GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Not sure what it is but i have a new problem

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Sun Jul 12, 2009 3:30 pm

Ok i'm in normal mode and GMER refuses to run properly. It won't let me scan anything. I redownloaded it and it still won't do it. The "scan" button will not respond to input.

this just in: Avira keeps blocking "IP packet 192.168.1.4." What is this all about?


Last edited by spacephrawgg on Sun Jul 12, 2009 9:44 pm; edited 3 times in total (Reason for editing : thought of something else to say)

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Mon Jul 13, 2009 7:52 pm

Should I just start a new thread about this since the problem seems to have changed?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Mon Jul 13, 2009 9:10 pm

See if you can run ComboFix:


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 12:22 am

When it told me it was composing the log, it told me not to run any programs at that time but i have several programs set to run at start up that went on anyway. I rushed to close them all but they were open for a short time during the log-writing process. When it opened the .txt. thing for me to see, the thing froze so i had to restart. Now i have the results. I hope they aren't tainted:

(part 1)

ComboFix 09-07-13.01 - Jon 07/13/2009 19:35.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.668 [GMT -4:00]
Running from: c:\program files\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jon\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\Installer\28b0eac1.msi
c:\windows\Installer\29276.msi
c:\windows\Installer\3d4da.msi
c:\windows\Installer\8d22.msi
c:\windows\Installer\9f800e2.msi
c:\windows\Installer\b9ec0.msi
c:\windows\system32\bszip.dll
c:\windows\system32\onXacccf.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 23:02 . 2009-07-13 23:03 3121979 ----a-r- c:\program files\ComboFix.exe
2009-07-12 15:52 . 2009-07-12 15:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Avira
2009-07-12 15:18 . 2009-07-12 15:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-12 15:18 . 2009-07-12 15:18 286208 ----a-w- c:\program files\xchu70db.exe
2009-07-11 17:51 . 2009-07-11 17:51 286208 ----a-w- c:\program files\ttpvp7mx.exe
2009-07-10 17:24 . 2009-07-10 17:24 -------- d-----w- c:\program files\Common Files\Application
2009-07-10 17:24 . 2009-07-13 23:46 -------- d-----w- c:\program files\SPAMfighter
2009-07-10 17:21 . 2009-07-10 17:21 -------- d-----w- c:\documents and settings\Jon\Application Data\SPAMfighter
2009-07-10 17:20 . 2009-07-10 17:20 1761720 ----a-w- c:\program files\spamfighter_web.exe
2009-07-10 16:31 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-10 16:31 . 2009-05-08 18:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-10 16:31 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-10 16:31 . 2009-02-24 17:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-10 16:31 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-10 16:31 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\program files\Avira
2009-07-10 16:14 . 2009-07-10 16:17 37013648 ----a-w- c:\program files\avira_premium_security_suite_en.exe
2009-07-07 02:52 . 2009-07-07 02:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Amazon
2009-07-07 02:51 . 2009-07-07 02:51 606168 ----a-w- c:\program files\AmazonMP3Installer.exe
2009-07-05 21:35 . 2009-07-09 22:55 -------- d-----w- c:\program files\backups
2009-07-04 00:02 . 2009-07-04 00:02 401720 ----a-w- c:\program files\HiJack(GP)This.exe
2009-07-03 23:49 . 2009-07-03 23:49 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-03 20:41 . 2009-07-03 20:41 -------- d-----w- c:\program files\Common Files\Voyetra
2009-07-03 20:35 . 2008-12-05 03:46 278528 ----a-w- c:\windows\system32\CM102rm.exe
2009-07-03 20:35 . 2006-03-21 09:28 32768 ----a-w- c:\windows\system32\c102prop.dll
2009-07-03 20:33 . 2008-10-30 18:44 1522176 ----a-w- c:\windows\system32\drivers\CM102.sys
2009-07-03 20:33 . 2008-10-13 04:43 319488 ----a-w- c:\windows\Cmi102Uninstall.exe
2009-07-03 20:33 . 2004-04-14 14:28 315392 ----a-w- c:\windows\system\Fltr102.dll
2009-07-03 20:33 . 2009-07-03 20:33 -------- d-----w- c:\program files\Turtle Beach
2009-06-30 02:08 . 2009-05-27 02:29 156160 ----a-w- c:\program files\JavaRa.exe
2009-06-29 00:08 . 2009-06-29 00:08 -------- d-----w- c:\program files\CONEXANT
2009-06-27 18:52 . 2009-07-13 19:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 18:51 . 2009-07-12 22:00 -------- d-----w- c:\program files\Norton Security Scan
2009-06-27 15:50 . 2009-06-27 15:50 -------- d-----w- c:\windows\system32\Adobe
2009-06-27 15:49 . 2009-06-27 15:50 8524280 ----a-w- c:\program files\Shockwave_Installer_Full.exe
2009-06-21 01:39 . 2009-06-21 01:40 10995608 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative CD Burner Plugin 5.01.44 for Creative MediaSource 5 Player_Organizer__\CMS5_BRNR_PCAPP_LB_5_01_44.exe
2009-06-21 01:03 . 2009-06-21 01:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-21 00:39 . 2009-06-21 00:40 7811800 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative System Information for Sound Blaster X-Fi Go!1.10.13__\SBXG_CSI_PCApp_LB_1_10_13.exe
2009-06-21 00:35 . 2009-06-21 00:39 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-06-21 00:31 . 2009-06-21 00:35 33609328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Karaoke Player for Creative Sound Blaster X-Fi Go!2.10.05__\SBXG_Kplay_PCApp_LB_2_10_05.exe
2009-06-21 00:28 . 2009-06-21 00:31 21636176 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Volume Panel for Creative Sound Blaster X-Fi Go!2.20.70__\SBXG_VolPanel_PCApp_LB_2_20_70.exe
2009-06-21 00:27 . 2009-06-21 00:28 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-06-21 00:23 . 2009-06-21 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-06-21 00:18 . 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
2009-06-21 00:16 . 2009-06-21 00:16 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-21 00:16 . 2009-06-21 00:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-21 00:12 . 2008-10-30 22:15 189952 ----a-w- c:\windows\system32\KSXPPI32.dll
2009-06-21 00:12 . 2007-12-11 22:47 23292 ----a-w- c:\windows\ksaudENG.reg
2009-06-21 00:12 . 2007-07-05 14:27 2630 ----a-w- c:\windows\MixerName.reg
2009-06-21 00:12 . 2008-11-06 22:41 7556 ----a-w- c:\windows\system32\MixerDefaultXP.reg
2009-06-21 00:12 . 2008-08-29 03:02 3556 ----a-w- c:\windows\system32\DeviceDefaultsXP.reg
