WiredWX Hobby Weather ToolsLog in

 


Not sure what it is but i have a new problem

3 posters

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
Ok i'm in normal mode and GMER refuses to run properly. It won't let me scan anything. I redownloaded it and it still won't do it. The "scan" button will not respond to input.

this just in: Avira keeps blocking "IP packet 192.168.1.4." What is this all about?

Last edited by spacephrawgg on 12th July 2009, 9:44 pm; edited 3 times in total (Reason for editing : thought of something else to say)

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
Should I just start a new thread about this since the problem seems to have changed?

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
See if you can run ComboFix:


  • Download combofix from here
    Link 1
    Link 2
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Not sure what it is but i have a new problem - Page 3 Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Not sure what it is but i have a new problem - Page 3 Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
When it told me it was composing the log, it told me not to run any programs at that time but i have several programs set to run at start up that went on anyway. I rushed to close them all but they were open for a short time during the log-writing process. When it opened the .txt. thing for me to see, the thing froze so i had to restart. Now i have the results. I hope they aren't tainted:

(part 1)

ComboFix 09-07-13.01 - Jon 07/13/2009 19:35.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.668 [GMT -4:00]
Running from: c:\program files\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jon\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\Installer\28b0eac1.msi
c:\windows\Installer\29276.msi
c:\windows\Installer\3d4da.msi
c:\windows\Installer\8d22.msi
c:\windows\Installer\9f800e2.msi
c:\windows\Installer\b9ec0.msi
c:\windows\system32\bszip.dll
c:\windows\system32\onXacccf.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 23:02 . 2009-07-13 23:03 3121979 ----a-r- c:\program files\ComboFix.exe
2009-07-12 15:52 . 2009-07-12 15:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Avira
2009-07-12 15:18 . 2009-07-12 15:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-12 15:18 . 2009-07-12 15:18 286208 ----a-w- c:\program files\xchu70db.exe
2009-07-11 17:51 . 2009-07-11 17:51 286208 ----a-w- c:\program files\ttpvp7mx.exe
2009-07-10 17:24 . 2009-07-10 17:24 -------- d-----w- c:\program files\Common Files\Application
2009-07-10 17:24 . 2009-07-13 23:46 -------- d-----w- c:\program files\SPAMfighter
2009-07-10 17:21 . 2009-07-10 17:21 -------- d-----w- c:\documents and settings\Jon\Application Data\SPAMfighter
2009-07-10 17:20 . 2009-07-10 17:20 1761720 ----a-w- c:\program files\spamfighter_web.exe
2009-07-10 16:31 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-10 16:31 . 2009-05-08 18:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-10 16:31 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-10 16:31 . 2009-02-24 17:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-10 16:31 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-10 16:31 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\program files\Avira
2009-07-10 16:14 . 2009-07-10 16:17 37013648 ----a-w- c:\program files\avira_premium_security_suite_en.exe
2009-07-07 02:52 . 2009-07-07 02:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Amazon
2009-07-07 02:51 . 2009-07-07 02:51 606168 ----a-w- c:\program files\AmazonMP3Installer.exe
2009-07-05 21:35 . 2009-07-09 22:55 -------- d-----w- c:\program files\backups
2009-07-04 00:02 . 2009-07-04 00:02 401720 ----a-w- c:\program files\HiJack(GP)This.exe
2009-07-03 23:49 . 2009-07-03 23:49 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-03 20:41 . 2009-07-03 20:41 -------- d-----w- c:\program files\Common Files\Voyetra
2009-07-03 20:35 . 2008-12-05 03:46 278528 ----a-w- c:\windows\system32\CM102rm.exe
2009-07-03 20:35 . 2006-03-21 09:28 32768 ----a-w- c:\windows\system32\c102prop.dll
2009-07-03 20:33 . 2008-10-30 18:44 1522176 ----a-w- c:\windows\system32\drivers\CM102.sys
2009-07-03 20:33 . 2008-10-13 04:43 319488 ----a-w- c:\windows\Cmi102Uninstall.exe
2009-07-03 20:33 . 2004-04-14 14:28 315392 ----a-w- c:\windows\system\Fltr102.dll
