Computer acting up

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Computer acting up13th September 2009, 3:25 am

Internet is been acting up lately..I can't enter some sites like Google, access some email sites...Also some sites work on IE but not Firefox...I suspected some settings file on my PC has changed

here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:11 PM, on 9/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe
D:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Alchemy Elixir\control.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Alchemy Elixir\traicon.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jimmy.VALUED-20606295\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdimon.exe] "d:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "d:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [K3805] "d:\Program Files\Alchemy Elixir\control.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [TomTomHOME.exe] "d:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alchemy Elixir.lnk = D:\Program Files\Alchemy Elixir\traicon.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214086121140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214086111328
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 7592 bytes

Re: Computer acting up13th September 2009, 10:11 am

Hi

Your HijackThis log appears to be clean.

Computer acting up Mbamicontw5

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Re: Computer acting up13th September 2009, 10:21 pm

thanks for helping!...problem still persisting though...here is my mbam log

Malwarebytes' Anti-Malware 1.41
Database version: 2792
Windows 5.1.2600 Service Pack 2

9/13/2009 3:10:17 PM
mbam-log-2009-09-13 (15-10-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 156248
Time elapsed: 1 hour(s), 12 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\MSINET.oca (Malware.Trace) -> Quarantined and deleted successfully.
D:\60130-usbtwkr\usbtwkr.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\glSetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Re: Computer acting up13th September 2009, 10:59 pm

Hi

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

Re: Computer acting up14th September 2009, 2:05 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 13, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, September 14, 2009 00:51:25
Records in database: 2802572
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 64075
Threats found: 1
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:44:44

File name / Threat / Threats count
C:\Documents and Settings\Jimmy.VALUED-20606295\Desktop\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\temp\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
D:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
D:\System Volume Information\_restore{9064A718-8822-4594-9843-DDC9AD7DED22}\RP1587\A0407658.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.

Re: Computer acting up14th September 2009, 2:41 am

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

==

Please post the MBAM log and the Checkup log in your next reply. Also, please tell me how your computer is running.

Re: Computer acting up14th September 2009, 4:24 am

Malwarebytes' Anti-Malware 1.41
Database version: 2794
Windows 5.1.2600 Service Pack 2

9/13/2009 9:17:27 PM
mbam-log-2009-09-13 (21-17-27).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 158062
Time elapsed: 1 hour(s), 24 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

checkup.txt

Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus

``````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Spybot - Search & Destroy 1.4
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe

``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Re: Computer acting up14th September 2009, 4:29 am

problems still exist...

on firefox:
can't go on google, can't access email, and can't access certain websites(like youtube)...
On IE:
i can go on google, can't access email, and i can access youtube but the videos won't load

i am thinking this could be a browser problem

also while scanning MB, my anti virus found something

9/13/2009 8:51:33 PM Jimmy 1336 Sign of "Win32:Trojan-gen {Other}" has been found in "D:\Program Files\DotA Gaming Network\plug-ins\abypass.dsp" file.

Re: Computer acting up14th September 2009, 7:26 pm

Please read this topic: http://www.geekpolice.net/virus-spyware-malware-removal-f11/read-this-before-posting-t3821.htm and follow the instructions for updating Java and Adobe and downloading/running HijackThis.

Please post the HijackThis log in your next reply, as well as another Security Check log. Please do the Security Check last.

Re: Computer acting up15th September 2009, 3:28 am

I am thinking of reinstalling firefox...firefox seems to be bugged, so it seems to be the main problem

EDIT: reinstalling firefox, using CCleaner did not help

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:05 PM, on 9/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe
D:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Alchemy Elixir\control.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Alchemy Elixir\traicon.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jimmy.VALUED-20606295\Desktop\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdimon.exe] "d:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "d:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [K3805] "d:\Program Files\Alchemy Elixir\control.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [TomTomHOME.exe] "d:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alchemy Elixir.lnk = D:\Program Files\Alchemy Elixir\traicon.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214086121140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214086111328
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 8266 bytes

security check

Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus

``````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Spybot - Search & Destroy 1.4
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe

``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Re: Computer acting up16th September 2009, 9:41 pm

Hi

Things are looking a little difficult. No matter, this should take care of those remaining issues:

Please download ComboFix Computer acting up Combofix

by sUBs
Link 1: Forospyware.com or Link 2: BleepingComputer.com

Please save the file to your Desktop, but rename it first:

Computer acting up Cf110

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

Re: Computer acting up17th September 2009, 9:34 pm

ComboFix 09-09-17.02 - Jimmy 09/17/2009 14:15.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.676 [GMT -7:00]
Running from: c:\documents and settings\Jimmy.VALUED-20606295\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090917-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Antivirus.lnk
c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
c:\documents and settings\Jimmy.VALUED-20606295\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\windows\Installer\2a844d9.msp

.
((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 )))))))))))))))))))))))))))))))
.

2009-09-17 21:10 . 2009-09-17 21:10 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\SUPERAntiSpyware.com
2009-09-17 21:10 . 2009-09-17 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-14 21:31 . 2009-09-14 21:36 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-09-14 21:31 . 2009-09-14 21:31 -------- d-----w- c:\program files\MSECACHE
2009-09-14 21:23 . 2009-09-14 21:23 -------- d-----w- c:\program files\Java
2009-09-13 20:51 . 2009-09-13 20:51 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Malwarebytes
2009-09-13 20:51 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 20:51 . 2009-09-13 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-13 20:51 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 06:56 . 2009-09-09 06:56 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Autodesk
2009-09-09 06:56 . 2009-09-09 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-09-09 06:51 . 2009-09-09 07:03 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Autodesk
2009-09-06 18:29 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-09-06 18:29 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-08-27 21:10 . 2009-08-28 09:41 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\uTorrent
2009-08-22 01:54 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-08-22 01:54 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-08-22 01:54 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-08-19 23:52 . 2009-08-19 23:52 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Logitech
2009-08-19 23:51 . 2009-08-19 23:51 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Leadertech
2009-08-19 23:51 . 2009-08-19 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-08-19 23:51 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-08-19 23:49 . 2009-07-20 19:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-08-19 23:49 . 2009-07-20 19:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-08-19 23:49 . 2009-07-20 19:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-08-19 23:49 . 2009-07-20 19:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-08-19 23:49 . 2009-07-20 19:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-08-19 23:48 . 2009-08-19 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-08-19 22:26 . 2009-08-19 23:51 -------- d-----w- c:\program files\Common Files\Logishrd
2009-08-19 22:01 . 2008-08-28 15:50 43264 ----a-w- c:\windows\system32\drivers\ElanFltr.sys
2009-08-19 21:28 . 2008-07-31 17:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-08-19 21:28 . 2008-07-31 17:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-08-19 21:28 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-08-19 21:28 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-08-19 21:27 . 2009-08-19 21:27 -------- d-----w- c:\windows\Logs
2009-08-19 21:27 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2009-08-19 21:25 . 2009-08-19 21:25 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\InstallShield Installation Information