2009-06-21 00:11 . 2009-06-21 00:11 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-06-21 00:09 . 2009-06-27 15:46 -------- d-----w- c:\program files\Creative
2009-06-20 23:58 . 2009-06-20 23:58 -------- d-----w- c:\program files\SB FX-Go
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 22:54 . 2008-11-07 01:00 -------- d-----w- c:\program files\trillian
2009-07-13 04:53 . 2008-06-30 10:37 -------- d-----w- c:\documents and settings\Jon\Application Data\BitTorrent
2009-07-10 16:40 . 2007-08-07 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 16:40 . 2005-08-02 21:19 -------- d-----w- c:\program files\McAfee.com
2009-07-09 16:35 . 2009-07-04 00:04 9477 ----a-w- c:\program files\hijackthis.log
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 14:15 . 2005-08-31 00:27 -------- d-----w- c:\documents and settings\Jon\Application Data\WeatherBug
2009-07-07 01:50 . 2005-08-23 02:12 -------- d-----w- c:\program files\Real
2009-07-05 21:34 . 2008-06-30 10:37 -------- d-----w- c:\documents and settings\Jon\Application Data\DNA
2009-07-04 23:07 . 2009-07-04 23:07 14297 ----a-w- c:\program files\hijackthis July04_09_1.log
2009-07-04 21:32 . 2008-06-30 10:37 -------- d-----w- c:\program files\DNA
2009-07-04 21:32 . 2009-02-09 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-04 14:17 . 2009-07-04 14:17 14793 ----a-w- c:\program files\hijackthis July4_09.log
2009-07-04 03:01 . 2009-02-09 00:23 -------- d-----w- c:\program files\NOS
2009-07-04 00:06 . 2009-07-04 00:06 14845 ----a-w- c:\program files\hijackthis July3_09.log
2009-07-03 20:09 . 2005-08-02 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 03:45 . 2005-08-25 01:35 -------- d-----w- c:\program files\Juno
2009-06-27 18:54 . 2006-11-27 02:35 730256 ----a-w- c:\program files\wpsetup.exe
2009-06-27 15:55 . 2008-10-07 14:56 -------- d-----w- c:\program files\yahoo messenger
2009-06-27 15:48 . 2009-02-08 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 01:29 . 2008-09-07 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-21 01:19 . 2005-08-24 03:55 -------- d-----w- c:\program files\iTunes
2009-06-21 01:18 . 2007-03-17 18:55 -------- d-----w- c:\program files\iPod
2009-06-21 01:18 . 2007-11-30 17:28 -------- d-----w- c:\program files\Common Files\Apple
2009-06-21 01:13 . 2005-11-13 07:14 -------- d-----w- c:\program files\QuickTime
2009-06-17 15:27 . 2009-02-08 17:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-02-08 17:34 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 04:19 . 2009-02-10 18:35 -------- d-----w- c:\program files\Java
2009-06-10 04:11 . 2009-06-10 04:11 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-23 00:53 . 2009-06-30 02:08 245103 ----a-w- c:\program files\JavaRa.def
2009-05-21 15:33 . 2009-02-08 23:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 15:34 . 2009-05-12 15:33 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-12 15:32 . 2009-05-12 15:32 1914000 ----a-w- c:\program files\install_flash_player_10_active_x.exe
2009-05-10 17:00 . 2009-02-08 17:31 2967800 ----a-w- c:\program files\mbam-setup.exe
2009-04-19 01:01 . 2009-04-19 01:01 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-13 17:41 . 2009-03-13 17:41 10427840 ----a-w- c:\program files\Vuze_Installer.exe
2009-03-12 01:51 . 2009-03-12 01:51 831757 ----a-w- c:\program files\graphic-converter.exe
2009-03-12 01:23 . 2009-03-12 01:23 1074244 ----a-w- c:\program files\capture.exe
2009-03-01 16:32 . 2009-03-01 16:32 1878888 ----a-w- c:\program files\install_flash_player_10.exe
2009-02-10 18:26 . 2009-02-10 18:25 607640 ----a-w- c:\program files\jxpiinstall-6u12-fcs-bin-b04-windows-i586-17_jan_2009.exe
2009-02-10 17:41 . 2009-02-10 17:39 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-02-09 01:29 . 2009-02-09 01:29 298096 ----a-w- c:\program files\desktopsp2_StubInstaller.exe
2009-02-09 00:56 . 2009-02-09 00:56 156034 ----a-w- c:\program files\FHSetup.exe
2009-02-09 00:55 . 2009-02-09 00:55 292352 ----a-w- c:\program files\STOPzilla_Setup.exe
2009-02-08 17:30 . 2009-02-08 17:30 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2009-02-07 18:51 . 2009-02-07 18:51 368961 ----a-w- c:\program files\dds.com
2009-02-07 18:49 . 2009-02-07 18:49 2062665 ----a-w- c:\program files\spywareguardsetup.exe
2008-07-18 11:24 . 2008-07-18 11:24 3518422 ----a-w- c:\program files\flvplayer_setup.exe
2008-06-30 09:16 . 2008-06-30 09:14 23510720 ----a-w- c:\program files\dotnetfx.exe
2008-06-30 09:15 . 2008-06-30 09:15 1427520 ----a-w- c:\program files\Silverlight.exe
2008-06-19 20:29 . 2009-06-30 02:08 17987 ----a-w- c:\program files\gpl-2.0.txt
2008-02-27 13:28 . 2005-11-07 02:43 1491592 ----a-w- c:\program files\install_flash_player.exe
2008-01-28 11:45 . 2008-01-28 11:44 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-01-03 00:25 . 2008-01-03 00:25 6876336 ----a-w- c:\program files\RecoverMyFiles-Setup.exe
2007-04-12 06:45 . 2007-04-12 06:45 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-02-27 04:23 . 2007-02-27 04:22 3782589 ----a-w- c:\program files\LastFM_Win_1.1.3.0.exe
2007-02-26 11:00 . 2007-02-26 11:01 3537447 ----a-w- c:\program files\MP3Rocket-Win.exe
2007-02-19 07:16 . 2007-02-19 07:16 3428033 ----a-w- c:\program files\iMP3Tunes-Win.exe
2006-10-15 02:42 . 2006-10-15 02:40 8799656 ----a-w- c:\program files\Azureus_2.5.0.0_Win32.setup.exe
2006-10-15 02:37 . 2006-10-15 02:36 8963034 ----a-w- c:\program files\Azureus_2.5.0.0_OSX.dmg
2005-11-22 06:21 . 2005-11-22 06:21 1508 ----a-w- c:\program files\uninstal.log
2005-09-05 19:16 . 2005-09-05 19:16 353888 ----a-w- c:\program files\LimeWireWin.exe
2005-08-25 04:04 . 2005-08-25 04:04 488032 ----a-w- c:\program files\PopUpStopper.exe
2005-08-25 04:00 . 2005-08-25 03:59 4436776 ----a-w- c:\program files\SuperAdBlocker.exe
2005-08-24 03:53 . 2005-08-24 03:52 22040920 ----a-w- c:\program files\iTunesSetup.exe
2005-08-24 00:27 . 2005-08-24 00:27 2855080 ----a-w- c:\program files\aawsepersonal.exe
2005-08-23 19:02 . 2005-08-23 19:02 323072 ----a-w- c:\program files\ScreenShotSetup.msi
2002-05-21 15:00 . 2002-05-21 15:00 1362 ----a-r- c:\program files\ReadMe.txt
2009-06-21 00:26 . 2008-06-18 13:32 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2004-05-07 19:31 . 2005-10-12 22:12 348160 ----a-w- c:\program files\mozilla firefox\components\MSVCR71.DLL
2005-10-10 05:00 . 2005-10-12 22:12 139264 ----a-w- c:\program files\mozilla firefox\components\SABFF.DLL
.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 12:22 am

part 2:


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-27 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"Turtle Beach Audio Advantage Micro"="c:\program files\Turtle Beach\AudioAdvantageMicro\TBAA.exe" [2007-02-15 1650688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-06-19 333960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon]
2005-10-10 05:00 143360 ----a-w- c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [7/10/2009 12:31 PM 97608]
R1 SABDIFSV;SABDIFSV;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [10/10/2005 1:00 AM 5632]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [7/10/2009 12:31 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/10/2009 12:31 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2009 12:31 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/10/2009 12:31 PM 434945]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [6/19/2009 10:08 AM 189064]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [7/10/2009 12:31 PM 69632]
R3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM102.sys [7/3/2009 4:33 PM 1522176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/20/2009 8:11 PM 79360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [12/1/2008 6:33 PM 768256]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [10/24/2008 6:27 PM 1830912]
S3 PWIPENUM;PWIPENUM;\??\c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS --> c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005Core.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005UA.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-12 c:\windows\Tasks\Norton Security Scan for Jon.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 21:20]

2009-07-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\viz2txmf.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\SABFF.DLL
FF - plugin: c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-13 19:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1296)
c:\windows\system32\Ati2evxx.dll
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1360)
c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(628)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\SpywareGuard\dlprotect.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\WLTRAY.EXE
c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2009-07-13 20:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-14 00:03

Pre-Run: 4,941,918,208 bytes free
Post-Run: 4,816,863,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

342 --- E O F --- 2009-04-30 07:02
REGEDIT4

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 12:39 am

meanwhile, firefox is running really slowly. Avira (i keep wanting to say Elvira) gave me a popup that said "avira has blocked a FF popup while in game mode. Always block FF popups?" and i clicked yes. But what if I want to undo that? how do I do it?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Tue Jul 14, 2009 12:42 am

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\d3d9caps.dat
c:\program files\xchu70db.exe
c:\program files\ttpvp7mx.exe
c:\program files\Azureus_2.5.0.0_Win32.setup.exe
c:\program files\Azureus_2.5.0.0_OSX.dmg
c:\program files\LimeWireWin.exe

Folder::
c:\documents and settings\Jon\Application Data\BitTorrent
c:\documents and settings\Jon\Application Data\DNA
c:\program files\DNA

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Firefox::
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.




Also Please run a Malwarebytes quick scan and post the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 1:24 am

The resulting log, part1:

