskelley · Dec 8, 2008

When I try goto the website you provided I get told that Firefox cannot establish a connection with download.bleepingcomputer.com

Use Internet Explorer, sounds like Firefox may be corrupt and will probably need to be reinstalled. We will likely need additional downloads and if you can't download HJT, we have a real problem. An option would be to download the tool on a clean computer to a clean USB drive or Flash drive and bring it to the infected computer.

When you post information I need any and all error message "word for word".

This is what happens whenever I try to goto a security related website or try to do an update.

Almost certainly malware causing it, this is a hackers attempt to get you to purchase their junk which will not help and is the cause of the problems...called fraud.

Thanks

John Conner · Dec 8, 2008

did

OK I updated all of my programs using Secunia.

I tried to update using a clean computer--but it would not let me open the new HJT.

I did manage to open the malicious software tool IE includes with there new version of IE--but it told me no problems.

I am starting to get a bad feeling like I may need to just wipe my drive and start over--but I hate to give in to the people who create this malware to get me to buy their garbage.

pskelley · Dec 9, 2008

Let's see what a Kaspersky Online Scan reports:

Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here.

Thanks

John Conner · Dec 9, 2008

kaspersky

Internet explorer cannot display the webpage.

But I can goto google.

Thats the thing about this malware. It blocks me from any legitimate virus webpage.

It also will not open any new files I bring in from a clean program with anti virus or anti spyware. It allowed IE to update and open--and my new mozilla.

Adaware is the only exception--but its completely screwed up when it opens. Its in two different langueges.

But no kasperky online scan.

pskelley · Dec 9, 2008

It's going to be hard to help if you can not download any tools we use. You can try downloading from another computer that is clean to removable media. Then bring it to the infected computer and run it. Keep in mind that this first tool is 2.91 MB's in size.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks

John Conner · Dec 9, 2008

avast

Hey I got a program called avast over from a clean computer and it opened and ran--but was blocked from updating. I downloaded the update and it ran to.

Running right now--has taken out 4 viruses so far it says.

fingers crossed.

The avast website said it is built to resist commands to shut it down--which seems to be what happened with the other programs.

fingers crossed.

http://www.pcworld.com/downloads/file/fid,64535-order,1-page,1/description.html

John Conner · Dec 11, 2008

victory!

Avast ripped out a bunch of viruses--but everything didn't work till combofix!

Thank you so much.

Here is the new HJT log file I just generated on this computer--I am typing to you from the sick computer--I can now get on again. Beneath that is the combofix. Thank you sooooo much for your help. I spent days on this myself and was getting nowhere.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:04 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MAKENC~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/MAKENC~1/LOCALS~1/Temp/msohtml1/01/clip_image003.gif