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 21:12 . 2008-10-24 18:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-16 05:28 . 2008-03-30 19:39 35512 ----a-w- c:\documents and settings\Jimmy.VALUED-20606295\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 03:15 . 2002-04-25 22:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-14 21:23 . 2008-11-23 18:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 23:35 . 2009-03-22 21:20 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\mIRC
2009-09-12 06:29 . 2008-10-10 01:03 86114 ----a-w- c:\windows\War3Unin.dat
2009-08-29 21:01 . 2006-10-20 07:01 -------- d-----w- c:\program files\DB Commander 2000 PRO
2009-08-27 21:12 . 2006-10-07 19:23 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Azureus
2009-08-19 23:48 . 2002-04-24 23:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 22:29 . 2009-08-19 22:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-08-19 22:29 . 2009-08-19 22:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-08-19 22:28 . 2009-08-19 22:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-08-19 22:28 . 2009-08-19 22:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-19 22:26 . 2006-06-25 21:41 -------- d-----w- c:\program files\Logitech
2009-08-19 21:56 . 2009-01-29 05:54 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\InstallShield
2009-08-19 21:33 . 2008-07-21 01:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-17 16:10 . 2006-06-28 21:07 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2006-06-28 21:07 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2006-06-28 21:07 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-08 05:35 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-08-06 11:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2006-06-28 21:07 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2006-06-28 21:07 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2006-06-28 21:07 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-01-20 23:59 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-03 19:54 . 2009-08-03 19:54 -------- d-----w- c:\program files\softnyx
2009-07-28 23:33 . 2009-07-28 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-07-28 23:31 . 2009-07-28 23:31 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\TomTom
2009-07-28 23:31 . 2009-07-28 23:31 -------- d-----w- c:\program files\TomTom International B.V
2009-07-22 19:37 . 2009-07-22 11:30 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Easy Macro Recorder
2009-07-19 19:41 . 2009-07-19 19:41 32132 ---ha-w- c:\windows\system32\mlfcache.dat
2008-12-18 07:53 . 2008-12-18 07:53 604 ---ha-w- c:\program files\STLL Notifier
2006-10-21 18:38 . 2007-09-21 03:44 147456 ----a-w- c:\program files\mozilla firefox\plugins\CDVDiso.dll
2006-01-15 13:38 . 2007-09-21 03:44 231064 ----a-w- c:\program files\mozilla firefox\plugins\CDVDisoEFP.dll
2005-05-14 15:04 . 2007-09-21 03:44 151040 ----a-w- c:\program files\mozilla firefox\plugins\CDVDisolinuz.dll
2006-01-15 13:38 . 2007-09-21 03:44 54289 ----a-w- c:\program files\mozilla firefox\plugins\CDVDlinuz.dll
2005-05-14 15:04 . 2007-09-21 03:44 6656 ----a-w- c:\program files\mozilla firefox\plugins\CDVDnull.dll
2005-04-20 08:21 . 2007-09-21 03:44 86016 ----a-w- c:\program files\mozilla firefox\plugins\cdvdPeops.dll
2005-05-14 15:04 . 2007-09-21 03:44 6656 ----a-w- c:\program files\mozilla firefox\plugins\DEV9null.dll
2005-05-16 08:41 . 2007-09-21 03:44 21732 ----a-w- c:\program files\mozilla firefox\plugins\FWnull.dll
2006-03-13 09:34 . 2007-09-21 03:44 565248 ----a-w- c:\program files\mozilla firefox\plugins\GSdx9 sse2.dll
2006-03-13 16:33 . 2007-09-21 03:44 602112 ----a-w- c:\program files\mozilla firefox\plugins\GSdx9.dll
2006-09-04 00:08 . 2007-09-21 03:44 18944 ----a-w- c:\program files\mozilla firefox\plugins\PadSSSPSX.dll
2005-05-14 15:04 . 2007-09-21 03:44 372892 ----a-w- c:\program files\mozilla firefox\plugins\PADwin.dll
2006-11-04 09:20 . 2007-09-21 03:44 94208 ----a-w- c:\program files\mozilla firefox\plugins\spu2PeopsSound.dll
2005-05-14 15:04 . 2007-09-21 03:44 9728 ----a-w- c:\program files\mozilla firefox\plugins\USBnull.dll
2006-11-17 22:06 . 2007-09-21 03:44 7892992 ----a-w- c:\program files\mozilla firefox\plugins\ZeroGS KOSMOS 0.96 non sse2.dll
2006-11-18 14:50 . 2007-09-21 03:44 7892992 ----a-w- c:\program files\mozilla firefox\plugins\ZeroGS KOSMOS 0.96 sse2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools\daemon.exe" [2008-04-01 486856]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"lxdimon.exe"="d:\program files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="d:\program files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"K3805"="d:\program files\Alchemy Elixir\control.exe" [2008-06-13 237568]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-24 113664]
Alchemy Elixir.lnk - d:\program files\Alchemy Elixir\traicon.exe [2009-8-19 126976]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-19 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 20:41 294912 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\lxdiamon.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/7/2008 10:35 PM 114768]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/6/2008 4:25 AM 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/19/2009 4:51 PM 10384]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [4/24/2002 11:30 AM 175232]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [3/18/2008 1:43 PM 99248]
S3 ElanFltr;Pro Gaming Keyboard;c:\windows\system32\drivers\ElanFltr.sys [8/19/2009 3:01 PM 43264]
S3 HFXLowerFilter;HFXLowerFilter;c:\windows\system32\drivers\hfx_lfd.sys [6/21/2006 1:21 AM 21632]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [7/7/2009 2:54 PM 31899]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [8/19/2007 3:59 PM 33792]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [4/24/2002 11:31 AM 807917]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [4/24/2002 11:31 AM 594668]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
S3 XDva008;XDva008;\??\c:\windows\System32\XDva008.sys --> c:\windows\System32\XDva008.sys [?]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} - hxxp://www.dragongemworld.com/Active_X/ENetLauncher.cab
FF - ProfilePath - c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Mozilla\Firefox\Profiles\scbhhn96.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 14:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-09-17 14:29
ComboFix-quarantined-files.txt 2009-09-17 21:27
ComboFix2.txt 2009-03-20 23:41

Pre-Run: 6,646,341,632 bytes free
Post-Run: 6,652,518,400 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
207

Re: Computer acting up18th September 2009, 1:15 am

Hi

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

==

Please tell me how the updates went. Also, tell me of any strange activity. All of this is important, because if any problems happen, it may be a sign of more malware.

Re: Computer acting up18th September 2009, 1:16 am

should i upgrade from windows xp home sp2 to windows xp pro sp3? i have the disc

Re: Computer acting up18th September 2009, 1:19 am

It should be done via Windows Update.

Go to http://update.microsoft.com - allow it to load, then click Express Update.

Re: Computer acting up18th September 2009, 1:27 am

my IE browser won't let me access the windows update website...it hangs and/or displays page can not be found

Re: Computer acting up18th September 2009, 1:38 am

Hi

Must be an infection still hiding. Please re-run ComboFix as instructed, in the section "After the download" and post the log in your next reply.

Re: Computer acting up18th September 2009, 3:22 am

here is my new combofix log..i disconnect my internet and ran it in safe mode prior running combofix

i would like to add my windowsupdate is still not working... are you sure upgrading from windows xp home sp 2 to windows xp pro sp 3 won't help at all?

ComboFix 09-09-17.04 - Jimmy 09/17/2009 19:53.7.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.831 [GMT -7]
Running from: c:\documents and settings\Jimmy.VALUED-20606295\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090917-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-17 21:10 . 2009-09-17 21:10 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\SUPERAntiSpyware.com
2009-09-17 21:10 . 2009-09-17 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-14 21:31 . 2009-09-14 21:36 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-09-14 21:31 . 2009-09-14 21:31 -------- d-----w- c:\program files\MSECACHE
2009-09-14 21:23 . 2009-09-14 21:23 -------- d-----w- c:\program files\Java
2009-09-13 20:51 . 2009-09-13 20:51 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Malwarebytes
2009-09-13 20:51 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 20:51 . 2009-09-13 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-13 20:51 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 06:56 . 2009-09-09 06:56 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Autodesk
2009-09-09 06:56 . 2009-09-09 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-09-09 06:51 . 2009-09-09 07:03 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Autodesk
2009-09-06 18:29 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-09-06 18:29 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-08-27 21:10 . 2009-08-28 09:41 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\uTorrent
2009-08-22 01:54 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-08-22 01:54 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-08-22 01:54 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-08-19 23:52 . 2009-08-19 23:52 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Logitech
2009-08-19 23:51 . 2009-08-19 23:51 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Leadertech
2009-08-19 23:51 . 2009-08-19 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-08-19 23:51 . 2009-06-17 16:55 10384 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2009-08-19 23:49 . 2009-07-20 19:25 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-08-19 23:49 . 2009-07-20 19:26 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-08-19 23:49 . 2009-07-20 19:26 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-08-19 23:49 . 2009-07-20 19:26 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-08-19 23:49 . 2009-07-20 19:26 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-08-19 23:48 . 2009-08-19 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-08-19 22:26 . 2009-08-19 23:51 -------- d-----w- c:\program files\Common Files\Logishrd
2009-08-19 22:01 . 2008-08-28 15:50 43264 ----a-w- c:\windows\system32\drivers\ElanFltr.sys
2009-08-19 21:28 . 2008-07-31 17:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-08-19 21:28 . 2008-07-31 17:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-08-19 21:28 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-08-19 21:28 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-08-19 21:27 . 2009-08-19 21:27 -------- d-----w- c:\windows\Logs
2009-08-19 21:27 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\d3dx9_39.dll
2009-08-19 21:25 . 2009-08-19 21:25 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\InstallShield Installation Information

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 01:50 . 2008-10-24 18:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-16 05:28 . 2008-03-30 19:39 35512 ----a-w- c:\documents and settings\Jimmy.VALUED-20606295\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 03:15 . 2002-04-25 22:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-14 21:23 . 2008-11-23 18:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 23:35 . 2009-03-22 21:20 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\mIRC
2009-09-12 06:29 . 2008-10-10 01:03 86114 ----a-w- c:\windows\War3Unin.dat
2009-08-29 21:01 . 2006-10-20 07:01 -------- d-----w- c:\program files\DB Commander 2000 PRO
2009-08-27 21:12 . 2006-10-07 19:23 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Azureus
2009-08-19 23:48 . 2002-04-24 23:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 22:29 . 2009-08-19 22:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-08-19 22:29 . 2009-08-19 22:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-08-19 22:28 . 2009-08-19 22:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-08-19 22:28 . 2009-08-19 22:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-19 22:26 . 2006-06-25 21:41 -------- d-----w- c:\program files\Logitech
2009-08-19 21:56 . 2009-01-29 05:54 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\InstallShield
2009-08-19 21:33 . 2008-07-21 01:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-17 16:10 . 2006-06-28 21:07 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2006-06-28 21:07 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2006-06-28 21:07 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-08 05:35 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-08-06 11:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2006-06-28 21:07 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2006-06-28 21:07 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2006-06-28 21:07 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-01-20 23:59 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-03 19:54 . 2009-08-03 19:54 -------- d-----w- c:\program files\softnyx
2009-07-28 23:33 . 2009-07-28 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-07-28 23:31 . 2009-07-28 23:31 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\TomTom
2009-07-28 23:31 . 2009-07-28 23:31 -------- d-----w- c:\program files\TomTom International B.V
2009-07-22 19:37 . 2009-07-22 11:30 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Easy Macro Recorder
2009-07-19 19:41 . 2009-07-19 19:41 32132 ---ha-w- c:\windows\system32\mlfcache.dat
2008-12-18 07:53 . 2008-12-18 07:53 604 ---ha-w- c:\program files\STLL Notifier
2006-10-21 18:38 . 2007-09-21 03:44 147456 ----a-w- c:\program files\mozilla firefox\plugins\CDVDiso.dll
2006-01-15 13:38 . 2007-09-21 03:44 231064 ----a-w- c:\program files\mozilla firefox\plugins\CDVDisoEFP.dll
2005-05-14 15:04 . 2007-09-21 03:44 151040 ----a-w- c:\program files\mozilla firefox\plugins\CDVDisolinuz.dll
2006-01-15 13:38 . 2007-09-21 03:44 54289 ----a-w- c:\program files\mozilla firefox\plugins\CDVDlinuz.dll
2005-05-14 15:04 . 2007-09-21 03:44 6656 ----a-w- c:\program files\mozilla firefox\plugins\CDVDnull.dll
2005-04-20 08:21 . 2007-09-21 03:44 86016 ----a-w- c:\program files\mozilla firefox\plugins\cdvdPeops.dll
2005-05-14 15:04 . 2007-09-21 03:44 6656 ----a-w- c:\program files\mozilla firefox\plugins\DEV9null.dll
2005-05-16 08:41 . 2007-09-21 03:44 21732 ----a-w- c:\program files\mozilla firefox\plugins\FWnull.dll
2006-03-13 09:34 . 2007-09-21 03:44 565248 ----a-w- c:\program files\mozilla firefox\plugins\GSdx9 sse2.dll
2006-03-13 16:33 . 2007-09-21 03:44 602112 ----a-w- c:\program files\mozilla firefox\plugins\GSdx9.dll
2006-09-04 00:08 . 2007-09-21 03:44 18944 ----a-w- c:\program files\mozilla firefox\plugins\PadSSSPSX.dll
2005-05-14 15:04 . 2007-09-21 03:44 372892 ----a-w- c:\program files\mozilla firefox\plugins\PADwin.dll
2006-11-04 09:20 . 2007-09-21 03:44 94208 ----a-w- c:\program files\mozilla firefox\plugins\spu2PeopsSound.dll
2005-05-14 15:04 . 2007-09-21 03:44 9728 ----a-w- c:\program files\mozilla firefox\plugins\USBnull.dll
2006-11-17 22:06 . 2007-09-21 03:44 7892992 ----a-w- c:\program files\mozilla firefox\plugins\ZeroGS KOSMOS 0.96 non sse2.dll
2006-11-18 14:50 . 2007-09-21 03:44 7892992 ----a-w- c:\program files\mozilla firefox\plugins\ZeroGS KOSMOS 0.96 sse2.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-17_21.24.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-31 02:18 . 2008-10-16 21:07 208744 c:\windows\system32\muweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools\daemon.exe" [2008-04-01 486856]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"lxdimon.exe"="d:\program files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="d:\program files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"K3805"="d:\program files\Alchemy Elixir\control.exe" [2008-06-13 237568]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-24 113664]
Alchemy Elixir.lnk - d:\program files\Alchemy Elixir\traicon.exe [2009-8-19 126976]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-19 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 20:41 294912 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\lxdiamon.exe"=

R1 aswSP;avast! Self Protection; [x]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 99248]
R3 ElanFltr;Pro Gaming Keyboard;c:\windows\system32\Drivers\ElanFltr.sys [2008-08-28 43264]
R3 HFXLowerFilter;HFXLowerFilter;c:\windows\system32\DRIVERS\hfx_lfd.sys [2006-06-21 21632]
R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.SYS [2006-10-23 31899]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-10 33792]
R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\DRIVERS\LTSM.sys [2002-03-29 807917]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-16 2849757]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-17 4096]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2002-03-28 175232]
R3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\Drivers\SMBE.SYS [2002-04-16 594668]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 XDva008;XDva008;c:\windows\System32\XDva008.sys [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LBEEPKE
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} - hxxp://www.dragongemworld.com/Active_X/ENetLauncher.cab
FF - ProfilePath - c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Mozilla\Firefox\Profiles\scbhhn96.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 20:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(212)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-09-18 20:13
ComboFix-quarantined-files.txt 2009-09-18 03:12
ComboFix2.txt 2009-09-18 02:40
ComboFix3.txt 2009-09-18 02:16
ComboFix4.txt 2009-09-17 21:29
ComboFix5.txt 2009-09-18 02:52

Pre-Run: 7,751,749,632 bytes free
Post-Run: 7,715,397,632 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
208

Re: Computer acting up18th September 2009, 4:59 am

Hi

Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your Desktop.
- DDS.scr
- DDS.pif
NOTE: Before scanning, make sure all other running programs are closed.
There shouldn't be any scheduled antivirus scans running while the scan is being performed.
Do not use your computer for anything else during the scan.
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results, click Yes to the Optional_Scan
>>Follow the instructions that pop up for posting the results.<<
Close the program window, and delete the program from your Desktop.

Re: Computer acting up19th September 2009, 2:11 am

DDS.txt

DDS (Ver_09-07-30.01) - NTFSx86
Run by Jimmy at 18:50:55.92 on Fri 09/18/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.636 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 090918-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ7:11 PM 9/18/20091.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe
D:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Alchemy Elixir\control.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Alchemy Elixir\traicon.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jimmy.VALUED-20606295\Desktop\dds.pif

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools\daemon.exe" -autorun
uRun: [AlcoholAutomount] "d:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [avast!] d:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [lxdimon.exe] "d:\program files\lexmark 3500-4500 series\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "d:\program files\lexmark 3500-4500 series\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [K3805] "d:\program files\alchemy elixir\control.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\alchem~1.lnk - d:\program files\alchemy elixir\traicon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214086121140
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253236830234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} - hxxp://www.dragongemworld.com/Active_X/ENetLauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jimmy~1.val\applic~1\mozilla\firefox\profiles\scbhhn96.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\videolan\vlc\npvlc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-7 114768]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-6 20560]
R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast4\ashServ.exe [2008-6-3 138680]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-8-19 10384]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-3 254040]
R3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast4\ashWebSv.exe [2008-6-3 352920]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2002-4-24 175232]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2008-3-18 99248]
S3 ElanFltr;Pro Gaming Keyboard;c:\windows\system32\drivers\ElanFltr.sys [2009-8-19 43264]
S3 HFXLowerFilter;HFXLowerFilter;c:\windows\system32\drivers\hfx_lfd.sys [2006-6-21 21632]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [2009-7-7 31899]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-8-19 33792]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-4-24 807917]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2002-4-24 594668]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
S3 XDva008;XDva008;\??\c:\windows\system32\xdva008.sys --> c:\windows\system32\XDva008.sys [?]

=============== Created Last 30 ================

2009-09-18 17:48 --d-h--- c:\windows\PIF
2009-09-17 20:42 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-09-17 14:13 229,888 a------- c:\windows\PEV.exe
2009-09-17 14:13 161,792 a------- c:\windows\SWREG.exe
2009-09-17 14:13 98,816 a------- c:\windows\sed.exe
2009-09-17 14:10 --d----- c:\docume~1\jimmy~1.val\applic~1\SUPERAntiSpyware.com
2009-09-17 14:10 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-14 14:31 --d----- c:\program files\Windows Installer Clean Up
2009-09-14 14:31 --d----- c:\program files\MSECACHE
2009-09-14 14:23 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-13 13:51 --d----- c:\docume~1\jimmy~1.val\applic~1\Malwarebytes
2009-09-13 13:51 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 13:51 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-13 13:51 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-08 23:51 --d----- c:\docume~1\jimmy~1.val\applic~1\Autodesk
2009-09-06 11:29 5,632 a------- c:\windows\system32\ptpusb.dll
2009-09-06 11:29 159,232 a------- c:\windows\system32\ptpusd.dll
2009-08-27 14:10 --d----- c:\docume~1\jimmy~1.val\applic~1\uTorrent
2009-08-21 18:54 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-08-21 18:54 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-08-21 18:54 4,379,984 a------- c:\windows\system32\D3DX9_40.dll

==================== Find3M ====================

2009-09-14 14:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 23:29 86,114 a------- c:\windows\War3Unin.dat
2009-08-19 15:29 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-08-19 15:29 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-08-19 15:28 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-08-19 15:28 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-20 12:26 84,496 a------- c:\windows\system32\KemXML.dll
2009-07-20 12:26 117,264 a------- c:\windows\system32\KemWnd.dll
2009-07-20 12:26 145,936 a------- c:\windows\system32\KemUtil.dll
2009-07-20 12:26 170,512 a------- c:\windows\system32\kemutb.dll
2009-07-20 12:25 301,656 a------- c:\windows\system32\BtCoreIf.dll
2009-07-19 12:41 32,132 a---h--- c:\windows\system32\mlfcache.dat
2009-05-14 00:13 35,512 a------- c:\docume~1\jimmy~1.val\applic~1\GDIPFONTCACHEV1.DAT
2009-01-15 23:56 4 ---shr-- c:\docume~1\alluse~1\applic~1\sysqcl0.dat
2008-12-18 00:53 604 a---h--- c:\program files\STLL Notifier
2008-08-18 00:56 784 a------- c:\docume~1\jimmy~1.val\applic~1\mpauth.dat

============= FINISH: 18:51:46.71 ===============

Re: Computer acting up19th September 2009, 2:12 am

dds.zip

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/24/2006 12:11:35 PM
System Uptime: 9/18/2009 6:43:53 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S266VX
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | PGA 478 | 2018/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 5.844 GiB free.
D: is FIXED (NTFS) - 41 GiB total, 11.836 GiB free.
E: is Removable
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&37F38CC7&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&37F38CC7&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ADMtek AN983 10/100 PCI Adapter
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_12161113&REV_11\3&61AAA01&0&78
Manufacturer: ADMtek Incorporated
Name: ADMtek AN983 10/100 PCI Adapter #2
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_12161113&REV_11\3&61AAA01&0&78
Service: AN983

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\129BD3B8004603
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\129BD3B8004603
Service: NIC1394

==== System Restore Points ===================

RP1577: 8/31/2009 10:28:12 AM - System Checkpoint
RP1578: 9/1/2009 10:32:47 AM - System Checkpoint
RP1579: 9/2/2009 4:30:43 PM - System Checkpoint
RP1580: 9/3/2009 4:59:55 PM - System Checkpoint
RP1581: 9/4/2009 5:34:28 PM - System Checkpoint
RP1582: 9/5/2009 6:26:07 PM - System Checkpoint
RP1583: 9/7/2009 2:18:20 AM - System Checkpoint
RP1584: 9/8/2009 2:50:39 AM - System Checkpoint
RP1585: 9/9/2009 2:58:28 AM - System Checkpoint
RP1586: 9/10/2009 4:16:21 AM - System Checkpoint
RP1587: 9/11/2009 8:39:13 AM - System Checkpoint
RP1588: 9/12/2009 5:52:15 PM - System Checkpoint
RP1589: 9/12/2009 7:31:33 PM - Installed Microsoft Fix it 50267
RP1590: 9/13/2009 8:06:48 PM - System Checkpoint
RP1591: 9/14/2009 2:21:33 PM - Removed Java(TM) 6 Update 10
RP1592: 9/14/2009 2:22:56 PM - Installed Java(TM) 6 Update 16
RP1593: 9/14/2009 2:31:49 PM - Installed Windows Installer Clean Up
RP1594: 9/14/2009 2:36:13 PM - Installed Windows Installer Clean Up
RP1595: 9/14/2009 7:57:47 PM - Installed Adobe Reader 8.1.2
RP1596: 9/14/2009 8:06:05 PM - Removed Adobe Reader 8.1.2
RP1597: 9/14/2009 8:14:10 PM - Installed Adobe Reader 9.1.
RP1598: 9/15/2009 10:58:47 PM - System Checkpoint
RP1599: 9/17/2009 1:51:06 AM - System Checkpoint
RP1600: 9/18/2009 9:12:40 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 9.1.3
Advanced Video FX Utility
Alchemy Elixir
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CDDRV_Installer
CleanUp!
Combined Community Codec Pack 2008-01-24
Counter-Strike
DigitalPrint 1.1
DotA Client Build 2.31 Beta
DVgate
erLT
GGPO
Gunbound Revolution
GunboundWC
Heroes of Newerth
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB926239)
ijji
ijji - Gunz
ijji Auto Installer
ijji FireFox Launcher 1.0
ImageStation
ImageStation Demo
Java(TM) 6 Update 16
Kaspersky Online Scanner
KhalInstallWrapper
KSignAccessToolkit v1.0
League of Legends
Lexmark 3500-4500 Series
Logitech SetPoint
Lucent Technologies Soft Modem AMR
Malwarebytes' Anti-Malware
Memory Stick Formatter
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motion JPEG Software Decoder
Mozilla Firefox (3.5.3)
Music Visualizer Library
MVP Baseball 2005
MVPedit 2006.2
neroxml
NVIDIA Windows 2000/XP Display Drivers
OpenMG Secure Module 3.0.03
Panda ActiveScan
PicoPlayerSplashScreen
Project64 1.6
PS TO USB CONVERTOR
QuickTime Alternative 1.75
Raptr
Real Alternative 1.50
REALTEK GbE & FE Ethernet PCI NIC Driver
Security Update for Windows XP (KB958644)
Shareaza version 2.2.1.0
SiS Audio Driver
SiS Compatible VGA V2.07f.01
SiSAGP driver
Skins
Smart Capture
SonicStage 1.2.00
SonicStage CD-R Writing Module
Sony Certificate PCH
Sony DV Shared Library
SopCast 2.0.4
SpaceCowboy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.2
Steam
SUPERAntiSpyware Free Edition
TeamSpeak 2 RC2
TWIN PS TO PC CONVERTER
Update for Windows XP (KB898461)
VAIO Action Setup
VAIO Brezza Wallpaper
VAIO Clock Screen Saver
VAIO Grid Wallpaper
VAIO Help & Support
VAIO Registration
VAIO Serenus Wallpaper
VAIO System Information
VCRedistSetup
Ventrilo Client
VLC media player 0.9.4
Warcraft III: All Products
WC3Banlist
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
WinPcap 3.1
WinRAR archiver

==== Event Viewer Messages From Past Week ========

9/17/2009 7:51:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi DMICall Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
9/17/2009 7:51:43 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2009 7:51:43 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2009 7:51:43 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2009 7:51:43 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/17/2009 7:33:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/17/2009 7:26:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP DMICall Fips i8042prt intelppm SASDIFSV SASKUTIL
9/17/2009 7:25:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/17/2009 2:15:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
9/15/2009 8:29:21 AM, error: Print [6161] -
9/15/2009 10:41:39 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/15/2009 10:41:34 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/15/2009 10:38:06 PM, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 0000678442DB has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
9/14/2009 8:07:27 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/14/2009 8:03:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService service to connect.
9/14/2009 8:03:33 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
9/14/2009 8:03:33 PM, error: Service Control Manager [7000] - The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/12/2009 7:39:04 PM, error: Service Control Manager [7034] - The lxdi_device service terminated unexpectedly. It has done this 1 time(s).
9/12/2009 7:38:53 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
9/12/2009 7:38:50 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
9/12/2009 7:26:01 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4BF3560A-5764-4E9A-81. The master browser is stopping or an election is being forced.

==== End Of File ===========================

Re: Computer acting up19th September 2009, 7:42 am

Hi

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\program files\STLL Notifier
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Computer acting up19th September 2009, 9:23 pm

that file still seems to be there after the process you ordered me to do....

here is the new log

ComboFix 09-09-18.02 - Jimmy 09/19/2009 14:30.9.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.830 [GMT -7:00]
Running from: c:\documents and settings\Jimmy.VALUED-20606295\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jimmy.VALUED-20606295\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090919-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 )))))))))))))))))))))))))))))))
.

2009-09-19 00:48 . 2009-09-19 00:48 -------- d--h--w- c:\windows\PIF
2009-09-17 21:10 . 2009-09-17 21:10 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\SUPERAntiSpyware.com
2009-09-17 21:10 . 2009-09-17 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-14 21:31 . 2009-09-14 21:36 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-09-14 21:31 . 2009-09-14 21:31 -------- d-----w- c:\program files\MSECACHE
2009-09-14 21:23 . 2009-09-14 21:23 -------- d-----w- c:\program files\Java
2009-09-13 20:51 . 2009-09-13 20:51 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Malwarebytes
2009-09-13 20:51 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 20:51 . 2009-09-13 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-13 20:51 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 06:56 . 2009-09-09 06:56 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Autodesk
2009-09-09 06:56 . 2009-09-09 06:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-09-09 06:51 . 2009-09-09 07:03 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Autodesk
2009-09-06 18:29 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-09-06 18:29 . 2004-08-04 07:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-08-27 21:10 . 2009-08-28 09:41 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\uTorrent
2009-08-22 01:54 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-08-22 01:54 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-08-22 01:54 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 06:08 . 2008-10-10 01:03 86402 ----a-w- c:\windows\War3Unin.dat
2009-09-18 05:01 . 2008-10-24 18:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-16 05:28 . 2008-03-30 19:39 35512 ----a-w- c:\documents and settings\Jimmy.VALUED-20606295\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 03:15 . 2002-04-25 22:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-14 21:23 . 2008-11-23 18:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 23:35 . 2009-03-22 21:20 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\mIRC
2009-08-29 21:01 . 2006-10-20 07:01 -------- d-----w- c:\program files\DB Commander 2000 PRO
2009-08-27 21:12 . 2006-10-07 19:23 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Azureus
2009-08-19 23:52 . 2009-08-19 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-08-19 23:52 . 2009-08-19 23:52 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Logitech
2009-08-19 23:51 . 2009-08-19 23:51 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Leadertech
2009-08-19 23:51 . 2009-08-19 22:26 -------- d-----w- c:\program files\Common Files\Logishrd
2009-08-19 23:48 . 2009-08-19 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-08-19 23:48 . 2002-04-24 23:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-19 22:29 . 2009-08-19 22:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-08-19 22:29 . 2009-08-19 22:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-08-19 22:28 . 2009-08-19 22:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-08-19 22:28 . 2009-08-19 22:28 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-08-19 22:26 . 2006-06-25 21:41 -------- d-----w- c:\program files\Logitech
2009-08-19 21:56 . 2009-01-29 05:54 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\InstallShield
2009-08-19 21:33 . 2008-07-21 01:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-19 21:25 . 2009-08-19 21:25 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\InstallShield Installation Information
2009-08-17 16:10 . 2006-06-28 21:07 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2006-06-28 21:07 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2006-06-28 21:07 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-08 05:35 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-08-06 11:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2006-06-28 21:07 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2006-06-28 21:07 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2006-06-28 21:07 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-01-20 23:59 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-03 19:54 . 2009-08-03 19:54 -------- d-----w- c:\program files\softnyx
2009-07-28 23:33 . 2009-07-28 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-07-28 23:31 . 2009-07-28 23:31 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\TomTom
2009-07-28 23:31 . 2009-07-28 23:31 -------- d-----w- c:\program files\TomTom International B.V
2009-07-22 19:37 . 2009-07-22 11:30 -------- d-----w- c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Easy Macro Recorder
2009-07-20 19:26 . 2009-08-19 23:49 84496 ----a-w- c:\windows\system32\KemXML.dll
2009-07-20 19:26 . 2009-08-19 23:49 117264 ----a-w- c:\windows\system32\KemWnd.dll
2009-07-20 19:26 . 2009-08-19 23:49 145936 ----a-w- c:\windows\system32\KemUtil.dll
2009-07-20 19:26 . 2009-08-19 23:49 170512 ----a-w- c:\windows\system32\kemutb.dll
2009-07-20 19:25 . 2009-08-19 23:49 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2009-07-19 19:41 . 2009-07-19 19:41 32132 ---ha-w- c:\windows\system32\mlfcache.dat
2008-12-18 07:53 . 2008-12-18 07:53 604 ---ha-w- c:\program files\STLL Notifier
2006-10-21 18:38 . 2007-09-21 03:44 147456 ----a-w- c:\program files\mozilla firefox\plugins\CDVDiso.dll
2006-01-15 13:38 . 2007-09-21 03:44 231064 ----a-w- c:\program files\mozilla firefox\plugins\CDVDisoEFP.dll
2005-05-14 15:04 . 2007-09-21 03:44 151040 ----a-w- c:\program files\mozilla firefox\plugins\CDVDisolinuz.dll
2006-01-15 13:38 . 2007-09-21 03:44 54289 ----a-w- c:\program files\mozilla firefox\plugins\CDVDlinuz.dll
2005-05-14 15:04 . 2007-09-21 03:44 6656 ----a-w- c:\program files\mozilla firefox\plugins\CDVDnull.dll
2005-04-20 08:21 . 2007-09-21 03:44 86016 ----a-w- c:\program files\mozilla firefox\plugins\cdvdPeops.dll
2005-05-14 15:04 . 2007-09-21 03:44 6656 ----a-w- c:\program files\mozilla firefox\plugins\DEV9null.dll
2005-05-16 08:41 . 2007-09-21 03:44 21732 ----a-w- c:\program files\mozilla firefox\plugins\FWnull.dll
2006-03-13 09:34 . 2007-09-21 03:44 565248 ----a-w- c:\program files\mozilla firefox\plugins\GSdx9 sse2.dll
2006-03-13 16:33 . 2007-09-21 03:44 602112 ----a-w- c:\program files\mozilla firefox\plugins\GSdx9.dll
2006-09-04 00:08 . 2007-09-21 03:44 18944 ----a-w- c:\program files\mozilla firefox\plugins\PadSSSPSX.dll
2005-05-14 15:04 . 2007-09-21 03:44 372892 ----a-w- c:\program files\mozilla firefox\plugins\PADwin.dll
2006-11-04 09:20 . 2007-09-21 03:44 94208 ----a-w- c:\program files\mozilla firefox\plugins\spu2PeopsSound.dll
2005-05-14 15:04 . 2007-09-21 03:44 9728 ----a-w- c:\program files\mozilla firefox\plugins\USBnull.dll
2006-11-17 22:06 . 2007-09-21 03:44 7892992 ----a-w- c:\program files\mozilla firefox\plugins\ZeroGS KOSMOS 0.96 non sse2.dll
2006-11-18 14:50 . 2007-09-21 03:44 7892992 ----a-w- c:\program files\mozilla firefox\plugins\ZeroGS KOSMOS 0.96 sse2.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-17_21.24.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-26 01:49 . 2008-10-16 21:09 43544 c:\windows\system32\wups2.dll
+ 2006-06-26 01:49 . 2008-10-16 21:08 34328 c:\windows\system32\wups.dll
+ 2002-04-24 18:38 . 2008-10-16 21:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-09-18 03:39 . 2008-10-16 21:09 43544 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2009-09-18 03:39 . 2008-10-16 21:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2006-06-26 01:49 . 2008-10-16 21:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2002-04-24 18:38 . 2008-10-16 21:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2002-04-24 18:30 . 2008-10-16 21:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2002-04-24 18:30 . 2008-10-16 21:09 92696 c:\windows\system32\cdm.dll
+ 2007-07-31 02:19 . 2008-10-16 21:13 202776 c:\windows\system32\wuweb.dll
+ 2006-06-26 01:49 . 2008-10-16 21:12 323608 c:\windows\system32\wucltui.dll
+ 2006-06-26 01:49 . 2008-10-16 21:12 561688 c:\windows\system32\wuapi.dll
+ 2009-09-18 03:39 . 2008-10-16 21:12 561688 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.2.6001.788\wuapi.dll
+ 2007-07-31 02:18 . 2008-10-16 21:07 208744 c:\windows\system32\muweb.dll
+ 2006-06-28 04:23 . 2008-10-16 21:06 268648 c:\windows\system32\mucltui.dll
+ 2007-07-31 02:19 . 2008-10-16 21:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2006-06-26 01:49 . 2008-10-16 21:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2006-06-26 01:49 . 2008-10-16 21:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2002-04-24 18:38 . 2008-10-16 21:13 1809944 c:\windows\system32\wuaueng.dll
+ 2002-04-24 18:38 . 2008-10-16 21:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools\daemon.exe" [2008-04-01 486856]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"lxdimon.exe"="d:\program files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="d:\program files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"K3805"="d:\program files\Alchemy Elixir\control.exe" [2008-06-13 237568]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-24 113664]
Alchemy Elixir.lnk - d:\program files\Alchemy Elixir\traicon.exe [2009-8-19 126976]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-19 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 20:41 294912 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\lxdiamon.exe"=

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/7/2008 10:35 PM 114768]
S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/6/2008 4:25 AM 20560]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/19/2009 4:51 PM 10384]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [3/18/2008 1:43 PM 99248]
S3 ElanFltr;Pro Gaming Keyboard;c:\windows\system32\drivers\ElanFltr.sys [8/19/2009 3:01 PM 43264]
S3 HFXLowerFilter;HFXLowerFilter;c:\windows\system32\drivers\hfx_lfd.sys [6/21/2006 1:21 AM 21632]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [7/7/2009 2:54 PM 31899]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [8/19/2007 3:59 PM 33792]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [4/24/2002 11:31 AM 807917]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 2:10 PM 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [4/24/2002 11:30 AM 175232]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [4/24/2002 11:31 AM 594668]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
S3 XDva008;XDva008;\??\c:\windows\System32\XDva008.sys --> c:\windows\System32\XDva008.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LBEEPKE
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} - hxxp://www.dragongemworld.com/Active_X/ENetLauncher.cab
FF - ProfilePath - c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Mozilla\Firefox\Profiles\scbhhn96.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 14:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(212)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1304)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2009-09-19 14:49
ComboFix-quarantined-files.txt 2009-09-19 21:48
ComboFix2.txt 2009-09-19 21:20
ComboFix3.txt 2009-09-18 03:13
ComboFix4.txt 2009-09-18 02:40
ComboFix5.txt 2009-09-19 21:29

Pre-Run: 7,235,301,376 bytes free
Post-Run: 7,198,527,488 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
223

Re: Computer acting up19th September 2009, 10:02 pm

Hi

What version of Internet Explorer are you using?

(Help > About internet Explorer)

Re: Computer acting up19th September 2009, 11:09 pm

Version: 6.0.2900.2180.xpsp_sp2_rtm.040803-2158

Re: Computer acting up20th September 2009, 1:02 am

Hi

It seems as if you are running Internet Explorer 6. I recommend upgrading to Internet Explorer 8, because it is currently the most stable and most secure. Microsoft releases updates more frequently for this version. In addition, YouTube has announced it will give up support for Internet Explorer 6 soon, and you may be unable to watch YouTube videos. Please see [url="http://www.techcrunch.com/2009/07/14/youtube-will-be-next-to-kiss-ie6-support-goodbye/"]this article[/url] for more information. You may download and install Internet Explorer 8 from Microsoft.com.

==

Let me know if installing IE 8 fixes the issue you are having with the browser.

Re: Computer acting up20th September 2009, 2:21 am

installing IE 8 didnt help at all...

My main problem is that big websites like youtube, google, yahoomai don't load at all on both firefox and IE.

ln the meantime i'm going to try to turn on automatic updates because it seems like its the only way to upgrade my PC to SP3

Re: Computer acting up20th September 2009, 10:19 am

Hi

Please re-run HijackThis and post a log in your next reply.

Your next reply should contain two logs:
*.log
HijackThis

Also, please let me know how things are running now.

Re: Computer acting up21st September 2009, 12:33 am

same problems still exist...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:49 PM, on 9/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe
D:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alchemy Elixir\control.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Alchemy Elixir\traicon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\Jimmy.VALUED-20606295\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdimon.exe] "d:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "d:\Program Files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [K3805] "d:\Program Files\Alchemy Elixir\control.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "d:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alchemy Elixir.lnk = D:\Program Files\Alchemy Elixir\traicon.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214086121140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253236830234
O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 7996 bytes

Re: Computer acting up21st September 2009, 1:17 am

Looking at one of your past logs, one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

I have tried to help you clean the machine, and we have taken every route possible, but unfortunately we have hit a dead end.

Please let me know what you have done about it. If you decide not to format and reinstall, I can try to help deal with the technical issues, but once again, your computer can never be trusted again, until after a format and reinstall.

Tutorial on reformat and reinstall: http://forums.whatthetech.com/How_Reformat_Reinstall_your_Operating_System_t91962.html

Re: Computer acting up23rd September 2009, 6:08 pm

thanks for helping DMJ...sad to say that reinstalling only helped a bit. All sites finally load now, but it still loads really slow. I think it is a network problem that is causing my troubles.

Re: Computer acting up23rd September 2009, 7:07 pm

Hi

Call your Internet Service Provider (ISP) and see if it is a network problem. There may be a lot of things wrong, such as:

-Issues with the line from your home to the service station.
-Issues with the service quality, which may be overload on a network.
-Ethernet cable is bad.
-Router / modem is of poor quality or is dying.
-Line running in to your house is damaged.
-Too much interference, if on a wireless network.

All of these are ideas you may want to bring up with your ISP.

Computer acting up

descriptionComputer acting up13th September 2009, 3:25 am

descriptionRe: Computer acting up13th September 2009, 10:11 am

descriptionRe: Computer acting up13th September 2009, 10:21 pm

descriptionRe: Computer acting up13th September 2009, 10:59 pm

descriptionRe: Computer acting up14th September 2009, 2:05 am

descriptionRe: Computer acting up14th September 2009, 2:41 am

descriptionRe: Computer acting up14th September 2009, 4:24 am

descriptionRe: Computer acting up14th September 2009, 4:29 am

descriptionRe: Computer acting up14th September 2009, 7:26 pm

descriptionRe: Computer acting up15th September 2009, 3:28 am

descriptionRe: Computer acting up16th September 2009, 9:41 pm

descriptionRe: Computer acting up17th September 2009, 9:34 pm

descriptionRe: Computer acting up18th September 2009, 1:15 am

descriptionRe: Computer acting up18th September 2009, 1:16 am

descriptionRe: Computer acting up18th September 2009, 1:19 am

descriptionRe: Computer acting up18th September 2009, 1:27 am

descriptionRe: Computer acting up18th September 2009, 1:38 am

descriptionRe: Computer acting up18th September 2009, 3:22 am

descriptionRe: Computer acting up18th September 2009, 4:59 am

descriptionRe: Computer acting up19th September 2009, 2:11 am

descriptionRe: Computer acting up19th September 2009, 2:12 am

descriptionRe: Computer acting up19th September 2009, 7:42 am

descriptionRe: Computer acting up19th September 2009, 9:23 pm

descriptionRe: Computer acting up19th September 2009, 10:02 pm

descriptionRe: Computer acting up19th September 2009, 11:09 pm

descriptionRe: Computer acting up20th September 2009, 1:02 am

descriptionRe: Computer acting up20th September 2009, 2:21 am

descriptionRe: Computer acting up20th September 2009, 10:19 am

descriptionRe: Computer acting up21st September 2009, 12:33 am

descriptionRe: Computer acting up21st September 2009, 1:17 am

descriptionRe: Computer acting up23rd September 2009, 6:08 pm

descriptionRe: Computer acting up23rd September 2009, 7:07 pm

descriptionRe: Computer acting up