i have previously posted here about a problem not being able to run malware bytes.
http://www.malwarebytes.org/forums/index.p...mp;#entry146707

as you can see, i ran all the available scans already, everything runs except malware bytes, the latest version. i tried reinstalling, running mbam clean and etc and nothing works.

i keep getting the same two errors:

1. Error code: 702 (0,48)
2. Error Code 723 (3,0)

the mod there suggested that i am still infected. so i am posting the hijack this log. i already ran avg 9, spybot, super anti spyware, dr web cure it, adaware. did cc clean to clean out some temp files. root repeal shows no hidden files.

i did all the suggestions, specifically restinalling the visual basic library from MS that was in the suggestions posts. also tried to rename the file, run root repeal, process explorer, and don't see anything out the ordinary. still no go with mbam.

thanks for the help!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:51 PM, on 10/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201392351857
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7577 bytes

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. rkill.pif

Once you've gotten one of them to run then try to immediately run the following.


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

If you still cannot get this to run, try booting into Safe Mode, and run it there.

To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."

If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..
This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe...

ran rkill and combo fix. please let me know the next steps i should take. here are the logs:

ComboFix 09-10-25.02 - Administrator 10/26/2009 10:23.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1312 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-23 19:42 . 2009-10-23 19:42 -------- d-----w- c:\program files\VS Revo Group
2009-10-23 16:10 . 2004-03-22 19:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-10-23 16:09 . 2009-10-23 16:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-10-23 16:08 . 2009-10-23 16:09 -------- d-----w- c:\windows\SHELLNEW
2009-10-22 22:45 . 2009-10-22 22:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-22 20:46 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 20:46 . 2009-10-23 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 20:46 . 2009-10-22 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 20:46 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 20:25 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-22 19:59 . 2009-10-22 19:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-22 19:55 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-22 19:55 . 2009-10-22 19:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-22 19:55 . 2009-10-22 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-22 19:55 . 2009-10-22 19:55 -------- d-----w- c:\program files\Lavasoft
2009-10-21 20:20 . 2009-10-21 20:20 14272 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-21 20:16 . 2009-10-21 20:16 -------- d-----w- c:\program files\Intel
2009-10-21 20:12 . 2007-09-04 14:55 64120 ----a-w- c:\windows\system32\NicInstE.dll
2009-10-21 20:12 . 2007-08-30 15:07 242320 ----a-w- c:\windows\system32\drivers\e1e5132.sys
2009-10-21 20:12 . 2007-05-22 17:17 179048 ----a-w- c:\windows\system32\e1000msg.dll
2009-10-21 20:12 . 2007-04-12 14:47 154496 ----a-w- c:\windows\system32\Prounstl.exe
2009-10-21 20:12 . 2007-01-17 19:02 28536 ----a-w- c:\windows\system32\NicCo.dll
2009-10-20 20:21 . 2009-10-20 20:21 -------- d-----w- C:\$AVG
2009-10-20 20:21 . 2009-10-20 20:21 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-20 20:21 . 2009-10-20 20:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-20 20:21 . 2009-10-20 20:21 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-20 20:21 . 2009-10-20 20:21 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-20 20:21 . 2009-10-20 20:21 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-20 20:21 . 2009-10-20 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-20 20:21 . 2009-10-20 20:21 -------- d-----w- c:\program files\AVG
2009-10-20 20:21 . 2009-10-20 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-20 19:50 . 2009-10-20 20:01 -------- d-----w- C:\ComboFix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 02:06 . 2008-10-03 02:13 -------- d-----w- c:\documents and settings\vaness\Application Data\LimeWire
2009-08-30 01:17 . 2009-08-29 05:00 -------- d-----w- c:\program files\AskBarDis
2009-08-29 05:08 . 2009-08-29 05:00 -------- d-----w- c:\program files\uTorrent
2009-08-22 17:42 . 2008-07-18 14:12 14272 ----a-w- c:\documents and settings\vaness\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 03:45 . 2008-01-27 01:34 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-20_19.59.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2009-07-12 00:54 . 2009-07-12 00:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 00:32 . 2009-07-12 00:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 05:07 . 2009-07-12 05:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 05:19 . 2009-07-12 05:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-10-23 19:47 . 2009-10-23 19:47 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
+ 2009-10-23 16:10 . 2004-03-22 19:17 25840 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2009-10-23 16:10 . 2004-03-22 19:17 42224 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2009-10-23 16:10 . 2004-03-22 19:17 42224 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2009-10-21 20:16 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\usbui.dll
+ 2009-10-21 20:16 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\usbhub.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 30208 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\usbehci.sys
+ 2009-10-21 20:16 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\usbui.dll
+ 2009-10-21 20:16 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\usbhub.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 30208 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\usbehci.sys
+ 2009-10-21 20:16 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\usbui.dll
+ 2009-10-21 20:16 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\usbuhci.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\usbhub.sys