--
End of file - 5452 bytes

ComboFix 08-12-09.03 - Maken Change 2008-12-10 16:10:16.1 - NTFSx86

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\3FEFADFC.exe
c:\documents and settings\Maken Change\Application Data\gadcom
c:\documents and settings\Maken Change\Application Data\SpeedRunner
c:\documents and settings\Maken Change\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Maken Change\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\GetModule
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\Mjcore
c:\windows\system32\drivers\TDSSmact.sys
c:\windows\system32\LlSvyGgh.ini
c:\windows\system32\LlSvyGgh.ini2
c:\windows\system32\TDSScfgb.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSosvn.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSSthym.log
c:\windows\system32\TDSStkdv.log
c:\windows\system32\tmfnafvn.ini
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2009-01-03 17:31 . 2009-01-03 17:31 <DIR> d-------- c:\windows\system32\scripting
2009-01-03 17:31 . 2009-01-03 17:31 <DIR> d-------- c:\windows\system32\en
2009-01-03 17:31 . 2009-01-03 17:31 <DIR> d-------- c:\windows\l2schemas
2009-01-02 23:59 . 2009-01-02 23:59 <DIR> d-------- c:\program files\uTorrent
2009-01-02 23:59 . 2009-01-03 00:39 <DIR> d-------- c:\documents and settings\Maken Change\Application Data\uTorrent
2009-01-02 22:30 . 2009-01-02 22:51 <DIR> d-------- c:\program files\RegScrubXP
2009-01-02 21:48 . 2009-01-02 22:01 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\uTorrent
2009-01-02 21:48 . 2009-01-02 21:48 <DIR> d-------- c:\windows\system32\@[Ç
2009-01-02 18:17 . 2009-01-02 22:48 <DIR> d-------- c:\documents and settings\Maken Change\Application Data\Twain
2008-12-31 12:57 . 2008-12-04 07:37 <DIR> d-------- c:\program files\Webtools
2008-12-30 11:43 . 2009-01-02 18:17 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\gadcom
2008-12-27 22:19 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-12-27 22:19 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2008-12-27 22:19 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-12-27 22:19 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2008-12-27 22:19 . 2008-04-13 19:09 6,144 --a------ c:\windows\system32\kbd106.dll
2008-12-27 22:19 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-12-27 22:19 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-12-27 22:19 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2008-12-27 22:19 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2008-12-27 22:19 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-12-27 22:19 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2008-12-13 17:43 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-10 15:49 . 2008-12-10 15:58 <DIR> d-------- C:\2222222222222222222222
2008-12-09 20:46 . 2008-12-10 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2008-12-09 18:11 . 2008-12-09 18:11 <DIR> d-------- c:\program files\AskBarDis
2008-12-09 18:11 . 2008-12-09 18:11 249,592 --a------ c:\windows\system32\cssdll32.dll
2008-12-09 18:10 . 2008-12-09 18:11 <DIR> d-------- c:\program files\COMODO
2008-12-09 18:10 . 2008-12-09 20:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2008-12-09 18:10 . 2008-12-09 18:10 147,192 --a------ c:\windows\system32\guard32.dll
2008-12-09 18:10 . 2008-12-09 18:10 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys
2008-12-09 18:10 . 2008-12-09 18:10 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2008-12-09 16:51 . 2008-12-09 16:51 <DIR> d-------- c:\program files\Alwil Software
2008-12-08 18:14 . 2008-12-08 18:14 <DIR> d-------- C:\0fd471b509267df4af70edfdb7929745
2008-12-08 17:51 . 2008-12-08 18:18 <DIR> d-------- c:\program files\Winamp Toolbar
2008-12-08 17:51 . 2008-12-08 17:51 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-08 17:51 . 2008-12-08 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-08 17:47 . 2008-12-08 17:47 <DIR> d-------- c:\program files\Apple Software Update
2008-12-08 17:47 . 2008-12-08 17:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-08 17:41 . 2008-12-08 17:41 <DIR> d--hs---- c:\documents and settings\Maken Change\PrivacIE
2008-12-08 17:30 . 2008-12-08 17:32 <DIR> d--h-c--- c:\windows\ie8
2008-12-07 20:12 . 2008-12-07 20:12 <DIR> d-------- c:\program files\Foxit Software
2008-12-07 20:12 . 2008-12-07 20:12 <DIR> d-------- c:\documents and settings\Maken Change\Application Data\Foxit
2008-12-07 20:08 . 2008-12-07 20:08 <DIR> d-------- c:\program files\Secunia
2008-12-04 11:22 . 2008-12-04 11:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 11:22 . 2008-12-04 11:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 11:22 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 11:22 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-03 21:32 . 2008-12-03 21:32 <DIR> d-------- c:\program files\Lavasoft
2008-12-03 21:32 . 2008-12-03 21:32 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-03 21:32 . 2008-12-03 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-03 20:23 . 2008-12-03 20:24 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-03 19:16 . 2007-03-07 09:51 139,264 --a------ c:\windows\system32\LxrSII1.dll
2008-12-03 19:16 . 2007-03-07 09:51 72,672 --a------ c:\windows\system32\drivers\LxrSII1d.sys
2008-12-03 19:16 . 2007-03-07 09:51 49,152 --a------ c:\windows\system32\LxrSII1s.exe
2008-12-03 19:16 . 2007-03-07 09:51 23,934 --a------ c:\windows\LxrEncVlt.ico
2008-12-03 19:16 . 2007-03-07 09:51 3,262 --a------ c:\windows\LxrSgeEnc.ico
2008-12-03 18:50 . 2008-12-03 18:53 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-18 08:36 . 2008-11-18 08:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 05:17 --------- d-----w c:\program files\Soulseek
2009-01-03 04:52 --------- d-----w c:\program files\Microsoft AntiSpyware
2009-01-03 04:17 15,771,935 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-15 02:40 --------- d--h--w c:\documents and settings\Maken Change\Application Data\Move Networks
2008-12-10 21:26 106,807,328 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-10 21:20 1,254,668 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-09 21:29 --------- d-----w c:\documents and settings\Maken Change\Application Data\AVGTOOLBAR
2008-12-09 21:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-08 22:59 --------- d-----w c:\program files\Winamp
2008-12-08 22:52 --------- d-----w c:\program files\QuickTime
2008-12-08 22:51 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-08 01:13 --------- d-----w c:\program files\BitLord
2008-12-08 01:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-08 01:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 01:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 01:01 --------- d-----w c:\program files\Logitech
2008-12-08 00:54 --------- d-----w c:\program files\DivX
2008-12-04 16:54 --------- d-----w c:\program files\PeerGuardian2
2008-12-04 15:37 3,075,072 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-07-05 21:52 80,680 ----a-w c:\documents and settings\Maken Change\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-12-09 278264]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-09 1797880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

c:\documents and settings\Maken Change\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2008-11-25 728408]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-09 111184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-12-09 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-09 31504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-09 20560]
R2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\Drivers\LxrSII1d.sys [2008-12-03 72672]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
.
Contents of the 'Scheduled Tasks' folder

2008-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\Winamp Toolbar\winamptb.dll
HKU-Default-RunOnce-FlashPlayerUpdate - c:\progra~1\MOZILL~1\plugins\GetFlash.exe
ShellExecuteHooks-{A63E645F-13BD-45ED-B15F-6E8C1BD57279} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Maken Change\Application Data\Mozilla\Firefox\Profiles\xsryrlra.default\
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 16:23:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LxrSII1s.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\ZoneLabs\vsmon.exe
.
**************************************************************************
.
Completion time: 2008-12-10 16:29:00 - machine was rebooted [Maken Change]
ComboFix-quarantined-files.txt 2008-12-10 21:28:51

Pre-Run: 99,183,448,064 bytes free
Post-Run: 99,851,300,864 bytes free

211 --- E O F --- 2008-12-09 22:51:55

I am running avast and spybot right now to see if I can pick up anything else. I will always keep my programs up to date after that--I can see I have allot of trash to remove from this computer.

pskelley · Dec 11, 2008

Looks like you cut some of the header for combofix off, please make sure the complete log gets posted. You can do that like this:
Notepad > Edit > Select All > copy/paste the highlited information.

1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

2) http://downloads.subratam.org/ResetTeaTimer.bat <<< right click the link and choose "Save target as...
Download ResetTeaTimer.bat to the Desktop
Double click ResetTeaTimer.bat
to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).

3) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

4) Open notepad and copy/paste the text in the codebox below into it:

Code:

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=- 

Folder::
c:\program files\BitLord
c:\program files\Soulseek
C:\0fd471b509267df4af70edfdb7929745
C:\2222222222222222222222
c:\program files\AskBarDis
c:\program files\uTorrent
c:\documents and settings\Maken Change\Application Data\uTorrent
c:\windows\system32\config\systemprofile\Application Data\uTorrent
c:\windows\system32\config\systemprofile\Application Data\gadcom

Save this as CFScript

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(leave this first item if it was set to blank on purpose)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
http://www.benedelman.org/spyware/ask-toolbars/ <<< see this

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/MAKENC~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/MAKENC~1/LOCALS~1/Temp/msohtml1/01/clip_image003.gif

Close all programs but HJT and all browser windows, then click on "Fix Checked"

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

Looks like you have MBAM onboard, that being the case there is no need to download it again. Just be sure to update and run it according to these instructions.

7) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

How is the computer running now?

Thanks

John Conner · Dec 13, 2008

did

Ok I did everything you said step by step.

1. I Disabled Tea Timer.

2. I downloaded it to the desktop. I had problems here as mozilla did not have it as "save target as" It saved to the desktop as a text file.

3. Downloaded AFT Cleaner (wow).

Opened notpad--did text dropped it into Combo-fix.

Rebooted and ran combofix.

Did HJT (scan below) and removed.

6. Ran ATF cleaner.

7. Ran MBAM (scan below)

Seems to be running fine. I am having trouble with my comodo firewall but I am going to reinstall it. I will report back in a day or two.

Again--thank you so much for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:18 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4528 bytes

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/13/2008 2:25:59 PM
mbam-log-2008-12-13 (14-25-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134656
Time elapsed: 41 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 08-12-09.03 - Maken Change 2008-12-13 13:13:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.36 [GMT -5:00]
Running from: c:\documents and settings\Maken Change\Desktop\desktop dec 10 2008\ComboFix.exe
Command switches used :: c:\documents and settings\Maken Change\Desktop\cfscript.text
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0fd471b509267df4af70edfdb7929745
c:\0fd471b509267df4af70edfdb7929745\$shtdwn$.req
c:\0fd471b509267df4af70edfdb7929745\mrt.exe
c:\0fd471b509267df4af70edfdb7929745\mrtstub.exe
C:\2222222222222222222222
c:\2222222222222222222222\023.dat
c:\2222222222222222222222\023v.dat
c:\2222222222222222222222\appdata.folder.dat
c:\2222222222222222222222\appinit.bad
c:\2222222222222222222222\Assoc.cmd
c:\2222222222222222222222\Attrib.cfexe
c:\2222222222222222222222\BON.cfexe
c:\2222222222222222222222\Boot.bat
c:\2222222222222222222222\BootSect
c:\2222222222222222222222\C.bat
c:\2222222222222222222222\cache.folder.dat
c:\2222222222222222222222\catchme.cfexe
c:\2222222222222222222222\CFVersionOld
c:\2222222222222222222222\CHCP.bat
c:\2222222222222222222222\clsid.dat
c:\2222222222222222222222\Combobatch.bat
c:\2222222222222222222222\ComboFix-Download.exe
c:\2222222222222222222222\Cookies.folder.dat
c:\2222222222222222222222\Creg.dat
c:\2222222222222222222222\CregC.cmd
c:\2222222222222222222222\CregC.dat
c:\2222222222222222222222\CregC_.dat
c:\2222222222222222222222\d-delA.dat
c:\2222222222222222222222\dd.cfexe
c:\2222222222222222222222\ddsDo.sed
c:\2222222222222222222222\DelClsid.bat
c:\2222222222222222222222\desktop.folder.dat
c:\2222222222222222222222\DPF.sed
c:\2222222222222222222222\DPF.str
c:\2222222222222222222222\dumphive.cfexe
c:\2222222222222222222222\embedded.sed
c:\2222222222222222222222\ERDNT.e_e
c:\2222222222222222222222\ERDNTDOS.LOC
c:\2222222222222222222222\ERDNTWIN.LOC
c:\2222222222222222222222\ERUNT.cfexe
c:\2222222222222222222222\erunt.dat
c:\2222222222222222222222\ERUNT.LOC
c:\2222222222222222222222\Exe.reg
c:\2222222222222222222222\executables.dat
c:\2222222222222222222222\extract.cfexe
c:\2222222222222222222222\f_system
c:\2222222222222222222222\favorites.folder.dat
c:\2222222222222222222222\fdsv.cfexe
c:\2222222222222222222222\fi.cfexe
c:\2222222222222222222222\Fin.dat
c:\2222222222222222222222\FIND3M.bat
c:\2222222222222222222222\FINDSTR.cfexe
c:\2222222222222222222222\FIXLSP.bat
c:\2222222222222222222222\ForeignWht
c:\2222222222222222222222\FProps.vbs
c:\2222222222222222222222\grep.cfexe
c:\2222222222222222222222\gsar.cfexe
c:\2222222222222222222222\handle.cfexe
c:\2222222222222222222222\hidec.exe
c:\2222222222222222222222\history.bat
c:\2222222222222222222222\image001.gif
c:\2222222222222222222222\katch.cmd
c:\2222222222222222222222\kmd.dat
c:\2222222222222222222222\Lang.bat
c:\2222222222222222222222\List-C.bat
c:\2222222222222222222222\lnkread.vbs
c:\2222222222222222222222\localappdata.folder.dat
c:\2222222222222222222222\LocalService.dat
c:\2222222222222222222222\LocalServiceNetworkRestricted.dat
c:\2222222222222222222222\localsettings.folder.dat
c:\2222222222222222222222\LocalSystemNetworkRestricted.dat
c:\2222222222222222222222\Maken Change.user.cf
c:\2222222222222222222222\md5deep.cfexe
c:\2222222222222222222222\moveex.cfexe
c:\2222222222222222222222\MoveIt.bat
c:\2222222222222222222222\mtee.cfexe
c:\2222222222222222222222\MWindows.dat
c:\2222222222222222222222\mynul
c:\2222222222222222222222\mypictures.folder.dat
c:\2222222222222222222222\N_\17771
c:\2222222222222222222222\N_\21396
c:\2222222222222222222222\N_\26220
c:\2222222222222222222222\N_\27982
c:\2222222222222222222222\N_\6291
c:\2222222222222222222222\ND_.bat
c:\2222222222222222222222\ndis_combofix.dat
c:\2222222222222222222222\netsvc.bad.dat
c:\2222222222222222222222\netsvc.dat
c:\2222222222222222222222\NetworkService.dat
c:\2222222222222222222222\NirCmd.cfexe
c:\2222222222222222222222\nircmd.com
c:\2222222222222222222222\NirCmd.inf
c:\2222222222222222222222\NirCmdC.cfexe
c:\2222222222222222222222\NlsLanguageDefault
c:\2222222222222222222222\NULL
c:\2222222222222222222222\OsId.txt
c:\2222222222222222222222\OSid.vbs
c:\2222222222222222222222\OsVer
c:\2222222222222222222222\personal.folder.dat
c:\2222222222222222222222\Policies.dat
c:\2222222222222222222222\Profiles.Folder.dat
c:\2222222222222222222222\progfile.dat
c:\2222222222222222222222\programs.folder.dat
c:\2222222222222222222222\psexec.cfexe
c:\2222222222222222222222\Purity.dat
c:\2222222222222222222222\pv.cfexe
c:\2222222222222222222222\RCLink
c:\2222222222222222222222\RCLink00
c:\2222222222222222222222\RegDo.sed
c:\2222222222222222222222\region.dat
c:\2222222222222222222222\regt.cfexe
c:\2222222222222222222222\restore_pt.dat
c:\2222222222222222222222\restore_pt.vbs
c:\2222222222222222222222\RestoreO4.bat
c:\2222222222222222222222\rogues.dat
c:\2222222222222222222222\run2.sed
c:\2222222222222222222222\safeboot.dat
c:\2222222222222222222222\safeboot.def.dat
c:\2222222222222222222222\safeboot.def.vista.dat
c:\2222222222222222222222\SafeBootRepair.bat
c:\2222222222222222222222\sed.cfexe
c:\2222222222222222222222\setcsum.cfexe
c:\2222222222222222222222\SetEnvmt.bat
c:\2222222222222222222222\SetPath.bat
c:\2222222222222222222222\setpath.cfexe
c:\2222222222222222222222\SF.cfexe
c:\2222222222222222222222\sfx.cmd
c:\2222222222222222222222\srizbi.md5
c:\2222222222222222222222\startmenu.folder.dat
c:\2222222222222222222222\startup.folder.dat
c:\2222222222222222222222\Sum01
c:\2222222222222222222222\svc_wht.dat
c:\2222222222222222222222\SvcDrv.vbs
c:\2222222222222222222222\svchost.dat
c:\2222222222222222222222\SWREG.cfexe
c:\2222222222222222222222\swreg.exe
c:\2222222222222222222222\swsc.cfexe
c:\2222222222222222222222\swxcacls.cfexe
c:\2222222222222222222222\SysPath.dat
c:\2222222222222222222222\system_ini.dat
c:\2222222222222222222222\templates.folder.dat
c:\2222222222222222222222\toolbar.sed
c:\2222222222222222222222\unzip.cfexe
c:\2222222222222222222222\vfind.cfexe
c:\2222222222222222222222\whitedirB.dat
c:\2222222222222222222222\WhiteLegacy.dat
c:\2222222222222222222222\Windir.dat
c:\2222222222222222222222\WRP.cfexe
c:\2222222222222222222222\XP.mac
c:\2222222222222222222222\zDomain.dat
c:\2222222222222222222222\zhsvc.dat
c:\2222222222222222222222\zip.cfexe
c:\documents and settings\Maken Change\Application Data\uTorrent
c:\documents and settings\Maken Change\Application Data\uTorrent\resume.dat
c:\documents and settings\Maken Change\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Maken Change\Application Data\uTorrent\settings.dat
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\0007025F
c:\program files\AskBarDis\bar\Cache\000728B3
c:\program files\AskBarDis\bar\Cache\00073B90.bin
c:\program files\AskBarDis\bar\Cache\00074360.bin
c:\program files\AskBarDis\bar\Cache\00074767.bin
c:\program files\AskBarDis\bar\Cache\00074B10.bin
c:\program files\AskBarDis\bar\Cache\00075012.bin
c:\program files\AskBarDis\bar\Cache\00075580.bin
c:\program files\AskBarDis\bar\Cache\00075AD0.bin
c:\program files\AskBarDis\bar\Cache\00075EE6.bin
c:\program files\AskBarDis\bar\Cache\000762DE.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\BitLord
c:\program files\BitLord\BitLord.xml
c:\program files\BitLord\Downloads.xml
c:\program files\BitLord\Downloads\Akira Kurosawa - Sanjuro\Akira Kurosawa - Sanjuro.AVI
c:\program files\BitLord\Downloads\Akira Kurosawa - Sanjuro\Akira Kurosawa - Sanjuro.txt
c:\program files\BitLord\Downloads\Akira Kurosawa - Sanjuro\Thumbs.db
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\01 - Murmaider.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\02 - Into the Water.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\03 - Awaken.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\04 - Bloodrocuted.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\05 - Go Forth and Die.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\06 - Fansong.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\07 - Better Metal Snake.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\08 - The Lost Vikings.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\09 - Thunderhorse.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\10 - Briefcase Full of Guts.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\11 - Birthday Dethday.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\12 - Hatredcopter.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\13 - Castratikon.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\14 - Face Fisted.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\15 - Dethharmonic.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\16 - Dethklok Intro (Hidden).mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\back cover.JPG
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\cover.jpg
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\disc 1.JPG
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\disc 2.jPG
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\inside cover.jpg
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\lyrics 1-2.JPG
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\lyrics 3-4.JPG
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\lyrics 5-6.JPG
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\lyrics 7-8.JPG
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (2007 V0)\lyrics 9-10.JPG
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (Deluxe Bonus Disc) (2007 V0)\01 - Duncan Hills Coffee Jingle.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (Deluxe Bonus Disc) (2007 V0)\02 - Blood Ocean.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (Deluxe Bonus Disc) (2007 V0)\03 - Murdertrain a Comin'.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (Deluxe Bonus Disc) (2007 V0)\04 - Pickles Intro.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (Deluxe Bonus Disc) (2007 V0)\05 - Kill You.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (Deluxe Bonus Disc) (2007 V0)\06 - Hatredy.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Dethklok - The Dethalbum (Deluxe Bonus Disc) (2007 V0)\07 - Dethklok Gets In Tune.mp3
c:\program files\BitLord\Downloads\Dethklok - The Dethalbum (Discs 1 & 2)\Torrent downloaded from Demonoid.com.txt
c:\program files\BitLord\Downloads\Flattbush_Seize_The_Time_Disc_1_Track_1_Serve_The_People.mp3.bc!
c:\program files\BitLord\Downloads\Harakiri.1962.DVDRip.XViD-UNKNOWN\Harakiri.1962.DVDRip.XviD.AC3.avi
c:\program files\BitLord\Downloads\Harakiri.1962.DVDRip.XViD-UNKNOWN\Harakiri.1962.DVDRip.XviD.AC3.srt
c:\program files\BitLord\Downloads\Harakiri.1962.DVDRip.XViD-UNKNOWN\Thumbs.db
c:\program files\BitLord\Downloads\Kurosawa - 1957 - Kumonosu jo (Throne of blood)\Thumbs.db
c:\program files\BitLord\Downloads\Lone.Wolf.And.Cub.COMPLETE.DVDRip.XviD-SOUTHSiDE\Lone.Wolf.&.Cub.1.-.Sword.of.Vengeance.1972.DVDXvid-SOUTHSiDE\Thumbs.db
c:\program files\BitLord\Downloads\Musashi.Trilogy.HiQ.DVDRip.EngSub\_____padding_file_0_if you see this file, please update to BitComet 0.85 or above____
c:\program files\BitLord\Downloads\Musashi.Trilogy.HiQ.DVDRip.EngSub\_____padding_file_1_if you see this file, please update to BitComet 0.85 or above____
c:\program files\BitLord\Downloads\Musashi.Trilogy.HiQ.DVDRip.EngSub\_____padding_file_2_if you see this file, please update to BitComet 0.85 or above____
c:\program files\BitLord\Downloads\Musashi.Trilogy.HiQ.DVDRip.EngSub\MusashiI.avi
c:\program files\BitLord\Downloads\Musashi.Trilogy.HiQ.DVDRip.EngSub\MusashiII.avi
c:\program files\BitLord\Downloads\Musashi.Trilogy.HiQ.DVDRip.EngSub\MusashiIII.avi
c:\program files\BitLord\Downloads\Musashi.Trilogy.HiQ.DVDRip.EngSub\ReadMe.txt.bc!
c:\program files\BitLord\Downloads\PoliticalHipHopMix.mp3.bc!
c:\program files\BitLord\Downloads\quincys_political_hiphop_mix__dead_prez__immortal_technique__and_more.zip
c:\program files\BitLord\Downloads\Star Trek Voyager Season 6\Thumbs.db
c:\program files\BitLord\Downloads\Star Trek Voyager Season 7\Shortcut to Star Trek Voyager Season 7.lnk
c:\program files\BitLord\Downloads\Star Trek Voyager Season 7\Thumbs.db
c:\program files\BitLord\Downloads\Stargate Atlantis (Season 3)\Thumbs.db
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum (Bonus Disc)\01 Duncan Hills Coffee Jingle.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum (Bonus Disc)\02 Blood Ocean.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum (Bonus Disc)\03 Murdertrain a Comin'.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum (Bonus Disc)\04 Pickles Intro.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum (Bonus Disc)\05 Kill You.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum (Bonus Disc)\06 Hatredy.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum (Bonus Disc)\07 Dethklok Gets in Tune.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum (Bonus Disc)\Dethklok - Bloodrocuted.mpg
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum (Bonus Disc)\folder.jpg
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum (Bonus Disc)\Metalocalypse Episode 201.mpg
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\01 Murmaider.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\02 Go Into the Water.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\03 Awaken.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\04 Bloodtrocuted.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\05 Go Forth and Die.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\06 Fansong.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\07 Better Metal Snake.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\08 The Lost Vikings.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\09 Thunderhorse.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\10 Briefcase Full of Guts.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\11 Birthday Dethday.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\12 Hatredcopter.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\13 Castraikron.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\14 Face Fisted.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\15 Dethharmonic.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\16 Deththeme.mp3
c:\program files\BitLord\Downloads\The Dethalbum\The Dethalbum\folder.jpg
c:\program files\BitLord\lang\lang_ar_ae.xml
c:\program files\BitLord\lang\lang_bg_bg.xml
c:\program files\BitLord\lang\lang_ca_es.xml
c:\program files\BitLord\lang\lang_cz_cz.xml
c:\program files\BitLord\lang\lang_da_dk.xml
c:\program files\BitLord\lang\lang_de_de.xml
c:\program files\BitLord\lang\lang_el_gr.xml
c:\program files\BitLord\lang\lang_en_us.xml
c:\program files\BitLord\lang\lang_es_ar.xml
c:\program files\BitLord\lang\lang_es_es.xml
c:\program files\BitLord\lang\lang_et_ee.xml
c:\program files\BitLord\lang\lang_fi_fi.xml
c:\program files\BitLord\lang\lang_fr_fr.xml
c:\program files\BitLord\lang\lang_gl_es.xml
c:\program files\BitLord\lang\lang_he_il.xml
c:\program files\BitLord\lang\lang_hu_hu.xml
c:\program files\BitLord\lang\lang_it_it.xml
c:\program files\BitLord\lang\lang_jp_jp.xml
c:\program files\BitLord\lang\lang_ko_kr.xml
c:\program files\BitLord\lang\lang_nb_no.xml
c:\program files\BitLord\lang\lang_nl_nl.xml
c:\program files\BitLord\lang\lang_pl_pl.xml
c:\program files\BitLord\lang\lang_pt_br.xml
c:\program files\BitLord\lang\lang_pt_pt.xml
c:\program files\BitLord\lang\lang_ro_ro.xml
c:\program files\BitLord\lang\lang_ru_ru.xml
c:\program files\BitLord\lang\lang_sk_sk.xml
c:\program files\BitLord\lang\lang_sl_si.xml
c:\program files\BitLord\lang\lang_sr_sr.xml
c:\program files\BitLord\lang\lang_sv_se.xml
c:\program files\BitLord\lang\lang_th_th.xml
c:\program files\BitLord\lang\lang_tr_tr.xml
c:\program files\BitLord\lang\lang_va_es.xml
c:\program files\BitLord\lang\lang_zh_tw.xml
c:\program files\BitLord\rules\ipfilter.dat
c:\program files\BitLord\Torrents\Akira Kurosawa - Sanjuro.torrent
c:\program files\BitLord\Torrents\Akira Kurosawa - Sanjuro.xml
c:\program files\BitLord\Torrents\Dethklok - The Dethalbum (Discs 1 & 2).torrent
c:\program files\BitLord\Torrents\Dethklok - The Dethalbum (Discs 1 & 2).xml
c:\program files\BitLord\Torrents\Flattbush_Seize_The_Time_Disc_1_Track_1_Serve_The_People.mp3.torrent
c:\program files\BitLord\Torrents\Flattbush_Seize_The_Time_Disc_1_Track_1_Serve_The_People.mp3.xml
c:\program files\BitLord\Torrents\Harakiri.1962.DVDRip.XViD-UNKNOWN.torrent
c:\program files\BitLord\Torrents\Harakiri.1962.DVDRip.XViD-UNKNOWN.xml
c:\program files\BitLord\Torrents\Musashi.Trilogy.HiQ.DVDRip.EngSub.torrent
c:\program files\BitLord\Torrents\Musashi.Trilogy.HiQ.DVDRip.EngSub.xml
c:\program files\BitLord\Torrents\PoliticalHipHopMix.mp3.torrent
c:\program files\BitLord\Torrents\PoliticalHipHopMix.mp3.xml
c:\program files\BitLord\Torrents\quincys_political_hiphop_mix__dead_prez__immortal_technique__and_more.zip.torrent
c:\program files\BitLord\Torrents\quincys_political_hiphop_mix__dead_prez__immortal_technique__and_more.zip.xml
c:\program files\BitLord\Torrents\The Dethalbum.torrent
c:\program files\BitLord\Torrents\The Dethalbum.xml
c:\program files\BitLord\Torrents\Underground Rap-Hip Hop.torrent
c:\program files\BitLord\Torrents\Underground Rap-Hip Hop.xml
c:\program files\Soulseek
c:\program files\Soulseek\attributes.cfg
c:\program files\Soulseek\attrstrings.cfg
c:\program files\Soulseek\autoaway.cfg
c:\program files\Soulseek\BlackBox.dll
c:\program files\Soulseek\chatrooms.cfg
c:\program files\Soulseek\chatui.cfg
c:\program files\Soulseek\DbgHelp.Dll
c:\program files\Soulseek\dlbans.cfg
c:\program files\Soulseek\extensions.cfg
c:\program files\Soulseek\hotlist.cfg
c:\program files\Soulseek\ignores.cfg
c:\program files\Soulseek\login.cfg
c:\program files\Soulseek\message.wav
c:\program files\Soulseek\pchat.cfg
c:\program files\Soulseek\port.cfg
c:\program files\Soulseek\Psapi.Dll
c:\program files\Soulseek\queue.cfg
c:\program files\Soulseek\queue2.cfg
c:\program files\Soulseek\rcmnd.cfg
c:\program files\Soulseek\Readme.txt
c:\program files\Soulseek\save.cfg
c:\program files\Soulseek\search.cfg
c:\program files\Soulseek\shared.cfg
c:\program files\Soulseek\slsk.exe
c:\program files\Soulseek\ticker.cfg
c:\program files\Soulseek\transfersview.cfg
c:\program files\Soulseek\ui.cfg
c:\program files\Soulseek\uninstall.exe
c:\program files\Soulseek\userinfo.cfg
c:\program files\Soulseek\usernotes.cfg
c:\program files\Soulseek\wishlist.cfg
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
c:\windows\system32\config\systemprofile\Application Data\uTorrent
c:\windows\system32\config\systemprofile\Application Data\uTorrent\dht.dat
c:\windows\system32\config\systemprofile\Application Data\uTorrent\resume.dat
c:\windows\system32\config\systemprofile\Application Data\uTorrent\resume.dat.old
c:\windows\system32\config\systemprofile\Application Data\uTorrent\settings.dat

.
((((((((((((((((((((((((( Files Created from 2008-11-13 to 2008-12-13 )))))))))))))))))))))))))))))))
.

2009-01-03 17:31 . 2009-01-03 17:31 <DIR> d-------- c:\windows\system32\scripting
2009-01-03 17:31 . 2009-01-03 17:31 <DIR> d-------- c:\windows\system32\en
2009-01-03 17:31 . 2009-01-03 17:31 <DIR> d-------- c:\windows\l2schemas
2009-01-02 22:30 . 2009-01-02 22:51 <DIR> d-------- c:\program files\RegScrubXP
2009-01-02 21:48 . 2009-01-02 21:48 <DIR> d-------- c:\windows\system32\@[Ç
2009-01-02 18:17 . 2009-01-02 22:48 <DIR> d-------- c:\documents and settings\Maken Change\Application Data\Twain
2008-12-27 22:19 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2008-12-27 22:19 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2008-12-27 22:19 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2008-12-27 22:19 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2008-12-27 22:19 . 2008-04-13 19:09 6,144 --a------ c:\windows\system32\kbd106.dll
2008-12-27 22:19 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2008-12-27 22:19 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2008-12-27 22:19 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2008-12-27 22:19 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2008-12-27 22:19 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2008-12-27 22:19 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2008-12-13 17:43 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-10 19:47 . 2008-12-10 19:47 <DIR> d-------- c:\documents and settings\Maken Change\Application Data\Malwarebytes
2008-12-10 19:19 . 2008-12-10 19:18 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-10 19:19 . 2008-12-10 19:18 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-10 19:18 . 2008-12-10 19:18 <DIR> d-------- c:\program files\Java
2008-12-10 19:03 . 2008-12-10 19:03 <DIR> d-------- c:\program files\Trend Micro
2008-12-09 20:46 . 2008-12-10 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2008-12-09 18:11 . 2008-12-09 18:11 249,592 --a------ c:\windows\system32\cssdll32.dll
2008-12-09 18:10 . 2008-12-09 18:11 <DIR> d-------- c:\program files\COMODO
2008-12-09 18:10 . 2008-12-09 20:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2008-12-09 18:10 . 2008-12-09 18:10 147,192 --a------ c:\windows\system32\guard32.dll
2008-12-09 18:10 . 2008-12-09 18:10 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys
2008-12-09 18:10 . 2008-12-09 18:10 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2008-12-09 16:51 . 2008-12-09 16:51 <DIR> d-------- c:\program files\Alwil Software
2008-12-08 17:51 . 2008-12-08 18:18 <DIR> d-------- c:\program files\Winamp Toolbar
2008-12-08 17:51 . 2008-12-08 17:51 <DIR> d-------- c:\program files\Common Files\Apple
2008-12-08 17:51 . 2008-12-08 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-08 17:47 . 2008-12-08 17:47 <DIR> d-------- c:\program files\Apple Software Update
2008-12-08 17:47 . 2008-12-08 17:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-08 17:41 . 2008-12-08 17:41 <DIR> d--hs---- c:\documents and settings\Maken Change\PrivacIE
2008-12-08 17:30 . 2008-12-08 17:32 <DIR> d--h-c--- c:\windows\ie8
2008-12-07 20:12 . 2008-12-07 20:12 <DIR> d-------- c:\program files\Foxit Software
2008-12-07 20:12 . 2008-12-07 20:12 <DIR> d-------- c:\documents and settings\Maken Change\Application Data\Foxit
2008-12-07 20:08 . 2008-12-07 20:08 <DIR> d-------- c:\program files\Secunia
2008-12-04 11:22 . 2008-12-04 11:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-04 11:22 . 2008-12-04 11:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-04 11:22 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 11:22 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-03 21:32 . 2008-12-03 21:32 <DIR> d-------- c:\program files\Lavasoft
2008-12-03 21:32 . 2008-12-03 21:32 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-03 21:32 . 2008-12-03 21:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-03 20:23 . 2008-12-03 20:24 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-03 19:16 . 2007-03-07 09:51 139,264 --a------ c:\windows\system32\LxrSII1.dll
2008-12-03 19:16 . 2007-03-07 09:51 72,672 --a------ c:\windows\system32\drivers\LxrSII1d.sys
2008-12-03 19:16 . 2007-03-07 09:51 49,152 --a------ c:\windows\system32\LxrSII1s.exe
2008-12-03 19:16 . 2007-03-07 09:51 23,934 --a------ c:\windows\LxrEncVlt.ico
2008-12-03 19:16 . 2007-03-07 09:51 3,262 --a------ c:\windows\LxrSgeEnc.ico
2008-12-03 18:50 . 2008-12-03 18:53 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-18 08:36 . 2008-11-18 08:36 7,808 --a------ c:\windows\system32\drivers\psi_mf.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 04:52 --------- d-----w c:\program files\Microsoft AntiSpyware
2009-01-03 04:17 15,771,935 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-12-15 02:40 --------- d--h--w c:\documents and settings\Maken Change\Application Data\Move Networks
2008-12-13 18:29 107,272,224 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-13 18:24 1,260,140 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-10 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 21:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-09 21:29 --------- d-----w c:\documents and settings\Maken Change\Application Data\AVGTOOLBAR
2008-12-09 21:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-08 22:59 --------- d-----w c:\program files\Winamp
2008-12-08 22:52 --------- d-----w c:\program files\QuickTime
2008-12-08 22:51 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-08 01:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-08 01:01 --------- d-----w c:\program files\Logitech
2008-12-08 00:54 --------- d-----w c:\program files\DivX
2008-12-04 16:54 --------- d-----w c:\program files\PeerGuardian2
2008-12-04 15:37 3,075,072 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-07-05 21:52 80,680 ----a-w c:\documents and settings\Maken Change\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-12-10_16.27.32.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-11 00:18:21 144,792 ----a-w c:\windows\system32\java.exe
+ 2008-12-11 00:18:21 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-11 00:18:21 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-13 18:25:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_424.dat
+ 2008-12-13 17:43:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_558.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-12-09 278264]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2008-12-09 1797880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]

c:\documents and settings\Maken Change\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2008-11-25 728408]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-09 111184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-12-09 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-09 31504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-09 20560]
R2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\Drivers\LxrSII1d.sys [2008-12-03 72672]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-11-18 7808]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title = Windows Internet Explorer provided by Comcast

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FireFox -: Profile - c:\documents and settings\Maken Change\Application Data\Mozilla\Firefox\Profiles\xsryrlra.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 13:25:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3452)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
SystemRoot\System32\smss.exe [596]
??\c:\windows\system32\csrss.exe [648]
??\c:\windows\system32\winlogon.exe [672]
c:\windows\system32\services.exe [716]
c:\windows\system32\lsass.exe [728]
c:\windows\system32\svchost.exe [888]
c:\windows\system32\svchost.exe [936]
c:\windows\System32\svchost.exe [1016]
c:\windows\System32\svchost.exe [1124]
c:\windows\system32\svchost.exe [1232]
c:\program files\Lavasoft\Ad-Aware\aawservice.exe [1280]
c:\program files\Alwil Software\Avast4\aswUpdSv.exe [1304]
c:\program files\Alwil Software\Avast4\ashServ.exe [1368]
c:\windows\system32\spoolsv.exe [1696]
c:\program files\Java\jre6\bin\jqs.exe [1060]
c:\windows\system32\LxrSII1s.exe [1092]
c:\windows\system32\nvsvc32.exe [1112]
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe [1212]
c:\windows\System32\svchost.exe [1396]
c:\windows\System32\wdfmgr.exe [1460]
c:\windows\system32\CF8282.exe [1436]
c:\program files\Alwil Software\Avast4\ashMaiSv.exe [2020]
c:\program files\Alwil Software\Avast4\ashWebSv.exe [2284]
c:\progra~1\ALWILS~1\Avast4\ashDisp.exe [3316]
c:\program files\COMODO\SafeSurf\cssurf.exe [3348]
c:\program files\Java\jre6\bin\jusched.exe [3440]
c:\windows\system32\ctfmon.exe [3476]
c:\windows\System32\alg.exe [3620]
c:\windows\system32\wuauclt.exe [2372]
c:\windows\explorer.exe [3452]
c:\combofix\catchme.cfexe [2716]
.
**************************************************************************
.
Completion time: 2008-12-13 13:36:33 - machine was rebooted [Maken Change]
ComboFix-quarantined-files.txt 2008-12-13 18:35:56
ComboFix2.txt 2008-12-10 21:29:05

Pre-Run: 99,477,442,560 bytes free
Post-Run: 99,438,579,712 bytes free

571 --- E O F --- 2008-12-09 22:51:55

pskelley · Dec 13, 2008

Before we move on, if you do not have a Windows XP CD, you really should install the Recovery Console. Here is some information:
http://support.microsoft.com/kb/314058
http://support.microsoft.com/kb/307654
Recovery Console is a tool that will allow you to recover from a catastrophic system failure, so let's hope you never need it. Many experts believe Microsoft should have installed it by default.

Here are the instructions:
I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\CF-RC.txt

Since we do not need to scan with combofix, click NO

Thanks

John Conner · Dec 14, 2008

Have recovery console

I now have the recovery console.

John Conner · Dec 14, 2008

Rc

When I try to install the recovery console with Combo fix it tells me its already installed--but then says it is not when I run a log file???

pskelley · Dec 14, 2008

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

(next is optional, since it was clean last run)
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.

Update Avast4 and scan the system, to be sure it is running right and scanning clean.

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html

John Conner · Dec 16, 2008

everything works great! thank you so much!

Thank you so much! You have been very helpful.

Someday when I am rich and powerful I will donate to your company.

Again, deep thanks!

help spybot won't open

John Conner

New member

pskelley

In Memoriam -Always in our heart

John Conner

New member

John Conner

New member

pskelley

In Memoriam -Always in our heart

John Conner

New member

pskelley

In Memoriam -Always in our heart

John Conner

New member

pskelley

In Memoriam -Always in our heart

John Conner

New member

John Conner

New member

pskelley

In Memoriam -Always in our heart

John Conner

New member

pskelley

In Memoriam -Always in our heart

John Conner

New member

John Conner

New member

pskelley

In Memoriam -Always in our heart

John Conner

New member