Not sure what it is but i have a new problem

Ah thanks. I would've figured that out on my own but i didn't sleep well last night. thank you for your patience.

So now that this guard is off, is my security compromised?

Now while running a virus scan in Avira, browsing runs slowly 8>/

Are there any good alternatives to this software?

Actually avira is still scanning even now and everythign is running really slowly.

Having a scan running in the background will slow things down because it's using the processor.
Stop the scan, see what happens.

OK the scan has finished of its own accord and things are running a bit more smoothly. However while it was running, it was running slower than the computer ever did during a McAfee scan which is ridiculous.

My mom's computer runs Norton, with good results, or at least thats what she said last time i asked her about it. I know miekiemoes says on her blog that Norton is another problem program however in the past I've seen it run very quickly, using very little RAM to do its job. Consumer Reports rates it well.

I"m sure you had a good reason for recommending something else. I'm just wondering what your opinion of Norton and other options is.

I still don't like Avira.

edit: my friends recommend AVG. What is your opinion of that software?

Last edited by spacephrawgg on 10th July 2009, 11:05 pm; edited 1 time in total (Reason for editing : thought of something else to say.)

The latest development I have discovered thanks to my inability to sleep tonight: i can't get the scroll function on my mouse to work now that avira is installed. This software has conspired to make a fool of me!

Hello.
This is getting more weird by the second. An antivirus wouldn't stop the scroll from working.

And it won't let me open Spybot SD!

Lets get a GMER scan.

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

Strangely, I ran a Gmer scan and posted it here and it hasn't shown up. I am in safe mode right now and am unable to get Gmer to scan properly. I'm about to try it in normal mode BRB.

Ok i'm in normal mode and GMER refuses to run properly. It won't let me scan anything. I redownloaded it and it still won't do it. The "scan" button will not respond to input.

this just in: Avira keeps blocking "IP packet 192.168.1.4." What is this all about?

Last edited by spacephrawgg on 12th July 2009, 9:44 pm; edited 3 times in total (Reason for editing : thought of something else to say)

Should I just start a new thread about this since the problem seems to have changed?

See if you can run ComboFix:

• Download combofix from here
  Link 1
  Link 2
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

When it told me it was composing the log, it told me not to run any programs at that time but i have several programs set to run at start up that went on anyway. I rushed to close them all but they were open for a short time during the log-writing process. When it opened the .txt. thing for me to see, the thing froze so i had to restart. Now i have the results. I hope they aren't tainted:

(part 1)

ComboFix 09-07-13.01 - Jon 07/13/2009 19:35.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.668 [GMT -4:00]
Running from: c:\program files\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jon\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\Installer\28b0eac1.msi
c:\windows\Installer\29276.msi
c:\windows\Installer\3d4da.msi
c:\windows\Installer\8d22.msi
c:\windows\Installer\9f800e2.msi
c:\windows\Installer\b9ec0.msi
c:\windows\system32\bszip.dll
c:\windows\system32\onXacccf.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 23:02 . 2009-07-13 23:03 3121979 ----a-r- c:\program files\ComboFix.exe
2009-07-12 15:52 . 2009-07-12 15:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Avira
2009-07-12 15:18 . 2009-07-12 15:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-12 15:18 . 2009-07-12 15:18 286208 ----a-w- c:\program files\xchu70db.exe
2009-07-11 17:51 . 2009-07-11 17:51 286208 ----a-w- c:\program files\ttpvp7mx.exe
2009-07-10 17:24 . 2009-07-10 17:24 -------- d-----w- c:\program files\Common Files\Application
2009-07-10 17:24 . 2009-07-13 23:46 -------- d-----w- c:\program files\SPAMfighter
2009-07-10 17:21 . 2009-07-10 17:21 -------- d-----w- c:\documents and settings\Jon\Application Data\SPAMfighter
2009-07-10 17:20 . 2009-07-10 17:20 1761720 ----a-w- c:\program files\spamfighter_web.exe
2009-07-10 16:31 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-10 16:31 . 2009-05-08 18:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-10 16:31 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-10 16:31 . 2009-02-24 17:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-10 16:31 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-10 16:31 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\program files\Avira
2009-07-10 16:14 . 2009-07-10 16:17 37013648 ----a-w- c:\program files\avira_premium_security_suite_en.exe
2009-07-07 02:52 . 2009-07-07 02:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Amazon
2009-07-07 02:51 . 2009-07-07 02:51 606168 ----a-w- c:\program files\AmazonMP3Installer.exe
2009-07-05 21:35 . 2009-07-09 22:55 -------- d-----w- c:\program files\backups
2009-07-04 00:02 . 2009-07-04 00:02 401720 ----a-w- c:\program files\HiJack(GP)This.exe
2009-07-03 23:49 . 2009-07-03 23:49 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-03 20:41 . 2009-07-03 20:41 -------- d-----w- c:\program files\Common Files\Voyetra
2009-07-03 20:35 . 2008-12-05 03:46 278528 ----a-w- c:\windows\system32\CM102rm.exe
2009-07-03 20:35 . 2006-03-21 09:28 32768 ----a-w- c:\windows\system32\c102prop.dll
2009-07-03 20:33 . 2008-10-30 18:44 1522176 ----a-w- c:\windows\system32\drivers\CM102.sys
2009-07-03 20:33 . 2008-10-13 04:43 319488 ----a-w- c:\windows\Cmi102Uninstall.exe
2009-07-03 20:33 . 2004-04-14 14:28 315392 ----a-w- c:\windows\system\Fltr102.dll
2009-07-03 20:33 . 2009-07-03 20:33 -------- d-----w- c:\program files\Turtle Beach
2009-06-30 02:08 . 2009-05-27 02:29 156160 ----a-w- c:\program files\JavaRa.exe
2009-06-29 00:08 . 2009-06-29 00:08 -------- d-----w- c:\program files\CONEXANT
2009-06-27 18:52 . 2009-07-13 19:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 18:51 . 2009-07-12 22:00 -------- d-----w- c:\program files\Norton Security Scan
2009-06-27 15:50 . 2009-06-27 15:50 -------- d-----w- c:\windows\system32\Adobe
2009-06-27 15:49 . 2009-06-27 15:50 8524280 ----a-w- c:\program files\Shockwave_Installer_Full.exe
2009-06-21 01:39 . 2009-06-21 01:40 10995608 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative CD Burner Plugin 5.01.44 for Creative MediaSource 5 Player_Organizer__\CMS5_BRNR_PCAPP_LB_5_01_44.exe
2009-06-21 01:03 . 2009-06-21 01:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-21 00:39 . 2009-06-21 00:40 7811800 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative System Information for Sound Blaster X-Fi Go!1.10.13__\SBXG_CSI_PCApp_LB_1_10_13.exe
2009-06-21 00:35 . 2009-06-21 00:39 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-06-21 00:31 . 2009-06-21 00:35 33609328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Karaoke Player for Creative Sound Blaster X-Fi Go!2.10.05__\SBXG_Kplay_PCApp_LB_2_10_05.exe
2009-06-21 00:28 . 2009-06-21 00:31 21636176 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Volume Panel for Creative Sound Blaster X-Fi Go!2.20.70__\SBXG_VolPanel_PCApp_LB_2_20_70.exe
2009-06-21 00:27 . 2009-06-21 00:28 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-06-21 00:23 . 2009-06-21 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-06-21 00:18 . 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
2009-06-21 00:16 . 2009-06-21 00:16 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-21 00:16 . 2009-06-21 00:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-21 00:12 . 2008-10-30 22:15 189952 ----a-w- c:\windows\system32\KSXPPI32.dll
2009-06-21 00:12 . 2007-12-11 22:47 23292 ----a-w- c:\windows\ksaudENG.reg
2009-06-21 00:12 . 2007-07-05 14:27 2630 ----a-w- c:\windows\MixerName.reg
2009-06-21 00:12 . 2008-11-06 22:41 7556 ----a-w- c:\windows\system32\MixerDefaultXP.reg
2009-06-21 00:12 . 2008-08-29 03:02 3556 ----a-w- c:\windows\system32\DeviceDefaultsXP.reg
2009-06-21 00:11 . 2009-06-21 00:11 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-06-21 00:09 . 2009-06-27 15:46 -------- d-----w- c:\program files\Creative
2009-06-20 23:58 . 2009-06-20 23:58 -------- d-----w- c:\program files\SB FX-Go
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 22:54 . 2008-11-07 01:00 -------- d-----w- c:\program files\trillian
2009-07-13 04:53 . 2008-06-30 10:37 -------- d-----w- c:\documents and settings\Jon\Application Data\BitTorrent
2009-07-10 16:40 . 2007-08-07 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 16:40 . 2005-08-02 21:19 -------- d-----w- c:\program files\McAfee.com
2009-07-09 16:35 . 2009-07-04 00:04 9477 ----a-w- c:\program files\hijackthis.log
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 14:15 . 2005-08-31 00:27 -------- d-----w- c:\documents and settings\Jon\Application Data\WeatherBug
2009-07-07 01:50 . 2005-08-23 02:12 -------- d-----w- c:\program files\Real
2009-07-05 21:34 . 2008-06-30 10:37 -------- d-----w- c:\documents and settings\Jon\Application Data\DNA
2009-07-04 23:07 . 2009-07-04 23:07 14297 ----a-w- c:\program files\hijackthis July04_09_1.log
2009-07-04 21:32 . 2008-06-30 10:37 -------- d-----w- c:\program files\DNA
2009-07-04 21:32 . 2009-02-09 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-04 14:17 . 2009-07-04 14:17 14793 ----a-w- c:\program files\hijackthis July4_09.log
2009-07-04 03:01 . 2009-02-09 00:23 -------- d-----w- c:\program files\NOS
2009-07-04 00:06 . 2009-07-04 00:06 14845 ----a-w- c:\program files\hijackthis July3_09.log
2009-07-03 20:09 . 2005-08-02 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 03:45 . 2005-08-25 01:35 -------- d-----w- c:\program files\Juno
2009-06-27 18:54 . 2006-11-27 02:35 730256 ----a-w- c:\program files\wpsetup.exe
2009-06-27 15:55 . 2008-10-07 14:56 -------- d-----w- c:\program files\yahoo messenger
2009-06-27 15:48 . 2009-02-08 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 01:29 . 2008-09-07 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-21 01:19 . 2005-08-24 03:55 -------- d-----w- c:\program files\iTunes
2009-06-21 01:18 . 2007-03-17 18:55 -------- d-----w- c:\program files\iPod
2009-06-21 01:18 . 2007-11-30 17:28 -------- d-----w- c:\program files\Common Files\Apple
2009-06-21 01:13 . 2005-11-13 07:14 -------- d-----w- c:\program files\QuickTime
2009-06-17 15:27 . 2009-02-08 17:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-02-08 17:34 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 04:19 . 2009-02-10 18:35 -------- d-----w- c:\program files\Java
2009-06-10 04:11 . 2009-06-10 04:11 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-23 00:53 . 2009-06-30 02:08 245103 ----a-w- c:\program files\JavaRa.def
2009-05-21 15:33 . 2009-02-08 23:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 15:34 . 2009-05-12 15:33 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-12 15:32 . 2009-05-12 15:32 1914000 ----a-w- c:\program files\install_flash_player_10_active_x.exe
2009-05-10 17:00 . 2009-02-08 17:31 2967800 ----a-w- c:\program files\mbam-setup.exe
2009-04-19 01:01 . 2009-04-19 01:01 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-13 17:41 . 2009-03-13 17:41 10427840 ----a-w- c:\program files\Vuze_Installer.exe
2009-03-12 01:51 . 2009-03-12 01:51 831757 ----a-w- c:\program files\graphic-converter.exe
2009-03-12 01:23 . 2009-03-12 01:23 1074244 ----a-w- c:\program files\capture.exe
2009-03-01 16:32 . 2009-03-01 16:32 1878888 ----a-w- c:\program files\install_flash_player_10.exe
2009-02-10 18:26 . 2009-02-10 18:25 607640 ----a-w- c:\program files\jxpiinstall-6u12-fcs-bin-b04-windows-i586-17_jan_2009.exe
2009-02-10 17:41 . 2009-02-10 17:39 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-02-09 01:29 . 2009-02-09 01:29 298096 ----a-w- c:\program files\desktopsp2_StubInstaller.exe
2009-02-09 00:56 . 2009-02-09 00:56 156034 ----a-w- c:\program files\FHSetup.exe
2009-02-09 00:55 . 2009-02-09 00:55 292352 ----a-w- c:\program files\STOPzilla_Setup.exe
2009-02-08 17:30 . 2009-02-08 17:30 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2009-02-07 18:51 . 2009-02-07 18:51 368961 ----a-w- c:\program files\dds.com
2009-02-07 18:49 . 2009-02-07 18:49 2062665 ----a-w- c:\program files\spywareguardsetup.exe
2008-07-18 11:24 . 2008-07-18 11:24 3518422 ----a-w- c:\program files\flvplayer_setup.exe
2008-06-30 09:16 . 2008-06-30 09:14 23510720 ----a-w- c:\program files\dotnetfx.exe
2008-06-30 09:15 . 2008-06-30 09:15 1427520 ----a-w- c:\program files\Silverlight.exe
2008-06-19 20:29 . 2009-06-30 02:08 17987 ----a-w- c:\program files\gpl-2.0.txt
2008-02-27 13:28 . 2005-11-07 02:43 1491592 ----a-w- c:\program files\install_flash_player.exe
2008-01-28 11:45 . 2008-01-28 11:44 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-01-03 00:25 . 2008-01-03 00:25 6876336 ----a-w- c:\program files\RecoverMyFiles-Setup.exe
2007-04-12 06:45 . 2007-04-12 06:45 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-02-27 04:23 . 2007-02-27 04:22 3782589 ----a-w- c:\program files\LastFM_Win_1.1.3.0.exe
2007-02-26 11:00 . 2007-02-26 11:01 3537447 ----a-w- c:\program files\MP3Rocket-Win.exe
2007-02-19 07:16 . 2007-02-19 07:16 3428033 ----a-w- c:\program files\iMP3Tunes-Win.exe
2006-10-15 02:42 . 2006-10-15 02:40 8799656 ----a-w- c:\program files\Azureus_2.5.0.0_Win32.setup.exe
2006-10-15 02:37 . 2006-10-15 02:36 8963034 ----a-w- c:\program files\Azureus_2.5.0.0_OSX.dmg
2005-11-22 06:21 . 2005-11-22 06:21 1508 ----a-w- c:\program files\uninstal.log
2005-09-05 19:16 . 2005-09-05 19:16 353888 ----a-w- c:\program files\LimeWireWin.exe
2005-08-25 04:04 . 2005-08-25 04:04 488032 ----a-w- c:\program files\PopUpStopper.exe
2005-08-25 04:00 . 2005-08-25 03:59 4436776 ----a-w- c:\program files\SuperAdBlocker.exe
2005-08-24 03:53 . 2005-08-24 03:52 22040920 ----a-w- c:\program files\iTunesSetup.exe
2005-08-24 00:27 . 2005-08-24 00:27 2855080 ----a-w- c:\program files\aawsepersonal.exe
2005-08-23 19:02 . 2005-08-23 19:02 323072 ----a-w- c:\program files\ScreenShotSetup.msi
2002-05-21 15:00 . 2002-05-21 15:00 1362 ----a-r- c:\program files\ReadMe.txt
2009-06-21 00:26 . 2008-06-18 13:32 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2004-05-07 19:31 . 2005-10-12 22:12 348160 ----a-w- c:\program files\mozilla firefox\components\MSVCR71.DLL
2005-10-10 05:00 . 2005-10-12 22:12 139264 ----a-w- c:\program files\mozilla firefox\components\SABFF.DLL
.

part 2:


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-27 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"Turtle Beach Audio Advantage Micro"="c:\program files\Turtle Beach\AudioAdvantageMicro\TBAA.exe" [2007-02-15 1650688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-06-19 333960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon]
2005-10-10 05:00 143360 ----a-w- c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [7/10/2009 12:31 PM 97608]
R1 SABDIFSV;SABDIFSV;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [10/10/2005 1:00 AM 5632]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [7/10/2009 12:31 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/10/2009 12:31 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2009 12:31 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/10/2009 12:31 PM 434945]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [6/19/2009 10:08 AM 189064]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [7/10/2009 12:31 PM 69632]
R3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM102.sys [7/3/2009 4:33 PM 1522176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/20/2009 8:11 PM 79360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [12/1/2008 6:33 PM 768256]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [10/24/2008 6:27 PM 1830912]
S3 PWIPENUM;PWIPENUM;\??\c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS --> c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005Core.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005UA.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-12 c:\windows\Tasks\Norton Security Scan for Jon.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 21:20]

2009-07-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\viz2txmf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\SABFF.DLL
FF - plugin: c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 19:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1296)
c:\windows\system32\Ati2evxx.dll
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1360)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(628)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\SpywareGuard\dlprotect.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\WLTRAY.EXE
c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-07-13 20:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-14 00:03

Pre-Run: 4,941,918,208 bytes free
Post-Run: 4,816,863,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

342 --- E O F --- 2009-04-30 07:02
REGEDIT4

meanwhile, firefox is running really slowly. Avira (i keep wanting to say Elvira) gave me a popup that said "avira has blocked a FF popup while in game mode. Always block FF popups?" and i clicked yes. But what if I want to undo that? how do I do it?

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\d3d9caps.dat
c:\program files\xchu70db.exe
c:\program files\ttpvp7mx.exe
c:\program files\Azureus_2.5.0.0_Win32.setup.exe
c:\program files\Azureus_2.5.0.0_OSX.dmg
c:\program files\LimeWireWin.exe

Folder::
c:\documents and settings\Jon\Application Data\BitTorrent
c:\documents and settings\Jon\Application Data\DNA
c:\program files\DNA

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Firefox::
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.




Also Please run a Malwarebytes quick scan and post the log back here.

The resulting log, part1:

ComboFix 09-07-13.01 - Jon 07/13/2009 21:04.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.614 [GMT -4:00]
Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jon\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FILE ::
"c:\program files\Azureus_2.5.0.0_OSX.dmg"
"c:\program files\Azureus_2.5.0.0_Win32.setup.exe"
"c:\program files\LimeWireWin.exe"
"c:\program files\ttpvp7mx.exe"
"c:\program files\xchu70db.exe"
"c:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jon\Application Data\BitTorrent
c:\documents and settings\Jon\Application Data\BitTorrent\!!! (chk chk chk) - Myth Takes [2007.DANCE].LokoTorrents.com.By KELOLO.zip.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\2007 Cracked Pepper.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\310 To Yuma.rar.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Aion_The_Tower_Of_Eternity_OST.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Ben_Folds-Way_To_Normal-2008-BENFOLDS.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big Wet Asses 11 - Julia Bond.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big wet asses 5.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big Wet Asses 7.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big Wet Asses 8[2CDs][Dvd-Rip][www.zonatorrent.com].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big.Wet.Asses.11.XXX.[DVDRIP][WwW.LoKoTorrents.CoM].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big.Wet.Asses.13.XXX.DVDRip.XviD-FLESHLiGHT.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\Jon\Application Data\BitTorrent\Blockhead - Music By Cavelight - 2004.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Brianna Love - Ass Worship 10.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\brianna_love_BWB.wmv.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\DAMNATUS_Soundtrack.zip.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\dana dearmond - big wet asses 10.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\dht.dat
c:\documents and settings\Jon\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\Dune.(Expanded).1CD.1984.Soundtrack.[WmC].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Explosions in the Sky - All of a Sudden I Miss Everyone (2007).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Explosions In The Sky.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Fever Ray - 2009 - Fever Ray.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Fever Ray - Seven (RealDaniel Remix) 2009.MP3.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Futurama Benders Game (2008) DVDRip Occor.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Futurama The Beast with a Billion Backs (2008) [Alfeel].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Hybrid - Soundsystem 01 (2008) (MP3-EAC-320kBs).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Justice - Cross (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Kasabian-West_Ryder_Pauper_Lunatic_Asylum-2009-DV8.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Kasabian West Ryder Pauper Lunatic Asylum 1CD.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Ladytron-Velocifero (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\ORIGA.-.Aurora-2005-[py].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Pearl Jam.Vitalogy.1994.MP3@320.NeRoZ.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\resume.dat
c:\documents and settings\Jon\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\Rockabye Baby Lullaby Renditions of Nine Inch Nails.1.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Rodrigo y Gabriela - Discography 2003-2006.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\rss.dat
c:\documents and settings\Jon\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\settings.dat
c:\documents and settings\Jon\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\SIMIAN MOBILE DISCO - Attack, Decay, Sustain, Release (2007 - MP3 192 Kbps) by Musicanarias.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Simian_Mobile_Disco-Sample_And_Hold_(Attack_Decay_Sustain_Release_Remixed)-(Advance)-2008-WiCHiTA.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Soundtrack - (Batman Begins).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Star Trek 01-10 Soundtrack Complete.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The Dark Knight - OST.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The Mission (UK) - ADDON.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The mission UK.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The Presets - Apocalypso.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - [11x03] - 2008.07.06 [ANGELiC].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - [13x03] - 2009.07.05 [RiVER].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - [13x04] - 2009.07.12 [FoV].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - sub zero driving anthems - 2cd's (split trakcs +covers).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear 13x01 S13E01 SUB ITA - GM.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S09E01 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S10 - Soundtrack Update Pack II.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S11E02 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S11E03 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S11E06 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S13E01 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S13E02 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top.Gear.S13E02.WS.PDTV.XviD-RiVER.torrent
c:\documents and settings\Jon\Application Data\DNA
c:\documents and settings\Jon\Application Data\DNA\dht.dat
c:\documents and settings\Jon\Application Data\DNA\dht.dat.old
c:\documents and settings\Jon\Application Data\DNA\dna.lng
c:\documents and settings\Jon\Application Data\DNA\resume.dat
c:\documents and settings\Jon\Application Data\DNA\resume.dat.old
c:\documents and settings\Jon\Application Data\DNA\rss.dat
c:\documents and settings\Jon\Application Data\DNA\rss.dat.old
c:\documents and settings\Jon\Application Data\DNA\settings.dat
c:\documents and settings\Jon\Application Data\DNA\settings.dat.old
c:\program files\Azureus_2.5.0.0_OSX.dmg
c:\program files\Azureus_2.5.0.0_Win32.setup.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWireWin.exe
c:\program files\ttpvp7mx.exe
c:\program files\xchu70db.exe
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-12 15:52 . 2009-07-12 15:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Avira
2009-07-10 17:24 . 2009-07-10 17:24 -------- d-----w- c:\program files\Common Files\Application
2009-07-10 17:24 . 2009-07-14 00:17 -------- d-----w- c:\program files\SPAMfighter
2009-07-10 17:21 . 2009-07-10 17:21 -------- d-----w- c:\documents and settings\Jon\Application Data\SPAMfighter
2009-07-10 17:20 . 2009-07-10 17:20 1761720 ----a-w- c:\program files\spamfighter_web.exe
2009-07-10 16:31 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-10 16:31 . 2009-05-08 18:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-10 16:31 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-10 16:31 . 2009-02-24 17:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-10 16:31 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-10 16:31 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\program files\Avira
2009-07-10 16:14 . 2009-07-10 16:17 37013648 ----a-w- c:\program files\avira_premium_security_suite_en.exe
2009-07-07 02:52 . 2009-07-07 02:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Amazon
2009-07-07 02:51 . 2009-07-07 02:51 606168 ----a-w- c:\program files\AmazonMP3Installer.exe
2009-07-05 21:35 . 2009-07-09 22:55 -------- d-----w- c:\program files\backups
2009-07-04 00:02 . 2009-07-04 00:02 401720 ----a-w- c:\program files\HiJack(GP)This.exe
2009-07-03 23:49 . 2009-07-03 23:49 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-03 20:41 . 2009-07-03 20:41 -------- d-----w- c:\program files\Common Files\Voyetra
2009-07-03 20:35 . 2008-12-05 03:46 278528 ----a-w- c:\windows\system32\CM102rm.exe
2009-07-03 20:35 . 2006-03-21 09:28 32768 ----a-w- c:\windows\system32\c102prop.dll
2009-07-03 20:33 . 2008-10-30 18:44 1522176 ----a-w- c:\windows\system32\drivers\CM102.sys
2009-07-03 20:33 . 2008-10-13 04:43 319488 ----a-w- c:\windows\Cmi102Uninstall.exe
2009-07-03 20:33 . 2004-04-14 14:28 315392 ----a-w- c:\windows\system\Fltr102.dll
2009-07-03 20:33 . 2009-07-03 20:33 -------- d-----w- c:\program files\Turtle Beach
2009-06-30 02:08 . 2009-05-27 02:29 156160 ----a-w- c:\program files\JavaRa.exe
2009-06-29 00:08 . 2009-06-29 00:08 -------- d-----w- c:\program files\CONEXANT
2009-06-27 18:52 . 2009-07-13 19:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 18:51 . 2009-07-12 22:00 -------- d-----w- c:\program files\Norton Security Scan
2009-06-27 15:50 . 2009-06-27 15:50 -------- d-----w- c:\windows\system32\Adobe
2009-06-27 15:49 . 2009-06-27 15:50 8524280 ----a-w- c:\program files\Shockwave_Installer_Full.exe
2009-06-21 01:39 . 2009-06-21 01:40 10995608 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative CD Burner Plugin 5.01.44 for Creative MediaSource 5 Player_Organizer__\CMS5_BRNR_PCAPP_LB_5_01_44.exe
2009-06-21 01:03 . 2009-06-21 01:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-21 00:39 . 2009-06-21 00:40 7811800 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative System Information for Sound Blaster X-Fi Go!1.10.13__\SBXG_CSI_PCApp_LB_1_10_13.exe
2009-06-21 00:35 . 2009-06-21 00:39 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-06-21 00:31 . 2009-06-21 00:35 33609328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Karaoke Player for Creative Sound Blaster X-Fi Go!2.10.05__\SBXG_Kplay_PCApp_LB_2_10_05.exe
2009-06-21 00:28 . 2009-06-21 00:31 21636176 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Volume Panel for Creative Sound Blaster X-Fi Go!2.20.70__\SBXG_VolPanel_PCApp_LB_2_20_70.exe
2009-06-21 00:27 . 2009-06-21 00:28 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-06-21 00:23 . 2009-06-21 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-06-21 00:18 . 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
2009-06-21 00:16 . 2009-06-21 00:16 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-21 00:16 . 2009-06-21 00:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-21 00:12 . 2008-10-30 22:15 189952 ----a-w- c:\windows\system32\KSXPPI32.dll
2009-06-21 00:12 . 2007-12-11 22:47 23292 ----a-w- c:\windows\ksaudENG.reg
2009-06-21 00:12 . 2007-07-05 14:27 2630 ----a-w- c:\windows\MixerName.reg
2009-06-21 00:12 . 2008-11-06 22:41 7556 ----a-w- c:\windows\system32\MixerDefaultXP.reg
2009-06-21 00:12 . 2008-08-29 03:02 3556 ----a-w- c:\windows\system32\DeviceDefaultsXP.reg
2009-06-21 00:11 . 2009-06-21 00:11 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-06-21 00:09 . 2009-06-27 15:46 -------- d-----w- c:\program files\Creative
2009-06-20 23:58 . 2009-06-20 23:58 -------- d-----w- c:\program files\SB FX-Go
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

the resulting log, part2:

2009-07-13 22:54 . 2008-11-07 01:00 -------- d-----w- c:\program files\trillian
2009-07-10 16:40 . 2007-08-07 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 16:40 . 2005-08-02 21:19 -------- d-----w- c:\program files\McAfee.com
2009-07-09 16:35 . 2009-07-04 00:04 9477 ----a-w- c:\program files\hijackthis.log
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 14:15 . 2005-08-31 00:27 -------- d-----w- c:\documents and settings\Jon\Application Data\WeatherBug
2009-07-07 01:50 . 2005-08-23 02:12 -------- d-----w- c:\program files\Real
2009-07-04 23:07 . 2009-07-04 23:07 14297 ----a-w- c:\program files\hijackthis July04_09_1.log
2009-07-04 21:32 . 2009-02-09 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-04 14:17 . 2009-07-04 14:17 14793 ----a-w- c:\program files\hijackthis July4_09.log
2009-07-04 03:01 . 2009-02-09 00:23 -------- d-----w- c:\program files\NOS
2009-07-04 00:06 . 2009-07-04 00:06 14845 ----a-w- c:\program files\hijackthis July3_09.log
2009-07-03 20:09 . 2005-08-02 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 03:45 . 2005-08-25 01:35 -------- d-----w- c:\program files\Juno
2009-06-27 18:54 . 2006-11-27 02:35 730256 ----a-w- c:\program files\wpsetup.exe
2009-06-27 15:55 . 2008-10-07 14:56 -------- d-----w- c:\program files\yahoo messenger
2009-06-27 15:48 . 2009-02-08 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 01:29 . 2008-09-07 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-21 01:19 . 2005-08-24 03:55 -------- d-----w- c:\program files\iTunes
2009-06-21 01:18 . 2007-03-17 18:55 -------- d-----w- c:\program files\iPod
2009-06-21 01:18 . 2007-11-30 17:28 -------- d-----w- c:\program files\Common Files\Apple
2009-06-21 01:13 . 2005-11-13 07:14 -------- d-----w- c:\program files\QuickTime
2009-06-17 15:27 . 2009-02-08 17:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-02-08 17:34 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 04:19 . 2009-02-10 18:35 -------- d-----w- c:\program files\Java
2009-06-10 04:11 . 2009-06-10 04:11 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-23 00:53 . 2009-06-30 02:08 245103 ----a-w- c:\program files\JavaRa.def
2009-05-21 15:33 . 2009-02-08 23:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 15:34 . 2009-05-12 15:33 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-12 15:32 . 2009-05-12 15:32 1914000 ----a-w- c:\program files\install_flash_player_10_active_x.exe
2009-05-10 17:00 . 2009-02-08 17:31 2967800 ----a-w- c:\program files\mbam-setup.exe
2009-04-19 01:01 . 2009-04-19 01:01 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-13 17:41 . 2009-03-13 17:41 10427840 ----a-w- c:\program files\Vuze_Installer.exe
2009-03-12 01:51 . 2009-03-12 01:51 831757 ----a-w- c:\program files\graphic-converter.exe
2009-03-12 01:23 . 2009-03-12 01:23 1074244 ----a-w- c:\program files\capture.exe
2009-03-01 16:32 . 2009-03-01 16:32 1878888 ----a-w- c:\program files\install_flash_player_10.exe
2009-02-10 18:26 . 2009-02-10 18:25 607640 ----a-w- c:\program files\jxpiinstall-6u12-fcs-bin-b04-windows-i586-17_jan_2009.exe
2009-02-10 17:41 . 2009-02-10 17:39 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-02-09 01:29 . 2009-02-09 01:29 298096 ----a-w- c:\program files\desktopsp2_StubInstaller.exe
2009-02-09 00:56 . 2009-02-09 00:56 156034 ----a-w- c:\program files\FHSetup.exe
2009-02-09 00:55 . 2009-02-09 00:55 292352 ----a-w- c:\program files\STOPzilla_Setup.exe
2009-02-08 17:30 . 2009-02-08 17:30 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2009-02-07 18:51 . 2009-02-07 18:51 368961 ----a-w- c:\program files\dds.com
2009-02-07 18:49 . 2009-02-07 18:49 2062665 ----a-w- c:\program files\spywareguardsetup.exe
2008-07-18 11:24 . 2008-07-18 11:24 3518422 ----a-w- c:\program files\flvplayer_setup.exe
2008-06-30 09:16 . 2008-06-30 09:14 23510720 ----a-w- c:\program files\dotnetfx.exe
2008-06-30 09:15 . 2008-06-30 09:15 1427520 ----a-w- c:\program files\Silverlight.exe
2008-06-19 20:29 . 2009-06-30 02:08 17987 ----a-w- c:\program files\gpl-2.0.txt
2008-02-27 13:28 . 2005-11-07 02:43 1491592 ----a-w- c:\program files\install_flash_player.exe
2008-01-28 11:45 . 2008-01-28 11:44 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-01-03 00:25 . 2008-01-03 00:25 6876336 ----a-w- c:\program files\RecoverMyFiles-Setup.exe
2007-04-12 06:45 . 2007-04-12 06:45 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-02-27 04:23 . 2007-02-27 04:22 3782589 ----a-w- c:\program files\LastFM_Win_1.1.3.0.exe
2007-02-26 11:00 . 2007-02-26 11:01 3537447 ----a-w- c:\program files\MP3Rocket-Win.exe
2007-02-19 07:16 . 2007-02-19 07:16 3428033 ----a-w- c:\program files\iMP3Tunes-Win.exe
2005-11-22 06:21 . 2005-11-22 06:21 1508 ----a-w- c:\program files\uninstal.log
2005-08-25 04:04 . 2005-08-25 04:04 488032 ----a-w- c:\program files\PopUpStopper.exe
2005-08-25 04:00 . 2005-08-25 03:59 4436776 ----a-w- c:\program files\SuperAdBlocker.exe
2005-08-24 03:53 . 2005-08-24 03:52 22040920 ----a-w- c:\program files\iTunesSetup.exe
2005-08-24 00:27 . 2005-08-24 00:27 2855080 ----a-w- c:\program files\aawsepersonal.exe
2005-08-23 19:02 . 2005-08-23 19:02 323072 ----a-w- c:\program files\ScreenShotSetup.msi
2002-05-21 15:00 . 2002-05-21 15:00 1362 ----a-r- c:\program files\ReadMe.txt
2009-06-21 00:26 . 2008-06-18 13:32 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2004-05-07 19:31 . 2005-10-12 22:12 348160 ----a-w- c:\program files\mozilla firefox\components\MSVCR71.DLL
2005-10-10 05:00 . 2005-10-12 22:12 139264 ----a-w- c:\program files\mozilla firefox\components\SABFF.DLL
.

((((((((((((((((((((((((((((( SnapShot@2009-07-13_23.47.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 00:15 . 2009-07-14 00:15 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat
+ 2009-07-14 00:15 . 2009-07-14 00:15 16384 c:\windows\Temp\Perflib_Perfdata_228.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-27 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"Turtle Beach Audio Advantage Micro"="c:\program files\Turtle Beach\AudioAdvantageMicro\TBAA.exe" [2007-02-15 1650688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-06-19 333960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon]
2005-10-10 05:00 143360 ----a-w- c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

the resulting log part3:


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [7/10/2009 12:31 PM 97608]
R1 SABDIFSV;SABDIFSV;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [10/10/2005 1:00 AM 5632]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [7/10/2009 12:31 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/10/2009 12:31 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2009 12:31 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/10/2009 12:31 PM 434945]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [6/19/2009 10:08 AM 189064]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [7/10/2009 12:31 PM 69632]
R3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM102.sys [7/3/2009 4:33 PM 1522176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/20/2009 8:11 PM 79360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [12/1/2008 6:33 PM 768256]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [10/24/2008 6:27 PM 1830912]
S3 PWIPENUM;PWIPENUM;\??\c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS --> c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005Core.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005UA.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-12 c:\windows\Tasks\Norton Security Scan for Jon.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 21:20]

2009-07-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\viz2txmf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\SABFF.DLL
FF - plugin: c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 21:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1368)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-07-14 21:20
ComboFix-quarantined-files.txt 2009-07-14 01:18
ComboFix2.txt 2009-07-14 00:04

Pre-Run: 4,829,319,168 bytes free
Post-Run: 4,775,862,272 bytes free

370 --- E O F --- 2009-04-30 07:02

and here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.38
Database version: 2401
Windows 5.1.2600 Service Pack 3

7/13/2009 9:36:41 PM
mbam-log-2009-07-13 (21-36-41).txt

Scan type: Quick Scan
Objects scanned: 101822
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

How is the machine running?

Things are running more smoothly. Firefox still takes a good three or so minutes to start when i tell it to and i have a lot of benign things that run at start up that i dont want to and i don't know how to tell them not to. Things like Weatherbug, AIM, and an alert about getting "Windows Genuine Advantage" that i can't be sure is legit or will help or hinder my PC use.

Spybot SD now loads properly though.

I am concerned that Avira may block popups that i want to come up. How do i tell it not to block them?

Thank you for staying up this late to help me by the way.

I see please do the following:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  

here's the GooredFX.txt:

GooredFix by jpshortstuff (12.07.09)
Log created at 23:24 on 13/07/2009 (Jon)
Firefox version 3.0.11 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:55 23/08/2005]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [06:43 21/05/2007]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [18:37 10/02/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [01:30 19/04/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [04:20 10/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:36 10/02/2009]

-=E.O.F=-

it came up so quickly. I don't know how it was able to do a scan in that time.

New problems: I had to reinstall the software for my USB sound card and after that, I couldn't use the adress bar for firefox even if I turned the "guard" off on avira. So i restarted and thats ok now but I forgot to mention, for several years now, Firefox won't open if any of the following are already open: anything that connects to the internet, including itunes, instant messenger, anything in MS Office, Weatherbug; any windows explorer windows or related things. If they're open and i try to open FF, it gives me a popup alert that says "FF is already open. Please close it and retry opening it" or something like that that makes more verbal sense but means the same thing. 99 times out of 100, if I close everything else that i mentioned and then reopen FF its ok but once in a while it still won't do it.

Also, as I think i mentioned before, FF takes a very long time to open up. Actually so does IE. This didn't used to be the case but its been like this for years and I just got used to it. What could be causing this?

Oh yes forgot to mention, the last scan seemed to have messed up my prefered bittorrent program. For all I know this is for the best but now how do I get torrents? Am I SOL as far as that is concerned or are there better programs for it that won't mess me up?

edit: I reinstalled bittorrent, found that it slowed things, and then uninstalled it and things are better again. What bittorrent software would be better?

Last edited by spacephrawgg on 14th July 2009, 3:21 pm; edited 1 time in total (Reason for editing : thought of something else to say)

We don't recommend any kind of torrent software, any kind of P2P is dangerous.

Hello, unless you remove all torrent clients from your computer we can not help you as torrents usually come with malware.

I have removed all of the stoftware. There are things that I periodically like to download. If I made a project of only having one of these softwares installed for a short ammount of time on my system and then uninstalling it afterwords, since I only use these things maybe once a month, and periodically clean the crap that comes with out of the computer, I should be ok, yes?

well not really, depending on what you download you can get infected again.

Well crap. I don't suppose it would be appropriate to ask for help with that periodically would it....? Nuts.

So what do I do next to fix the computer?

Please post a new HijackThis log.

there you go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:22 PM, on 7/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trillian\trillian.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jon\My Documents\My Music\My Music\Shared Limewire stuff\Amazon MP3 downloads\AmazonMP3Downloader.exe
C:\Program Files\Quick Screen Capture\Capture.exe
C:\Program Files\HiJack(GP)This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Micro] "C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124759300106
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10270 bytes

Done. Will I be able to use Weatherbug and Aim6 after having done that or are they dead now?

Since the ComboFX scan, when I am using Trillian, my preferred instant messaging software, when i click a link in a dialog window, it now only opens thiat link in Internet Explorer. It used to do it in Firefox and I wanted it to. I don't know how to change it back. Why would the scan have caused that change? Is there any way to undo it?

Hello.
That's just the default browser.

Open Firefox as normal, does it have a little popup that says checking your default browser?

Ah very good. Meanwhile things are periodically still running a little slowly. are there any other scans I can do?

Hello.
Uninstall Spybot/SpamFIGHTER/Winpatrol.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Micro] "C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe"
  O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Install Spybot again now if you would like.

The scan did not show these:

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

or

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp


also before I completed the uninstallation of Spybot, it gave me a warning saying that all the changes made with Spybot during my use of it would be undone if i uninstalled it. After the obligatory restart, things were running very much more slowly. What should I do?

Can I/should I run a malwarebytes scan to clean up what was undone by the uninstallation of Spybot? I am having trouble reinstalling Spybot. THe installation wizard froze on me.

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
  
• The program will then begin downloading and installing and will also update the database.
  
• Please be patient as this can take several minutes.
  
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Click View scan report at the bottom.
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
  
  **Note**
  
  To optimize scanning time and produce a more sensible report for review:
  
  
• Close any open programs.
  
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
  

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

The Kaspersky thing is still updating. hasn't scanned yet. The buttons in the left frame, like "scan", 'update" and others refuse to load completely. Its as if Explorer doesn't recognise the format of the site or something. How should I proceed?

edit: Sorry I misread the previous post. please disregard this post.

The kaspersky scan seems to have frozen. what should I do?

edit: please ignore - it started up again.

It says that i can continue web surfing in other browsers while this is going on so thats what i've been doing. I hope that is ok.

kaspersky scan report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 16, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 16, 2009 02:42:52
Records in database: 2472927
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 204694
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 05:44:38


File name / Threat name / Threats count
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP866\A0139907.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\_OTMoveIt\MovedFiles\02072009_143227\program files\netpumper-1.25.1-setup-NP_0210.exe Infected: Trojan.Win32.Obfuscated.en 1

The selected area was scanned.

Is it ok for me to do a spybot scan yet?

Yes if you want and do a Malwarebytes scan and post the log back here.

Here is the log:

Malwarebytes' Anti-Malware 1.38
Database version: 2401
Windows 5.1.2600 Service Pack 3

7/16/2009 5:58:17 PM
mbam-log-2009-07-16 (17-58-17).txt

Scan type: Quick Scan
Objects scanned: 103977
Time elapsed: 18 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Last edited by spacephrawgg on 16th July 2009, 11:40 pm; edited 1 time in total (Reason for editing : thought of something else to say)

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.