+ 2009-10-21 20:16 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\usbui.dll
+ 2009-10-21 20:16 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\usbuhci.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\usbhub.sys
+ 2009-10-21 20:16 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbui.dll
+ 2009-10-21 20:16 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbuhci.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbhub.sys
+ 2009-10-21 20:16 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbui.dll
+ 2009-10-21 20:16 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbuhci.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbhub.sys
+ 2009-10-21 20:16 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbui.dll
+ 2009-10-21 20:16 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbuhci.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbhub.sys
+ 2009-10-21 20:16 . 2008-04-13 18:36 68224 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\pci.sys
+ 2009-10-21 20:16 . 2008-04-13 18:36 68224 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\pci.sys
+ 2009-10-21 20:16 . 2008-04-13 18:36 68224 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\pci.sys
+ 2009-10-21 20:16 . 2008-04-13 18:36 37248 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys
+ 2009-10-22 19:55 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2004-08-04 10:00 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys
- 2004-08-04 10:00 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys
- 2004-08-04 10:00 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys
+ 2004-08-04 10:00 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys
- 2004-08-04 10:00 . 2008-04-13 18:45 30208 c:\windows\system32\drivers\usbehci.sys
+ 2004-08-04 10:00 . 2008-04-13 18:45 30208 c:\windows\system32\drivers\usbehci.sys
+ 2004-08-04 10:00 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys
- 2004-08-04 10:00 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys
+ 2008-01-26 18:24 . 2008-04-14 00:12 74240 c:\windows\system32\dllcache\usbui.dll
+ 2004-08-04 10:00 . 2008-04-13 18:45 20608 c:\windows\system32\dllcache\usbuhci.sys
+ 2004-08-04 10:00 . 2008-04-13 18:45 59520 c:\windows\system32\dllcache\usbhub.sys
+ 2004-08-04 10:00 . 2008-04-13 18:45 30208 c:\windows\system32\dllcache\usbehci.sys
+ 2004-08-04 10:00 . 2008-04-13 18:36 68224 c:\windows\system32\dllcache\pci.sys
+ 2004-08-04 10:00 . 2008-04-13 18:36 37248 c:\windows\system32\dllcache\isapnp.sys
- 2008-01-26 23:31 . 2008-09-28 16:21 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-26 23:31 . 2009-10-22 19:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-26 23:31 . 2009-10-22 19:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-26 23:31 . 2008-09-28 16:21 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-22 19:59 . 2009-10-22 19:59 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-10-22 19:59 . 2009-10-22 19:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-01-26 23:31 . 2008-09-28 16:21 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-23 16:10 . 2009-10-23 16:10 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-10-23 16:10 . 2009-10-23 16:10 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-10-23 16:10 . 2009-10-23 16:10 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-10-23 16:10 . 2009-10-23 16:10 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-10-23 16:10 . 2009-10-23 16:10 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-10-23 16:10 . 2009-10-23 16:10 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-10-21 20:16 . 2008-04-14 00:11 7168 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\hccoin.dll
+ 2009-10-21 20:16 . 2008-04-14 00:11 7168 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\hccoin.dll
+ 2009-10-23 16:10 . 2009-10-23 16:10 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-07-29 12:05 . 2008-07-29 12:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-07-12 05:12 . 2009-07-12 05:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 05:09 . 2009-07-12 05:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 05:08 . 2009-07-12 05:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2002-08-21 09:13 . 2002-08-21 09:13 189952 c:\windows\system32\WISPTIS.EXE
+ 2009-10-23 16:10 . 2004-03-22 19:17 765680 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2009-10-23 16:10 . 2004-03-22 19:17 765680 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2009-10-21 20:16 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\usbport.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\usbport.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\usbport.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\usbport.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbport.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\usbport.sys
+ 2009-10-21 20:16 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbport.sys
+ 2002-08-21 09:10 . 2002-08-21 09:10 204800 c:\windows\system32\INKED.DLL
+ 2008-01-26 18:23 . 2009-10-23 16:13 118152 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 10:00 . 2008-04-13 18:45 143872 c:\windows\system32\dllcache\usbport.sys
+ 2009-10-22 19:55 . 2009-10-22 19:55 236032 c:\windows\Installer\50924.msi
+ 2009-10-20 20:21 . 2009-10-20 20:21 424448 c:\windows\Installer\428c7.msi
+ 2009-10-23 16:10 . 2009-10-23 16:10 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-10-23 16:10 . 2009-10-23 16:10 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-10-23 16:10 . 2009-10-23 16:10 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-10-23 16:10 . 2009-10-23 16:10 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-10-23 16:10 . 2009-10-23 16:10 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-10-23 16:10 . 2009-10-23 16:10 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 00:46 . 2009-07-12 00:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2005-03-17 18:39 . 2005-03-17 18:39 1146320 c:\windows\system32\FM20.DLL
+ 2009-10-22 19:55 . 2009-10-22 19:55 1861120 c:\windows\Installer\5092e.msi
+ 2009-10-23 16:10 . 2009-10-23 16:10 6017536 c:\windows\Installer\4294dab.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 16:27 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-19 148888]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-20 2010904]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]

c:\documents and settings\vaness\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-7-31 139776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-20 20:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/22/2009 3:55 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/20/2009 4:21 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/20/2009 4:21 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/20/2009 4:21 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/20/2009 4:21 PM 285392]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [10/5/2006 6:06 PM 27328]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1169232]
S3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [3/27/2008 5:49 PM 174834]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [3/27/2006 6:53 PM 167808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [8/29/2009 1:00 AM 234888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FFPDRFOW
*NewlyCreated* - MBR
*Deregistered* - ffpdrfow
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-10-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06]

2009-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-26 c:\windows\Tasks\User_Feed_Synchronization-{1BAC6AB5-AA26-4CA2-BE3B-76D33BFACDD9}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-10-26 c:\windows\Tasks\User_Feed_Synchronization-{7E536CCD-D87B-4293-8CF3-3E80D1765F51}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 10:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1563985344-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,cf,6b,06,ae,80,61,4e,9c,69,0e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,cf,6b,06,ae,80,61,4e,9c,69,0e,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Fast Browser Search\\IE\\tbhelper.dll"
"ThreadingModel"="both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID]
@DACL=(02 0000)
@="URLSearchHook.ToolbarURLSearchHook.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib]
@DACL=(02 0000)
@="{4509D3CC-B642-4745-B030-645B79522C6D}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID]
@DACL=(02 0000)
@="URLSearchHook.ToolbarURLSearchHook"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib]
@DACL=(02 0000)
@="{4509D3CC-B642-4745-B030-645B79522C6D}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib]
@DACL=(02 0000)
@="{77AA25E8-6083-4949-A831-9CB11861DC10}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib]
@DACL=(02 0000)
@="{77AA25E8-6083-4949-A831-9CB11861DC10}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib]
@DACL=(02 0000)
@="{77AA25E8-6083-4949-A831-9CB11861DC10}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0]
@DACL=(02 0000)
@="Toolbar3 1.0 Type Library"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1088)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-26 10:27
ComboFix-quarantined-files.txt 2009-10-26 14:27
ComboFix2.txt 2009-10-20 20:01

Pre-Run: 282,306,174,976 bytes free
Post-Run: 282,265,497,600 bytes free

- - End Of File - - 62CFA36E36218755D922D4603438CF19


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:15 AM, on 10/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201392351857
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7317 bytes

From within Internet Explorer go to Tools/Internet Options/Advanced and click on the RESET button.

Then restart Internet Explorer.

Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Update
• When the update is complete, select the Scanner tab
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log

Please temporarily disable your current Anti-Virus in order to run this Online Scanner.
Using Internet Explorer:

• Vista and Windows 7 users need to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
• Click here to run the Eset Online Scanner using Internet Explorer.
• Click on the ESET Online Scanner button.
• Click on the checkbox Yes, I accpet the Terms of Use and click on the Start button.
• By default the ActiveX installer will be blocked by Internet Explorer. You should see a yellow banner at the top of the Window.
• Click the top of the Window and select "Run ActiveX Control" and then click the Run button on the next dialog box.
• Click the Retry button if prompted to resend the request to load and run the ActiveX control from ESET
• Make sure you Uncheck the Remove found threats checkbox in case we need you to submit a copy of any files found.
• Click on the Advanced settings selection in the middle and place a checkmark on the following items

• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth technology
• Under Current scan targets: click the Change... item and make sure it's set to Local drives and the Operating memory

• Then click on the Start button and it will start downloading signature database files to update the program
• Once the database files are downloaded it should automatically start scanning your system for threats.
• When the scanner is done please click on the List of found threats and click on Export to text file...
• Save the file as NOD32_SCAN.TXT to your Desktop
• Click the << Back button. For now do not uninstall the program or delete the quarantine files, just click the Finish button.
• The next screen is advertisement to purchase the product. You can just close that window for now.
• If we need to run the program later on it can be ran from here: C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
• Open the file you saved to your Desktop as NOD32_SCAN.TXT and select all and copy/paste it back on your next reply

Using Another Browser

• Please click here to launch the application which installs and launches ESET Online Scanner in a separate window.
• You will first need to save the file to your Desktop and double-click on it to run it. Vista and Windows 7 users need to right-click and choose "Run as Administrator"
• You will should be prompted with "Do you want to run this file?", click on the Run button.
• Click on the checkbox Yes, I accpet the Terms of Use and click on the Start button.
• The program will download further files to use with the scanner and allow you to change options.
• Make sure you Uncheck the Remove found threats checkbox in case we need you to submit a copy of any files found.
• Click on the Advanced settings selection in the middle and place a checkmark on the following items

• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth technology
• Under Current scan targets: click the Change... item and make sure it's set to Local drives and the Operating memory

• Then click on the Start button and it will start downloading signature database files to update the program
• Once the database files are downloaded it should automatically start scanning your system for threats.
• When the scanner is done please click on the List of found threats and click on Export to text file...
• Save the file as NOD32_SCAN.TXT to your Desktop
• Click the << Back button. For now do not uninstall the program or delete the quarantine files, just click the Finish button.
• The next screen is advertisement to purchase the product. You can just close that window for now.
• If we need to run the program later on it can be ran from here: C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
• Open the file you saved to your Desktop as NOD32_SCAN.TXT and select all and copy/paste it back on your next reply

here is where I ran into some problems:

1. When attempting IE reset, IE crashes everytime at applying default settings.
2. MBAM still gives the same two errors as in the first post.
3. Tried running ESET online scanner, the activeX control did not show up and just shows an X for the window. I then tried the other browser file, and it said it failed to download virus definitions and asked if there was a proxy present.

Any other scanners I can try?

update: I did get the ESET scanner to work (the download version). it did a full scan and the only thing that it found was whatever was in the spybot SD recovery folder (quarantined).

perhaps it may not be a virus that is blocking me from running MBAM?

Please download and run the following tool. When it asks to reboot the computer please allow it to.
http://oldtimer.geekstogo.com/OTC.exe


Then after the reboot download and run the following.

Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:

1. DDS.txt
2. Attach.txt

• Save both reports to your desktop
• Please include the following logs in your next reply: DDS.txt and Attach.txt

Please download the following scanning tool. GMER

• Download the randomly named EXE and copy the file to your Desktop. Remember what its name is.
• Double click on random named exe file and run it.
• It may take a minute to load and become available.
• Do not make any changes. Click on the SCAN button and DO NOT use the computer while it's scanning.
• Once the scan is done click on the SAVE button and browse to your Desktop and save the file as GMER.LOG
• Zip up the GMER.LOG file and save it as gmerlog.zip and attach it to your reply post.
• DO NOT directly post this log into a reply. You MUST attach it as a .ZIP file.
• Click OK and quit the GMER program.

How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

here you go, done as you asked. whats next?


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 1/26/2008 6:30:44 PM
System Uptime: 10/28/2009 3:28:20 PM (0 hours ago)

Motherboard: Dell Inc. | | 0WG855
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 288 GiB total, 262.164 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.495 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP373: 7/31/2009 8:21:09 PM - System Checkpoint
RP374: 8/6/2009 9:06:13 PM - System Checkpoint
RP375: 8/7/2009 9:39:47 PM - System Checkpoint
RP376: 8/8/2009 10:38:42 PM - System Checkpoint
RP377: 8/10/2009 4:55:38 PM - System Checkpoint
RP378: 8/12/2009 2:49:27 PM - System Checkpoint
RP379: 8/13/2009 5:15:20 PM - System Checkpoint
RP380: 8/15/2009 1:22:23 PM - System Checkpoint
RP381: 8/17/2009 10:00:05 PM - System Checkpoint
RP382: 8/18/2009 10:08:50 PM - Software Distribution Service 3.0
RP383: 8/20/2009 7:22:39 PM - System Checkpoint
RP384: 8/21/2009 2:20:35 PM - Removed QuickTime
RP385: 8/21/2009 2:22:51 PM - Removed Pro Tools M-Powered
RP386: 8/21/2009 2:27:57 PM - Software Distribution Service 3.0
RP387: 8/22/2009 2:44:30 PM - System Checkpoint
RP388: 8/23/2009 4:00:12 AM - Software Distribution Service 3.0
RP389: 8/24/2009 4:02:34 AM - System Checkpoint
RP390: 8/25/2009 12:30:30 PM - System Checkpoint
RP391: 8/26/2009 4:44:15 PM - System Checkpoint
RP392: 8/28/2009 7:55:50 PM - System Checkpoint
RP393: 7/21/2009 11:58:09 AM - System Checkpoint
RP394: 7/21/2009 12:54:10 PM - Installed SUPERAntiSpyware Free Edition
RP395: 10/20/2009 4:21:09 PM - Installed AVG Free 9.0
RP396: 10/21/2009 4:14:12 PM - Installed Chipset Software Installer
RP397: 10/22/2009 5:13:03 PM - System Checkpoint
RP398: 10/23/2009 12:07:57 PM - Installed Microsoft Office Professional Edition 2003
RP399: 10/23/2009 3:44:05 PM - Revo Uninstaller's restore point - Fast Browser Search (My Web Tattoo)
RP400: 10/24/2009 3:50:41 PM - System Checkpoint
RP401: 10/25/2009 4:02:41 PM - System Checkpoint
RP402: 10/26/2009 5:02:41 PM - System Checkpoint
RP403: 10/27/2009 9:57:35 AM - Software Distribution Service 3.0
RP404: 10/27/2009 10:16:44 AM - Installed Java™ 6 Update 15
RP405: 10/27/2009 10:21:00 AM - Avg8 Update
RP406: 10/27/2009 10:21:16 AM - Avg8 Update
RP407: 10/28/2009 10:27:01 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG Free 9.0
Bonjour
CCleaner (remove only)
Codec Pack - All In 1 6.0.3.0
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Digidesign Shared Plug-Ins 7.3
DreamStation DXi2
ESET Online Scanner v3
Free Bomb Factory Plug-Ins 7.3
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel® PRO Network Connections Drivers
InterLok Driver Kit
iTunes
Java™ 6 Update 15
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Keir Medical Assisting
LimeWire 5.2.13
Malwarebytes' Anti-Malware
Medical Office Simulation Software (MOSS)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Access 2000 Runtime
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003 Runtime
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.10)
MSM32Installer
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My Money Counter v1.4
NETGEAR WG111v2 wireless USB 2.0 adapter
NVIDIA Drivers
NVIDIA nTune
Revo Uninstaller 1.83
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SigmaTel Audio
Snapshot Viewer 9.0
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
SynapseEHR
System Requirements Lab
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wal-Mart Digital Photo Manager
WebFldrs XP
Weight Watchers Snack Widget
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Xpand!
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/27/2009 10:23:31 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgupd.exe.old' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
10/26/2009 10:22:56 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/22/2009 4:45:17 PM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
10/22/2009 4:12:57 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\inetsrv\certmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
10/22/2009 4:12:57 PM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Administrator.
10/22/2009 4:05:40 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
10/21/2009 4:16:35 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file pci.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
10/21/2009 3:22:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/21/2009 3:22:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/21/2009 3:22:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/21/2009 11:11:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
10/21/2009 11:11:25 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2009 11:11:25 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2009 11:11:25 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2009 11:11:25 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2009 11:11:25 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2009 11:11:25 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/21/2009 11:05:34 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/21/2009 11:05:34 AM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
10/21/2009 11:05:34 AM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/21/2009 11:05:33 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
10/21/2009 11:05:33 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/21/2009 11:05:33 AM, error: Service Control Manager [7034] - The nTune Service service terminated unexpectedly. It has done this 1 time(s).
10/21/2009 11:05:33 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/21/2009 11:05:33 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
10/21/2009 11:05:33 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================


DDS (Ver_09-10-13.01) - NTFSx86
Run by Administrator at 15:32:22.07 on Wed 10/28/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1708 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: eset.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {5BBD0F31-CE63-449E-8A6D-A94848C784B7} = 10.10.15.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-22 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-20 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-20 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-20 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-20 285392]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2006-10-5 27328]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1169232]
S3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [2008-3-27 174834]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-27 167808]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-8-29 234888]

=============== Created Last 30 ================

2009-10-27 10:32 <DIR> --d----- c:\program files\ESET
2009-10-27 09:43 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-10-26 10:21 77,312 a------- c:\windows\MBR.exe
2009-10-26 10:20 <DIR> --d----- C:\Combo-Fix
2009-10-23 15:42 <DIR> --d----- c:\program files\VS Revo Group
2009-10-23 12:10 24,816 a------- c:\windows\system32\mdimon.dll
2009-10-23 12:09 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-10-23 12:08 <DIR> --d----- c:\windows\SHELLNEW
2009-10-22 16:46 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 16:46 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-22 16:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 16:25 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-22 15:55 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-22 15:55 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-22 15:55 <DIR> --d----- c:\program files\Lavasoft
2009-10-21 16:20 14,272 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-10-21 16:13 1,904 -------- c:\windows\system32\SetupBD.din
2009-10-21 16:12 242,320 a------- c:\windows\system32\drivers\e1e5132.sys
2009-10-21 16:12 179,048 a------- c:\windows\system32\e1000msg.dll
2009-10-21 16:12 154,496 a------- c:\windows\system32\Prounstl.exe
2009-10-21 16:12 64,120 a------- c:\windows\system32\NicInstE.dll
2009-10-21 16:12 28,536 a------- c:\windows\system32\NicCo.dll
2009-10-21 16:12 2,889 a------- c:\windows\system32\e1e5132.din
2009-10-20 16:21 <DIR> --d----- C:\$AVG
2009-10-20 16:21 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-20 16:21 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-10-20 16:21 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-20 16:21 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-20 16:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-10-20 16:21 <DIR> --d----- c:\program files\AVG
2009-10-20 16:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-10-20 15:50 236,544 a------- c:\windows\PEV.exe

==================== Find3M ====================

2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 11:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2008-09-24 21:13 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092420080925\index.dat
2008-09-28 12:21 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092820080929\index.dat

============= FINISH: 15:33:00.95 ===============

STEP 01
Please download the following program to your desktop. Close all other open applications and then run the program.
It will restore file permissions to the system and automatically restart the computer when done.
restoredefaultperms.exe

STEP 02
Please download and run the following fix from Microsoft How do I restore security settings to the default settings?
When completed please reboot your computer.

STEP 03
Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA
Java™ 6 Update 15
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location and post it back when you reply
  
  Then look for the following Java folders and if found delete them.
  C:\Program Files\Java
  C:\Program Files\Common Files\Java
  C:\Windows\Sun
  C:\Documents and Settings\All Users\Application Data\Java
  C:\Documents and Settings\All Users\Application Data\Sun\Java
  C:\Documents and Settings\username\Application Data\Java
  C:\Documents and Settings\username\Application Data\Sun\Java

STEP 04

Download and install CCleaner
• CCleaner
• Double-click on the downloaded file "ccsetup225_slim.exe" and install the application.
• Keep the default installation folder "C:\Program Files\CCleaner"
• Click finish when done and close ALL PROGRAMS
• Start the CCleaner program.
• Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
• Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
• Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
• Click on Run Cleaner button on the bottom right side of the program.
• Click OK to any prompts

STEP 05
Click on START - RUN and copy / paste the entry below into the run line and click OK

Click on START - RUN and copy / paste the entry below into the run line and click OK

Click on START - RUN and copy / paste the entry below into the run line and click OK


STEP 06
You may have corrupted files on your disk. Please try running the following.
First close ALL Applications as this routine will automatically restart your computer.
Click on START - RUN and copy / paste the following entry into the box and click OK


STEP 07
Download and Update Java Runtime
The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 16.

• Go to http://java.sun.com/javase/downloads/index.jsp
• Go to Java SE Runtime Environment (JRE) - JRE 6 Update 16 about half way down the page and click on the Download button.
• In Platform box choose Windows.
• Check the box to Accept License Agreement and click Continue.
• Click on Windows Offline Installation, click on the link under it which says jre-6u16-windows-i586.exe and save the downloaded file to your desktop.
• Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
• Uncheck the Toolbar button (unless you want the toolbar)
• Reboot your computer

STEP 08
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. mbam-setup.exe
Note: You will need to reactivate the program using the license you were sent
Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and that you can run a quick scan and all is working as expected and post back the log or let me know if it still will not install and run.

Please post an update or I'll be closing your post soon.

Ron,

thanks for all the help. it finally was able to run. The settings reset finally helped. the only strange thing I notice still is that the malwarebytes ran a bit long for a quick scan. the computer is not that old, yet it drags the scan for a while...

here are the logs:

Malwarebytes' Anti-Malware 1.41
Database version: 3060
Windows 5.1.2600 Service Pack 3

11/2/2009 10:50:56 AM
mbam-log-2009-11-02 (10-50-56).txt

Scan type: Quick Scan
Objects scanned: 129024
Time elapsed: 6 hour(s), 32 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Oct 30 10:38:26 2009

------------------------------------

Finished reporting.

Okay, please try the following now.
Check the logs in Avira and make sure it's not blocking MBAM, if so then you may need to add file exclusions.
http://www.malwarebytes.org/forums/index.php?showtopic=10138


1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. mbam-setup.exe
Note: You will need to reactivate the program using the license you were sent if this is a registered version.
Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and that you can run a quick scan and all is working as expected.

Please post an update and let me know if you still need help otherwise I'll be closing your post soon.

Thanks.

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.