Help - Search - Members - Calendar
Full Version: Malwarebytes wont install
Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs
Pages: 1, 2
mcs
Oct 9 2009, 07:14 PM
mbam.exe is missing from my computer. I tried to uninstall and reinstal the program but I encountered an error. I am also getting this stopsearchclick.com popup. I ran hijackthis and here is the log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:45 PM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {f9ff7add-5c8b-4ea8-96d1-d1e97e0f5d29} - semasowa.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [zudaruwaj] Rundll32.exe "c:\windows\system32\yilinetu.dll",a
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Moshe Spira\Application Data\svcst.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254513997062
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: LAHESUMO.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL jisipopo.dll c:\windows\system32\yilinetu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: gajiliyiy - {4e786588-e949-4662-b22d-72eab7dbf9e9} - c:\windows\system32\yilinetu.dll
O22 - SharedTaskScheduler: tokatiluy - {4e786588-e949-4662-b22d-72eab7dbf9e9} - c:\windows\system32\yilinetu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8141 bytes
Tigger93
Oct 9 2009, 09:56 PM
Hi there. smile.gif

Download ComboFix from one of the locations below, and save it to your Desktop as something.exe
Link 1
Link 2
Double click something.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply
Note: Do not mouseclick Combofix's window while its running. That may cause it to stall
mcs
Oct 12 2009, 07:05 AM
QUOTE (Tigger93 @ Oct 9 2009, 05:56 PM) *
Hi there. smile.gif

Download ComboFix from one of the locations below, and save it to your Desktop as something.exe
Link 1
Link 2
Double click something.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply
Note: Do not mouseclick Combofix's window while its running. That may cause it to stall


Ok, I ran both. I hope this works. Thanks so much for your help.

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:58 AM, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {f9ff7add-5c8b-4ea8-96d1-d1e97e0f5d29} - rovokoko.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [zudaruwaj] Rundll32.exe "c:\windows\system32\yilinetu.dll",a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254513997062
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\yilinetu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: gajiliyiy - {4e786588-e949-4662-b22d-72eab7dbf9e9} - c:\windows\system32\yilinetu.dll
O21 - SSODL: lijubufaz - {6e91dafa-d2f7-4bef-9020-ead895bf6518} - c:\windows\system32\yilinetu.dll
O22 - SharedTaskScheduler: tokatiluy - {4e786588-e949-4662-b22d-72eab7dbf9e9} - c:\windows\system32\yilinetu.dll
O22 - SharedTaskScheduler: gahurihor - {6e91dafa-d2f7-4bef-9020-ead895bf6518} - c:\windows\system32\yilinetu.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7314 bytes


Combofix:

ComboFix 09-10-11.01 - Moshe Spira 10/12/2009 2:50.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.189 [GMT -4:00]
Running from: c:\documents and settings\Moshe Spira\Desktop\something.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\16925225
c:\documents and settings\All Users\Application Data\16925225\16925225.exe
c:\documents and settings\All Users\Application Data\maralixofa.dl
c:\documents and settings\All Users\Application Data\rawize.ban
c:\documents and settings\All Users\Application Data\yqelecep._dl
c:\documents and settings\All Users\Documents\agedaxomuh.bat
c:\documents and settings\All Users\Documents\ketowyli.dll
c:\documents and settings\All Users\Documents\liqulo.reg
c:\documents and settings\Moshe Spira\Application Data\iniasd.txt
c:\documents and settings\Moshe Spira\Application Data\yfyvoryfol.lib
c:\documents and settings\Moshe Spira\Local Settings\Application Data\ikyp.bin
c:\windows\system32\~.exe
c:\windows\system32\fadonidu.dll
c:\windows\system32\honayoto.dll
c:\windows\system32\libinisu.dll
c:\windows\system32\reremeru.dll
c:\windows\system32\tetopamu.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-09 22:37 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 22:37 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 22:37 . 2009-10-09 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 18:54 . 2009-10-09 18:54 -------- d-----w- c:\program files\Trend Micro
2009-10-09 18:40 . 2009-10-09 18:40 0 ----a-w- c:\documents and settings\Moshe Spira\settings.dat
2009-10-08 03:49 . 2009-10-12 06:56 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2009-10-07 19:36 . 2009-10-07 19:36 42114 ----a-w- C:\xyxqavq.exe
2009-10-07 15:45 . 2009-10-07 15:47 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\muvee Technologies
2009-10-07 01:49 . 2009-10-07 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-07 01:48 . 2009-10-07 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-07 01:48 . 2009-10-07 01:48 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\SUPERAntiSpyware.com
2009-10-07 01:47 . 2009-10-07 01:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-07 01:44 . 2009-10-07 04:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-07 01:44 . 2009-10-07 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-07 01:41 . 2009-10-07 01:41 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\Malwarebytes
2009-10-07 01:41 . 2009-10-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-07 00:56 . 2009-10-07 19:36 8704 ----a-w- C:\cgcxo.exe
2009-10-07 00:48 . 2009-10-09 21:21 -------- d-----w- C:\$AVG8.VAULT$
2009-10-06 21:52 . 2009-10-06 21:52 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-06 21:52 . 2009-10-12 00:13 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-06 21:52 . 2009-10-06 21:52 -------- d-----w- c:\program files\AVG
2009-10-06 21:20 . 2009-10-06 21:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-06 14:36 . 2009-10-06 14:36 -------- d-sh--w- c:\documents and settings\Moshe Spira\IECompatCache
2009-10-06 05:41 . 2009-10-06 05:41 -------- d-----w- c:\program files\MSXML 4.0
2009-10-06 05:25 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-06 05:21 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-06 05:21 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-06 05:21 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-06 05:21 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-06 05:21 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-06 05:21 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-06 05:21 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-06 05:21 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-06 05:21 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-06 05:21 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-06 05:21 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-06 05:21 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-06 05:20 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-06 05:19 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-06 05:18 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-06 03:51 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-06 03:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-06 03:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-06 03:46 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-06 03:45 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-06 03:44 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-06 03:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-06 03:43 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-06 02:45 . 2009-10-06 02:45 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\AdobeUM
2009-10-06 02:44 . 2009-10-06 02:44 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Adobe
2009-10-06 02:44 . 2009-10-06 02:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-06 00:32 . 2009-10-06 02:44 -------- d-----w- C:\Davar
2009-10-06 00:24 . 2009-10-06 21:52 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Kaluach 3
2009-10-06 00:23 . 2009-10-06 00:24 -------- d-----w- c:\program files\Kaluach3
2009-10-06 00:16 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-06 00:12 . 2009-10-06 02:48 -------- d-----w- c:\program files\Microsoft Works
2009-10-06 00:11 . 2009-10-06 00:11 -------- d-----w- c:\program files\MSBuild
2009-10-06 00:06 . 2009-10-06 00:06 -------- d-----w- c:\program files\Microsoft.NET
2009-10-06 00:00 . 2009-10-06 00:09 -------- d-----w- c:\windows\SHELLNEW
2009-10-05 23:59 . 2009-10-05 23:59 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Microsoft Help
2009-10-05 23:59 . 2009-10-07 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-05 23:58 . 2009-10-05 23:58 -------- d-----r- C:\MSOCache
2009-10-05 21:43 . 2009-10-05 21:43 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Google
2009-10-05 21:42 . 2009-10-05 21:42 -------- d-----w- c:\program files\Google
2009-10-05 20:33 . 2006-11-14 20:21 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2009-10-05 20:33 . 2006-11-14 19:41 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-10-05 20:33 . 2006-11-14 19:40 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2009-10-05 20:33 . 2006-11-14 19:40 163840 ----a-w- c:\windows\system32\SynCOM.dll
2009-10-05 20:33 . 2006-11-14 19:34 199040 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-10-05 20:33 . 2009-10-05 20:33 -------- d-----w- c:\program files\Synaptics
2009-10-05 20:14 . 2009-10-05 20:14 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-05 20:10 . 2009-10-05 20:12 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-05 20:10 . 2009-10-05 20:10 -------- d-----w- c:\windows\system32\LogFiles
2009-10-05 19:53 . 2009-10-05 19:53 -------- d-----w- c:\program files\ATI Technologies
2009-10-05 19:51 . 2009-10-05 20:32 -------- d-----w- C:\swsetup
2009-10-05 19:37 . 2009-10-05 19:37 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\MSNInstaller
2009-10-05 18:58 . 2009-10-05 18:58 -------- d-sh--w- c:\documents and settings\Moshe Spira\PrivacIE
2009-10-05 18:57 . 2009-10-05 18:57 -------- d-sh--w- c:\documents and settings\Moshe Spira\IETldCache
2009-10-05 18:53 . 2009-10-06 05:44 -------- d-----w- c:\windows\ie8updates
2009-10-05 18:50 . 2009-10-05 18:51 -------- dc-h--w- c:\windows\ie8
2009-10-05 18:46 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-05 18:46 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-05 18:45 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-05 18:45 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-05 18:45 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-05 18:45 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-05 17:06 . 2009-10-05 17:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-05 17:06 . 2009-10-05 17:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-05 17:06 . 2009-10-05 17:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-05 17:06 . 2009-10-05 17:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-05 17:05 . 2009-10-06 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-05 17:01 . 2009-10-05 17:01 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\AVG8
2009-10-05 16:57 . 2009-10-05 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-10-05 16:57 . 2009-10-05 16:57 -------- d-sh--w- c:\windows\ftpcache
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\scripting
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\l2schemas
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\en
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\bits
2009-10-02 22:15 . 2009-10-02 22:15 -------- d-----w- c:\windows\ServicePackFiles
2009-10-02 22:08 . 2009-10-02 22:08 -------- d-----w- c:\windows\EHome
2009-10-02 21:51 . 2004-08-04 02:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-10-02 20:23 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-02 20:23 . 2009-10-06 05:44 -------- d--h--w- c:\windows\$hf_mig$
2009-10-02 20:07 . 2008-10-16 18:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 20:06 . 2009-10-02 20:06 -------- d-sh--w- c:\documents and settings\Moshe Spira\UserData
2009-10-02 20:05 . 2005-03-10 09:41 176128 ------w- c:\windows\system32\bcmwlu00.EXE
2009-10-02 20:05 . 2005-03-10 09:41 69632 ------w- c:\windows\system32\bcmwlD2K.EXE
2009-10-02 20:05 . 2005-03-10 09:41 371712 ------w- c:\windows\system32\drivers\BCMWL5.SYS
2009-10-02 19:02 . 2009-10-02 19:02 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-02 19:02 . 2004-12-07 14:46 425984 ----a-w- c:\windows\system32\hpqPres.dll
2009-10-02 19:02 . 2004-12-07 14:45 65536 ----a-w- c:\windows\system32\hpqactn.dll
2009-10-02 19:02 . 2004-12-01 16:46 32768 ----a-w- c:\windows\system32\eabhbrn8.dll
2009-10-02 19:02 . 2004-12-01 16:45 225280 ----a-w- c:\windows\system32\cpqinfo.dll
2009-10-02 18:58 . 2009-10-02 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Apple Computer
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\Apple Computer
2009-10-02 18:53 . 1999-11-10 16:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\program files\QuickTime
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\windows\system32\QuickTime
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\program files\iPod
2009-10-02 18:52 . 2009-10-02 18:53 -------- d-----w- c:\program files\iTunes
2009-10-02 18:52 . 2009-10-02 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-02 18:52 . 2009-10-05 16:57 -------- d-----w- c:\windows\Downloaded Installations
2009-10-02 18:51 . 2009-10-06 05:32 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\ApplicationHistory

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 21:25 . 2009-10-06 21:25 15209 ----a-w- c:\documents and settings\Moshe Spira\Application Data\erupiky.dat
2009-10-06 02:51 . 2009-10-02 14:39 97744 ----a-w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-02 18:48 . 2009-10-02 18:47 -------- d-----w- c:\program files\CONEXANT
2009-10-02 14:12 . 2009-10-02 14:12 -------- d-----w- c:\program files\microsoft frontpage
2009-10-02 14:09 . 2009-10-02 14:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-09 17:41 . 2009-07-09 17:41 6624 --sha-w- c:\windows\system32\duyagawe.dll
2009-07-12 00:11 . 2009-07-12 00:11 88576 --sha-w- c:\windows\system32\hamidita.dll
2009-07-09 05:41 . 2009-07-09 05:41 60928 --sha-w- c:\windows\system32\jehiyile.dll
2009-07-09 17:41 . 2009-07-09 17:41 6622 --sha-w- c:\windows\system32\jeziluku.dll
2009-07-09 05:39 . 2009-07-09 05:39 114688 --sha-w- c:\windows\system32\jisipopo.dll.tmp
2009-07-12 00:11 . 2009-07-12 00:11 51712 --sha-w- c:\windows\system32\pavogaho.dll
2009-07-12 00:12 . 2009-07-12 00:12 51712 --sha-w- c:\windows\system32\rovokoko.dll
2009-07-09 05:39 . 2009-07-09 05:39 114688 --sha-w- c:\windows\system32\sazuviyu.dll.tmp
2009-07-12 00:11 . 2009-07-12 00:11 1011646 --sha-w- c:\windows\system32\tuluzapa.exe
2009-07-12 00:11 . 2009-07-12 00:11 69120 --sha-w- c:\windows\system32\vatuhora.dll
2009-07-09 05:41 . 2009-07-09 05:41 83968 --sha-w- c:\windows\system32\vihababa.dll
2009-07-09 05:41 . 2009-07-09 05:41 167424 --sha-w- c:\windows\system32\yilinetu.dll
2009-07-09 17:41 . 2009-07-09 17:41 6622 --sha-w- c:\windows\system32\zagodowi.dll
2009-07-09 05:39 . 2009-07-09 05:39 114688 --sha-w- c:\windows\system32\zagotumo.dll.tmp
2009-07-09 05:41 . 2009-07-09 05:41 1011656 --sha-w- c:\windows\system32\zututebu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f9ff7add-5c8b-4ea8-96d1-d1e97e0f5d29}]
2009-07-12 00:12 51712 --sha-w- c:\windows\system32\rovokoko.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-02 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-05 2023704]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-05 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"zudaruwaj"="c:\windows\system32\yilinetu.dll" [2009-07-09 167424]

c:\documents and settings\Moshe Spira\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{4e786588-e949-4662-b22d-72eab7dbf9e9}"= "c:\windows\system32\yilinetu.dll" [2009-07-09 167424]
"{6e91dafa-d2f7-4bef-9020-ead895bf6518}"= "c:\windows\system32\yilinetu.dll" [2009-07-09 167424]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gajiliyiy"= {4e786588-e949-4662-b22d-72eab7dbf9e9} - c:\windows\system32\yilinetu.dll [2009-07-09 167424]
"lijubufaz"= {6e91dafa-d2f7-4bef-9020-ead895bf6518} - c:\windows\system32\yilinetu.dll [2009-07-09 167424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-05 17:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/5/2009 1:06 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/5/2009 1:06 PM 108552]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 7:39 PM 72992]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/5/2009 1:05 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/5/2009 1:05 PM 297752]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [1/13/2009 7:39 PM 1078560]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [10/2/2009 2:47 PM 200192]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/5/2009 5:42 PM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-16925225 - c:\docume~1\ALLUSE~1\APPLIC~1\16925225\16925225.exe
HKLM-Run-fulatilusu - reremeru.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 02:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,02,ac,aa,43,0d,86,40,89,98,ab,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,02,ac,aa,43,0d,86,40,89,98,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1928)
c:\windows\system32\WININET.dll
c:\windows\system32\yilinetu.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-12 2:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 06:59

Pre-Run: 15,386,529,792 bytes free
Post-Run: 16,107,487,232 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

323
Tigger93
Oct 12 2009, 10:15 PM
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

QUOTE
File::
C:\xyxqavq.exe
C:\cgcxo.exe
c:\documents and settings\Moshe Spira\Application Data\erupiky.dat
c:\windows\system32\duyagawe.dll
c:\windows\system32\hamidita.dll
c:\windows\system32\jehiyile.dll
c:\windows\system32\jeziluku.dll
c:\windows\system32\jisipopo.dll.tmp
c:\windows\system32\pavogaho.dll
c:\windows\system32\rovokoko.dll
c:\windows\system32\sazuviyu.dll.tmp
c:\windows\system32\tuluzapa.exe
c:\windows\system32\vatuhora.dll
c:\windows\system32\vihababa.dll
c:\windows\system32\yilinetu.dll
c:\windows\system32\zagodowi.dll
c:\windows\system32\zagotumo.dll.tmp
c:\windows\system32\zututebu.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f9ff7add-5c8b-4ea8-96d1-d1e97e0f5d29}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zudaruwaj"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{4e786588-e949-4662-b22d-72eab7dbf9e9}"=-
"{6e91dafa-d2f7-4bef-9020-ead895bf6518}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gajiliyiy"=-
"lijubufaz"=-



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
mcs
Oct 13 2009, 03:41 AM
Combofix ran agian after a dragged the file into it then it rebooted and gave me a log. Here it is:

ComboFix 09-10-11.01 - Moshe Spira 10/12/2009 23:19.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.184 [GMT -4:00]
Running from: c:\documents and settings\Moshe Spira\Desktop\something.exe
Command switches used :: c:\documents and settings\Moshe Spira\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"C:\cgcxo.exe"
"c:\documents and settings\Moshe Spira\Application Data\erupiky.dat"
"c:\windows\system32\duyagawe.dll"
"c:\windows\system32\hamidita.dll"
"c:\windows\system32\jehiyile.dll"
"c:\windows\system32\jeziluku.dll"
"c:\windows\system32\jisipopo.dll.tmp"
"c:\windows\system32\pavogaho.dll"
"c:\windows\system32\rovokoko.dll"
"c:\windows\system32\sazuviyu.dll.tmp"
"c:\windows\system32\tuluzapa.exe"
"c:\windows\system32\vatuhora.dll"
"c:\windows\system32\vihababa.dll"
"c:\windows\system32\yilinetu.dll"
"c:\windows\system32\zagodowi.dll"
"c:\windows\system32\zagotumo.dll.tmp"
"c:\windows\system32\zututebu.exe"
"C:\xyxqavq.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cgcxo.exe
c:\documents and settings\Moshe Spira\Application Data\erupiky.dat
c:\windows\system32\duyagawe.dll
c:\windows\system32\hamidita.dll
c:\windows\system32\jehiyile.dll
c:\windows\system32\jeziluku.dll
c:\windows\system32\jisipopo.dll.tmp
c:\windows\system32\pavogaho.dll
c:\windows\system32\rovokoko.dll
c:\windows\system32\sazuviyu.dll.tmp
c:\windows\system32\tuluzapa.exe
c:\windows\system32\vatuhora.dll
c:\windows\system32\vihababa.dll
c:\windows\system32\yilinetu.dll
c:\windows\system32\zagodowi.dll
c:\windows\system32\zagotumo.dll.tmp
c:\windows\system32\zututebu.exe
C:\xyxqavq.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-09 22:37 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 22:37 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 22:37 . 2009-10-09 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 18:54 . 2009-10-09 18:54 -------- d-----w- c:\program files\Trend Micro
2009-10-09 18:40 . 2009-10-09 18:40 0 ----a-w- c:\documents and settings\Moshe Spira\settings.dat
2009-10-08 03:49 . 2009-10-13 03:28 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2009-10-07 15:45 . 2009-10-07 15:47 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\muvee Technologies
2009-10-07 01:49 . 2009-10-07 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-07 01:48 . 2009-10-07 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-07 01:48 . 2009-10-07 01:48 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\SUPERAntiSpyware.com
2009-10-07 01:47 . 2009-10-07 01:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-07 01:44 . 2009-10-07 04:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-07 01:44 . 2009-10-07 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-07 01:41 . 2009-10-07 01:41 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\Malwarebytes
2009-10-07 01:41 . 2009-10-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-07 00:48 . 2009-10-12 17:33 -------- d-----w- C:\$AVG8.VAULT$
2009-10-06 21:52 . 2009-10-06 21:52 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-06 21:52 . 2009-10-12 13:43 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-06 21:52 . 2009-10-06 21:52 -------- d-----w- c:\program files\AVG
2009-10-06 21:20 . 2009-10-06 21:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-06 14:36 . 2009-10-06 14:36 -------- d-sh--w- c:\documents and settings\Moshe Spira\IECompatCache
2009-10-06 05:41 . 2009-10-06 05:41 -------- d-----w- c:\program files\MSXML 4.0
2009-10-06 05:25 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-06 05:21 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-06 05:21 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-06 05:21 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-06 05:21 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-06 05:21 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-06 05:21 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-06 05:21 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-06 05:21 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-06 05:21 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-06 05:21 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-06 05:21 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-06 05:21 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-06 05:20 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-06 05:19 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-06 05:18 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-06 03:51 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-06 03:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-06 03:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-06 03:46 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-06 03:45 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-06 03:44 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-06 03:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-06 03:43 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-06 02:45 . 2009-10-06 02:45 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\AdobeUM
2009-10-06 02:44 . 2009-10-06 02:44 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Adobe
2009-10-06 02:44 . 2009-10-06 02:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-06 00:32 . 2009-10-06 02:44 -------- d-----w- C:\Davar
2009-10-06 00:24 . 2009-10-06 21:52 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Kaluach 3
2009-10-06 00:23 . 2009-10-06 00:24 -------- d-----w- c:\program files\Kaluach3
2009-10-06 00:16 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-06 00:12 . 2009-10-06 02:48 -------- d-----w- c:\program files\Microsoft Works
2009-10-06 00:11 . 2009-10-06 00:11 -------- d-----w- c:\program files\MSBuild
2009-10-06 00:06 . 2009-10-06 00:06 -------- d-----w- c:\program files\Microsoft.NET
2009-10-06 00:00 . 2009-10-06 00:09 -------- d-----w- c:\windows\SHELLNEW
2009-10-05 23:59 . 2009-10-05 23:59 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Microsoft Help
2009-10-05 23:59 . 2009-10-07 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-05 23:58 . 2009-10-05 23:58 -------- d-----r- C:\MSOCache
2009-10-05 21:43 . 2009-10-05 21:43 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Google
2009-10-05 21:42 . 2009-10-05 21:42 -------- d-----w- c:\program files\Google
2009-10-05 20:33 . 2006-11-14 20:21 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2009-10-05 20:33 . 2006-11-14 19:41 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-10-05 20:33 . 2006-11-14 19:40 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2009-10-05 20:33 . 2006-11-14 19:40 163840 ----a-w- c:\windows\system32\SynCOM.dll
2009-10-05 20:33 . 2006-11-14 19:34 199040 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-10-05 20:33 . 2009-10-05 20:33 -------- d-----w- c:\program files\Synaptics
2009-10-05 20:14 . 2009-10-05 20:14 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-05 20:10 . 2009-10-05 20:12 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-05 20:10 . 2009-10-05 20:10 -------- d-----w- c:\windows\system32\LogFiles
2009-10-05 19:53 . 2009-10-05 19:53 -------- d-----w- c:\program files\ATI Technologies
2009-10-05 19:51 . 2009-10-05 20:32 -------- d-----w- C:\swsetup
2009-10-05 19:37 . 2009-10-05 19:37 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\MSNInstaller
2009-10-05 18:58 . 2009-10-05 18:58 -------- d-sh--w- c:\documents and settings\Moshe Spira\PrivacIE
2009-10-05 18:57 . 2009-10-05 18:57 -------- d-sh--w- c:\documents and settings\Moshe Spira\IETldCache
2009-10-05 18:53 . 2009-10-06 05:44 -------- d-----w- c:\windows\ie8updates
2009-10-05 18:50 . 2009-10-05 18:51 -------- dc-h--w- c:\windows\ie8
2009-10-05 18:46 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-05 18:46 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-05 18:45 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-05 18:45 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-05 18:45 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-05 18:45 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-05 17:06 . 2009-10-05 17:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-05 17:06 . 2009-10-05 17:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-05 17:06 . 2009-10-05 17:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-05 17:06 . 2009-10-05 17:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-05 17:05 . 2009-10-06 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-05 17:01 . 2009-10-05 17:01 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\AVG8
2009-10-05 16:57 . 2009-10-05 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-10-05 16:57 . 2009-10-05 16:57 -------- d-sh--w- c:\windows\ftpcache
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\scripting
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\l2schemas
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\en
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\bits
2009-10-02 22:15 . 2009-10-02 22:15 -------- d-----w- c:\windows\ServicePackFiles
2009-10-02 22:08 . 2009-10-02 22:08 -------- d-----w- c:\windows\EHome
2009-10-02 21:51 . 2004-08-04 02:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-10-02 20:23 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-02 20:23 . 2009-10-06 05:44 -------- d--h--w- c:\windows\$hf_mig$
2009-10-02 20:07 . 2008-10-16 18:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 20:06 . 2009-10-02 20:06 -------- d-sh--w- c:\documents and settings\Moshe Spira\UserData
2009-10-02 20:05 . 2005-03-10 09:41 176128 ------w- c:\windows\system32\bcmwlu00.EXE
2009-10-02 20:05 . 2005-03-10 09:41 69632 ------w- c:\windows\system32\bcmwlD2K.EXE
2009-10-02 20:05 . 2005-03-10 09:41 371712 ------w- c:\windows\system32\drivers\BCMWL5.SYS
2009-10-02 19:02 . 2009-10-02 19:02 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-02 19:02 . 2004-12-07 14:46 425984 ----a-w- c:\windows\system32\hpqPres.dll
2009-10-02 19:02 . 2004-12-07 14:45 65536 ----a-w- c:\windows\system32\hpqactn.dll
2009-10-02 19:02 . 2004-12-01 16:46 32768 ----a-w- c:\windows\system32\eabhbrn8.dll
2009-10-02 19:02 . 2004-12-01 16:45 225280 ----a-w- c:\windows\system32\cpqinfo.dll
2009-10-02 18:58 . 2009-10-02 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Apple Computer
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\Apple Computer
2009-10-02 18:53 . 1999-11-10 16:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\program files\QuickTime
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\windows\system32\QuickTime
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\program files\iPod
2009-10-02 18:52 . 2009-10-02 18:53 -------- d-----w- c:\program files\iTunes
2009-10-02 18:52 . 2009-10-02 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-02 18:52 . 2009-10-05 16:57 -------- d-----w- c:\windows\Downloaded Installations
2009-10-02 18:51 . 2009-10-06 05:32 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\ApplicationHistory
2009-10-02 18:50 . 2009-10-02 18:50 -------- d-----w- c:\windows\system32\URTTemp
2009-10-02 18:49 . 2009-10-09 00:43 -------- d-----w- c:\program files\HPQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 02:51 . 2009-10-02 14:39 97744 ----a-w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-02 18:48 . 2009-10-02 18:47 -------- d-----w- c:\program files\CONEXANT
2009-10-02 14:12 . 2009-10-02 14:12 -------- d-----w- c:\program files\microsoft frontpage
2009-10-02 14:09 . 2009-10-02 14:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 13:41 . 2009-07-12 13:41 88064 --sha-w- c:\windows\system32\kopurege.dll
2009-07-12 13:41 . 2009-07-12 13:41 38400 --sha-w- c:\windows\system32\redipefe.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_06.57.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-10-09 21:08 54528 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-10-12 07:01 54528 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-10-12 07:01 384698 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-10-09 21:08 384698 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-02 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-05 2023704]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-05 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"zudaruwaj"="c:\windows\system32\kopurege.dll" [2009-07-12 88064]
"fulatilusu"="reremeru.dll" [BU]

c:\documents and settings\Moshe Spira\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{e2159011-91d0-4562-b35a-ffd40fef6ecc}"= "c:\windows\system32\kopurege.dll" [2009-07-12 88064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"buwufisef"= {e2159011-91d0-4562-b35a-ffd40fef6ecc} - c:\windows\system32\kopurege.dll [2009-07-12 88064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-05 17:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/5/2009 1:06 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/5/2009 1:06 PM 108552]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 7:39 PM 72992]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/5/2009 1:05 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/5/2009 1:05 PM 297752]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [1/13/2009 7:39 PM 1078560]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [10/2/2009 2:47 PM 200192]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/5/2009 5:42 PM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 23:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?8?5?3??@???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,02,ac,aa,43,0d,86,40,89,98,ab,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,02,ac,aa,43,0d,86,40,89,98,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3112)
c:\windows\system32\WININET.dll
c:\windows\system32\kopurege.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-10-13 23:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 03:31
ComboFix2.txt 2009-10-12 07:00

Pre-Run: 16,043,864,064 bytes free
Post-Run: 16,631,836,672 bytes free

326


And here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:54 PM, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [fulatilusu] Rundll32.exe "reremeru.dll",s
O4 - HKLM\..\Run: [zudaruwaj] Rundll32.exe "c:\windows\system32\kopurege.dll",a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254513997062
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\kopurege.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: buwufisef - {e2159011-91d0-4562-b35a-ffd40fef6ecc} - c:\windows\system32\kopurege.dll
O22 - SharedTaskScheduler: kupuhivus - {e2159011-91d0-4562-b35a-ffd40fef6ecc} - c:\windows\system32\kopurege.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6931 bytes
mcs
Oct 13 2009, 03:58 AM
Some additional information:

When I boot the computer I receive an error message stating:
RUNDLL
Error loading reremeru.dll
The specific module could not be found

Also, I am still getting pop ups and now IE sometimes redirects me to web pages.

Thanks again for your help.
Tigger93
Oct 13 2009, 09:59 PM
That error should hopefully be gone after this. smile.gif

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

QUOTE
File::
c:\windows\system32\kopurege.dll
c:\windows\system32\redipefe.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fulatilusu"=-
"zudaruwaj"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{e2159011-91d0-4562-b35a-ffd40fef6ecc}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"buwufisef"=-



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
mcs
Oct 13 2009, 11:53 PM
Thanks again for your help.

Combofix:

ComboFix 09-10-11.01 - Moshe Spira 10/13/2009 19:39.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.180 [GMT -4:00]
Running from: c:\documents and settings\Moshe Spira\Desktop\something.exe
Command switches used :: c:\documents and settings\Moshe Spira\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\kopurege.dll"
"c:\windows\system32\redipefe.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\kopurege.dll
c:\windows\system32\redipefe.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-09 22:37 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 22:37 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 22:37 . 2009-10-09 22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 18:54 . 2009-10-09 18:54 -------- d-----w- c:\program files\Trend Micro
2009-10-09 18:40 . 2009-10-09 18:40 0 ----a-w- c:\documents and settings\Moshe Spira\settings.dat
2009-10-08 03:49 . 2009-10-13 23:46 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2009-10-07 15:45 . 2009-10-07 15:47 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\muvee Technologies
2009-10-07 01:49 . 2009-10-07 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-07 01:48 . 2009-10-07 01:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-07 01:48 . 2009-10-07 01:48 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\SUPERAntiSpyware.com
2009-10-07 01:47 . 2009-10-07 01:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-07 01:44 . 2009-10-07 04:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-07 01:44 . 2009-10-07 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-07 01:41 . 2009-10-07 01:41 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\Malwarebytes
2009-10-07 01:41 . 2009-10-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-07 00:48 . 2009-10-12 17:33 -------- d-----w- C:\$AVG8.VAULT$
2009-10-06 21:52 . 2009-10-06 21:52 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-06 21:52 . 2009-10-12 13:43 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-06 21:52 . 2009-10-06 21:52 -------- d-----w- c:\program files\AVG
2009-10-06 21:20 . 2009-10-06 21:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-06 14:36 . 2009-10-06 14:36 -------- d-sh--w- c:\documents and settings\Moshe Spira\IECompatCache
2009-10-06 05:41 . 2009-10-06 05:41 -------- d-----w- c:\program files\MSXML 4.0
2009-10-06 05:25 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-06 05:21 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-06 05:21 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-06 05:21 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-06 05:21 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-06 05:21 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-06 05:21 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-06 05:21 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-06 05:21 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-06 05:21 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-06 05:21 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-06 05:21 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-06 05:21 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-06 05:20 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-06 05:19 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-06 05:18 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-06 03:51 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-06 03:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-06 03:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-06 03:46 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-06 03:45 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-06 03:44 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-06 03:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-06 03:43 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-06 02:45 . 2009-10-06 02:45 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\AdobeUM
2009-10-06 02:44 . 2009-10-06 02:44 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Adobe
2009-10-06 02:44 . 2009-10-06 02:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-06 00:32 . 2009-10-06 02:44 -------- d-----w- C:\Davar
2009-10-06 00:24 . 2009-10-06 21:52 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Kaluach 3
2009-10-06 00:23 . 2009-10-06 00:24 -------- d-----w- c:\program files\Kaluach3
2009-10-06 00:16 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-06 00:12 . 2009-10-06 02:48 -------- d-----w- c:\program files\Microsoft Works
2009-10-06 00:11 . 2009-10-06 00:11 -------- d-----w- c:\program files\MSBuild
2009-10-06 00:06 . 2009-10-06 00:06 -------- d-----w- c:\program files\Microsoft.NET
2009-10-06 00:00 . 2009-10-06 00:09 -------- d-----w- c:\windows\SHELLNEW
2009-10-05 23:59 . 2009-10-05 23:59 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Microsoft Help
2009-10-05 23:59 . 2009-10-07 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-05 23:58 . 2009-10-05 23:58 -------- d-----r- C:\MSOCache
2009-10-05 21:43 . 2009-10-05 21:43 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Google
2009-10-05 21:42 . 2009-10-05 21:42 -------- d-----w- c:\program files\Google
2009-10-05 20:33 . 2006-11-14 20:21 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2009-10-05 20:33 . 2006-11-14 19:41 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-10-05 20:33 . 2006-11-14 19:40 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2009-10-05 20:33 . 2006-11-14 19:40 163840 ----a-w- c:\windows\system32\SynCOM.dll
2009-10-05 20:33 . 2006-11-14 19:34 199040 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-10-05 20:33 . 2009-10-05 20:33 -------- d-----w- c:\program files\Synaptics
2009-10-05 20:14 . 2009-10-05 20:14 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-05 20:10 . 2009-10-05 20:12 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-05 20:10 . 2009-10-05 20:10 -------- d-----w- c:\windows\system32\LogFiles
2009-10-05 19:53 . 2009-10-05 19:53 -------- d-----w- c:\program files\ATI Technologies
2009-10-05 19:51 . 2009-10-05 20:32 -------- d-----w- C:\swsetup
2009-10-05 19:37 . 2009-10-05 19:37 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\MSNInstaller
2009-10-05 18:58 . 2009-10-05 18:58 -------- d-sh--w- c:\documents and settings\Moshe Spira\PrivacIE
2009-10-05 18:57 . 2009-10-05 18:57 -------- d-sh--w- c:\documents and settings\Moshe Spira\IETldCache
2009-10-05 18:53 . 2009-10-06 05:44 -------- d-----w- c:\windows\ie8updates
2009-10-05 18:50 . 2009-10-05 18:51 -------- dc-h--w- c:\windows\ie8
2009-10-05 18:46 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-05 18:46 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-05 18:45 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-05 18:45 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-05 18:45 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-05 18:45 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-05 17:06 . 2009-10-05 17:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-05 17:06 . 2009-10-05 17:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-05 17:06 . 2009-10-05 17:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-05 17:06 . 2009-10-05 17:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-05 17:05 . 2009-10-06 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-05 17:01 . 2009-10-05 17:01 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\AVG8
2009-10-05 16:57 . 2009-10-05 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-10-05 16:57 . 2009-10-05 16:57 -------- d-sh--w- c:\windows\ftpcache
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\scripting
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\l2schemas
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\en
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\bits
2009-10-02 22:15 . 2009-10-02 22:15 -------- d-----w- c:\windows\ServicePackFiles
2009-10-02 22:08 . 2009-10-02 22:08 -------- d-----w- c:\windows\EHome
2009-10-02 21:51 . 2004-08-04 02:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-10-02 20:23 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-02 20:23 . 2009-10-06 05:44 -------- d--h--w- c:\windows\$hf_mig$
2009-10-02 20:07 . 2008-10-16 18:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 20:06 . 2009-10-02 20:06 -------- d-sh--w- c:\documents and settings\Moshe Spira\UserData
2009-10-02 20:05 . 2005-03-10 09:41 176128 ------w- c:\windows\system32\bcmwlu00.EXE
2009-10-02 20:05 . 2005-03-10 09:41 69632 ------w- c:\windows\system32\bcmwlD2K.EXE
2009-10-02 20:05 . 2005-03-10 09:41 371712 ------w- c:\windows\system32\drivers\BCMWL5.SYS
2009-10-02 19:02 . 2009-10-02 19:02 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-02 19:02 . 2004-12-07 14:46 425984 ----a-w- c:\windows\system32\hpqPres.dll
2009-10-02 19:02 . 2004-12-07 14:45 65536 ----a-w- c:\windows\system32\hpqactn.dll
2009-10-02 19:02 . 2004-12-01 16:46 32768 ----a-w- c:\windows\system32\eabhbrn8.dll
2009-10-02 19:02 . 2004-12-01 16:45 225280 ----a-w- c:\windows\system32\cpqinfo.dll
2009-10-02 18:58 . 2009-10-02 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Apple Computer
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\Apple Computer
2009-10-02 18:53 . 1999-11-10 16:05 86016 ----a-w- c:\windows\unvise32qt.exe
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\program files\QuickTime
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\windows\system32\QuickTime
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-10-02 18:53 . 2009-10-02 18:53 -------- d-----w- c:\program files\iPod
2009-10-02 18:52 . 2009-10-02 18:53 -------- d-----w- c:\program files\iTunes
2009-10-02 18:52 . 2009-10-02 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-02 18:52 . 2009-10-05 16:57 -------- d-----w- c:\windows\Downloaded Installations
2009-10-02 18:51 . 2009-10-06 05:32 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\ApplicationHistory
2009-10-02 18:50 . 2009-10-02 18:50 -------- d-----w- c:\windows\system32\URTTemp
2009-10-02 18:49 . 2009-10-09 00:43 -------- d-----w- c:\program files\HPQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 02:51 . 2009-10-02 14:39 97744 ----a-w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-02 18:48 . 2009-10-02 18:47 -------- d-----w- c:\program files\CONEXANT
2009-10-02 14:12 . 2009-10-02 14:12 -------- d-----w- c:\program files\microsoft frontpage
2009-10-02 14:09 . 2009-10-02 14:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-12_06.57.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-10-09 21:08 54528 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-10-13 03:32 54528 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-10-13 03:32 384698 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-10-09 21:08 384698 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-02 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-05 2023704]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-05 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

c:\documents and settings\Moshe Spira\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-05 17:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/5/2009 1:06 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/5/2009 1:06 PM 108552]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 7:39 PM 72992]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/5/2009 1:05 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/5/2009 1:05 PM 297752]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [1/13/2009 7:39 PM 1078560]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [10/2/2009 2:47 PM 200192]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/5/2009 5:42 PM 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 19:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?@???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,02,ac,aa,43,0d,86,40,89,98,ab,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,02,ac,aa,43,0d,86,40,89,98,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1828)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-10-13 19:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-13 23:49
ComboFix2.txt 2009-10-13 03:32
ComboFix3.txt 2009-10-12 07:00

Pre-Run: 16,797,458,432 bytes free
Post-Run: 16,763,564,032 bytes free

286


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:18 PM, on 10/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254513997062
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6659 bytes


Tigger93
Oct 14 2009, 09:24 PM
Go start > run and type in combofix /u and press OK.

Please update Malwarebytes, run a quick scan and post the log. smile.gif
mcs
Oct 14 2009, 10:37 PM
It detected to threats. I removed them. Was I supposed to do this and in general am I supposed to remove all the threats detected. Anyways, it seems to be running agian. What was my issue? Is there anything that I should avoid in the future that that this doesnt happen again. Either way, thank you so much for your help.

Here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 2962
Windows 5.1.2600 Service Pack 3

10/14/2009 6:33:54 PM
mbam-log-2009-10-14 (18-33-54).txt

Scan type: Quick Scan
Objects scanned: 97558
Time elapsed: 11 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Moshe Spira\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Tigger93
Oct 16 2009, 01:11 AM
Yes, you were supposed to remove them. Sorry for not making that clear.

To be sure your clean, please update Malwarebytes one more time, run a quick scan and post the log. smile.gif
mcs
Oct 16 2009, 03:28 AM
Thats good because I removed it after the first scan. Either way is the most recent scan. Thanks

Malwarebytes' Anti-Malware 1.41
Database version: 2970
Windows 5.1.2600 Service Pack 3

10/15/2009 11:08:31 PM
mbam-log-2009-10-15 (23-08-31).txt

Scan type: Quick Scan
Objects scanned: 101800
Time elapsed: 24 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Tigger93
Oct 16 2009, 11:06 PM
Everything looks good. Are you still having any problems?
mcs
Oct 17 2009, 11:56 PM
I dont seem to. Thanks a million.
mcs
Oct 18 2009, 05:56 AM
I spoke to soon. I was on the web and I got hit with the internet security center virus or whatever it is called. This one even changed the backround to my desktop. I quickly ran malwarbytes and it looks like it removed it. But now I cant get to the google website. I get the error stating that either internet explorer cant display it or that the adress is not valid. Other sites work only google and gmail (which is problematic since that is the email provider i use) dont work. What am I doing wrong? I am not going to any sketch sites? Why do I keep geting infected?

Here is my malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2970
Windows 5.1.2600 Service Pack 3

10/17/2009 11:50:01 PM
mbam-log-2009-10-17 (23-50-01).txt

Scan type: Quick Scan
Objects scanned: 97485
Time elapsed: 16 minute(s), 51 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 7

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\14340624\14340624.exe (Rogue.Multiple.H) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14340624 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\14340624 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Moshe Spira\Start Menu\Programs\Total Security (Rogue.TotalSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\14340624\14340624 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\14340624\14340624.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\14340624\pc14340624ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Moshe Spira\Start Menu\Programs\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Moshe Spira\Desktop\Total Security 2009.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


Here is alsomy hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:26 AM, on 10/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254513997062
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7242 bytes
Tigger93
Oct 18 2009, 07:23 PM
I don't see a firewall running. Do you know if you have one running?

If you don't, then please install one a firewall. A free one is:
Comodo

Next thing is your Adobe Reader is very out of date. Please uninstall your current version of Adobe Reader, then download and install the latest version (9.2) from here

After you've done these, please reboot your computer and post a new Malwarebytes log and a new HijackThis log.
mcs
Oct 18 2009, 10:19 PM
I have the Windows firewall running so I am not sure why it would come up as having no firewall. Should I disable it and download Comodo (it weird that it says comodo, I could have sworn that earlier today it said ZoneAlarm. Did you change it?). I also uninstalled my current adobe reader and download the new one.

Here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2977
Windows 5.1.2600 Service Pack 3

10/18/2009 6:14:04 PM
mbam-log-2009-10-18 (18-14-04).txt

Scan type: Quick Scan
Objects scanned: 97665
Time elapsed: 12 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:42 PM, on 10/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254513997062
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7903 bytes
Tigger93
Oct 19 2009, 07:28 PM
Yes, it said ZoneAlarm earlier, but after a quick look I could no longer find ZoneAlarm's free version so I changed it. Sorry for the confusion.

I would recommend installing Comodo's free firewall then disabling Window's firewall. Window's firewall is not a good firewall and does not protect you very well.
mcs
Oct 20 2009, 03:51 AM
I installed Comodo. Google is still not loading. Here are the latest Logs:

Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:52 PM, on 10/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254513997062
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8270 bytes

Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Database version: 2991
Windows 5.1.2600 Service Pack 3

10/19/2009 11:46:13 PM
mbam-log-2009-10-19 (23-46-13).txt

Scan type: Quick Scan
Objects scanned: 100267
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
mcs
Oct 20 2009, 03:53 AM
Also, comodo asks me if I want to run (or maybe connect) with svhost.exe. Should I block it or not? And thanks again for your ongoing help.
mcs
Oct 20 2009, 04:22 AM
*svchost.exe
Tigger93
Oct 20 2009, 11:59 PM
Yes, allowing it should be fine. smile.gif

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).

Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

I will review it when it comes in.
mcs
Oct 21 2009, 12:14 AM
The link is faulty. IE says that the page is not found.
Tigger93
Oct 21 2009, 11:34 PM
OK, let's try this then instead.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
mcs
Oct 23 2009, 01:24 PM
When I try to run it I receive an error message stating:

C:Documents and Settings\Moshe Spira\Desktop\RSIT.exe is not valid Win32 application.
Tigger93
Oct 25 2009, 09:36 PM
Sorry for the delay, I was out for the weekend.

I'm at a loss here. Are you able to run Malwarebytes still? If you can, please update it, run a quick scan and post the log.

Also, please download and run this tool.
mcs
Oct 25 2009, 10:47 PM
When I ran the tool all that happned is a black box came up, some words scrolled down it, and 2 icons appeared and then disapeared on my desktop. Is that what was suppposed to happen. Also, here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3033
Windows 5.1.2600 Service Pack 3

10/25/2009 6:44:39 PM
mbam-log-2009-10-25 (18-44-39).txt

Scan type: Quick Scan
Objects scanned: 114999
Time elapsed: 33 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Tigger93
Oct 26 2009, 10:49 PM
Yes, hopefully if your registry was corrupted causing some exe files from running should be fixed. Are you able to run RSIT now?
mcs
Oct 27 2009, 04:28 AM
I'm still getting the same error and Google still doesnt work.
Tigger93
Oct 27 2009, 10:00 PM
This is very odd. I'm not sure why some files will not run.

Download ComboFix from one of the locations below, and save it to your Desktop.
Link 1
Link 2
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply
Note: Do not mouseclick Combofix's window while its running. That may cause it to stall
mcs
Oct 28 2009, 12:19 AM
When I ran ComboFix it said that it had detected the presence of a rootkit and need to reboot. Anyways, here is the log:

ComboFix 09-10-26.06 - Moshe Spira 10/27/2009 19:56.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.73 [GMT -4:00]
Running from: c:\documents and settings\Moshe Spira\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ipukywim._sy

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))
.

2009-10-25 02:33 . 2009-10-25 02:37 -------- d-----w- C:\$AVG
2009-10-25 02:31 . 2009-10-25 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-25 02:30 . 2009-10-25 02:37 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-19 21:24 . 2009-10-19 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-10-19 21:23 . 2009-10-19 21:23 179792 ----a-w- c:\windows\system32\guard32.dll
2009-10-19 21:23 . 2009-10-19 21:23 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-10-19 21:23 . 2009-10-19 21:23 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-19 21:23 . 2009-10-19 21:23 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-10-19 21:23 . 2009-10-19 21:23 -------- d-----w- c:\program files\COMODO
2009-10-18 20:33 . 2009-10-18 20:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-18 20:23 . 2009-10-18 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-18 05:46 . 2009-10-18 05:46 0 ----a-w- c:\windows\nsreg.dat
2009-10-18 05:46 . 2009-10-18 05:46 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Mozilla
2009-10-18 03:36 . 2009-10-18 03:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-18 01:56 . 2009-10-27 23:51 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\stickies
2009-10-18 01:56 . 2009-10-18 01:56 -------- d-----w- c:\program files\Stickies
2009-10-09 22:37 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-09 22:37 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-09 22:37 . 2009-10-14 22:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 18:54 . 2009-10-09 18:54 -------- d-----w- c:\program files\Trend Micro
2009-10-09 18:40 . 2009-10-09 18:40 0 ----a-w- c:\documents and settings\Moshe Spira\settings.dat
2009-10-08 03:49 . 2009-10-27 23:55 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
2009-10-07 15:45 . 2009-10-07 15:47 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\muvee Technologies
2009-10-07 01:49 . 2009-10-07 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-07 01:48 . 2009-10-25 16:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-07 01:48 . 2009-10-07 01:48 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\SUPERAntiSpyware.com
2009-10-07 01:47 . 2009-10-07 01:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-07 01:44 . 2009-10-07 04:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-07 01:44 . 2009-10-07 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-07 01:41 . 2009-10-07 01:41 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\Malwarebytes
2009-10-07 01:41 . 2009-10-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 21:52 . 2009-10-06 21:52 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-06 21:52 . 2009-10-27 21:24 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-06 21:52 . 2009-10-25 02:31 -------- d-----w- c:\program files\AVG
2009-10-06 21:20 . 2009-10-06 21:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-06 14:36 . 2009-10-06 14:36 -------- d-sh--w- c:\documents and settings\Moshe Spira\IECompatCache
2009-10-06 05:41 . 2009-10-06 05:41 -------- d-----w- c:\program files\MSXML 4.0
2009-10-06 05:25 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-06 05:21 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-06 05:21 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-06 05:21 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-06 05:21 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-06 05:21 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-06 05:21 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-06 05:21 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-06 05:21 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-06 05:21 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-06 05:21 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-06 05:21 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-06 05:21 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-06 05:20 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-06 05:19 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-06 05:18 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-06 03:51 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-06 03:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-06 03:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-06 03:46 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-06 03:45 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-06 03:44 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-06 03:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-06 03:43 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-06 02:45 . 2009-10-06 02:45 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\AdobeUM
2009-10-06 02:44 . 2009-10-19 16:57 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Adobe
2009-10-06 02:44 . 2009-10-18 20:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-06 00:32 . 2009-10-06 02:44 -------- d-----w- C:\Davar
2009-10-06 00:24 . 2009-10-06 21:52 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Kaluach 3
2009-10-06 00:23 . 2009-10-06 00:24 -------- d-----w- c:\program files\Kaluach3
2009-10-06 00:16 . 2006-10-26 23:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-06 00:12 . 2009-10-06 02:48 -------- d-----w- c:\program files\Microsoft Works
2009-10-06 00:11 . 2009-10-06 00:11 -------- d-----w- c:\program files\MSBuild
2009-10-06 00:06 . 2009-10-06 00:06 -------- d-----w- c:\program files\Microsoft.NET
2009-10-06 00:00 . 2009-10-06 00:09 -------- d-----w- c:\windows\SHELLNEW
2009-10-05 23:59 . 2009-10-05 23:59 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Microsoft Help
2009-10-05 23:59 . 2009-10-07 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-05 23:58 . 2009-10-05 23:58 -------- d-----r- C:\MSOCache
2009-10-05 21:43 . 2009-10-05 21:43 -------- d-----w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\Google
2009-10-05 21:42 . 2009-10-05 21:42 -------- d-----w- c:\program files\Google
2009-10-05 20:33 . 2006-11-14 20:21 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2009-10-05 20:33 . 2006-11-14 19:41 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-10-05 20:33 . 2006-11-14 19:40 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2009-10-05 20:33 . 2006-11-14 19:40 163840 ----a-w- c:\windows\system32\SynCOM.dll
2009-10-05 20:33 . 2006-11-14 19:34 199040 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-10-05 20:33 . 2009-10-05 20:33 -------- d-----w- c:\program files\Synaptics
2009-10-05 20:14 . 2009-10-05 20:14 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-05 20:10 . 2009-10-05 20:12 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-05 20:10 . 2009-10-05 20:10 -------- d-----w- c:\windows\system32\LogFiles
2009-10-05 19:53 . 2009-10-05 19:53 -------- d-----w- c:\program files\ATI Technologies
2009-10-05 19:51 . 2009-10-05 20:32 -------- d-----w- C:\swsetup
2009-10-05 19:37 . 2009-10-05 19:37 -------- d-----w- c:\documents and settings\Moshe Spira\Application Data\MSNInstaller
2009-10-05 18:58 . 2009-10-05 18:58 -------- d-sh--w- c:\documents and settings\Moshe Spira\PrivacIE
2009-10-05 18:57 . 2009-10-05 18:57 -------- d-sh--w- c:\documents and settings\Moshe Spira\IETldCache
2009-10-05 18:53 . 2009-10-06 05:44 -------- d-----w- c:\windows\ie8updates
2009-10-05 18:50 . 2009-10-05 18:51 -------- dc-h--w- c:\windows\ie8
2009-10-05 18:46 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-05 18:46 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-05 18:45 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-05 18:45 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-05 18:45 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-05 18:45 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-05 17:06 . 2009-10-25 02:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-05 17:06 . 2009-10-26 16:28 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-05 17:06 . 2009-10-25 02:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-05 17:06 . 2009-10-25 02:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-05 16:57 . 2009-10-05 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-10-05 16:57 . 2009-10-05 16:57 -------- d-sh--w- c:\windows\ftpcache
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\scripting
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\l2schemas
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\en
2009-10-02 22:17 . 2009-10-02 22:17 -------- d-----w- c:\windows\system32\bits
2009-10-02 22:15 . 2009-10-02 22:15 -------- d-----w- c:\windows\ServicePackFiles
2009-10-02 22:08 . 2009-10-02 22:08 -------- d-----w- c:\windows\EHome
2009-10-02 21:51 . 2004-08-04 02:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-10-02 20:23 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-02 20:23 . 2009-10-06 05:44 -------- d--h--w- c:\windows\$hf_mig$
2009-10-02 20:07 . 2008-10-16 18:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 20:06 . 2009-10-02 20:06 -------- d-sh--w- c:\documents and settings\Moshe Spira\UserData
2009-10-02 20:05 . 2005-03-10 09:41 176128 ------w- c:\windows\system32\bcmwlu00.EXE
2009-10-02 20:05 . 2005-03-10 09:41 69632 ------w- c:\windows\system32\bcmwlD2K.EXE
2009-10-02 20:05 . 2005-03-10 09:41 371712 ------w- c:\windows\system32\drivers\BCMWL5.SYS
2009-10-02 19:02 . 2009-10-02 19:02 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-02 19:02 . 2004-12-07 14:46 425984 ----a-w- c:\windows\system32\hpqPres.dll
2009-10-02 19:02 . 2004-12-07 14:45 65536 ----a-w- c:\windows\system32\hpqactn.dll
2009-10-02 19:02 . 2004-12-01 16:46 32768 ----a-w- c:\windows\system32\eabhbrn8.dll
2009-10-02 19:02 . 2004-12-01 16:45 225280 ----a-w- c:\windows\system32\cpqinfo.dll
2009-10-02 18:58 . 2009-10-02 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 02:51 . 2009-10-02 14:39 97744 ----a-w- c:\documents and settings\Moshe Spira\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-02 18:48 . 2009-10-02 18:47 -------- d-----w- c:\program files\CONEXANT
2009-10-02 14:12 . 2009-10-02 14:12 -------- d-----w- c:\program files\microsoft frontpage
2009-10-02 14:09 . 2009-10-02 14:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-10-05 21:43 . 2009-10-20 19:09 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-07-26 19:32 . 2009-10-18 05:46 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-26 19:32 . 2009-10-18 05:46 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-26 19:32 . 2009-10-18 05:46 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-07-26 19:32 . 2009-10-18 05:46 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-07-26 19:32 . 2009-10-18 05:46 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-02 98304]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-05 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-10-19 1799952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-26 2010904]

c:\documents and settings\Moshe Spira\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-25 02:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/5/2009 1:06 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/5/2009 1:06 PM 360584]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 7:39 PM 72992]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10/19/2009 5:23 PM 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/19/2009 5:23 PM 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/24/2009 10:32 PM 285392]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [1/13/2009 7:39 PM 1078560]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [10/2/2009 2:47 PM 200192]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/5/2009 5:42 PM 30192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Moshe Spira\Application Data\Mozilla\Firefox\Profiles\9gy4rinf.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 20:09
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?8?5?3??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,02,ac,aa,43,0d,86,40,89,98,ab,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,02,ac,aa,43,0d,86,40,89,98,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-10-28 20:12
ComboFix-quarantined-files.txt 2009-10-28 00:12
ComboFix2.txt 2009-10-13 23:49

Pre-Run: 15,266,852,864 bytes free
Post-Run: 16,265,482,240 bytes free

- - End Of File - - DDEAAA5E3A2C083435A5FD5E87838BA4

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:57 PM, on 10/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254513997062
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7577 bytes

Tigger93
Oct 28 2009, 12:38 AM
Are you able to access Google now?
mcs
Oct 28 2009, 08:41 PM
Still not able
Tigger93
Oct 29 2009, 02:23 AM
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
mcs
Oct 29 2009, 08:29 PM
A funny thing happend. When I was in order to use Kaspersky I was promted to download a newer version of java. I did so. I happend to go to my homepage after that (which is google) and it worked. The truth is that I am not sure it only started working after downloading the java, that just happend to be when I went to google. Either way something is still up because I still cant go to bing. Thanks agian for your continuall help. I hope eventaully this gets worked out. Here is my Kaspersky report:

KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 29, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 29, 2009 05:24:46
Records in database: 3098721


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\

Scan statistics
Objects scanned 46399
Threats found 1
Infected objects found 1
Suspicious objects found 0
Scan duration 02:57:13

File name Threat Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Infected: Rootkit.Win32.TDSS.u 1

Selected area has been scanned.
Tigger93
Oct 30 2009, 02:01 AM
Very odd that it worked, but good to see it is. smile.gif

Please go start > run and type in Combofix /uninstall and press OK.

Are you still having any problems?
mcs
Oct 30 2009, 03:23 PM
Google is working so I am glad about that. However, bing is still not loading which leads me to believe that that there is still something lurking. Is there anything to do about that?
Tigger93
Oct 30 2009, 11:56 PM
Very odd...

Let's run a rookit scan to make sure we don't have one hiding.

Download GMER from here:

  1. Unzip it to the desktop.
  2. Open the program and click on the Rootkit tab.
  3. Make sure all the boxes on the right of the screen are checked, EXCEPT for Show All.
  4. Click on Scan.
  5. When the scan has run click Copy and paste the results (if any) into this thread.
mcs
Nov 1 2009, 01:09 AM
It is to long to be posted, even in multiple posts. Should I split it into 10 or so posts? It didnt come up with anything wrong.
Tigger93
Nov 1 2009, 02:48 AM
Are you sure that all of the boxes are checked, but not "Show All"?
mcs
Nov 1 2009, 03:35 AM
Show all was shaded and couldnt even be checked.
Tigger93
Nov 1 2009, 04:05 PM
I'm really lost at this point...

Try to download and see if this will run now.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
mcs
Nov 4 2009, 05:44 PM
Here are the logs:

log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Moshe Spira at 2009-11-04 12:30:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (24%) free of 57 GB
Total RAM: 382 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:05 PM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Moshe Spira\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Moshe Spira.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254513997062
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Desktop Manager 5.9.909.8267 (GoogleDesktopManager-090809-085438) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8566 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-10-24 1471768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-28 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-10-02 98304]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-07-13 344064]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-14 815104]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-05 30192]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-10-19 1799952]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-10-26 2010904]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-28 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\Moshe Spira\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Stickies.lnk - C:\Program Files\Stickies\stickies.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-10-24 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-11-04 12:30:20 ----D---- C:\rsit
2009-11-01 16:36:41 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-01 16:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-01 16:35:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-01 16:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-01 16:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-01 16:34:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-01 16:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-01 16:34:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-01 16:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-01 16:33:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-28 23:45:36 ----D---- C:\WINDOWS\Sun
2009-10-28 23:44:27 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-28 23:44:27 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-28 23:44:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-28 23:44:26 ----A---- C:\WINDOWS\system32\java.exe
2009-10-28 23:42:54 ----D---- C:\Program Files\Java
2009-10-28 23:38:49 ----D---- C:\Documents and Settings\Moshe Spira\Application Data\Sun
2009-10-27 19:12:56 ----D---- C:\WINDOWS\temp
2009-10-27 19:12:50 ----A---- C:\ComboFix.txt
2009-10-27 19:12:48 ----A---- C:\log.txt
2009-10-27 18:48:04 ----A---- C:\WINDOWS\zip.exe
2009-10-27 18:48:04 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-27 18:48:04 ----A---- C:\WINDOWS\SWSC.exe
2009-10-27 18:48:04 ----A---- C:\WINDOWS\SWREG.exe
2009-10-27 18:48:04 ----A---- C:\WINDOWS\sed.exe
2009-10-27 18:48:04 ----A---- C:\WINDOWS\PEV.exe
2009-10-27 18:48:04 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-27 18:48:04 ----A---- C:\WINDOWS\MBR.exe
2009-10-27 18:48:04 ----A---- C:\WINDOWS\grep.exe
2009-10-27 18:47:10 ----D---- C:\Qoobox
2009-10-24 21:33:49 ----D---- C:\$AVG
2009-10-24 21:31:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-10-24 21:30:43 ----D---- C:\WINDOWS\SxsCaPendDel
2009-10-20 19:09:01 ----A---- C:\WINDOWS\cfplogvw.INI
2009-10-19 16:24:03 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-10-19 16:23:57 ----A---- C:\WINDOWS\system32\guard32.dll
2009-10-19 16:23:36 ----D---- C:\Program Files\COMODO
2009-10-18 15:34:18 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-18 15:33:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-10-18 15:23:55 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-10-18 00:46:16 ----D---- C:\Documents and Settings\Moshe Spira\Application Data\Mozilla
2009-10-18 00:46:01 ----D---- C:\Program Files\Mozilla Firefox
2009-10-17 20:56:23 ----D---- C:\Documents and Settings\Moshe Spira\Application Data\stickies
2009-10-17 20:56:12 ----D---- C:\Program Files\Stickies
2009-10-14 14:01:42 ----D---- C:\RECYCLER
2009-10-12 01:49:21 ----A---- C:\Boot.bak
2009-10-12 01:49:16 ----RASHD---- C:\cmdcons
2009-10-12 01:45:56 ----D---- C:\WINDOWS\ERDNT
2009-10-09 17:37:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-09 13:54:21 ----D---- C:\Program Files\Trend Micro
2009-10-08 19:39:54 ----D---- C:\Config.Msi
2009-10-07 22:49:56 ----D---- C:\Program Files\Blue Coat K9 Web Protection
2009-10-07 10:47:09 ----A---- C:\WINDOWS\muveeapp.INI
2009-10-07 10:45:39 ----D---- C:\Documents and Settings\Moshe Spira\Application Data\muvee Technologies
2009-10-06 20:49:37 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-06 20:48:38 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-06 20:48:38 ----D---- C:\Documents and Settings\Moshe Spira\Application Data\SUPERAntiSpyware.com
2009-10-06 20:47:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-06 20:44:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-06 20:44:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-06 20:41:55 ----D---- C:\Documents and Settings\Moshe Spira\Application Data\Malwarebytes
2009-10-06 20:41:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-06 16:52:04 ----D---- C:\Program Files\AVG
2009-10-06 00:44:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-06 00:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-06 00:43:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-06 00:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-06 00:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-06 00:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-06 00:43:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-06 00:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-06 00:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-06 00:43:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-06 00:42:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-06 00:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-06 00:42:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-06 00:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-06 00:42:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-10-06 00:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-06 00:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-06 00:41:39 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-06 00:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-06 00:41:26 ----D---- C:\Program Files\MSXML 4.0
2009-10-06 00:41:02 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-06 00:40:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-06 00:40:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-06 00:40:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-06 00:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-06 00:39:48 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-06 00:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-10-06 00:39:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-06 00:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-06 00:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-06 00:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-10-06 00:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-06 00:38:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-10-06 00:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-06 00:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-06 00:38:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-06 00:38:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-06 00:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-10-06 00:37:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-10-06 00:37:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-10-06 00:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-10-06 00:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-10-06 00:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-10-06 00:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-10-06 00:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-10-06 00:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-06 00:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-06 00:34:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-10-06 00:33:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-10-06 00:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-10-05 22:43:49 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-10-05 21:45:00 ----D---- C:\Documents and Settings\Moshe Spira\Application Data\AdobeUM
2009-10-05 21:44:28 ----D---- C:\Program Files\Common Files\Adobe
2009-10-05 19:32:20 ----D---- C:\Davar
2009-10-05 19:24:12 ----A---- C:\WINDOWS\Kaluach3.INI
2009-10-05 19:23:58 ----D---- C:\Program Files\Kaluach3
2009-10-05 19:16:06 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-10-05 19:12:18 ----D---- C:\Program Files\Microsoft Works
2009-10-05 19:11:17 ----D---- C:\Program Files\MSBuild
2009-10-05 19:09:17 ----D---- C:\Program Files\Microsoft Visual Studio
2009-10-05 19:09:17 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-05 19:06:23 ----D---- C:\Program Files\Microsoft.NET
2009-10-05 19:00:46 ----D---- C:\WINDOWS\SHELLNEW
2009-10-05 18:59:23 ----D---- C:\Program Files\Microsoft Office
2009-10-05 18:59:18 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-05 18:58:07 ----RD---- C:\MSOCache
2009-10-05 16:42:55 ----D---- C:\Program Files\Google
2009-10-05 15:33:45 ----A---- C:\WINDOWS\system32\SynTPCo4.dll
2009-10-05 15:33:45 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-10-05 15:33:45 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-10-05 15:33:45 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-10-05 15:33:44 ----D---- C:\Program Files\Synaptics
2009-10-05 15:15:33 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-05 15:15:27 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-10-05 15:14:49 ----D---- C:\Program Files\Windows Media Connect 2
2009-10-05 15:14:22 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-10-05 15:11:47 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-10-05 15:10:49 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-05 15:10:36 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-10-05 14:53:08 ----D---- C:\Program Files\ATI Technologies
2009-10-05 14:51:55 ----D---- C:\swsetup
2009-10-05 14:37:40 ----D---- C:\Documents and Settings\Moshe Spira\Application Data\MSNInstaller
2009-10-05 13:53:16 ----D---- C:\WINDOWS\ie8updates
2009-10-05 13:52:02 ----D---- C:\WINDOWS\WBEM
2009-10-05 13:50:12 ----HDC---- C:\WINDOWS\ie8
2009-10-05 13:28:00 ----D---- C:\Documents and Settings\Moshe Spira\Application Data\Adobe
2009-10-05 12:06:09 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-10-05 11:57:41 ----D---- C:\Documents and Settings\All Users\Application Data\Seagate
2009-10-05 11:57:04 ----SHD---- C:\WINDOWS\ftpcache

======List of files/folders modified in the last 1 months======

2009-11-04 12:30:22 ----D---- C:\WINDOWS\Prefetch
2009-11-03 12:27:47 ----SD---- C:\Documents and Settings\Moshe Spira\Application Data\Microsoft
2009-11-02 17:57:24 ----D---- C:\WINDOWS\system32
2009-11-02 17:57:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-02 17:54:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-01 19:44:01 ----D---- C:\WINDOWS
2009-11-01 16:45:20 ----D---- C:\Program Files\Internet Explorer
2009-11-01 16:44:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-01 16:35:19 ----HD---- C:\WINDOWS\inf
2009-11-01 16:35:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-01 16:35:09 ----A---- C:\WINDOWS\imsins.BAK
2009-11-01 16:35:07 ----D---- C:\WINDOWS\WinSxS
2009-11-01 16:34:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-01 16:32:19 ----SHD---- C:\WINDOWS\Installer
2009-10-31 21:11:49 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2009-10-28 23:42:54 ----RD---- C:\Program Files
2009-10-27 19:10:01 ----A---- C:\WINDOWS\system.ini
2009-10-27 19:01:20 ----D---- C:\WINDOWS\system32\drivers
2009-10-27 19:01:19 ----D---- C:\WINDOWS\AppPatch
2009-10-27 19:01:02 ----D---- C:\Program Files\Common Files
2009-10-24 21:30:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-18 16:56:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-18 15:37:02 ----D---- C:\Program Files\Adobe
2009-10-17 23:27:00 ----D---- C:\WINDOWS\network diagnostic
2009-10-17 19:38:25 ----D---- C:\WINDOWS\system32\wbem
2009-10-14 16:55:14 ----SHD---- C:\System Volume Information
2009-10-14 16:55:14 ----D---- C:\WINDOWS\system32\Restore
2009-10-12 22:25:40 ----D---- C:\WINDOWS\system32\config
2009-10-12 01:49:21 ----RASH---- C:\boot.ini
2009-10-08 19:43:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-08 19:43:05 ----D---- C:\Program Files\HPQ
2009-10-07 10:57:59 ----D---- C:\Program Files\Online Services
2009-10-06 16:52:57 ----D---- C:\WINDOWS\Registration
2009-10-06 16:25:57 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-06 00:43:13 ----D---- C:\Program Files\Outlook Express
2009-10-06 00:37:36 ----D---- C:\Program Files\Messenger
2009-10-05 21:48:31 ----RSD---- C:\WINDOWS\Fonts
2009-10-05 19:06:23 ----D---- C:\WINDOWS\pchealth
2009-10-05 19:01:55 ----A---- C:\WINDOWS\win.ini
2009-10-05 19:01:35 ----D---- C:\Program Files\Common Files\System
2009-10-05 15:14:49 ----D---- C:\Program Files\Windows Media Player
2009-10-05 15:14:39 ----D---- C:\WINDOWS\Help
2009-10-05 14:53:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-05 13:52:02 ----D---- C:\WINDOWS\system32\en-us
2009-10-05 13:51:39 ----D---- C:\WINDOWS\Media
2009-10-05 13:46:49 ----D---- C:\WINDOWS\Debug
2009-10-05 11:57:10 ----D---- C:\WINDOWS\Downloaded Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-24 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-10-24 28424]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-10-26 360584]
R1 bckd;bckd; C:\WINDOWS\system32\drivers\bckd.sys [2009-01-13 72992]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-10-19 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-10-19 25160]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-07-14 1269760]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-11-14 199040]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\MOSHES~1\LOCALS~1\Temp\catchme.sys []
S3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-07-14 380928]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-10-24 285392]
R2 bckwfs;Blue Coat K9 Web Protection; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2009-01-13 1078560]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-10-19 723632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-28 153376]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-05 30192]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


info.txt:

info.txt logfile of random's system information tool 1.06 2009-11-04 12:32:13

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com-->MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Blue CoatŪ K9 Web Protection 4.0.288-->C:\Program Files\Blue Coat K9 Web Protection\uninst.exe
Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
Davar 2.4-->C:\Davar\unins000.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stickies 6.7a-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.7a
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 go.mail.ru
127.0.0.1 nova.rambler.ru
127.0.0.1 google.ad
127.0.0.1 www.google.ad
127.0.0.1 google.ae
127.0.0.1 www.google.ae
127.0.0.1 google.am
127.0.0.1 www.google.am
127.0.0.1 google.com.ar
127.0.0.1 www.google.com.ar

======Security center information======

AV: AVG Anti-Virus Free
FW: COMODO Firewall

======System event log======

Computer Name: MOSHE-COMPAQ
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Record Number: 1751
Source Name: DCOM
Time Written: 20091007173534.000000-240
Event Type: error
User: MOSHE-COMPAQ\Moshe Spira

Computer Name: MOSHE-COMPAQ
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
eabfiltr

Record Number: 1732
Source Name: Service Control Manager
Time Written: 20091007171721.000000-240
Event Type: error
User:

Computer Name: MOSHE-COMPAQ
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
eabfiltr

Record Number: 1710
Source Name: Service Control Manager
Time Written: 20091007160519.000000-240
Event Type: error
User:

Computer Name: MOSHE-COMPAQ
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
eabfiltr

Record Number: 1688
Source Name: Service Control Manager
Time Written: 20091007154110.000000-240
Event Type: error
User:

Computer Name: MOSHE-COMPAQ
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Record Number: 1678
Source Name: DCOM
Time Written: 20091007115306.000000-240
Event Type: error
User: MOSHE-COMPAQ\Moshe Spira

=====Application event log=====

Computer Name: MOSHE-COMPAQ
Event Code: 1002
Message: Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 107
Source Name: Application Hang
Time Written: 20091005145427.000000-240
Event Type: error
User:

Computer Name: MOSHE-COMPAQ
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 88
Source Name: WinMgmt
Time Written: 20091002181830.000000-240
Event Type: warning
User: MOSHE-COMPAQ\Moshe Spira

Computer Name: MOSHE-COMPAQ
Event Code: 1517
Message: Windows saved user MOSHE-COMPAQ\Moshe Spira registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 71
Source Name: Userenv
Time Written: 20091002151248.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MOSHE-COMPAQ
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 60
Source Name: ASP.NET 1.1.4322.0
Time Written: 20091002145200.000000-240
Event Type: warning
User:

Computer Name: MOSHE-COMPAQ
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 45
Source Name: ASP.NET 1.1.4322.0
Time Written: 20091002145034.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Tigger93
Nov 4 2009, 09:51 PM
Please delete this folder:
C:\Qoobox

That log comes back clean. Are you still having any issues?
mcs
Nov 6 2009, 12:53 AM
There are still certain websites that i cant go to. I cant go to bing or google news/images. There may be others but i havent noticed it yet.
Tigger93
Nov 6 2009, 02:36 AM
Let's try to reset your hosts file to see if that helps. If you are currently using a custom hosts file, you'll have to reinstall it after this.

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
mcs
Nov 6 2009, 06:10 AM
When i try and run the program i get an error message stating:

Windows cannot acess the specified device, path, or file. You may not have the appropriate permissions to access the item.

This is funny because I am the administrator and only user of my laptop.
Tigger93
Nov 6 2009, 03:38 PM
Let's try this:

On that file, right-click and select properties. Under the 'General' tab there should be an 'Unblock' button at the bottom. If there is, press that button and try to run the file. Let me know if this works.
mcs
Nov 8 2009, 06:12 AM
I unblocked it but got the same error message when i tried to load it.
Tigger93
Nov 8 2009, 05:37 PM
OK, let's try this instead. You can go ahead and delete HostsXpert.

Download this and run it. It will reset your hosts file back to the original version.

Let me know if this works. smile.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.