ComboFix 09-07-13.01 - Jon 07/13/2009 21:04.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.614 [GMT -4:00]
Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jon\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
FW: Avira Firewall *enabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FILE ::
"c:\program files\Azureus_2.5.0.0_OSX.dmg"
"c:\program files\Azureus_2.5.0.0_Win32.setup.exe"
"c:\program files\LimeWireWin.exe"
"c:\program files\ttpvp7mx.exe"
"c:\program files\xchu70db.exe"
"c:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jon\Application Data\BitTorrent
c:\documents and settings\Jon\Application Data\BitTorrent\!!! (chk chk chk) - Myth Takes [2007.DANCE].LokoTorrents.com.By KELOLO.zip.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\2007 Cracked Pepper.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\310 To Yuma.rar.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Aion_The_Tower_Of_Eternity_OST.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Ben_Folds-Way_To_Normal-2008-BENFOLDS.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big Wet Asses 11 - Julia Bond.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big wet asses 5.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big Wet Asses 7.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Big Wet Asses 8[2CDs][Dvd-Rip][[You must be registered and logged in to see this link.]
c:\documents and settings\Jon\Application Data\BitTorrent\Big.Wet.Asses.11.XXX.[DVDRIP][[You must be registered and logged in to see this link.]
c:\documents and settings\Jon\Application Data\BitTorrent\Big.Wet.Asses.13.XXX.DVDRip.XviD-FLESHLiGHT.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\Jon\Application Data\BitTorrent\Blockhead - Music By Cavelight - 2004.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Brianna Love - Ass Worship 10.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\brianna_love_BWB.wmv.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\DAMNATUS_Soundtrack.zip.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\dana dearmond - big wet asses 10.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\dht.dat
c:\documents and settings\Jon\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\Dune.(Expanded).1CD.1984.Soundtrack.[WmC].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Explosions in the Sky - All of a Sudden I Miss Everyone (2007).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Explosions In The Sky.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Fever Ray - 2009 - Fever Ray.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Fever Ray - Seven (RealDaniel Remix) 2009.MP3.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Futurama Benders Game (2008) DVDRip Occor.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Futurama The Beast with a Billion Backs (2008) [Alfeel].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Hybrid - Soundsystem 01 (2008) (MP3-EAC-320kBs).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Justice - Cross (2008) [Mp3][[You must be registered and logged in to see this link.]
c:\documents and settings\Jon\Application Data\BitTorrent\Kasabian-West_Ryder_Pauper_Lunatic_Asylum-2009-DV8.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Kasabian West Ryder Pauper Lunatic Asylum 1CD.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Ladytron-Velocifero (2008) [Mp3][[You must be registered and logged in to see this link.]
c:\documents and settings\Jon\Application Data\BitTorrent\ORIGA.-.Aurora-2005-[py].torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Pearl [You must be registered and logged in to see this link.]
c:\documents and settings\Jon\Application Data\BitTorrent\resume.dat
c:\documents and settings\Jon\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\Rockabye Baby Lullaby Renditions of Nine Inch Nails.1.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Rodrigo y Gabriela - Discography 2003-2006.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\rss.dat
c:\documents and settings\Jon\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\settings.dat
c:\documents and settings\Jon\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Jon\Application Data\BitTorrent\SIMIAN MOBILE DISCO - Attack, Decay, Sustain, Release (2007 - MP3 192 Kbps) by Musicanarias.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Simian_Mobile_Disco-Sample_And_Hold_(Attack_Decay_Sustain_Release_Remixed)-(Advance)-2008-WiCHiTA.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Soundtrack - (Batman Begins).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Star Trek 01-10 Soundtrack Complete.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The Dark Knight - OST.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The Mission (UK) - ADDON.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The mission UK.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\The Presets - Apocalypso.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - [11x03] - 2008.07.06 [ANGELiC].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - [13x03] - 2009.07.05 [RiVER].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - [13x04] - 2009.07.12 [FoV].avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear - sub zero driving anthems - 2cd's (split trakcs +covers).torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear 13x01 S13E01 SUB ITA - GM.avi.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S09E01 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S10 - Soundtrack Update Pack II.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S11E02 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S11E03 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S11E06 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S13E01 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top Gear S13E02 - Soundtrack.torrent
c:\documents and settings\Jon\Application Data\BitTorrent\Top.Gear.S13E02.WS.PDTV.XviD-RiVER.torrent
c:\documents and settings\Jon\Application Data\DNA
c:\documents and settings\Jon\Application Data\DNA\dht.dat
c:\documents and settings\Jon\Application Data\DNA\dht.dat.old
c:\documents and settings\Jon\Application Data\DNA\dna.lng
c:\documents and settings\Jon\Application Data\DNA\resume.dat
c:\documents and settings\Jon\Application Data\DNA\resume.dat.old
c:\documents and settings\Jon\Application Data\DNA\rss.dat
c:\documents and settings\Jon\Application Data\DNA\rss.dat.old
c:\documents and settings\Jon\Application Data\DNA\settings.dat
c:\documents and settings\Jon\Application Data\DNA\settings.dat.old
c:\program files\Azureus_2.5.0.0_OSX.dmg
c:\program files\Azureus_2.5.0.0_Win32.setup.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWireWin.exe
c:\program files\ttpvp7mx.exe
c:\program files\xchu70db.exe
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-12 15:52 . 2009-07-12 15:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Avira
2009-07-10 17:24 . 2009-07-10 17:24 -------- d-----w- c:\program files\Common Files\Application
2009-07-10 17:24 . 2009-07-14 00:17 -------- d-----w- c:\program files\SPAMfighter
2009-07-10 17:21 . 2009-07-10 17:21 -------- d-----w- c:\documents and settings\Jon\Application Data\SPAMfighter
2009-07-10 17:20 . 2009-07-10 17:20 1761720 ----a-w- c:\program files\spamfighter_web.exe
2009-07-10 16:31 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-10 16:31 . 2009-05-08 18:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-07-10 16:31 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-10 16:31 . 2009-02-24 17:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-07-10 16:31 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-10 16:31 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-10 16:31 . 2009-07-10 16:31 -------- d-----w- c:\program files\Avira
2009-07-10 16:14 . 2009-07-10 16:17 37013648 ----a-w- c:\program files\avira_premium_security_suite_en.exe
2009-07-07 02:52 . 2009-07-07 02:52 -------- d-----w- c:\documents and settings\Jon\Application Data\Amazon
2009-07-07 02:51 . 2009-07-07 02:51 606168 ----a-w- c:\program files\AmazonMP3Installer.exe
2009-07-05 21:35 . 2009-07-09 22:55 -------- d-----w- c:\program files\backups
2009-07-04 00:02 . 2009-07-04 00:02 401720 ----a-w- c:\program files\HiJack(GP)This.exe
2009-07-03 23:49 . 2009-07-03 23:49 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-03 20:41 . 2009-07-03 20:41 -------- d-----w- c:\program files\Common Files\Voyetra
2009-07-03 20:35 . 2008-12-05 03:46 278528 ----a-w- c:\windows\system32\CM102rm.exe
2009-07-03 20:35 . 2006-03-21 09:28 32768 ----a-w- c:\windows\system32\c102prop.dll
2009-07-03 20:33 . 2008-10-30 18:44 1522176 ----a-w- c:\windows\system32\drivers\CM102.sys
2009-07-03 20:33 . 2008-10-13 04:43 319488 ----a-w- c:\windows\Cmi102Uninstall.exe
2009-07-03 20:33 . 2004-04-14 14:28 315392 ----a-w- c:\windows\system\Fltr102.dll
2009-07-03 20:33 . 2009-07-03 20:33 -------- d-----w- c:\program files\Turtle Beach
2009-06-30 02:08 . 2009-05-27 02:29 156160 ----a-w- c:\program files\JavaRa.exe
2009-06-29 00:08 . 2009-06-29 00:08 -------- d-----w- c:\program files\CONEXANT
2009-06-27 18:52 . 2009-07-13 19:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 18:51 . 2009-07-12 22:00 -------- d-----w- c:\program files\Norton Security Scan
2009-06-27 15:50 . 2009-06-27 15:50 -------- d-----w- c:\windows\system32\Adobe
2009-06-27 15:49 . 2009-06-27 15:50 8524280 ----a-w- c:\program files\Shockwave_Installer_Full.exe
2009-06-21 01:39 . 2009-06-21 01:40 10995608 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative CD Burner Plugin 5.01.44 for Creative MediaSource 5 Player_Organizer__\CMS5_BRNR_PCAPP_LB_5_01_44.exe
2009-06-21 01:03 . 2009-06-21 01:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-21 00:39 . 2009-06-21 00:40 7811800 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative System Information for Sound Blaster X-Fi Go!1.10.13__\SBXG_CSI_PCApp_LB_1_10_13.exe
2009-06-21 00:35 . 2009-06-21 00:39 37406376 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative MediaSource 5 Player_Organizer 5.25.02__\CMS5_PCAPP_LB_5_25_02.exe
2009-06-21 00:31 . 2009-06-21 00:35 33609328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Karaoke Player for Creative Sound Blaster X-Fi Go!2.10.05__\SBXG_Kplay_PCApp_LB_2_10_05.exe
2009-06-21 00:28 . 2009-06-21 00:31 21636176 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative Volume Panel for Creative Sound Blaster X-Fi Go!2.20.70__\SBXG_VolPanel_PCApp_LB_2_20_70.exe
2009-06-21 00:27 . 2009-06-21 00:28 12846328 ----a-w- c:\documents and settings\All Users\Application Data\Creative\Software Update\cache\Creative WaveStudio 7.11.00__\WAVESTD_PCAPP_LB_7_11_00.exe
2009-06-21 00:23 . 2009-06-21 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-06-21 00:18 . 2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
2009-06-21 00:16 . 2009-06-21 00:16 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-21 00:16 . 2009-06-21 00:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-21 00:12 . 2008-10-30 22:15 189952 ----a-w- c:\windows\system32\KSXPPI32.dll
2009-06-21 00:12 . 2007-12-11 22:47 23292 ----a-w- c:\windows\ksaudENG.reg
2009-06-21 00:12 . 2007-07-05 14:27 2630 ----a-w- c:\windows\MixerName.reg
2009-06-21 00:12 . 2008-11-06 22:41 7556 ----a-w- c:\windows\system32\MixerDefaultXP.reg
2009-06-21 00:12 . 2008-08-29 03:02 3556 ----a-w- c:\windows\system32\DeviceDefaultsXP.reg
2009-06-21 00:11 . 2009-06-21 00:11 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-06-21 00:09 . 2009-06-27 15:46 -------- d-----w- c:\program files\Creative
2009-06-20 23:58 . 2009-06-20 23:58 -------- d-----w- c:\program files\SB FX-Go
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-06-20 23:56 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 1:25 am

the resulting log, part2:

2009-07-13 22:54 . 2008-11-07 01:00 -------- d-----w- c:\program files\trillian
2009-07-10 16:40 . 2007-08-07 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-10 16:40 . 2005-08-02 21:19 -------- d-----w- c:\program files\McAfee.com
2009-07-09 16:35 . 2009-07-04 00:04 9477 ----a-w- c:\program files\hijackthis.log
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-09 00:25 . 2009-02-07 18:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-07 14:15 . 2005-08-31 00:27 -------- d-----w- c:\documents and settings\Jon\Application Data\WeatherBug
2009-07-07 01:50 . 2005-08-23 02:12 -------- d-----w- c:\program files\Real
2009-07-04 23:07 . 2009-07-04 23:07 14297 ----a-w- c:\program files\hijackthis July04_09_1.log
2009-07-04 21:32 . 2009-02-09 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-04 14:17 . 2009-07-04 14:17 14793 ----a-w- c:\program files\hijackthis July4_09.log
2009-07-04 03:01 . 2009-02-09 00:23 -------- d-----w- c:\program files\NOS
2009-07-04 00:06 . 2009-07-04 00:06 14845 ----a-w- c:\program files\hijackthis July3_09.log
2009-07-03 20:09 . 2005-08-02 21:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 03:45 . 2005-08-25 01:35 -------- d-----w- c:\program files\Juno
2009-06-27 18:54 . 2006-11-27 02:35 730256 ----a-w- c:\program files\wpsetup.exe
2009-06-27 15:55 . 2008-10-07 14:56 -------- d-----w- c:\program files\yahoo messenger
2009-06-27 15:48 . 2009-02-08 17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 01:29 . 2008-09-07 12:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-06-21 01:19 . 2005-08-24 03:55 -------- d-----w- c:\program files\iTunes
2009-06-21 01:18 . 2007-03-17 18:55 -------- d-----w- c:\program files\iPod
2009-06-21 01:18 . 2007-11-30 17:28 -------- d-----w- c:\program files\Common Files\Apple
2009-06-21 01:13 . 2005-11-13 07:14 -------- d-----w- c:\program files\QuickTime
2009-06-17 15:27 . 2009-02-08 17:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-02-08 17:34 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 04:19 . 2009-02-10 18:35 -------- d-----w- c:\program files\Java
2009-06-10 04:11 . 2009-06-10 04:11 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-23 00:53 . 2009-06-30 02:08 245103 ----a-w- c:\program files\JavaRa.def
2009-05-21 15:33 . 2009-02-08 23:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-12 15:34 . 2009-05-12 15:33 16742799 ----a-w- c:\program files\vlc-0.9.9-win32.exe
2009-05-12 15:32 . 2009-05-12 15:32 1914000 ----a-w- c:\program files\install_flash_player_10_active_x.exe
2009-05-10 17:00 . 2009-02-08 17:31 2967800 ----a-w- c:\program files\mbam-setup.exe
2009-04-19 01:01 . 2009-04-19 01:01 152576 ----a-w- c:\documents and settings\Jon\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-13 17:41 . 2009-03-13 17:41 10427840 ----a-w- c:\program files\Vuze_Installer.exe
2009-03-12 01:51 . 2009-03-12 01:51 831757 ----a-w- c:\program files\graphic-converter.exe
2009-03-12 01:23 . 2009-03-12 01:23 1074244 ----a-w- c:\program files\capture.exe
2009-03-01 16:32 . 2009-03-01 16:32 1878888 ----a-w- c:\program files\install_flash_player_10.exe
2009-02-10 18:26 . 2009-02-10 18:25 607640 ----a-w- c:\program files\jxpiinstall-6u12-fcs-bin-b04-windows-i586-17_jan_2009.exe
2009-02-10 17:41 . 2009-02-10 17:39 16409960 ----a-w- c:\program files\spybotsd162.exe
2009-02-09 01:29 . 2009-02-09 01:29 298096 ----a-w- c:\program files\desktopsp2_StubInstaller.exe
2009-02-09 00:56 . 2009-02-09 00:56 156034 ----a-w- c:\program files\FHSetup.exe
2009-02-09 00:55 . 2009-02-09 00:55 292352 ----a-w- c:\program files\STOPzilla_Setup.exe
2009-02-08 17:30 . 2009-02-08 17:30 50688 ----a-w- c:\program files\ATF-Cleaner.exe
2009-02-07 18:51 . 2009-02-07 18:51 368961 ----a-w- c:\program files\dds.com
2009-02-07 18:49 . 2009-02-07 18:49 2062665 ----a-w- c:\program files\spywareguardsetup.exe
2008-07-18 11:24 . 2008-07-18 11:24 3518422 ----a-w- c:\program files\flvplayer_setup.exe
2008-06-30 09:16 . 2008-06-30 09:14 23510720 ----a-w- c:\program files\dotnetfx.exe
2008-06-30 09:15 . 2008-06-30 09:15 1427520 ----a-w- c:\program files\Silverlight.exe
2008-06-19 20:29 . 2009-06-30 02:08 17987 ----a-w- c:\program files\gpl-2.0.txt
2008-02-27 13:28 . 2005-11-07 02:43 1491592 ----a-w- c:\program files\install_flash_player.exe
2008-01-28 11:45 . 2008-01-28 11:44 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2008-01-03 00:25 . 2008-01-03 00:25 6876336 ----a-w- c:\program files\RecoverMyFiles-Setup.exe
2007-04-12 06:45 . 2007-04-12 06:45 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-02-27 04:23 . 2007-02-27 04:22 3782589 ----a-w- c:\program files\LastFM_Win_1.1.3.0.exe
2007-02-26 11:00 . 2007-02-26 11:01 3537447 ----a-w- c:\program files\MP3Rocket-Win.exe
2007-02-19 07:16 . 2007-02-19 07:16 3428033 ----a-w- c:\program files\iMP3Tunes-Win.exe
2005-11-22 06:21 . 2005-11-22 06:21 1508 ----a-w- c:\program files\uninstal.log
2005-08-25 04:04 . 2005-08-25 04:04 488032 ----a-w- c:\program files\PopUpStopper.exe
2005-08-25 04:00 . 2005-08-25 03:59 4436776 ----a-w- c:\program files\SuperAdBlocker.exe
2005-08-24 03:53 . 2005-08-24 03:52 22040920 ----a-w- c:\program files\iTunesSetup.exe
2005-08-24 00:27 . 2005-08-24 00:27 2855080 ----a-w- c:\program files\aawsepersonal.exe
2005-08-23 19:02 . 2005-08-23 19:02 323072 ----a-w- c:\program files\ScreenShotSetup.msi
2002-05-21 15:00 . 2002-05-21 15:00 1362 ----a-r- c:\program files\ReadMe.txt
2009-06-21 00:26 . 2008-06-18 13:32 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2004-05-07 19:31 . 2005-10-12 22:12 348160 ----a-w- c:\program files\mozilla firefox\components\MSVCR71.DLL
2005-10-10 05:00 . 2005-10-12 22:12 139264 ----a-w- c:\program files\mozilla firefox\components\SABFF.DLL
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 00:15 . 2009-07-14 00:15 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat
+ 2009-07-14 00:15 . 2009-07-14 00:15 16384 c:\windows\Temp\Perflib_Perfdata_228.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-27 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"Turtle Beach Audio Advantage Micro"="c:\program files\Turtle Beach\AudioAdvantageMicro\TBAA.exe" [2007-02-15 1650688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-06-19 333960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon]
2005-10-10 05:00 143360 ----a-w- c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 1:25 am

the resulting log part3:


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1137564882\\ee\\aim6.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [7/10/2009 12:31 PM 97608]
R1 SABDIFSV;SABDIFSV;c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [10/10/2005 1:00 AM 5632]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [7/10/2009 12:31 PM 388865]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [7/10/2009 12:31 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/10/2009 12:31 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [7/10/2009 12:31 PM 434945]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [6/19/2009 10:08 AM 189064]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [7/10/2009 12:31 PM 69632]
R3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM102.sys [7/3/2009 4:33 PM 1522176]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/20/2009 8:11 PM 79360]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [12/1/2008 6:33 PM 768256]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [10/24/2008 6:27 PM 1830912]
S3 PWIPENUM;PWIPENUM;\??\c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS --> c:\program files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 6:12 PM 14032]
.
Contents of the 'Scheduled Tasks' folder

2009-07-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005Core.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1735468999-2085973614-3895103879-1005UA.job
- c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-27 15:00]

2009-07-12 c:\windows\Tasks\Norton Security Scan for Jon.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 21:20]

2009-07-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\viz2txmf.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\Mozilla Firefox\components\SABFF.DLL
FF - plugin: c:\documents and settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-13 21:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'lsass.exe'(1368)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-07-14 21:20
ComboFix-quarantined-files.txt 2009-07-14 01:18
ComboFix2.txt 2009-07-14 00:04

Pre-Run: 4,829,319,168 bytes free
Post-Run: 4,775,862,272 bytes free

370 --- E O F --- 2009-04-30 07:02

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 1:37 am

and here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.38
Database version: 2401
Windows 5.1.2600 Service Pack 3

7/13/2009 9:36:41 PM
mbam-log-2009-07-13 (21-36-41).txt

Scan type: Quick Scan
Objects scanned: 101822
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Tue Jul 14, 2009 3:01 am

How is the machine running?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 3:07 am

Things are running more smoothly. Firefox still takes a good three or so minutes to start when i tell it to and i have a lot of benign things that run at start up that i dont want to and i don't know how to tell them not to. Things like Weatherbug, AIM, and an alert about getting "Windows Genuine Advantage" that i can't be sure is legit or will help or hinder my PC use.

Spybot SD now loads properly though.

I am concerned that Avira may block popups that i want to come up. How do i tell it not to block them?

Thank you for staying up this late to help me by the way.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Tue Jul 14, 2009 3:10 am

I see please do the following:

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 3:26 am

here's the GooredFX.txt:

GooredFix by jpshortstuff (12.07.09)
Log created at 23:24 on 13/07/2009 (Jon)
Firefox version 3.0.11 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:55 23/08/2005]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [06:43 21/05/2007]
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [18:37 10/02/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [01:30 19/04/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [04:20 10/06/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:36 10/02/2009]

-=E.O.F=-

it came up so quickly. I don't know how it was able to do a scan in that time.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 4:45 am

New problems: I had to reinstall the software for my USB sound card and after that, I couldn't use the adress bar for firefox even if I turned the "guard" off on avira. So i restarted and thats ok now but I forgot to mention, for several years now, Firefox won't open if any of the following are already open: anything that connects to the internet, including itunes, instant messenger, anything in MS Office, Weatherbug; any windows explorer windows or related things. If they're open and i try to open FF, it gives me a popup alert that says "FF is already open. Please close it and retry opening it" or something like that that makes more verbal sense but means the same thing. 99 times out of 100, if I close everything else that i mentioned and then reopen FF its ok but once in a while it still won't do it.

Also, as I think i mentioned before, FF takes a very long time to open up. Actually so does IE. This didn't used to be the case but its been like this for years and I just got used to it. What could be causing this?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 1:34 pm

Oh yes forgot to mention, the last scan seemed to have messed up my prefered bittorrent program. For all I know this is for the best but now how do I get torrents? Am I SOL as far as that is concerned or are there better programs for it that won't mess me up?

edit: I reinstalled bittorrent, found that it slowed things, and then uninstalled it and things are better again. What bittorrent software would be better?


Last edited by spacephrawgg on Tue Jul 14, 2009 3:21 pm; edited 1 time in total (Reason for editing : thought of something else to say)

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Belahzur on Tue Jul 14, 2009 4:48 pm

We don't recommend any kind of torrent software, any kind of P2P is dangerous.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Tue Jul 14, 2009 4:51 pm

Hello, unless you remove all torrent clients from your computer we can not help you as torrents usually come with malware.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 5:26 pm

I have removed all of the stoftware. There are things that I periodically like to download. If I made a project of only having one of these softwares installed for a short ammount of time on my system and then uninstalling it afterwords, since I only use these things maybe once a month, and periodically clean the crap that comes with out of the computer, I should be ok, yes?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Tue Jul 14, 2009 6:10 pm

well not really, depending on what you download you can get infected again.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 6:23 pm

Well crap. I don't suppose it would be appropriate to ask for help with that periodically would it....? Nuts.

So what do I do next to fix the computer?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Tue Jul 14, 2009 6:30 pm

Please post a new HijackThis log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Tue Jul 14, 2009 6:32 pm

there you go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:22 PM, on 7/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trillian\trillian.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jon\My Documents\My Music\My Music\Shared Limewire stuff\Amazon MP3 downloads\AmazonMP3Downloader.exe
C:\Program Files\Quick Screen Capture\Capture.exe
C:\Program Files\HiJack(GP)This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Micro] "C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [You must be registered and logged in to see this link.]
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [You must be registered and logged in to see this link.]
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10270 bytes

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Tue Jul 14, 2009 9:05 pm


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]



  • Press "Fix Checked"
  • Close Hijack This.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Wed Jul 15, 2009 2:27 am

Done. Will I be able to use Weatherbug and Aim6 after having done that or are they dead now?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Wed Jul 15, 2009 2:31 am

Since the ComboFX scan, when I am using Trillian, my preferred instant messaging software, when i click a link in a dialog window, it now only opens thiat link in Internet Explorer. It used to do it in Firefox and I wanted it to. I don't know how to change it back. Why would the scan have caused that change? Is there any way to undo it?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Belahzur on Wed Jul 15, 2009 3:12 pm

Hello.
That's just the default browser.

Open Firefox as normal, does it have a little popup that says checking your default browser?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Wed Jul 15, 2009 3:31 pm

Ah very good. Meanwhile things are periodically still running a little slowly. are there any other scans I can do?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Belahzur on Wed Jul 15, 2009 3:34 pm

Hello.
Uninstall Spybot/SpamFIGHTER/Winpatrol.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Micro] "C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe"
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]


  • Press "Fix Checked"
  • Close Hijack This.

Install Spybot again now if you would like.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Wed Jul 15, 2009 4:00 pm

The scan did not show these:

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

or

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]


also before I completed the uninstallation of Spybot, it gave me a warning saying that all the changes made with Spybot during my use of it would be undone if i uninstalled it. After the obligatory restart, things were running very much more slowly. What should I do?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Wed Jul 15, 2009 4:03 pm

Can I/should I run a malwarebytes scan to clean up what was undone by the uninstallation of Spybot? I am having trouble reinstalling Spybot. THe installation wizard froze on me.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Wed Jul 15, 2009 4:45 pm

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Thu Jul 16, 2009 1:26 am

The Kaspersky thing is still updating. hasn't scanned yet. The buttons in the left frame, like "scan", 'update" and others refuse to load completely. Its as if Explorer doesn't recognise the format of the site or something. How should I proceed?

edit: Sorry I misread the previous post. please disregard this post.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Thu Jul 16, 2009 1:56 am

The kaspersky scan seems to have frozen. what should I do?

edit: please ignore - it started up again.

It says that i can continue web surfing in other browsers while this is going on so thats what i've been doing. I hope that is ok.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Thu Jul 16, 2009 3:10 pm

kaspersky scan report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 16, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 16, 2009 02:42:52
Records in database: 2472927
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 204694
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 05:44:38


File name / Threat name / Threats count
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP866\A0139907.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.i 1
C:\_OTMoveIt\MovedFiles\02072009_143227\program files\netpumper-1.25.1-setup-NP_0210.exe Infected: Trojan.Win32.Obfuscated.en 1

The selected area was scanned.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Thu Jul 16, 2009 5:43 pm

Is it ok for me to do a spybot scan yet?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Thu Jul 16, 2009 5:49 pm

Yes if you want and do a Malwarebytes scan and post the log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Thu Jul 16, 2009 11:38 pm

Here is the log:

Malwarebytes' Anti-Malware 1.38
Database version: 2401
Windows 5.1.2600 Service Pack 3

7/16/2009 5:58:17 PM
mbam-log-2009-07-16 (17-58-17).txt

Scan type: Quick Scan
Objects scanned: 103977
Time elapsed: 18 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Last edited by spacephrawgg on Thu Jul 16, 2009 11:40 pm; edited 1 time in total (Reason for editing : thought of something else to say)

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Fri Jul 17, 2009 6:45 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Sat Jul 18, 2009 12:06 am

I'm having trouble with the GMER program. When it opens its busy for a second and is just a gray square on the screen. then it looks like its supposed to and i can click the >>> button and i get the thing where it shows a scan button but it won't respond when i click on it. the other buttons will respond but not "scan".

The results it does give me is this:

GMER 1.0.15.14972 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-17 20:05:27
Windows 5.1.2600 Service Pack 3


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)

---- EOF - GMER 1.0.15 ----


Is this what its suposed to produce or is it doing something wrong?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Sat Jul 18, 2009 12:08 am

Lets try a different tool:

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from [You must be registered and logged in to see this link.].
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Sat Jul 18, 2009 12:18 am

The scan is still going on. Is it safe for me to listen to itunes and look at my music library (not download new music) right now?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Sat Jul 18, 2009 12:20 am

Yes it is.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Sat Jul 18, 2009 12:34 am

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/17 20:15
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF23C9000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B8F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF7BF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\jon\local settings\temp\etilqs_6poej8hh3wjbkgvfyqpm
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\T-41520080-falluja, iraq - USA US Troops Guerilla Hot War Battle With Insurgents Footage Released 11-14-2004 via web United States Coalition of the willing drudge sex tits teen lolita bus.avi
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\T-24179273-DJ Food & DK -Solid Steel Theme - Jeru The Damaja - Come Clean_The Cinematic Orchestra - Channel One Suite - NEotrpic - Beached - Ice - X1 - X-Ecutioners - Musica Negra - David.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Shared Limewire stuff\remix jurasic park remix ft. Big Pun, Method Man, Redman, Eminem, Busta Rymes, Jurassic 5, Tupac, Sheek, BG, DMX, Snoop, Young Noble, Bone Thugs N Harmony, Ghostface Killah, Dr.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 01 - All I Want To Know.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 02 - As You Turn To Go.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 03 - Dreams Anymore.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 04 - Epitaph For My Heart.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 05 - Heather Heather.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 06 - I Think I Need A New Heart.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 07 - One April Day.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 08 - Stray With Me.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 09 - The Luckiest Guy On The Lower East Side.mp3
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Jon\My Documents\My Music\My Music\Incomplete\H7KOMOHRXJGW424O7IT3GSDAHD4TWOMO\magnetic fields [discography]\[2003] stephin merritt - pieces of april [unreleased tracks]\Stephen Merritt - Pieces of April Soundtrack - 10 - You You You You You.mp3
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "" at address 0xf7d00d1e

#: 053 Function Name: NtCreateThread
Status: Hooked by "" at address 0xf7d00d14

#: 063 Function Name: NtDeleteKey
Status: Hooked by "" at address 0xf7d00d23

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "" at address 0xf7d00d2d

#: 098 Function Name: NtLoadKey
Status: Hooked by "" at address 0xf7d00d32

#: 122 Function Name: NtOpenProcess
Status: Hooked by "" at address 0xf7d00d00

#: 128 Function Name: NtOpenThread
Status: Hooked by "" at address 0xf7d00d05

#: 193 Function Name: NtReplaceKey
Status: Hooked by "" at address 0xf7d00d3c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "" at address 0xf7d00d37

#: 247 Function Name: NtSetValueKey
Status: Hooked by "" at address 0xf7d00d28

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0xf7d00d0f

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "" at address 0xf7d00d0a

==EOF==

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Sat Jul 18, 2009 12:38 am

that there is the report.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Sat Jul 18, 2009 12:44 am

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Files to delete:
c:\documents and settings\jon\local settings\temp\etilqs_6poej8hh3wjbkgvfyqpm

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Sat Jul 18, 2009 1:00 am

"error invalid script" 8>/

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by Origin on Sat Jul 18, 2009 1:02 am

Did you copy everything in the Box?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Not sure what it is but i have a new problem

Post by spacephrawgg on Sat Jul 18, 2009 1:10 am

Ok it worked. Here is the scan report:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Fri Jul 17 21:00:07 2009

21:00:07: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 3)
Fri Jul 17 21:00:33 2009

21:00:33: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\documents and settings\jon\local settings\temp\etilqs_6poej8hh3wjbkgvfyqpm" not found!
Deletion of file "c:\documents and settings\jon\local settings\temp\etilqs_6poej8hh3wjbkgvfyqpm" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum