Non-Plug and Play Driver Preventing Sound on my PC...?

T

TheDeepBlue

New member
Alright, so get this: I put my rig back together in my dorm room after summer break, and everything seems to be working except for the sound. I try playing a streaming channel in WinAmp and get this business:

Bad DirectSound driver. Please install proper drivers or select another device in configuration.

Error code: 88780078

What?

So, I google that message and follow the first hit given, http://www.ozzu.com/mswindows-forum/winamp-gives-bad-directsound-drivers-error-t24932.html which is a forum full of folks back in 2004 having issues similar to mine. The most helpful suggestion given seems to be to go into the Device Manager and fiddle with some goofily-performing drivers, though no suggestions appear to be given as to why the drivers are behaving this way. In any case, I go to the Device Manager, but nothing seems wrong with any of the stuff under 'Sound, Video, and game controllers'. Then I choose 'Show hidden devices', and under 'Non-Plug and Play drivers', there's this thing with an exclamation point on it called 'afdfprmnnp'.

Looking at its Properties, my system can't figure out its manufacturer or its location on the General tab, and according to the Details tab its 'Device Instance Id' is ROOT\LEGACY_AFDFPRMNNP\0000. I try googling for that, and I find that something similar is mentioned in reference to that ThinkPoint malware.

I google 'afdfprmnnp', and get exactly one hit directing me to the DDS report in this thread from about eight months ago http://forums.spybot.info/showthread.php?t=61024 when the S-N forums helped me clean up leftover ThinkPoint guts. So this thing has been on my computer for over half a year, and only now starts acting up and is apparently keeping my computer from finding my Sound Blaster card. It's currently disabled (even though it must have been enabled before?) and I'd like to hear sound on my computer again, but I don't know what might happen if I turn it on.

Backed up the registry with ERUNT, ran DDS, and ran SUPERAntiSpyware (killed three hundred and change adware cookies) and then MWB (no nasties left, it seems.) Any ideas?

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by Erick at 18:57:32 on 2011-08-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2277 [GMT -5:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LxrJD31s.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\SmartDisk\Flash Media Reader\shwicon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotmail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [PlayNC Launcher]
mRun: [ShowIcon_SmartDisk Corporation_SmartDisk Flash Media Reader Support 2.1] "c:\program files\smartdisk\flash media reader\shwicon.exe" -t"smartdisk corporation\SmartDisk Flash Media Reader Support 2.1"
mRun: [SW20] "c:\winnt\system32\sw20.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [SecurDisc] "c:\program files\nero\nero 7\incd\NBHGui.exe"
mRun: [InCD] "c:\program files\nero\nero 7\incd\InCD.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GEST] ]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\erick\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\erick\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: cityofheroes.com\boards
Trusted Zone: sun.com\java
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147640637654
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148195024359
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://download.shockwave.com/pub/otoy/OTOYAX.cab
DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} - hxxp://www.coh.co.kr/common/ocx/ncweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38094.4437847222
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: DhcpNameServer = 76.78.128.46 66.112.235.200
TCP: Interfaces\{334516FE-7A2B-4767-B3CB-4FD4BCCA8D1B} : DhcpNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{F14573BC-56D1-40F2-B61D-B5188D3E7BDD} : DhcpNameServer = 76.78.128.46 66.112.235.200
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\erick\application data\mozilla\firefox\profiles\neepi7vu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae208d5&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\erick\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: AVG Security Toolbar em:version=7.005.030.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [2009-5-28 52872]
R0 JAHCI;JAHCI;c:\winnt\system32\drivers\JAHCI.sys [2006-5-15 33280]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\winnt\system32\drivers\AGPKX.SYS [2006-5-14 45056]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2009-5-28 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\winnt\system32\drivers\avgmfx86.sys [2009-5-28 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2009-5-28 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-22 308136]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\winnt\system32\drivers\LBeepKE.sys [2010-6-19 12184]
S3 Afdfprmnnp;Afdfprmnnp; [x]
S3 AvFlt;Antivirus Filter Driver;c:\winnt\system32\drivers\av5flt.sys --> c:\winnt\system32\drivers\av5flt.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 947528]
S3 Ms_mdsvr;Ms_mdsvr; [x]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [2003-10-28 820858]
S3 Sybsaccegw;Sybsaccegw; [x]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winnt\system32\drivers\ULILAN51.SYS [2006-5-14 28672]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2003-7-14 49776]
S4 Dmsfauauidg;Dmsfauauidg; [x]
.
=============== Created Last 30 ================
.
2011-08-10 23:29:43 139656 -c----w- c:\winnt\system32\dllcache\rdpwd.sys
2011-08-10 23:28:39 10496 -c----w- c:\winnt\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-22 22:48:41 16400 ----a-w- c:\winnt\system32\drivers\LNonPnP.sys
2011-08-19 18:06:54 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\winnt\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\winnt\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\winnt\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\winnt\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\winnt\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\winnt\system32\win32k.sys
.
============= FINISH: 18:58:15.43 ===============

Edit
"Oracle (Sun)Microsystems-Java Security vulnerability in older versions left on system"
http://forums.spybot.info/showpost.php?p=12880&postcount=2
 
Last edited by a moderator:
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Before I post the logs, some miscellany that occurred while I was waiting for assistance:

I ran a system search for 'afdfprmnnp', and I found a couple references to it (or another file by the same name) in C:\WINNT\security\logs.scesetup which seems to imply that its been on my hard drive since at least 2006. I'm not a computer expert so I won't guess what that could mean.

As per tashi's suggestion, I installed JDK 7 and uninstalled a bunch of stuff (that I hope was) related to JDK 6. I'm not sure what else might need to be removed, if anything, but Java-related items left in my Add or Remove Programs list are:

J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_08
Java DB 10.4.2.1
Java(TM) 7
Java(TM) SE Development Kit 7
NetBeans IDE 6.7.1
NetBeans IDE 7.0.1

I'm not sure if the second and third items there are the correct ones; I think I uninstalled something similar to the second item because it was older, so I thought it might be related to JDK 6. There was a bit of a fuss when I tried importing my old programs from NetBeans IDE 6.7.1 to NetBeans IDE 7.0.1 (7.0.1 seemed to have some problem finding a couple of classes? I can't remember what they were called at the moment) but the programs themselves seem to work fine via 7.0.1, so I think it just might've been related to me launching 6.7.1 after I uninstalled a bunch of the JDK 6-related stuff.