2009-07-03 20:33 . 2009-07-03 20:33 -------- d-----w- c:\program files\Turtle Beach
2009-06-30 02:08 . 2009-05-27 02:29 156160 ----a-w- c:\program files\JavaRa.exe
2009-06-29 00:08 . 2009-06-29 00:08 -------- d-----w- c:\program files\CONEXANT
2009-06-27 18:52 . 2009-07-13 19:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 18:51 . 2009-07-12 22:00 -------- d-----w- c:\program files\Norton Security Scan
2009-06-27 15:50 . 2009-06-27 15:50 -------- d-----w- c:\windows\system32\Adobe
2009-06-27 15:49 . 2009-06-27 15:50 8524280 ----a-w- c:\program files\Shockwave_Installer_Full.exe
2009-06-21 01:39 . 2009-06-21 01:40 10995608 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative CD Burner Plugin 5.01.44 for Creative MediaSource 5 Player_Organizer__\CMS5_BRNR_PCAPP_LB_5_01_44.exe
2009-06-21 01:03 . 2009-06-21 01:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-21 00:39 . 2009-06-21 00:40 7811800 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative System Information for Sound Blaster X-Fi Go!1.10.13__\SBXG_CSI_PCApp_LB_1_10_13.exe
2009-06-21 00:35 . 2009-06-21 00:39 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-06-21 00:31 . 2009-06-21 00:35 33609328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Karaoke Player for Creative Sound Blaster X-Fi Go!2.10.05__\SBXG_Kplay_PCApp_LB_2_10_05.exe
2009-06-21 00:28 . 2009-06-21 00:31 21636176 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Volume Panel for Creative Sound Blaster X-Fi Go!2.20.70__\SBXG_VolPanel_PCApp_LB_2_20_70.exe
2009-06-21 00:27 . 2009-06-21 00:28 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-06-21 00:23 . 2009-06-21 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-06-21 00:18 . 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
2009-06-21 00:16 . 2009-06-21 00:16 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-21 00:16 . 2009-06-21 00:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-21 00:12 . 2008-10-30 22:15 189952 ----a-w- c:\windows\system32\KSXPPI32.dll
2009-06-21 00:12 . 2007-12-11 22:47 23292 ----a-w- c:\windows\ksaudENG.reg
2009-06-21 00:12 . 2007-07-05 14:27 2630 ----a-w- c:\windows\MixerName.reg
2009-06-21 00:12 . 2008-11-06 22:41 7556 ----a-w- c:\windows\system32\MixerDefaultXP.reg
2009-06-21 00:12 . 2008-08-29 03:02 3556 ----a-w- c:\windows\system32\DeviceDefaultsXP.reg
2009-06-21 00:11 . 2009-06-21 00:11 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-06-21 00:09 . 2009-06-27 15:46 -------- d-----w- c:\program files\Creative
2009-06-20 23:58 . 2009-06-20 23:58 -------- d-----w- c:\program files\SB FX-Go
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 22:54 . 2008-11-07 01:00 -------- d-----w- c:\program files\trillian
2009-07-13 04:53 . 2008-06-30 10:37 -------- d-----w- c:\documents and settings\Jon\Application Data\BitTorrent
2009-07-10 16:40 . 2007-08-07 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 16:40 . 2005-08-02 21:19 -------- d-----w- c:\program files\McAfee.com
2009-07-09 16:35 . 2009-07-04 00:04 9477 ----a-w- c:\program files\hijackthis.log
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 14:15 . 2005-08-31 00:27 -------- d-----w- c:\documents and settings\Jon\Application Data\WeatherBug
2009-07-07 01:50 . 2005-08-23 02:12 -------- d-----w- c:\program files\Real
2009-07-05 21:34 . 2008-06-30 10:37 -------- d-----w- c:\documents and settings\Jon\Application Data\DNA
2009-07-04 23:07 . 2009-07-04 23:07 14297 ----a-w- c:\program files\hijackthis July04_09_1.log
2009-07-04 21:32 . 2008-06-30 10:37 -------- d-----w- c:\program files\DNA
2009-07-04 21:32 . 2009-02-09 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-04 14:17 . 2009-07-04 14:17 14793 ----a-w- c:\program files\hijackthis July4_09.log
2009-07-04 03:01 . 2009-02-09 00:23 -------- d-----w- c:\program files\NOS
2009-07-04 00:06 . 2009-07-04 00:06 14845 ----a-w- c:\program files\hijackthis July3_09.log
2009-07-03 20:09 . 2005-08-02 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 03:45 . 2005-08-25 01:35 -------- d-----w- c:\program files\Juno
2009-06-27 18:54 . 2006-11-27 02:35 730256 ----a-w- c:\program files\wpsetup.exe
2009-06-27 15:55 . 2008-10-07 14:56 -------- d-----w- c:\program files\yahoo messenger
2009-06-27 15:48 . 2009-02-08 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 01:29 . 2008-09-07 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-21 01:19 . 2005-08-24 03:55 -------- d-----w- c:\program files\iTunes
