Is It a Cracker, Hacker or Virus/Malware?

**evilfantasy** · #21 24th Oct 2009, 16:00

You can uninstall all of these. Leave the rest.

Apple Mobile Device Support
EarthLink FastLane
EarthLink MailBox
EarthLink Wireless High Speed
Deal Info
Bonjour
Exterminate3
Instant Memory Cleaner 7.20

After I get the DDS log we will go from there.

yuhr · #22 24th Oct 2009, 17:26

While I am deleting the suggested programs, read the following (after Restart). The rest will follow.
-----------------------------------------------------------

DDS (Ver_09-09-29.01) - NTFSx86
Run by Yury at 15:22:48.78 on Sat 10/24/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.267 [GMT -4:00]

AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\pctspk.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Prevx\prevx.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
E:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
E:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Yury\Desktop\dds.com
C:\Documents and Settings\Yury\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://my.yahoo.com/p/d.html?v
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - e:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CCHelper Class: {0cf0b8ee-6596-11d5-a98e-0003470bb48e} - c:\program files\panicware\pop-up stopper pro\CCHelper.dll
BHO: Babylon Plug In: {a057a204-bacc-4d26-9e83-2db586e27190} - c:\progra~1\babylo~1\BABYLO~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - e:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Pa&nicware Pop-Up Stopper Pro: {b1e741e7-1e77-40d4-9fd8-51949b9ccbd0} - c:\program files\panicware\pop-up stopper pro\popuppro.dll
TB: Babylon Plug In: {a057a204-bacc-4d26-9e83-2db586e27190} - c:\progra~1\babylo~1\BABYLO~1.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [TClockEx] e:\tclockex\TCLOCKEX.EXE
uRun: [AnyDVD] e:\program files\slysoft\anydvd\AnyDVDtray.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [avast!] e:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ProcessSupervisorGUI] e:\program files\process lasso\processlasso.exe
mRun: [ProcessGovernor] e:\program files\process lasso\processgovernor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: &Check Spelling - c:\program files\iespell\ieSpell.dll/SPELLCHECK.HTM
IE: &ieSpell Options - c:\program files\iespell\ieSpell.dll/SPELLOPTION.HTM
IE: Download with &Shareaza
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\ieSpell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\ieSpell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1092871477671
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236737152390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - hxxp://toolbar.google.com/data/GoogleActivate.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37674.8076851852
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = %I

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\yury\applic~1\mozilla\firefox\profiles \zuz3oq4r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\yury\application data\mozilla\firefox\profiles\zuz3oq4r.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: e:\program files\mozilla firefox\components\rpff.dll
FF - plugin: c:\documents and settings\yury\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\program files\mozilla plugins\npitunes.dll
FF - plugin: e:\program files\opera\program\plugins\npdsplay.dll
FF - plugin: e:\program files\opera\program\plugins\npqtplugin.dll
FF - plugin: e:\program files\opera\program\plugins\npqtplugin2.dll
FF - plugin: e:\program files\opera\program\plugins\npqtplugin3.dll
FF - plugin: e:\program files\opera\program\plugins\npqtplugin4.dll
FF - plugin: e:\program files\opera\program\plugins\npqtplugin5.dll
FF - plugin: e:\program files\opera\program\plugins\npqtplugin6.dll
FF - plugin: e:\program files\opera\program\plugins\npqtplugin7.dll
FF - plugin: e:\program files\opera\program\plugins\NPSWF32.dll
FF - plugin: e:\program files\opera\program\plugins\npwmsdrm.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-23 64288]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.s ys [2009-10-22 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-10-22 27656]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-12 114768]
R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2008-11-12 20560]
R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast4\ashServ.exe [2008-11-12 138680]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-10-22 4368952]
R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\system32\dri vers\HIDKbFlt.sys [2005-7-25 23680]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2007-12-14 572776]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2007-12-14 572776]
R2 IOPort;IOPort;c:\windows\system32\IOPORT.SYS [2003-2-22 6144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1170768]
R3 avast! Mail Scanner;avast! Mail Scanner;e:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;e:\program files\alwil software\avast4\ashWebSv.exe [2008-11-12 352920]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2N DIS5.SYS [2004-11-1 17536]
S3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2004-7-20 11520]
S3 Unilocator;Unilocator;c:\windows\system32\LOCATRNT .EXE [1996-9-30 120832]
S3 vsdatant;vsdatant; [x]
S4 EarthLinkMonitor;EarthLink Monitor Service;"c:\program files\earthlink totalaccess\wengine\wmonitor.exe" --> c:\program files\earthlink totalaccess\wengine\wmonitor.exe [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;e:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-9-17 85504]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-23 20:24 15,688 ac------ c:\windows\system32\lsdelete.exe
2009-10-23 19:50 64,288 ac------ c:\windows\system32\drivers\Lbd.sys
2009-10-23 19:48 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-22 20:18 27,656 ac------ c:\windows\system32\drivers\pxsec.sys
2009-10-22 20:18 22,024 ac------ c:\windows\system32\drivers\pxscan.sys
2009-10-22 20:18 <DIR> -cd----- c:\program files\Prevx
2009-10-22 20:18 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-10-22 14:42 <DIR> -cd----- c:\docume~1\yury\applic~1\Desktopicon
2009-10-19 19:42 <DIR> -cd----- c:\windows\system32\wbem\Repository
2009-10-18 11:59 262,144 a------- C:\ntuser.dat
2009-10-18 11:58 <DIR> -cd----- c:\program files\Yahoo!(2)
2009-10-17 10:39 <DIR> -cd----- c:\program files\Windows Installer Clean Up
2009-10-17 10:39 <DIR> -cd----- c:\program files\MSECACHE
2009-10-17 10:28 104,512 ac------ c:\windows\system32\drivers\AnyDVD.sys
2009-10-11 11:24 411,368 ac------ c:\windows\system32\deploytk.dll
2009-10-10 18:11 <DIR> -cds---- C:\ComboFix
2009-10-10 14:13 <DIR> acdshr-- C:\cmdcons
2009-10-04 16:52 <DIR> -cd----- c:\docume~1\yury\applic~1\Office Genuine Advantage
2009-10-04 11:20 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-04 11:20 <DIR> -cd----- c:\docume~1\yury\applic~1\SUPERAntiSpyware.com
2009-09-28 21:04 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-09-28 19:23 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters(2)
2009-09-28 14:20 89,256 ac------ c:\windows\system32\ElbyCDIO.dll
2009-09-27 09:58 <DIR> -cd----- c:\docume~1\yury\applic~1\Blitware
2009-09-26 13:57 25,768 ac------ c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-25 19:30 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\page
2009-09-25 19:22 <DIR> -cd----- c:\docume~1\yury\applic~1\GetRightToGo
2009-09-24 19:26 <DIR> -cd----- c:\documents and settings\yury\MyConnection PC

==================== Find3M ====================

2009-10-11 17:43 2,560 ac------ c:\windows\_MSRSTRT.EXE
2009-09-10 14:54 38,224 ac------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 ac------ c:\windows\system32\drivers\mbam.sys
2009-08-06 19:23 274,288 ac------ c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 ac------ c:\windows\system32\muweb.dll
2009-08-05 05:01 204,800 ac------ c:\windows\system32\mswebdvd.dll
2009-08-03 15:07 403,816 ac------ c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 ac------ c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 ac------ c:\windows\system32\OGAEXEC.exe
2009-03-27 19:20 22,728 ac------ c:\docume~1\yury\applic~1\GDIPFONTCACHEV1.DAT
2007-12-25 13:21 32 -c------ c:\docume~1\alluse~1\applic~1\ezsid.dat
2006-11-29 22:17 379 -c------ c:\docume~1\yury\applic~1\internaldb1478.dat
2006-11-29 22:07 69,632 -c------ c:\docume~1\yury\applic~1\internaldb8437.dat
2006-11-29 22:07 13,046 -c------ c:\docume~1\yury\applic~1\internaldb3257.dat
2006-11-29 22:07 151 -c------ c:\docume~1\yury\applic~1\internaldb9660.dat
2006-11-29 22:07 0 -c------ c:\docume~1\yury\applic~1\internaldb9238.dat
2006-11-18 20:02 0 -c------ c:\docume~1\yury\applic~1\internaldb1586.dat
2006-11-15 22:44 0 -c------ c:\docume~1\yury\applic~1\internaldb3860.dat
2006-11-13 22:01 0 -c------ c:\docume~1\yury\applic~1\internaldb6168.dat
2006-11-13 22:01 0 -c------ c:\docume~1\yury\applic~1\internaldb2371.dat
2006-11-13 20:02 69,632 -c------ c:\docume~1\yury\applic~1\internaldb4827.dat
2006-11-13 20:02 382 -c------ c:\docume~1\yury\applic~1\internaldb1942.dat
2006-11-13 20:02 151 -c------ c:\docume~1\yury\applic~1\internaldb6500.dat
2006-11-13 20:02 0 -c------ c:\docume~1\yury\applic~1\internaldb9169.dat
2006-11-13 19:44 0 -c------ c:\docume~1\yury\applic~1\internaldb132.dat
2006-11-13 19:44 0 -c------ c:\docume~1\yury\applic~1\internaldb5724.dat
2006-11-02 19:42 0 -c------ c:\docume~1\yury\applic~1\internaldb5436.dat
2006-11-02 19:41 0 -c------ c:\docume~1\yury\applic~1\internaldb435.dat
2006-10-22 20:11 49 -c------ c:\docume~1\yury\applic~1\internaldb41.dat
2006-10-22 20:10 9,216 -c------ c:\docume~1\yury\applic~1\internaldb8467.dat
2006-10-22 20:10 0 -c------ c:\docume~1\yury\applic~1\internaldb6334.dat

============= FINISH: 15:23:37.76 ===============

yuhr · #23 24th Oct 2009, 17:28

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/22/2003 8:40:58 PM
System Uptime: 10/24/2009 9:55:14 AM (6 hours ago)

Motherboard: Intel Corporation | | D845PESV
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | J2E1 | 2399/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 15 GiB total, 3.913 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 8.268 GiB free.
E: is FIXED (NTFS) - 50 GiB total, 43.178 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic

==== System Restore Points ===================

RP11: 10/17/2009 12:13:46 PM - Restore Operation
RP12: 10/17/2009 12:23:38 PM - Revo Uninstaller's restore point - Driver Robot 1.1.0.5
RP13: 10/17/2009 7:13:31 PM - Revo Uninstaller's restore point - Windows Defender
RP14: 10/17/2009 7:14:17 PM - Removed Windows Defender
RP15: 10/17/2009 7:20:52 PM - win def
RP16: 10/17/2009 7:38:53 PM - win def
RP17: 10/18/2009 9:51:40 AM - Revo Uninstaller's restore point - MyConnection PC
RP18: 10/18/2009 9:54:21 AM - Revo Uninstaller's restore point - Driver Robot 1.1.0.5
RP19: 10/18/2009 4:53:32 PM - Restore Operation
RP20: 10/19/2009 7:41:06 PM - Restore Operation
RP21: 10/21/2009 11:46:27 AM - System Checkpoint
RP22: 10/22/2009 3:03:28 PM - System Checkpoint
RP23: 10/23/2009 10:37:47 AM - Revo Uninstaller's restore point - NoAdware v5.0
RP24: 10/23/2009 3:10:47 PM - Revo Uninstaller's restore point - Driver Robot 1.1.0.5
RP25: 10/24/2009 2:24:55 PM - Revo Uninstaller's restore point - Ask Toolbar
RP26: 10/24/2009 2:35:08 PM - Revo Uninstaller's restore point - Java 2 Runtime Environment, SE v1.4.2_04
RP27: 10/24/2009 2:36:40 PM - Revo Uninstaller's restore point - Java(TM) SE Runtime Environment 6 Update 1
RP28: 10/24/2009 2:51:09 PM - Revo Uninstaller's restore point - Java(TM) 6 Update 2
RP29: 10/24/2009 3:02:52 PM - Revo Uninstaller's restore point - Java 2 Runtime Environment, SE v1.4.2_04
RP30: 10/24/2009 3:09:56 PM - Revo Uninstaller's restore point - Java 2 Runtime Environment, SE v1.4.2_04

==== Installed Programs ======================

360Share Pro(remove only)
Access Drivers
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.5
Adobe Shockwave Player
AnyDVD
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Antivirus
AVI Movie Player
Babylon Plug In
Bonjour
Canon MP Navigator EX 1.0
Canon MP610 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
CloneDVD2
Critical Update for Windows Media Player 11 (KB959772)
Deal Info
EarthLink FastLane
EarthLink MailBox
EarthLink Wireless High Speed
Easy-WebPrint
Easy CD Creator 5 Basic
eFax Messenger 4.2
Exterminate3
FaxDrive
FormatFactory 2.15
FUJIFILM FinePixViewer S Ver.2.0
Google Gears
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
ieSpell (remove only)
Instant Memory Cleaner 7.20
Internet Keyboard Elite
iTunes
Java(TM) 6 Update 16
KB408682
KC Softwares SUMo
LightScribe System Software
LightScribe Template Labeler
Logitech Desktop Messenger
Logitech MouseWare 9.79
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser
Mirar
Mozilla Firefox (3.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MyConnection PC
NVDVD
OGA Notifier 2.0.0048.0
Opera 9.64
Panicware Pop-Up Stopper Pro
PaperPort
PC Matic 1.0.0.0
PowerDVD
Prevx 3.0
Prism Video Converter
QuickTime
RamBooster
Redistributed Files
Revo Uninstaller 1.83
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Skype™ 4.1
SnagIt 6
SnagIt 7
SUPERAntiSpyware Free Edition
TClockEx
The Cleaner v6.0 Beta
TotalAccess Core Applications
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6d
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip
WordWeb

==== Event Viewer Messages From Past Week ========

10/23/2009 7:35:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
10/18/2009 3:49:20 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
10/18/2009 11:40:32 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
10/17/2009 9:44:20 AM, error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: An error occurred while reading or writing to a file.
10/17/2009 12:17:03 PM, error: WinDefend [2004] -
10/17/2009 10:31:17 AM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The system cannot find the file specified.
10/17/2009 10:16:40 PM, error: Print [6161] - The document Microsoft Word - Document1 owned by Yury failed to print on printer Canon MP610 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 17072. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\YUHRTW. Win32 error code returned by the print processor: 0 (0x0).
10/17/2009 1:18:18 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================

**evilfantasy** · #24 25th Oct 2009, 09:49

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

File::
c:\windows\Tasks\Driver Robot.job
c:\program files\Driver Robot\1.1.0.4\DriverRobot.exe

Folder::
c:\program files\AskBarDis
c:\program files\Driver Robot

Registry::
[-HKEY_CLASSES_ROOT\clsid\{f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-

[-HKEY_CLASSES_ROOT\clsid\{f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82}]

[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-

[-HKEY_CLASSES_ROOT\clsid\{f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82}]

[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

yuhr · #25 25th Oct 2009, 11:09

evilfantasy,
Thank you so much. You are such a nice guy: I am sure that there are other things to do on this beautiful Indian Summer day (at least in NYC), than researching somebody files!

I'll do it now.
BTW, I always (except in iTunes, where it does not work) use R mouse button for drag and drop - it offers more options.

yuhr · #26 25th Oct 2009, 13:35

Below is CF "after" file:
-------------------------------------------------------------------------
ComboFix 09-10-25.01 - Yury 10/25/2009 15:36.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.458 [GMT -4:00]
Running from: c:\documents and settings\Yury\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Yury\Desktop\CFScript.txt.txt
AV: avast! antivirus 4.8.1351 [VPS 091024-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-24 00:24 . 2009-09-03 09:17 15688 -c--a-w- c:\windows\system32\lsdelete.exe
2009-10-23 23:50 . 2009-09-23 12:55 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-23 23:48 . 2009-10-23 23:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-23 00:18 . 2009-10-23 00:18 27656 -c--a-w- c:\windows\system32\drivers\pxsec.sys
2009-10-23 00:18 . 2009-10-23 00:18 22024 -c--a-w- c:\windows\system32\drivers\pxscan.sys
2009-10-23 00:18 . 2009-10-23 00:18 -------- dc----w- c:\program files\Prevx
2009-10-23 00:18 . 2009-10-23 22:45 -------- dc----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-10-19 23:42 . 2009-10-19 23:42 -------- dc----w- c:\windows\system32\wbem\Repository
2009-10-18 15:59 . 2009-10-18 15:59 262144 ----a-w- C:\ntuser.dat
2009-10-18 15:58 . 2009-10-19 23:41 -------- dc----w- c:\program files\Yahoo!(2)
2009-10-17 16:14 . 2009-10-25 16:29 -------- dc----w- c:\program files\QuickTime
2009-10-17 14:39 . 2009-10-17 16:14 -------- dc----w- c:\program files\Windows Installer Clean Up
2009-10-17 14:39 . 2009-10-17 14:39 -------- dc----w- c:\program files\MSECACHE
2009-10-17 14:28 . 2009-10-17 14:28 104512 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-10-11 15:24 . 2009-10-11 15:24 411368 -c--a-w- c:\windows\system32\deploytk.dll
2009-10-04 20:52 . 2009-10-04 20:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-04 20:52 . 2009-10-04 20:52 -------- dc----w- c:\documents and settings\Yury\Application Data\Office Genuine Advantage
2009-10-04 15:20 . 2009-10-04 15:20 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-04 15:20 . 2009-10-04 15:20 -------- dc----w- c:\documents and settings\Yury\Application Data\SUPERAntiSpyware.com
2009-09-29 01:04 . 2009-09-29 01:04 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-28 23:23 . 2009-09-29 01:04 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters(2)
2009-09-28 18:20 . 2009-09-28 18:20 89256 -c--a-w- c:\windows\system32\ElbyCDIO.dll
2009-09-27 13:58 . 2009-10-19 23:42 -------- dc----w- c:\documents and settings\Yury\Application Data\Blitware
2009-09-26 17:57 . 2009-09-26 17:57 25768 -c--a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-25 23:30 . 2009-09-25 23:30 -------- dc----w- c:\documents and settings\All Users\Application Data\page
2009-09-25 23:22 . 2009-09-25 23:28 -------- dc----w- c:\documents and settings\Yury\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-25 19:12 . 2009-08-18 13:05 -------- dc----w- c:\documents and settings\Yury\Application Data\Skype
2009-10-25 18:29 . 2007-12-25 17:21 -------- dc----w- c:\documents and settings\Yury\Application Data\skypePM
2009-10-25 17:36 . 2009-05-19 23:29 -------- dc----w- c:\documents and settings\Yury\Application Data\BabylonXtra
2009-10-25 16:29 . 2004-03-20 01:30 -------- dc----w- c:\program files\Java
2009-10-25 00:51 . 2009-09-18 01:16 -------- dc----w- c:\program files\PCPitstop
2009-10-25 00:30 . 2008-09-30 22:05 -------- dc----w- c:\program files\Common Files\Apple
2009-10-23 23:48 . 2008-04-08 23:13 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-23 23:48 . 2004-02-27 00:29 -------- dc----w- c:\program files\Lavasoft
2009-10-23 22:19 . 2007-12-06 01:19 -------- dc----w- c:\documents and settings\All Users\Application Data\iolo
2009-10-19 00:33 . 2007-10-03 00:33 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-11 21:43 . 2008-11-26 00:32 2560 -c--a-w- c:\windows\_MSRSTRT.EXE
2009-10-04 21:42 . 2006-03-02 02:06 -------- dc----w- c:\program files\NCH Swift Sound
2009-10-04 15:19 . 2003-02-23 05:05 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-21 01:05 . 2009-09-21 01:05 -------- dc----w- c:\program files\AskBarDis
2009-09-18 01:17 . 2009-09-18 01:16 -------- dc----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-09-10 18:54 . 2009-02-06 03:18 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-02-06 03:19 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 23:38 . 2008-03-09 16:08 -------- dc----w- c:\program files\Microsoft Silverlight
2009-09-06 22:12 . 2009-09-06 22:12 -------- dc----w- c:\program files\LightScribe Template Labeler
2009-09-06 22:02 . 2009-09-06 21:14 -------- dc----w- c:\program files\Common Files\LightScribe
2009-09-06 22:01 . 2009-09-06 22:01 -------- dc----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-18 13:14 . 2009-08-18 13:14 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2009-08-17 16:10 . 2008-11-13 00:09 1279456 -c--a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-11-13 00:09 93392 -c--a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-11-13 00:09 94160 -c--a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-11-13 00:09 114768 -c--a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-11-13 00:09 20560 -c--a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-11-13 00:09 51376 -c--a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-11-13 00:09 23152 -c--a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-11-13 00:09 26944 -c--a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-11-13 00:09 97480 -c--a-w- c:\windows\system32\AvastSS.scr
2009-08-11 23:22 . 2009-01-31 16:09 27136 -c--a-w- c:\windows\system32\drivers\nchssvad.sys
2009-08-06 23:24 . 2004-08-18 23:36 327896 -c--a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-18 23:36 209632 -c--a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 -c--a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-18 23:36 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-07-17 23:58 53472 -c----w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-07-17 23:58 96480 -c--a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-18 23:36 575704 -c--a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-03-22 19:01 274288 -c--a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 -c--a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2004-07-17 23:58 1929952 -c--a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-07-17 23:57 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 -c--a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 -c--a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 -c--a-w- c:\windows\system32\OGAEXEC.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-25_19.13.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-02-23 01:40 . 2009-10-25 19:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2003-02-23 01:40 . 2009-10-25 13:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TClockEx"="e:\tclockex\TCLOCKEX.EXE" [2000-03-09 89088]
"AnyDVD"="e:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-10-19 3087296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="e:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-08-17 81000]
"ProcessSupervisorGUI"="e:\program files\Process Lasso\processlasso.exe" [2008-12-13 316944]
"ProcessGovernor"="e:\program files\Process Lasso\processgovernor.exe" [2008-12-13 133136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Yury\Application Data\iolo\\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
backup=c:\windows\pss\eFax 4.2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk]
backup=c:\windows\pss\eFax.com Tray Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk]
backup=c:\windows\pss\Live Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LocalNet.lnk]
backup=c:\windows\pss\LocalNet.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=c:\windows\pss\MightyFAX Controller.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"SCardDrv"=3 (0x3)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\i2hub\\i2hub.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
"4100:UDP"= 4100:UDP:uPNP Router Control Port

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/23/2009 7:50 PM 64288]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.s ys [10/22/2009 8:18 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [10/22/2009 8:18 PM 27656]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/12/2008 8:09 PM 114768]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [11/12/2008 8:09 PM 20560]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [10/22/2009 8:18 PM 4368952]
R2 HIDKbFlt;HIDKbFlt.SvcDesc%;c:\windows\system32\dri vers\HIDKbFlt.sys [7/25/2005 6:13 AM 23680]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/14/2007 7:09 PM 572776]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/14/2007 7:09 PM 572776]
R2 IOPort;IOPort;c:\windows\system32\IOPORT.SYS [2/22/2003 10:36 PM 6144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1170768]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2N DIS5.SYS [11/1/2004 3:16 PM 17536]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [7/20/2004 5:53 PM 11520]
S3 Unilocator;Unilocator;c:\windows\system32\LOCATRNT .EXE [9/30/1996 120832]
S4 EarthLinkMonitor;EarthLink Monitor Service;"c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe" --> c:\program files\EarthLink TotalAccess\WENGINE\wmonitor.exe [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;e:\program files\PCPitstop\PCPitstopScheduleService.exe [9/17/2009 9:16 PM 85504]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:49]

2009-10-24 c:\windows\Tasks\Ad-Aware.job
- c:\progra~1\Lavasoft\Ad-Aware\Ad-Aware.exe [2009-10-02 23:49]

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-162531612-725345543-1003Core.job
- c:\documents and settings\Yury\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-30 17:03]

2009-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-162531612-725345543-1003UA.job
- c:\documents and settings\Yury\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-30 17:03]

2009-10-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://my.yahoo.com/p/d.html?v
mSearch Bar = hxxp://www.google.com/ie
IE: &Check Spelling - c:\program files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
IE: &ieSpell Options - c:\program files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
IE: Download with &Shareaza
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\documents and settings\Yury\Application Data\Mozilla\Firefox\Profiles\zuz3oq4r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\Yury\Application Data\Mozilla\Firefox\Profiles\zuz3oq4r.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Yury\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\program files\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: e:\program files\Opera\program\plugins\npqtplugin.dll
FF - plugin: e:\program files\Opera\program\plugins\npqtplugin2.dll
FF - plugin: e:\program files\Opera\program\plugins\npqtplugin3.dll
FF - plugin: e:\program files\Opera\program\plugins\npqtplugin4.dll
FF - plugin: e:\program files\Opera\program\plugins\npqtplugin5.dll
FF - plugin: e:\program files\Opera\program\plugins\npqtplugin6.dll
FF - plugin: e:\program files\Opera\program\plugins\npqtplugin7.dll
FF - plugin: e:\program files\Opera\program\plugins\NPSWF32.dll
FF - plugin: e:\program files\Opera\program\plugins\npwmsdrm.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: e:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 15:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-162531612-725345543-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{F238CF1D-55BC-7523-7560-9CDB79BF4BC3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-746137067-162531612-725345543-1003\Software\Zepter Software\RegLib*74b861c1\AnyDVD/1]
"1"=dword:444c1dae
"2"=dword:4469288a

[HKEY_USERS\S-1-5-21-746137067-162531612-725345543-1003\Software\Zepter Software\RegLib*74b861c1\CloneDVD2/2]
"1"=dword:4459420d
"2"=dword:44d6822c

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\Explorer]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3772)
e:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-25 15:45
ComboFix-quarantined-files.txt 2009-10-25 19:45
ComboFix2.txt 2009-10-25 19:20

Pre-Run: 4,273,975,296 bytes free
Post-Run: 4,317,085,696 bytes free

- - End Of File - - 2436684451F710A343F1AC80B5A4B2A6
------------------------------------------------------------
Thank you!

**evilfantasy** · #27 25th Oct 2009, 14:36

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

yuhr · #28 25th Oct 2009, 16:53

I downloaded a new program but cannot open it because it announces that is unable to locate suitable Java Runtime Environment on this machine.
Should I install it now? Or is it too unsafe?

**evilfantasy** · #29 25th Oct 2009, 18:56

Yes you can install it now. Sun Java Runtime Environment

yuhr · #30 26th Oct 2009, 15:03

I will, if and when I use the program.
I really appreciate your help and time you spent on me.
All the best!
Y.