Anyway, the logs.
__________

I downloaded ComboFix as per Blade81's instructions. I attempted to run it after trying to disable AVG Anti-Virus, but it said that AVG was still running. For some reason, the instructions provided by Blade to disable AVG didn't match up with the options given in the actual program, so I just uninstalled it altogether; the license expired a few months ago anyway and AVG didn't recognize the license number for some reason, so I couldn't renew or upgrade.

Continued running ComboFix, it rebooted my computer and provided me with the log. Ran DDS again. Updated SUPERAntiSpyware, scanned the computer, and killed about a hundred and change tracking cookies. Installed AVG Anti-Virus Free Edition 2011.

The ComboFix and DDS logs follow (I've also attached the appropriate ZIP file from running DDS):



ComboFix 11-08-27.01 - Erick 08/27/2011 13:03:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2686 [GMT -5:00]
Running from: c:\documents and settings\Erick\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Erick\Application Data\completescan
c:\documents and settings\Erick\Application Data\install
c:\program files\steam\steam.exe
c:\winnt\Downloaded Program Files\popcaploader.inf
c:\winnt\system32\restart.exe
c:\winnt\system32\SysInfo.dll
c:\winnt\system32\WinSys.exe
c:\winnt\Web\default.htt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_IAS
.
.
((((((((((((((((((((((((( Files Created from 2011-07-27 to 2011-08-27 )))))))))))))))))))))))))))))))
.
.
2011-08-23 06:57 . 2011-08-23 06:57 -------- d-----w- c:\documents and settings\Erick\.m2
2011-08-23 06:39 . 2011-08-23 06:42 -------- d-----w- c:\program files\NetBeans 7.0.1
2011-08-23 06:39 . 2011-08-23 06:39 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-23 06:39 . 2011-08-23 06:39 544656 ----a-w- c:\winnt\system32\deployJava1.dll
2011-08-11 14:02 . 2011-08-11 14:02 -------- d-----w- c:\program files\Logitech
2011-08-10 23:29 . 2011-06-24 14:10 139656 -c----w- c:\winnt\system32\dllcache\rdpwd.sys
2011-08-10 23:28 . 2011-07-08 14:02 10496 -c----w- c:\winnt\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 06:39 . 2007-08-25 21:06 128000 ----a-w- c:\winnt\system32\javacpl.cpl
2011-08-22 22:48 . 2010-06-20 00:28 16400 ----a-w- c:\winnt\system32\drivers\LNonPnP.sys
2011-08-19 18:06 . 2011-06-05 14:34 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\winnt\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 15:00 10496 ----a-w- c:\winnt\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-05-14 20:38 139656 ----a-w- c:\winnt\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-03 22:56 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-06-23 18:36 . 2004-08-03 22:56 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-06-23 18:36 . 2004-08-03 22:56 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-03 20:59 385024 ----a-w- c:\winnt\system32\html.iec
2011-06-20 17:44 . 2004-08-03 22:56 293376 ----a-w- c:\winnt\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-03 21:17 1858944 ----a-w- c:\winnt\system32\win32k.sys
2006-05-15 03:19 . 2006-05-15 03:19 60518 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-05-15 03:19 . 2006-05-15 03:19 49248 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-05-15 03:19 . 2006-05-15 03:19 165992 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-19 4603264]
"Aim"="c:\program files\AIM\aim.exe" [2010-12-17 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_SmartDisk Corporation_SmartDisk Flash Media Reader Support 2.1"="c:\program files\SmartDisk\Flash Media Reader\shwicon.exe -tSmartDisk Corporation\SmartDisk Flash Media Reader Support 2.1" [X]
"GEST"="]" [X]
"SW20"="c:\winnt\system32\sw20.exe" [2006-02-22 208896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-12-28 249856]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-23 77824]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgBOAFIAVgAyAC0ATgBBADcARwAzAC0ARQA2ADQARgBBAC0AOQBBAEIAMABEAC0ANgBQAFIARwBYAA&inst=NwA2AC0ANQAxADYAMgA0ADAANQAwADUALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkA&prod=51&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-03 44544]
.
c:\documents and settings\Erick\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-28 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-28 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-13 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=c:\program files\AIM\aim.exe -cnetwait.odl
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ICQ Lite"=c:\program files\ICQLite\ICQLite.exe -minimize
"NvCplDaemon"=RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"Synchronization Manager"=mobsync.exe /logon
"WildTangent CDA"=RUNDLL32.exe "c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\steamapps\\linearblue\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\City of Heroes\\CohUpdater.exe"=
.
R0 JAHCI;JAHCI;c:\winnt\system32\drivers\JAHCI.sys [5/15/2006 1:32 PM 33280]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\winnt\system32\drivers\AGPKX.SYS [5/14/2006 3:51 PM 45056]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\winnt\system32\drivers\LBeepKE.sys [6/19/2010 7:27 PM 12184]
S3 Afdfprmnnp;Afdfprmnnp; [x]
S3 AvFlt;Antivirus Filter Driver;c:\winnt\system32\drivers\av5flt.sys --> c:\winnt\system32\drivers\av5flt.sys [?]
S3 Ms_mdsvr;Ms_mdsvr; [x]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [10/28/2003 5:57 PM 820858]
S3 Sybsaccegw;Sybsaccegw; [x]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winnt\system32\drivers\ULILAN51.SYS [5/14/2006 3:57 PM 28672]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/14/2003 7:00 AM 49776]
S4 Dmsfauauidg;Dmsfauauidg; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 19:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-27 c:\winnt\Tasks\User_Feed_Synchronization-{9BD2BCEB-1ED1-466D-B1DD-132A664ED91B}.job
- c:\winnt\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cityofheroes.com\boards
Trusted Zone: sun.com\java
TCP: DhcpNameServer = 76.78.128.46 66.112.235.200
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} - hxxp://www.coh.co.kr/common/ocx/ncweb.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\Erick\Application Data\Mozilla\Firefox\Profiles\neepi7vu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae208d5&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Steam - c:\program files\steam\steam.exe
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
Notify-AtiExtEvent - (no file)
SafeBoot-sglfb.sys
SafeBoot-tga.sys
AddRemove-Creature - c:\program files\nvidia corporation\nvidia demos\Uninst.isu
AddRemove-SiS7012 - c:\progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
AddRemove-Steam App 220 - c:\program files\Steam\steam.exe
AddRemove-Steam App 380 - c:\program files\Steam\steam.exe
AddRemove-Steam App 400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 420 - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-Toy Soldiers - c:\program files\nvidia corporation\nvidia demos\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-27 13:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(480)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(1624)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\nvsvc32.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\winnt\system32\LxrJD31s.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\winnt\system32\wdfmgr.exe
c:\winnt\system32\wscntfy.exe
c:\program files\SmartDisk\Flash Media Reader\shwicon.exe
c:\winnt\system32\RUNDLL32.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-08-27 13:16:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-27 18:16
.
Pre-Run: 247,340,355,584 bytes free
Post-Run: 249,593,655,296 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - BD7C63D5DD2145582D2D3446249FB8E7



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Erick at 13:19:02 on 2011-08-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.3043 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\system32\LxrJD31s.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\WINNT\system32\wscntfy.exe
C:\Program Files\SmartDisk\Flash Media Reader\shwicon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotmail.com/
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [ShowIcon_SmartDisk Corporation_SmartDisk Flash Media Reader Support 2.1] "c:\program files\smartdisk\flash media reader\shwicon.exe" -t"smartdisk corporation\SmartDisk Flash Media Reader Support 2.1"
mRun: [SW20] "c:\winnt\system32\sw20.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [SecurDisc] "c:\program files\nero\nero 7\incd\NBHGui.exe"
mRun: [InCD] "c:\program files\nero\nero 7\incd\InCD.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GEST] ]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgBOAFIAVgAyAC0ATgBBADcARwAzAC0ARQA2ADQARgBBAC0AOQBBAEIAMABEAC0ANgBQAFIARwBYAA"&"inst=NwA2AC0ANQAxADYAMgA0ADAANQAwADUALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkA"&"prod=51"&"ver=9.0.894
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\erick\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\erick\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: cityofheroes.com\boards
Trusted Zone: sun.com\java
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147640637654
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148195024359
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://download.shockwave.com/pub/otoy/OTOYAX.cab
DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} - hxxp://www.coh.co.kr/common/ocx/ncweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38094.4437847222
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: DhcpNameServer = 76.78.128.46 66.112.235.200
TCP: Interfaces\{334516FE-7A2B-4767-B3CB-4FD4BCCA8D1B} : DhcpNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{F14573BC-56D1-40F2-B61D-B5188D3E7BDD} : DhcpNameServer = 76.78.128.46 66.112.235.200
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\erick\application data\mozilla\firefox\profiles\neepi7vu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae208d5&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 JAHCI;JAHCI;c:\winnt\system32\drivers\JAHCI.sys [2006-5-15 33280]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\winnt\system32\drivers\AGPKX.SYS [2006-5-14 45056]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\winnt\system32\drivers\LBeepKE.sys [2010-6-19 12184]
S3 Afdfprmnnp;Afdfprmnnp; [x]
S3 AvFlt;Antivirus Filter Driver;c:\winnt\system32\drivers\av5flt.sys --> c:\winnt\system32\drivers\av5flt.sys [?]
S3 Ms_mdsvr;Ms_mdsvr; [x]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [2003-10-28 820858]
S3 Sybsaccegw;Sybsaccegw; [x]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winnt\system32\drivers\ULILAN51.SYS [2006-5-14 28672]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2003-7-14 49776]
S4 Dmsfauauidg;Dmsfauauidg; [x]
.
=============== Created Last 30 ================
.
2011-08-27 18:10:43 1409 ----a-w- c:\winnt\QTFont.for
2011-08-27 18:01:50 -------- d-sha-r- C:\cmdcons
2011-08-27 18:00:15 98816 ----a-w- c:\winnt\sed.exe
2011-08-27 18:00:15 518144 ----a-w- c:\winnt\SWREG.exe
2011-08-27 18:00:15 256000 ----a-w- c:\winnt\PEV.exe
2011-08-27 18:00:15 208896 ----a-w- c:\winnt\MBR.exe
2011-08-23 06:57:18 -------- d-----w- c:\documents and settings\erick\.m2
2011-08-23 06:39:32 -------- d-----w- c:\program files\NetBeans 7.0.1
2011-08-23 06:39:19 611224 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-08-23 06:39:19 544656 ----a-w- c:\winnt\system32\deployJava1.dll
2011-08-10 23:29:43 139656 -c----w- c:\winnt\system32\dllcache\rdpwd.sys
2011-08-10 23:28:39 10496 -c----w- c:\winnt\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-23 06:39:04 128000 ----a-w- c:\winnt\system32\javacpl.cpl
2011-08-22 22:48:41 16400 ----a-w- c:\winnt\system32\drivers\LNonPnP.sys
2011-08-19 18:06:54 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\winnt\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\winnt\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\winnt\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\winnt\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\winnt\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\winnt\system32\win32k.sys
.
============= FINISH: 13:19:20.39 ===============
 
Also, I just looked in my Device Manager again, and in addition to the 'afdfprmnnp' thing that has an exclamation mark on it, there's a new thing called 'catchme' with an exclamation mark on it.

But I guess that one's related to ComboFix somehow.
 
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Driver::
Afdfprmnnp
Ms_mdsvr
Sybsaccegw
Dmsfauauidg
DDS::
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current Adobe shockwave player and get the fresh one here if needed.



Uninstall these old Javas:
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_08


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. How's the issue now?
 
On a related note, do you have any idea what might happen if ComboFix is still running when this AVG Anti-Virus starts itself back up? There's only an option to 'temporarily' disable the program, and the maximum allowed time is 15 minutes.

Ridiculous.

AVG got fussy a few times after it started back up after ComboFix rebooted the system, but I told it to allow ComboFix to keep running.

InCD Essentials started up on its own along with everything else that usually starts itself up on my computer. It's never done that before, at least not as long as I can remember.

Uninstalled those two java applications and the versions of Reader and Shockwave Player I had on my system.

No errors found in the Device Manager list this time. Still no sound, though.

Internet Explorer and that ESET application aren't cooperating. Some problem with the window or something after I try and install it.

The ComboFix and DDS logs follow. Appropriate other file from DDS is attached.



ComboFix 11-08-27.01 - Erick 08/27/2011 22:07:27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2570 [GMT -5:00]
Running from: c:\documents and settings\Erick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Erick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFDFPRMNNP
-------\Legacy_MS_MDSVR
-------\Legacy_SYBSACCEGW
-------\Service_Afdfprmnnp
-------\Service_Dmsfauauidg
-------\Service_Ms_mdsvr
-------\Service_Sybsaccegw
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-27 18:40 . 2011-08-27 18:40 -------- d-----w- c:\documents and settings\Erick\Application Data\AVG10
2011-08-27 18:39 . 2011-08-27 22:31 -------- d-----w- c:\winnt\system32\drivers\AVG
2011-08-27 18:39 . 2011-08-27 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-08-27 18:32 . 2011-08-27 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-27 18:10 . 2011-08-28 03:13 1409 ----a-w- c:\winnt\QTFont.for
2011-08-23 06:57 . 2011-08-23 06:57 -------- d-----w- c:\documents and settings\Erick\.m2
2011-08-23 06:39 . 2011-08-23 06:42 -------- d-----w- c:\program files\NetBeans 7.0.1
2011-08-23 06:39 . 2011-08-23 06:39 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-23 06:39 . 2011-08-23 06:39 544656 ----a-w- c:\winnt\system32\deployJava1.dll
2011-08-11 14:02 . 2011-08-11 14:02 -------- d-----w- c:\program files\Logitech
2011-08-10 23:29 . 2011-06-24 14:10 139656 -c----w- c:\winnt\system32\dllcache\rdpwd.sys
2011-08-10 23:28 . 2011-07-08 14:02 10496 -c----w- c:\winnt\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 06:39 . 2007-08-25 21:06 128000 ----a-w- c:\winnt\system32\javacpl.cpl
2011-08-22 22:48 . 2010-06-20 00:28 16400 ----a-w- c:\winnt\system32\drivers\LNonPnP.sys
2011-08-19 18:06 . 2011-06-05 14:34 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\winnt\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 15:00 10496 ----a-w- c:\winnt\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-05-14 20:38 139656 ----a-w- c:\winnt\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-03 22:56 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-06-23 18:36 . 2004-08-03 22:56 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-06-23 18:36 . 2004-08-03 22:56 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-03 20:59 385024 ----a-w- c:\winnt\system32\html.iec
2011-06-20 17:44 . 2004-08-03 22:56 293376 ----a-w- c:\winnt\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-03 21:17 1858944 ----a-w- c:\winnt\system32\win32k.sys
2006-05-15 03:19 . 2006-05-15 03:19 60518 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-05-15 03:19 . 2006-05-15 03:19 49248 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-05-15 03:19 . 2006-05-15 03:19 165992 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-27_18.10.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\winnt\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\winnt\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\winnt\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-08-28 03:15 . 2011-08-28 03:15 16384 c:\winnt\Temp\Perflib_Perfdata_734.dat
+ 2011-03-16 21:03 . 2011-03-16 21:03 32592 c:\winnt\system32\drivers\avgrkx86.sys
+ 2011-03-01 19:25 . 2011-03-01 19:25 34896 c:\winnt\system32\drivers\avgmfx86.sys
+ 2011-02-10 12:53 . 2011-02-10 12:53 27216 c:\winnt\system32\drivers\AVGIDSShim.sys
+ 2011-02-10 12:53 . 2011-02-10 12:53 24144 c:\winnt\system32\drivers\AVGIDSFilter.sys
+ 2011-02-22 13:13 . 2011-02-22 13:13 22992 c:\winnt\system32\drivers\AVGIDSEH.sys
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\winnt\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\winnt\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\winnt\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-04-05 05:59 . 2011-04-05 05:59 297168 c:\winnt\system32\drivers\avgtdix.sys
+ 2011-01-07 11:41 . 2011-01-07 11:41 248656 c:\winnt\system32\drivers\avgldx86.sys
+ 2011-04-15 02:28 . 2011-04-15 02:28 134480 c:\winnt\system32\drivers\AVGIDSDriver.sys
+ 2004-08-03 22:56 . 2008-04-14 00:11 640000 c:\winnt\system32\dllcache\dbghelp.dll
+ 2011-08-27 18:38 . 2011-08-27 18:38 219648 c:\winnt\Installer\1a1784.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\winnt\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\winnt\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-08-27 18:39 . 2011-08-27 18:39 3489280 c:\winnt\Installer\1a178c.msi
+ 2011-08-27 18:38 . 2011-08-27 18:38 1611776 c:\winnt\Installer\1a1788.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-19 4603264]
"Aim"="c:\program files\AIM\aim.exe" [2010-12-17 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_SmartDisk Corporation_SmartDisk Flash Media Reader Support 2.1"="c:\program files\SmartDisk\Flash Media Reader\shwicon.exe -tSmartDisk Corporation\SmartDisk Flash Media Reader Support 2.1" [X]
"GEST"="]" [X]
"SW20"="c:\winnt\system32\sw20.exe" [2006-02-22 208896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-12-28 249856]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-23 77824]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgBOAFIAVgAyAC0ATgBBADcARwAzAC0ARQA2ADQARgBBAC0AOQBBAEIAMABEAC0ANgBQAFIARwBYAA&inst=NwA2AC0ANQAxADYAMgA0ADAANQAwADUALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkA&prod=51&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-03 44544]
.
c:\documents and settings\Erick\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-28 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-28 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-13 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=c:\program files\AIM\aim.exe -cnetwait.odl
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ICQ Lite"=c:\program files\ICQLite\ICQLite.exe -minimize
"NvCplDaemon"=RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"Synchronization Manager"=mobsync.exe /logon
"WildTangent CDA"=RUNDLL32.exe "c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\steamapps\\linearblue\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\City of Heroes\\CohUpdater.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\winnt\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\winnt\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R0 JAHCI;JAHCI;c:\winnt\system32\drivers\JAHCI.sys [5/15/2006 1:32 PM 33280]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\winnt\system32\drivers\AGPKX.SYS [5/14/2006 3:51 PM 45056]
R1 Avgldx86;AVG AVI Loader Driver;c:\winnt\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\winnt\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\winnt\system32\drivers\LBeepKE.sys [6/19/2010 7:27 PM 12184]
R3 AVGIDSDriver;AVGIDSDriver;c:\winnt\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\winnt\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\winnt\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
S3 AvFlt;Antivirus Filter Driver;c:\winnt\system32\drivers\av5flt.sys --> c:\winnt\system32\drivers\av5flt.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [10/28/2003 5:57 PM 820858]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winnt\system32\drivers\ULILAN51.SYS [5/14/2006 3:57 PM 28672]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/14/2003 7:00 AM 49776]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSEH
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 19:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-28 c:\winnt\Tasks\User_Feed_Synchronization-{9BD2BCEB-1ED1-466D-B1DD-132A664ED91B}.job
- c:\winnt\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cityofheroes.com\boards
Trusted Zone: sun.com\java
TCP: DhcpNameServer = 76.78.128.46 66.112.235.200
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} - hxxp://www.coh.co.kr/common/ocx/ncweb.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\Erick\Application Data\Mozilla\Firefox\Profiles\neepi7vu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae208d5&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-27 22:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2568)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\winnt\system32\nvsvc32.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\winnt\system32\LxrJD31s.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\winnt\system32\wdfmgr.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\SmartDisk\Flash Media Reader\shwicon.exe
c:\winnt\system32\RUNDLL32.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2011-08-27 22:22:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-28 03:22
ComboFix2.txt 2011-08-27 18:16
.
Pre-Run: 248,772,694,016 bytes free
Post-Run: 248,808,222,720 bytes free
.
- - End Of File - - 2D1562508F4FC7BEC2AF1B9536B56116




.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Erick at 22:33:27 on 2011-08-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2863 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\system32\LxrJD31s.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\SmartDisk\Flash Media Reader\shwicon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINNT\explorer.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotmail.com/
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [ShowIcon_SmartDisk Corporation_SmartDisk Flash Media Reader Support 2.1] "c:\program files\smartdisk\flash media reader\shwicon.exe" -t"smartdisk corporation\SmartDisk Flash Media Reader Support 2.1"
mRun: [SW20] "c:\winnt\system32\sw20.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [SecurDisc] "c:\program files\nero\nero 7\incd\NBHGui.exe"
mRun: [InCD] "c:\program files\nero\nero 7\incd\InCD.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GEST] ]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgBOAFIAVgAyAC0ATgBBADcARwAzAC0ARQA2ADQARgBBAC0AOQBBAEIAMABEAC0ANgBQAFIARwBYAA"&"inst=NwA2AC0ANQAxADYAMgA0ADAANQAwADUALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkA"&"prod=51"&"ver=9.0.894
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\erick\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\erick\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: cityofheroes.com\boards
Trusted Zone: sun.com\java
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147640637654
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148195024359
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://download.shockwave.com/pub/otoy/OTOYAX.cab
DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} - hxxp://www.coh.co.kr/common/ocx/ncweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38094.4437847222
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: DhcpNameServer = 76.78.128.46 66.112.235.200
TCP: Interfaces\{334516FE-7A2B-4767-B3CB-4FD4BCCA8D1B} : DhcpNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{F14573BC-56D1-40F2-B61D-B5188D3E7BDD} : DhcpNameServer = 76.78.128.46 66.112.235.200
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\erick\application data\mozilla\firefox\profiles\neepi7vu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae208d5&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\winnt\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\winnt\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 JAHCI;JAHCI;c:\winnt\system32\drivers\JAHCI.sys [2006-5-15 33280]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\winnt\system32\drivers\AGPKX.SYS [2006-5-14 45056]
R1 Avgldx86;AVG AVI Loader Driver;c:\winnt\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\winnt\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\winnt\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\winnt\system32\drivers\LBeepKE.sys [2010-6-19 12184]
R3 AVGIDSDriver;AVGIDSDriver;c:\winnt\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\winnt\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\winnt\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S3 AvFlt;Antivirus Filter Driver;c:\winnt\system32\drivers\av5flt.sys --> c:\winnt\system32\drivers\av5flt.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [2003-10-28 820858]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winnt\system32\drivers\ULILAN51.SYS [2006-5-14 28672]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2003-7-14 49776]
.
=============== Created Last 30 ================
.
2011-08-27 18:40:50 -------- d-----w- c:\documents and settings\erick\application data\AVG10
2011-08-27 18:39:01 -------- d-----w- c:\winnt\system32\drivers\AVG
2011-08-27 18:39:01 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-08-27 18:32:02 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-27 18:10:43 1409 ----a-w- c:\winnt\QTFont.for
2011-08-27 18:01:50 -------- d-sha-r- C:\cmdcons
2011-08-27 18:00:15 98816 ----a-w- c:\winnt\sed.exe
2011-08-27 18:00:15 518144 ----a-w- c:\winnt\SWREG.exe
2011-08-27 18:00:15 256000 ----a-w- c:\winnt\PEV.exe
2011-08-27 18:00:15 208896 ----a-w- c:\winnt\MBR.exe
2011-08-23 06:57:18 -------- d-----w- c:\documents and settings\erick\.m2
2011-08-23 06:39:32 -------- d-----w- c:\program files\NetBeans 7.0.1
2011-08-23 06:39:19 611224 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-08-23 06:39:19 544656 ----a-w- c:\winnt\system32\deployJava1.dll
2011-08-10 23:29:43 139656 -c----w- c:\winnt\system32\dllcache\rdpwd.sys
2011-08-10 23:28:39 10496 -c----w- c:\winnt\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-23 06:39:04 128000 ----a-w- c:\winnt\system32\javacpl.cpl
2011-08-22 22:48:41 16400 ----a-w- c:\winnt\system32\drivers\LNonPnP.sys
2011-08-19 18:06:54 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\winnt\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\winnt\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\winnt\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\winnt\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\winnt\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\winnt\system32\win32k.sys
.
============= FINISH: 22:33:48.84 ===============
 
Hi,

Any specific error message when trying to install? That might help.


Open notepad and then copy and paste the lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
Code: 
@echo off
regedit /a c:\regkey.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32"
Double-click on fixes.bat file to execute it. Post back the contents of c:\regkey.txt file.
 
Well, trying to install the ESET app or Shockwave Player, Internet Explorer returns:

Internet Explorer has closed this webpage to help protect your computer

A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.
What you can do:
Go to your home page

Try to return to eset.eu

More information

Windows Data Execution Prevention detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or a malicious add-on.

Other things you can do:

Go online to learn about the Data Execution Prevention (DEP) security feature

The contents of c:\regkey.txt follows. Any other use for the .bat file or can I toss it?



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="mmdrv.dll"
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"wavemapper"="msacm32.drv"
"wave1"="wdmaud.drv"
"wave3"="wdmaud.drv"
"wave4"=""
"wave5"=""
"wave6"=""
"wave7"=""
"wave8"=""
"wave9"=""
"midi2"="wdmaud.drv"
"midi5"="wdmaud.drv"
"midi6"=""
"midi7"=""
"midi8"=""
"midi9"=""
"aux2"="ctwdm32.dll"
"aux3"="ctwdm32.dll"
"aux4"=""
"aux5"=""
"aux6"=""
"aux7"=""
"aux8"=""
"aux9"=""
"mixer1"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"mixer4"=""
"mixer5"=""
"mixer6"=""
"mixer7"=""
"mixer8"=""
"mixer9"=""
"wdmaud.drv"="wdmaud.drv"
"midi"="wdmaud.drv"
"msacm.lhacm"="lhacm.acm"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"vidc.I420"="msh263.drv"
"msacm.iac2"="C:\\WINNT\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"msacm.l3acm"="C:\\WINNT\\system32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux1"="wdmaud.drv"
"msacm.msaudio1"="msaud32.acm"
"vidc.DIVX"="DivX.dll"
"vidc.VP60"="vp6vfw.dll"
"vidc.VP61"="vp6vfw.dll"
"vidc.VP62"="vp6vfw.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iyuv"="iyuv_32.dll"
"vidc.yvu9"="tsbyuv.dll"
"midi3"="wdmaud.drv"
"wave2"="wdmaud.drv"
"midi4"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"msacm.sl_anet"="sl_anet.acm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"mixer"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
 
Hrm. Just noticed that I have no Volume Control on my task bar.

'course if my system can't find any audio output, might be normal. Might not be.
 
Hi,

Please run ComboFix with the following script:
Code: 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="i420vfw.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"VIDC.WMV3"="wmv9vcm.dll"
"VIDC.VP40"="vp4vfw.dll"
"msacm.voxacm160"="vct3216.acm"
"MSVideo"="vfwwdm32.dll"
"MSVideo8"="VfWWDM32.dll"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux"="wdmaud.drv"
"vidc.VP70"="vp7vfw.dll"
"vidc.X264"="x264vfw.dll"
"VIDC.FPS1"="frapsvid.dll"
"vidc.VP60"="vp6vfw.dll"
"vidc.VP61"="vp6vfw.dll"
"vidc.VP62"="vp6vfw.dll"
"vidc.DIVX"="DivX.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.DRAW"="DVIDEO.DLL"
"VIDC.YV12"="yv12vfw.dll"
"wave2"="wdmaud.drv"
"midi2"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"aux1"="wdmaud.drv"
"wave3"="wdmaud.drv"
"midi3"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"aux2"="wdmaud.drv"
"VIDC.MSUD"="msulvc05.dll"
"wave4"="wdmaud.drv"
"midi4"="wdmaud.drv"
"mixer4"="wdmaud.drv"
"aux3"="wdmaud.drv"

Let's see if that helps.

Also, please try to install those other apps with Firefox.
 
Disabled AVG again and ran ComboFix with the script. ComboFix applied an update to itself, and didn't reboot my computer this time.

Downloaded the new Shockwave Player and the ESET application via Firefox. Unchecked 'Remove found threats' and ensured 'scan unwanted applications' was checked, then ran the application.

The 'catchme' driver showed up with an exclamation mark in the Device Manager again.

No sound yet. Would I have to reboot?

The ComboFix, DDS, and ESET logs follow. Zip file's attached.


ComboFix 11-08-28.01 - Erick 08/28/2011 12:42:43.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2801 [GMT -5:00]
Running from: c:\documents and settings\Erick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Erick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-28 04:18 . 2011-08-28 04:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-27 18:40 . 2011-08-27 18:40 -------- d-----w- c:\documents and settings\Erick\Application Data\AVG10
2011-08-27 18:39 . 2011-08-28 13:26 -------- d-----w- c:\winnt\system32\drivers\AVG
2011-08-27 18:39 . 2011-08-27 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-08-27 18:32 . 2011-08-27 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-08-23 06:57 . 2011-08-23 06:57 -------- d-----w- c:\documents and settings\Erick\.m2
2011-08-23 06:39 . 2011-08-23 06:42 -------- d-----w- c:\program files\NetBeans 7.0.1
2011-08-23 06:39 . 2011-08-23 06:39 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-23 06:39 . 2011-08-23 06:39 544656 ----a-w- c:\winnt\system32\deployJava1.dll
2011-08-11 14:02 . 2011-08-11 14:02 -------- d-----w- c:\program files\Logitech
2011-08-10 23:29 . 2011-06-24 14:10 139656 -c----w- c:\winnt\system32\dllcache\rdpwd.sys
2011-08-10 23:28 . 2011-07-08 14:02 10496 -c----w- c:\winnt\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 06:39 . 2007-08-25 21:06 128000 ----a-w- c:\winnt\system32\javacpl.cpl
2011-08-22 22:48 . 2010-06-20 00:28 16400 ----a-w- c:\winnt\system32\drivers\LNonPnP.sys
2011-08-19 18:06 . 2011-06-05 14:34 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2004-08-03 21:15 456320 ----a-w- c:\winnt\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2001-08-23 15:00 10496 ----a-w- c:\winnt\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-05-14 20:38 139656 ----a-w- c:\winnt\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-03 22:56 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-06-23 18:36 . 2004-08-03 22:56 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-06-23 18:36 . 2004-08-03 22:56 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-06-23 12:05 . 2004-08-03 20:59 385024 ----a-w- c:\winnt\system32\html.iec
2011-06-20 17:44 . 2004-08-03 22:56 293376 ----a-w- c:\winnt\system32\winsrv.dll
2011-06-02 14:02 . 2004-08-03 21:17 1858944 ----a-w- c:\winnt\system32\win32k.sys
2006-05-15 03:19 . 2006-05-15 03:19 60518 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-05-15 03:19 . 2006-05-15 03:19 49248 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-05-15 03:19 . 2006-05-15 03:19 165992 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-27_18.10.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 05:02 . 2009-07-12 05:02 51008 c:\winnt\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\winnt\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\winnt\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2011-08-28 04:07 . 2011-08-28 04:07 16384 c:\winnt\Temp\Perflib_Perfdata_6e4.dat
+ 2011-03-16 21:03 . 2011-03-16 21:03 32592 c:\winnt\system32\drivers\avgrkx86.sys
+ 2011-03-01 19:25 . 2011-03-01 19:25 34896 c:\winnt\system32\drivers\avgmfx86.sys
+ 2011-02-10 12:53 . 2011-02-10 12:53 27216 c:\winnt\system32\drivers\AVGIDSShim.sys
+ 2011-02-10 12:53 . 2011-02-10 12:53 24144 c:\winnt\system32\drivers\AVGIDSFilter.sys
+ 2011-02-22 13:13 . 2011-02-22 13:13 22992 c:\winnt\system32\drivers\AVGIDSEH.sys
+ 2011-08-28 04:18 . 2011-08-28 04:18 28160 c:\winnt\Installer\b05f9.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\winnt\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\winnt\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\winnt\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2011-04-05 05:59 . 2011-04-05 05:59 297168 c:\winnt\system32\drivers\avgtdix.sys
+ 2011-01-07 11:41 . 2011-01-07 11:41 248656 c:\winnt\system32\drivers\avgldx86.sys
+ 2011-04-15 02:28 . 2011-04-15 02:28 134480 c:\winnt\system32\drivers\AVGIDSDriver.sys
+ 2004-08-03 22:56 . 2008-04-14 00:11 640000 c:\winnt\system32\dllcache\dbghelp.dll
+ 2011-08-27 18:38 . 2011-08-27 18:38 219648 c:\winnt\Installer\1a1784.msi
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\winnt\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\winnt\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2011-08-28 04:20 . 2011-08-28 04:20 2295808 c:\winnt\Installer\b0600.msi
+ 2011-08-27 18:39 . 2011-08-27 18:39 3489280 c:\winnt\Installer\1a178c.msi
+ 2011-08-27 18:38 . 2011-08-27 18:38 1611776 c:\winnt\Installer\1a1788.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-19 4603264]
"Aim"="c:\program files\AIM\aim.exe" [2010-12-17 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_SmartDisk Corporation_SmartDisk Flash Media Reader Support 2.1"="c:\program files\SmartDisk\Flash Media Reader\shwicon.exe -tSmartDisk Corporation\SmartDisk Flash Media Reader Support 2.1" [X]
"GEST"="]" [X]
"SW20"="c:\winnt\system32\sw20.exe" [2006-02-22 208896]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2007-12-28 249856]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-04-23 77824]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"SunJavaUpdateSched"="c:\program files\Java\jre7\bin\jusched.exe" [BU]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgBOAFIAVgAyAC0ATgBBADcARwAzAC0ARQA2ADQARgBBAC0AOQBBAEIAMABEAC0ANgBQAFIARwBYAA&inst=NwA2AC0ANQAxADYAMgA0ADAANQAwADUALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkA&prod=51&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-03 44544]
.
c:\documents and settings\Erick\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-28 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-28 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-13 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AIM"=c:\program files\AIM\aim.exe -cnetwait.odl
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ICQ Lite"=c:\program files\ICQLite\ICQLite.exe -minimize
"NvCplDaemon"=RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"Synchronization Manager"=mobsync.exe /logon
"WildTangent CDA"=RUNDLL32.exe "c:\program files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Steam\\steamapps\\linearblue\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\City of Heroes\\CohUpdater.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\winnt\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\winnt\system32\drivers\avgrkx86.sys [3/16/2011 4:03 PM 32592]
R0 JAHCI;JAHCI;c:\winnt\system32\drivers\JAHCI.sys [5/15/2006 1:32 PM 33280]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\winnt\system32\drivers\AGPKX.SYS [5/14/2006 3:51 PM 45056]
R1 Avgldx86;AVG AVI Loader Driver;c:\winnt\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\winnt\system32\drivers\avgtdix.sys [4/5/2011 12:59 AM 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\winnt\system32\drivers\LBeepKE.sys [6/19/2010 7:27 PM 12184]
R3 AVGIDSDriver;AVGIDSDriver;c:\winnt\system32\drivers\AVGIDSDriver.sys [4/14/2011 9:28 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\winnt\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\winnt\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
S3 AvFlt;Antivirus Filter Driver;c:\winnt\system32\drivers\av5flt.sys --> c:\winnt\system32\drivers\av5flt.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [10/28/2003 5:57 PM 820858]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winnt\system32\drivers\ULILAN51.SYS [5/14/2006 3:57 PM 28672]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/14/2003 7:00 AM 49776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 19:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-28 c:\winnt\Tasks\User_Feed_Synchronization-{9BD2BCEB-1ED1-466D-B1DD-132A664ED91B}.job
- c:\winnt\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cityofheroes.com\boards
Trusted Zone: sun.com\java
TCP: DhcpNameServer = 76.78.128.46 66.112.235.200
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} - hxxp://www.coh.co.kr/common/ocx/ncweb.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\Erick\Application Data\Mozilla\Firefox\Profiles\neepi7vu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae208d5&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-28 12:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3588)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
.
Completion time: 2011-08-28 12:53:30
ComboFix-quarantined-files.txt 2011-08-28 17:53
ComboFix2.txt 2011-08-28 03:22
ComboFix3.txt 2011-08-27 18:16
.
Pre-Run: 248,472,563,712 bytes free
Post-Run: 248,557,883,392 bytes free
.
- - End Of File - - B1D435923B4BD3CB43CC36DD98FE07E8



.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Erick at 14:05:30 on 2011-08-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2776 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AIM\aim.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINNT\explorer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotmail.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [ShowIcon_SmartDisk Corporation_SmartDisk Flash Media Reader Support 2.1] "c:\program files\smartdisk\flash media reader\shwicon.exe" -t"smartdisk corporation\SmartDisk Flash Media Reader Support 2.1"
mRun: [SW20] "c:\winnt\system32\sw20.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [SecurDisc] "c:\program files\nero\nero 7\incd\NBHGui.exe"
mRun: [InCD] "c:\program files\nero\nero 7\incd\InCD.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GEST] ]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre7\bin\jusched.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABBAC0ATgBOAFIAVgAyAC0ATgBBADcARwAzAC0ARQA2ADQARgBBAC0AOQBBAEIAMABEAC0ANgBQAFIARwBYAA"&"inst=NwA2AC0ANQAxADYAMgA0ADAANQAwADUALQBYAE8AMwA2ACsAMQAtAFQAQgA5ACsAMgAtAE4AMQBEACsAMQAtAFAATAArADkA"&"prod=51"&"ver=9.0.894
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\erick\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\erick\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: cityofheroes.com\boards
Trusted Zone: sun.com\java
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147640637654
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148195024359
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://download.shockwave.com/pub/otoy/OTOYAX.cab
DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} - hxxp://www.coh.co.kr/common/ocx/ncweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38094.4437847222
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-170-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/games/popcaploader_v6.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: DhcpNameServer = 76.78.128.46 66.112.235.200
TCP: Interfaces\{334516FE-7A2B-4767-B3CB-4FD4BCCA8D1B} : DhcpNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{F14573BC-56D1-40F2-B61D-B5188D3E7BDD} : DhcpNameServer = 76.78.128.46 66.112.235.200
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\erick\application data\mozilla\firefox\profiles\neepi7vu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae208d5&v=7.005.030.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\documents and settings\erick\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\winnt\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\winnt\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 JAHCI;JAHCI;c:\winnt\system32\drivers\JAHCI.sys [2006-5-15 33280]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\winnt\system32\drivers\AGPKX.SYS [2006-5-14 45056]
R1 Avgldx86;AVG AVI Loader Driver;c:\winnt\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\winnt\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\winnt\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\winnt\system32\drivers\LBeepKE.sys [2010-6-19 12184]
R3 AVGIDSDriver;AVGIDSDriver;c:\winnt\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\winnt\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\winnt\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S3 AvFlt;Antivirus Filter Driver;c:\winnt\system32\drivers\av5flt.sys --> c:\winnt\system32\drivers\av5flt.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\winnt\system32\drivers\sis7012.sys [2003-10-28 820858]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\winnt\system32\drivers\ULILAN51.SYS [2006-5-14 28672]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2003-7-14 49776]
.
=============== Created Last 30 ================
.
2011-08-28 18:01:27 -------- d-----w- c:\program files\ESET
2011-08-27 18:40:50 -------- d-----w- c:\documents and settings\erick\application data\AVG10
2011-08-27 18:39:01 -------- d-----w- c:\winnt\system32\drivers\AVG
2011-08-27 18:39:01 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-08-27 18:32:02 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-08-27 18:01:50 -------- d-sha-r- C:\cmdcons
2011-08-27 18:00:15 98816 ----a-w- c:\winnt\sed.exe
2011-08-27 18:00:15 518144 ----a-w- c:\winnt\SWREG.exe
2011-08-27 18:00:15 256000 ----a-w- c:\winnt\PEV.exe
2011-08-27 18:00:15 208896 ----a-w- c:\winnt\MBR.exe
2011-08-23 06:57:18 -------- d-----w- c:\documents and settings\erick\.m2
2011-08-23 06:39:32 -------- d-----w- c:\program files\NetBeans 7.0.1
2011-08-23 06:39:19 611224 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-08-23 06:39:19 544656 ----a-w- c:\winnt\system32\deployJava1.dll
2011-08-10 23:29:43 139656 -c----w- c:\winnt\system32\dllcache\rdpwd.sys
2011-08-10 23:28:39 10496 -c----w- c:\winnt\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2011-08-23 06:39:04 128000 ----a-w- c:\winnt\system32\javacpl.cpl
2011-08-22 22:48:41 16400 ----a-w- c:\winnt\system32\drivers\LNonPnP.sys
2011-08-19 18:06:54 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\winnt\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\winnt\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\winnt\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\winnt\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\winnt\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\winnt\system32\win32k.sys
.
============= FINISH: 14:06:02.92 ===============


[This is what I got from ESET]


C:\Documents and Settings\Erick\Application Data\Sun\Java\Deployment\cache\6.0\9\7be78a09-26f67fae probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan
C:\Erick's Stuff\Subspace\zlib.dll probably a variant of Win32/Agent.BFTFVV trojan
C:\WINNT\system32\LostRun.exe probably a variant of Win32/Agent.JQOUVFH trojan
 
Hi,

Delete these files:
C:\Documents and Settings\Erick\Application Data\Sun\Java\Deployment\cache\6.0\9\7be78a09-26f67fae
C:\WINNT\system32\LostRun.exe

Did you reboot yet? If sounds are still non working (all sounds?) then you would need to reinstall related drivers.
 
Manually deleted LostRun.exe.

Before I delete the 7be78a09-26f67fae...there's another file named 7be78a09-26f67fae.idx in the same location. Do I delete that as well?

If I recall correctly, I've got an old Sound Blaster Live! card on my machine. Do I need to find the drivers for it and reinstall those? I'll try and find some myself, but do you have any recommendations on where to find them?
 
Manually deleted 7be78a09-26f67fae.

Attempted to download the appropriate drivers for the card, by my system still couldn't detect it, so the install failed. Solved on reboot, and I've got sound again.

No errors in Device Manager. My card's features appear back in Device Manager and Sounds and Audio Devices, and I can see Volume Control again in the taskbar.

Thank you very much for the assistance!
 
Ah, I see that before uninstalling ComboFix, it's smart to make sure the system's actually clean since CF quarantines and logs stuff. Do I need to make any last checks?
 
Hi,

Do I need to make any last checks?
Click to expand...
If you see no issues remaining it's time to take the final steps.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
Turned off System Restore, rebooted, and turned it back on. Uninstalled ComboFix.

The Windows update site claims that I have automatic updates activated already, which I believe is true because they make me reboot my computer. When I click the 'Express' button, the site claims:

Files required to use Windows Update are no longer registered or installed on your computer.

When I attempt to register/reinstall the files, the site claims:

403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.

Difficult to determine if I actually need updates for Office 2010 just by going over Microsoft's site.

Changed the 'Navigate sub-frames across different domains' option to Prompt in IE's Internet Options.

Downloaded Secunia, scanned, patched up as much as I could.

Thanks again!
 
Hi,

1. Download Dial-a-Fix archive file here.
2. Extract contents to suitable place (e.g. your desktop) and navigate to that location.
3. Double-click Dial-a-Fix.exe file to execute the program.
4. Checkmark Fix Windows Update -checkbox. It's possible that the program checks some options automatically after that. Leave those untouched and click GO -button.

When tool has finished, reboot and see if you're able to access Windows Update.
 
You must log in or register to reply here.
Back
Top