2009-06-21 01:18 . 2007-03-17 18:55 -------- d-----w- c:\program files\iPod
2009-06-21 01:18 . 2007-11-30 17:28 -------- d-----w- c:\program files\Common Files\Apple
2009-06-21 01:13 . 2005-11-13 07:14 -------- d-----w- c:\program files\QuickTime
2009-06-17 15:27 . 2009-02-08 17:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-02-08 17:34 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 04:19 . 2009-02-10 18:35 -------- d-----w- c:\program files\Java
2009-06-10 04:11 . 2009-06-10 04:11 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-23 00:53 . 2009-06-30 02:08 245103 ----a-w- c:\program files\JavaRa.def
2009-05-21 15:33 . 2009-02-08 23:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 15:34 . 2009-05-12 15:33 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-12 15:32 . 2009-05-12 15:32 1914000 ----a-w- c:\program files\install_flash_player_10_active_x.exe
2009-05-10 17:00 . 2009-02-08 17:31 2967800 ----a-w- c:\program files\mbam-setup.exe
2009-04-19 01:01 . 2009-04-19 01:01 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-13 17:41 . 2009-03-13 17:41 10427840 ----a-w- c:\program files\Vuze_Installer.exe
2009-03-12 01:51 . 2009-03-12 01:51 831757 ----a-w- c:\program files\graphic-converter.exe
2009-03-12 01:23 . 2009-03-12 01:23 1074244 ----a-w- c:\program files\capture.exe
2009-03-01 16:32 . 2009-03-01 16:32 1878888 ----a-w- c:\program files\install_flash_player_10.exe
2009-02-10 18:26 . 2009-02-10 18:25 607640 ----a-w- c:\program files\jxpiinstall-6u12-fcs-bin-b04-windows-i586-17_jan_2009.exe
2009-02-10 17:41 . 2009-02-10 17:39 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-02-09 01:29 . 2009-02-09 01:29 298096 ----a-w- c:\program files\desktopsp2_StubInstaller.exe
2009-02-09 00:56 . 2009-02-09 00:56 156034 ----a-w- c:\program files\FHSetup.exe
2009-02-09 00:55 . 2009-02-09 00:55 292352 ----a-w- c:\program files\STOPzilla_Setup.exe
2009-02-08 17:30 . 2009-02-08 17:30 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2009-02-07 18:51 . 2009-02-07 18:51 368961 ----a-w- c:\program files\dds.com
2009-02-07 18:49 . 2009-02-07 18:49 2062665 ----a-w- c:\program files\spywareguardsetup.exe
2008-07-18 11:24 . 2008-07-18 11:24 3518422 ----a-w- c:\program files\flvplayer_setup.exe
2008-06-30 09:16 . 2008-06-30 09:14 23510720 ----a-w- c:\program files\dotnetfx.exe
2008-06-30 09:15 . 2008-06-30 09:15 1427520 ----a-w- c:\program files\Silverlight.exe
2008-06-19 20:29 . 2009-06-30 02:08 17987 ----a-w- c:\program files\gpl-2.0.txt
2008-02-27 13:28 . 2005-11-07 02:43 1491592 ----a-w- c:\program files\install_flash_player.exe
2008-01-28 11:45 . 2008-01-28 11:44 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-01-03 00:25 . 2008-01-03 00:25 6876336 ----a-w- c:\program files\RecoverMyFiles-Setup.exe
2007-04-12 06:45 . 2007-04-12 06:45 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-02-27 04:23 . 2007-02-27 04:22 3782589 ----a-w- c:\program files\LastFM_Win_1.1.3.0.exe
2007-02-26 11:00 . 2007-02-26 11:01 3537447 ----a-w- c:\program files\MP3Rocket-Win.exe
2007-02-19 07:16 . 2007-02-19 07:16 3428033 ----a-w- c:\program files\iMP3Tunes-Win.exe
2006-10-15 02:42 . 2006-10-15 02:40 8799656 ----a-w- c:\program files\Azureus_2.5.0.0_Win32.setup.exe
2006-10-15 02:37 . 2006-10-15 02:36 8963034 ----a-w- c:\program files\Azureus_2.5.0.0_OSX.dmg
2005-11-22 06:21 . 2005-11-22 06:21 1508 ----a-w- c:\program files\uninstal.log
2005-09-05 19:16 . 2005-09-05 19:16 353888 ----a-w- c:\program files\LimeWireWin.exe
2005-08-25 04:04 . 2005-08-25 04:04 488032 ----a-w- c:\program files\PopUpStopper.exe
2005-08-25 04:00 . 2005-08-25 03:59 4436776 ----a-w- c:\program files\SuperAdBlocker.exe
2005-08-24 03:53 . 2005-08-24 03:52 22040920 ----a-w- c:\program files\iTunesSetup.exe
2005-08-24 00:27 . 2005-08-24 00:27 2855080 ----a-w- c:\program files\aawsepersonal.exe
2005-08-23 19:02 . 2005-08-23 19:02 323072 ----a-w- c:\program files\ScreenShotSetup.msi
2002-05-21 15:00 . 2002-05-21 15:00 1362 ----a-r- c:\program files\ReadMe.txt
2009-06-21 00:26 . 2008-06-18 13:32 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2004-05-07 19:31 . 2005-10-12 22:12 348160 ----a-w- c:\program files\mozilla firefox\components\MSVCR71.DLL
2005-10-10 05:00 . 2005-10-12 22:12 139264 ----a-w- c:\program files\mozilla firefox\components\SABFF.DLL
.

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
part 2:


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-27 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"Turtle Beach Audio Advantage Micro"="c:\program files\Turtle Beach\AudioAdvantageMicro\TBAA.exe" [2007-02-15 1650688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-06-19 333960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon]
2005-10-10 05:00 143360 ----a-w- c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [7/10/2009 12:31 PM 97608]
R1 SABDIFSV;SABDIFSV;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [10/10/2005 1:00 AM 5632]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [7/10/2009 12:31 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/10/2009 12:31 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2009 12:31 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/10/2009 12:31 PM 434945]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [6/19/2009 10:08 AM 189064]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [7/10/2009 12:31 PM 69632]
R3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM102.sys [7/3/2009 4:33 PM 1522176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/20/2009 8:11 PM 79360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [12/1/2008 6:33 PM 768256]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [10/24/2008 6:27 PM 1830912]
S3 PWIPENUM;PWIPENUM;\??\c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS --> c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005Core.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005UA.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-12 c:\windows\Tasks\Norton Security Scan for Jon.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 21:20]

2009-07-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\viz2txmf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\SABFF.DLL
FF - plugin: c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 19:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1296)
c:\windows\system32\Ati2evxx.dll
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1360)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(628)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\SpywareGuard\dlprotect.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\WLTRAY.EXE
c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-07-13 20:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-14 00:03

Pre-Run: 4,941,918,208 bytes free
Post-Run: 4,816,863,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

342 --- E O F --- 2009-04-30 07:02
REGEDIT4

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
meanwhile, firefox is running really slowly. Avira (i keep wanting to say Elvira) gave me a popup that said "avira has blocked a FF popup while in game mode. Always block FF popups?" and i clicked yes. But what if I want to undo that? how do I do it?

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\d3d9caps.dat
c:\program files\xchu70db.exe
c:\program files\ttpvp7mx.exe
c:\program files\Azureus_2.5.0.0_Win32.setup.exe
c:\program files\Azureus_2.5.0.0_OSX.dmg
c:\program files\LimeWireWin.exe

Folder::
c:\documents and settings\Jon\Application Data\BitTorrent
c:\documents and settings\Jon\Application Data\DNA
c:\program files\DNA

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Firefox::
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll



Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Not sure what it is but i have a new problem - Page 3 Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.




Also Please run a Malwarebytes quick scan and post the log back here.

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
The resulting log, part1:

ComboFix 09-07-13.01 - Jon 07/13/2009 21:04.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.614 [GMT -4:00]
Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jon\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FILE ::
"c:\program files\Azureus_2.5.0.0_OSX.dmg"
"c:\program files\Azureus_2.5.0.0_Win32.setup.exe"
"c:\program files\LimeWireWin.exe"
"c:\program files\ttpvp7mx.exe"
"c:\program files\xchu70db.exe"
"c:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jon\Application Data\BitTorrent
c:\documents and settings\Jon\Application Data\BitTorrent\!!! (chk chk chk) - Myth Takes [2007.DANCE].LokoTorrents.com.By KELOLO.zip.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\2007 Cracked Pepper.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\310 To Yuma.rar.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Aion_The_Tower_Of_Eternity_OST.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Ben_Folds-Way_To_Normal-2008-BENFOLDS.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big Wet Asses 11 - Julia Bond.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big wet asses 5.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big Wet Asses 7.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big Wet Asses 8[2CDs][Dvd-Rip][www.zonatorrent.com].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big.Wet.Asses.11.XXX.[DVDRIP][WwW.LoKoTorrents.CoM].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big.Wet.Asses.13.XXX.DVDRip.XviD-FLESHLiGHT.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\Jon\Application Data\BitTorrent\Blockhead - Music By Cavelight - 2004.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Brianna Love - Ass Worship 10.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\brianna_love_BWB.wmv.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\DAMNATUS_Soundtrack.zip.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\dana dearmond - big wet asses 10.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\dht.dat
c:\documents and settings\Jon\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\Dune.(Expanded).1CD.1984.Soundtrack.[WmC].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Explosions in the Sky - All of a Sudden I Miss Everyone (2007).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Explosions In The Sky.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Fever Ray - 2009 - Fever Ray.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Fever Ray - Seven (RealDaniel Remix) 2009.MP3.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Futurama Benders Game (2008) DVDRip Occor.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Futurama The Beast with a Billion Backs (2008) [Alfeel].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Hybrid - Soundsystem 01 (2008) (MP3-EAC-320kBs).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Justice - Cross (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Kasabian-West_Ryder_Pauper_Lunatic_Asylum-2009-DV8.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Kasabian West Ryder Pauper Lunatic Asylum 1CD.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Ladytron-Velocifero (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\ORIGA.-.Aurora-2005-[py].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Pearl Jam.Vitalogy.1994.MP3@320.NeRoZ.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\resume.dat
c:\documents and settings\Jon\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\Rockabye Baby Lullaby Renditions of Nine Inch Nails.1.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Rodrigo y Gabriela - Discography 2003-2006.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\rss.dat
c:\documents and settings\Jon\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\settings.dat
c:\documents and settings\Jon\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\SIMIAN MOBILE DISCO - Attack, Decay, Sustain, Release (2007 - MP3 192 Kbps) by Musicanarias.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Simian_Mobile_Disco-Sample_And_Hold_(Attack_Decay_Sustain_Release_Remixed)-(Advance)-2008-WiCHiTA.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Soundtrack - (Batman Begins).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Star Trek 01-10 Soundtrack Complete.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The Dark Knight - OST.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The Mission (UK) - ADDON.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The mission UK.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The Presets - Apocalypso.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - [11x03] - 2008.07.06 [ANGELiC].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - [13x03] - 2009.07.05 [RiVER].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - [13x04] - 2009.07.12 [FoV].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - sub zero driving anthems - 2cd's (split trakcs +covers).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear 13x01 S13E01 SUB ITA - GM.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S09E01 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S10 - Soundtrack Update Pack II.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S11E02 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S11E03 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S11E06 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S13E01 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S13E02 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top.Gear.S13E02.WS.PDTV.XviD-RiVER.torrent
c:\documents and settings\Jon\Application Data\DNA
c:\documents and settings\Jon\Application Data\DNA\dht.dat
c:\documents and settings\Jon\Application Data\DNA\dht.dat.old
c:\documents and settings\Jon\Application Data\DNA\dna.lng
c:\documents and settings\Jon\Application Data\DNA\resume.dat
c:\documents and settings\Jon\Application Data\DNA\resume.dat.old
c:\documents and settings\Jon\Application Data\DNA\rss.dat
c:\documents and settings\Jon\Application Data\DNA\rss.dat.old
c:\documents and settings\Jon\Application Data\DNA\settings.dat
c:\documents and settings\Jon\Application Data\DNA\settings.dat.old
c:\program files\Azureus_2.5.0.0_OSX.dmg
c:\program files\Azureus_2.5.0.0_Win32.setup.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWireWin.exe
c:\program files\ttpvp7mx.exe
c:\program files\xchu70db.exe
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-12 15:52 . 2009-07-12 15:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Avira
2009-07-10 17:24 . 2009-07-10 17:24 -------- d-----w- c:\program files\Common Files\Application
2009-07-10 17:24 . 2009-07-14 00:17 -------- d-----w- c:\program files\SPAMfighter
2009-07-10 17:21 . 2009-07-10 17:21 -------- d-----w- c:\documents and settings\Jon\Application Data\SPAMfighter
2009-07-10 17:20 . 2009-07-10 17:20 1761720 ----a-w- c:\program files\spamfighter_web.exe
2009-07-10 16:31 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-10 16:31 . 2009-05-08 18:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-10 16:31 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-10 16:31 . 2009-02-24 17:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-10 16:31 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-10 16:31 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\program files\Avira
2009-07-10 16:14 . 2009-07-10 16:17 37013648 ----a-w- c:\program files\avira_premium_security_suite_en.exe
2009-07-07 02:52 . 2009-07-07 02:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Amazon
2009-07-07 02:51 . 2009-07-07 02:51 606168 ----a-w- c:\program files\AmazonMP3Installer.exe
2009-07-05 21:35 . 2009-07-09 22:55 -------- d-----w- c:\program files\backups
2009-07-04 00:02 . 2009-07-04 00:02 401720 ----a-w- c:\program files\HiJack(GP)This.exe
2009-07-03 23:49 . 2009-07-03 23:49 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-03 20:41 . 2009-07-03 20:41 -------- d-----w- c:\program files\Common Files\Voyetra
2009-07-03 20:35 . 2008-12-05 03:46 278528 ----a-w- c:\windows\system32\CM102rm.exe
2009-07-03 20:35 . 2006-03-21 09:28 32768 ----a-w- c:\windows\system32\c102prop.dll
2009-07-03 20:33 . 2008-10-30 18:44 1522176 ----a-w- c:\windows\system32\drivers\CM102.sys
2009-07-03 20:33 . 2008-10-13 04:43 319488 ----a-w- c:\windows\Cmi102Uninstall.exe
2009-07-03 20:33 . 2004-04-14 14:28 315392 ----a-w- c:\windows\system\Fltr102.dll
2009-07-03 20:33 . 2009-07-03 20:33 -------- d-----w- c:\program files\Turtle Beach
2009-06-30 02:08 . 2009-05-27 02:29 156160 ----a-w- c:\program files\JavaRa.exe
2009-06-29 00:08 . 2009-06-29 00:08 -------- d-----w- c:\program files\CONEXANT
2009-06-27 18:52 . 2009-07-13 19:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 18:51 . 2009-07-12 22:00 -------- d-----w- c:\program files\Norton Security Scan
2009-06-27 15:50 . 2009-06-27 15:50 -------- d-----w- c:\windows\system32\Adobe
2009-06-27 15:49 . 2009-06-27 15:50 8524280 ----a-w- c:\program files\Shockwave_Installer_Full.exe
2009-06-21 01:39 . 2009-06-21 01:40 10995608 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative CD Burner Plugin 5.01.44 for Creative MediaSource 5 Player_Organizer__\CMS5_BRNR_PCAPP_LB_5_01_44.exe
2009-06-21 01:03 . 2009-06-21 01:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-21 00:39 . 2009-06-21 00:40 7811800 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative System Information for Sound Blaster X-Fi Go!1.10.13__\SBXG_CSI_PCApp_LB_1_10_13.exe
2009-06-21 00:35 . 2009-06-21 00:39 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-06-21 00:31 . 2009-06-21 00:35 33609328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Karaoke Player for Creative Sound Blaster X-Fi Go!2.10.05__\SBXG_Kplay_PCApp_LB_2_10_05.exe
2009-06-21 00:28 . 2009-06-21 00:31 21636176 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Volume Panel for Creative Sound Blaster X-Fi Go!2.20.70__\SBXG_VolPanel_PCApp_LB_2_20_70.exe
2009-06-21 00:27 . 2009-06-21 00:28 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-06-21 00:23 . 2009-06-21 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-06-21 00:18 . 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
2009-06-21 00:16 . 2009-06-21 00:16 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-21 00:16 . 2009-06-21 00:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-21 00:12 . 2008-10-30 22:15 189952 ----a-w- c:\windows\system32\KSXPPI32.dll
2009-06-21 00:12 . 2007-12-11 22:47 23292 ----a-w- c:\windows\ksaudENG.reg
2009-06-21 00:12 . 2007-07-05 14:27 2630 ----a-w- c:\windows\MixerName.reg
2009-06-21 00:12 . 2008-11-06 22:41 7556 ----a-w- c:\windows\system32\MixerDefaultXP.reg
2009-06-21 00:12 . 2008-08-29 03:02 3556 ----a-w- c:\windows\system32\DeviceDefaultsXP.reg
2009-06-21 00:11 . 2009-06-21 00:11 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-06-21 00:09 . 2009-06-27 15:46 -------- d-----w- c:\program files\Creative
2009-06-20 23:58 . 2009-06-20 23:58 -------- d-----w- c:\program files\SB FX-Go
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
the resulting log, part2:

2009-07-13 22:54 . 2008-11-07 01:00 -------- d-----w- c:\program files\trillian
2009-07-10 16:40 . 2007-08-07 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 16:40 . 2005-08-02 21:19 -------- d-----w- c:\program files\McAfee.com
2009-07-09 16:35 . 2009-07-04 00:04 9477 ----a-w- c:\program files\hijackthis.log
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 14:15 . 2005-08-31 00:27 -------- d-----w- c:\documents and settings\Jon\Application Data\WeatherBug
2009-07-07 01:50 . 2005-08-23 02:12 -------- d-----w- c:\program files\Real
2009-07-04 23:07 . 2009-07-04 23:07 14297 ----a-w- c:\program files\hijackthis July04_09_1.log
2009-07-04 21:32 . 2009-02-09 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-04 14:17 . 2009-07-04 14:17 14793 ----a-w- c:\program files\hijackthis July4_09.log
2009-07-04 03:01 . 2009-02-09 00:23 -------- d-----w- c:\program files\NOS
2009-07-04 00:06 . 2009-07-04 00:06 14845 ----a-w- c:\program files\hijackthis July3_09.log
2009-07-03 20:09 . 2005-08-02 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 03:45 . 2005-08-25 01:35 -------- d-----w- c:\program files\Juno
2009-06-27 18:54 . 2006-11-27 02:35 730256 ----a-w- c:\program files\wpsetup.exe
2009-06-27 15:55 . 2008-10-07 14:56 -------- d-----w- c:\program files\yahoo messenger
2009-06-27 15:48 . 2009-02-08 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 01:29 . 2008-09-07 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-21 01:19 . 2005-08-24 03:55 -------- d-----w- c:\program files\iTunes
2009-06-21 01:18 . 2007-03-17 18:55 -------- d-----w- c:\program files\iPod
2009-06-21 01:18 . 2007-11-30 17:28 -------- d-----w- c:\program files\Common Files\Apple
2009-06-21 01:13 . 2005-11-13 07:14 -------- d-----w- c:\program files\QuickTime
2009-06-17 15:27 . 2009-02-08 17:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-02-08 17:34 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 04:19 . 2009-02-10 18:35 -------- d-----w- c:\program files\Java
2009-06-10 04:11 . 2009-06-10 04:11 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-23 00:53 . 2009-06-30 02:08 245103 ----a-w- c:\program files\JavaRa.def
2009-05-21 15:33 . 2009-02-08 23:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 15:34 . 2009-05-12 15:33 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-12 15:32 . 2009-05-12 15:32 1914000 ----a-w- c:\program files\install_flash_player_10_active_x.exe
2009-05-10 17:00 . 2009-02-08 17:31 2967800 ----a-w- c:\program files\mbam-setup.exe
2009-04-19 01:01 . 2009-04-19 01:01 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-13 17:41 . 2009-03-13 17:41 10427840 ----a-w- c:\program files\Vuze_Installer.exe
2009-03-12 01:51 . 2009-03-12 01:51 831757 ----a-w- c:\program files\graphic-converter.exe
2009-03-12 01:23 . 2009-03-12 01:23 1074244 ----a-w- c:\program files\capture.exe
2009-03-01 16:32 . 2009-03-01 16:32 1878888 ----a-w- c:\program files\install_flash_player_10.exe
2009-02-10 18:26 . 2009-02-10 18:25 607640 ----a-w- c:\program files\jxpiinstall-6u12-fcs-bin-b04-windows-i586-17_jan_2009.exe
2009-02-10 17:41 . 2009-02-10 17:39 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-02-09 01:29 . 2009-02-09 01:29 298096 ----a-w- c:\program files\desktopsp2_StubInstaller.exe
2009-02-09 00:56 . 2009-02-09 00:56 156034 ----a-w- c:\program files\FHSetup.exe
2009-02-09 00:55 . 2009-02-09 00:55 292352 ----a-w- c:\program files\STOPzilla_Setup.exe
2009-02-08 17:30 . 2009-02-08 17:30 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2009-02-07 18:51 . 2009-02-07 18:51 368961 ----a-w- c:\program files\dds.com
2009-02-07 18:49 . 2009-02-07 18:49 2062665 ----a-w- c:\program files\spywareguardsetup.exe
2008-07-18 11:24 . 2008-07-18 11:24 3518422 ----a-w- c:\program files\flvplayer_setup.exe
2008-06-30 09:16 . 2008-06-30 09:14 23510720 ----a-w- c:\program files\dotnetfx.exe
2008-06-30 09:15 . 2008-06-30 09:15 1427520 ----a-w- c:\program files\Silverlight.exe
2008-06-19 20:29 . 2009-06-30 02:08 17987 ----a-w- c:\program files\gpl-2.0.txt
2008-02-27 13:28 . 2005-11-07 02:43 1491592 ----a-w- c:\program files\install_flash_player.exe
2008-01-28 11:45 . 2008-01-28 11:44 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-01-03 00:25 . 2008-01-03 00:25 6876336 ----a-w- c:\program files\RecoverMyFiles-Setup.exe
2007-04-12 06:45 . 2007-04-12 06:45 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-02-27 04:23 . 2007-02-27 04:22 3782589 ----a-w- c:\program files\LastFM_Win_1.1.3.0.exe
2007-02-26 11:00 . 2007-02-26 11:01 3537447 ----a-w- c:\program files\MP3Rocket-Win.exe
2007-02-19 07:16 . 2007-02-19 07:16 3428033 ----a-w- c:\program files\iMP3Tunes-Win.exe
2005-11-22 06:21 . 2005-11-22 06:21 1508 ----a-w- c:\program files\uninstal.log
2005-08-25 04:04 . 2005-08-25 04:04 488032 ----a-w- c:\program files\PopUpStopper.exe
2005-08-25 04:00 . 2005-08-25 03:59 4436776 ----a-w- c:\program files\SuperAdBlocker.exe
2005-08-24 03:53 . 2005-08-24 03:52 22040920 ----a-w- c:\program files\iTunesSetup.exe
2005-08-24 00:27 . 2005-08-24 00:27 2855080 ----a-w- c:\program files\aawsepersonal.exe
2005-08-23 19:02 . 2005-08-23 19:02 323072 ----a-w- c:\program files\ScreenShotSetup.msi
2002-05-21 15:00 . 2002-05-21 15:00 1362 ----a-r- c:\program files\ReadMe.txt
2009-06-21 00:26 . 2008-06-18 13:32 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2004-05-07 19:31 . 2005-10-12 22:12 348160 ----a-w- c:\program files\mozilla firefox\components\MSVCR71.DLL
2005-10-10 05:00 . 2005-10-12 22:12 139264 ----a-w- c:\program files\mozilla firefox\components\SABFF.DLL
.

((((((((((((((((((((((((((((( SnapShot@2009-07-13_23.47.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 00:15 . 2009-07-14 00:15 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat
+ 2009-07-14 00:15 . 2009-07-14 00:15 16384 c:\windows\Temp\Perflib_Perfdata_228.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-27 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"Turtle Beach Audio Advantage Micro"="c:\program files\Turtle Beach\AudioAdvantageMicro\TBAA.exe" [2007-02-15 1650688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-06-19 333960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon]
2005-10-10 05:00 143360 ----a-w- c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
the resulting log part3:


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [7/10/2009 12:31 PM 97608]
R1 SABDIFSV;SABDIFSV;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [10/10/2005 1:00 AM 5632]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [7/10/2009 12:31 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/10/2009 12:31 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2009 12:31 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/10/2009 12:31 PM 434945]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [6/19/2009 10:08 AM 189064]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [7/10/2009 12:31 PM 69632]
R3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM102.sys [7/3/2009 4:33 PM 1522176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/20/2009 8:11 PM 79360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [12/1/2008 6:33 PM 768256]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [10/24/2008 6:27 PM 1830912]
S3 PWIPENUM;PWIPENUM;\??\c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS --> c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005Core.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005UA.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-12 c:\windows\Tasks\Norton Security Scan for Jon.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 21:20]

2009-07-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\viz2txmf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\SABFF.DLL
FF - plugin: c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 21:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1368)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-07-14 21:20
ComboFix-quarantined-files.txt 2009-07-14 01:18
ComboFix2.txt 2009-07-14 00:04

Pre-Run: 4,829,319,168 bytes free
Post-Run: 4,775,862,272 bytes free

370 --- E O F --- 2009-04-30 07:02

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
and here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.38
Database version: 2401
Windows 5.1.2600 Service Pack 3

7/13/2009 9:36:41 PM
mbam-log-2009-07-13 (21-36-41).txt

Scan type: Quick Scan
Objects scanned: 101822
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
How is the machine running?

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
Things are running more smoothly. Firefox still takes a good three or so minutes to start when i tell it to and i have a lot of benign things that run at start up that i dont want to and i don't know how to tell them not to. Things like Weatherbug, AIM, and an alert about getting "Windows Genuine Advantage" that i can't be sure is legit or will help or hinder my PC use.

Spybot SD now loads properly though.

I am concerned that Avira may block popups that i want to come up. How do i tell it not to block them?

Thank you for staying up this late to help me by the way.

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
I see please do the following:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
here's the GooredFX.txt:

GooredFix by jpshortstuff (12.07.09)
Log created at 23:24 on 13/07/2009 (Jon)
Firefox version 3.0.11 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:55 23/08/2005]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [06:43 21/05/2007]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [18:37 10/02/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [01:30 19/04/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [04:20 10/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:36 10/02/2009]

-=E.O.F=-

it came up so quickly. I don't know how it was able to do a scan in that time.

descriptionNot sure what it is but i have a new problem - Page 3 EmptyRe: Not sure what it is but i have a new problem

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum