Hey, out of no where I started getting weird audio sounds on my computer and it sounds like advertisements, except there wasn't any program running. I look under processes and found msa.exe and whenever I would end that process, the audio would go away. It would always come back however. And out of no where internet explorer just pops up with advertisements. I ran ad-aware and malwarebytes anti-malware, it picked up a few trojans and deleted them, but the problem still continues. Kinda wish I could determine which registries are bad and which are good, but I'm guessing I gotta take classes and no way am I gonna mess with them now heh. Your help is much appreciated, thanks.

Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:35, on 6/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\FlashGet\flashget.exe
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\msa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Arrone\Documents\Junk\Killer.exe.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF79B0ED-FF34-4635-AE35-50ECB6D48C1A}: NameServer = 192.168.0.106
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9be07ca20ada7) (gupdate1c9be07ca20ada7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxci_device - - C:\Windows\system32\lxcicoms.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8723 bytes

Hi,

Please do the following:

STEP #1

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.pif to run the tool.
• When done, two DDS.txt's will open.
• Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



STEP #2




Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..
  
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following …
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
• Save it where you can easily find it, such as your desktop and attach it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries




.

Ok, when I tried running GMER.exe I got the bluescreen of death. I'm running DDS again and here are the logs. I'm gonna attempt to run GMER.exe again.

DDS:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Arrone at 21:15:15.87 on Sun 06/28/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.1750 [GMT -4:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxcicoms.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\FlashGet\flashget.exe
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Arrone\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.2.0.7\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [Flashget] c:\program files\flashget\FlashGet.exe /min
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: {AF79B0ED-FF34-4635-AE35-50ECB6D48C1A} = 192.168.0.106
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\arrone\appdata\roaming\mozilla\firefox\profiles\5evcv0o7.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\extensions\npmozax@real.com\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\realarcade\npraclient.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll

============= SERVICES / DRIVERS ===============

R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-1-20 4608]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-5 64160]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1002000.007\BHDrvx86.sys [2009-2-21 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1002000.007\cchpx86.sys [2009-2-21 362544]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090303.001\IDSvix86.sys [2009-3-4 292912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1003344]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.2.0.7\ccSvcHst.exe [2009-2-21 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nav\1002000.007\symndisv.sys [2009-2-21 40496]
S2 gupdate1c9be07ca20ada7;Google Update Service (gupdate1c9be07ca20ada7);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]

=============== Created Last 30 ================

2009-06-28 10:38 <DIR> --d----- c:\program files\DivX
2009-06-28 10:38 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-22 20:07 <DIR> --d----- c:\programdata\RealArcade
2009-06-22 20:07 <DIR> --d----- c:\progra~2\RealArcade
2009-06-22 20:07 <DIR> --d----- c:\programdata\Zylom
2009-06-22 20:07 <DIR> --d----- c:\program files\Zylom Games
2009-06-22 20:07 <DIR> --d----- c:\progra~2\Zylom
2009-06-22 20:04 <DIR> --d----- c:\program files\RealArcade
2009-06-19 00:57 691 a------- c:\users\arrone\appdata\roaming\GetValue.vbs
2009-06-19 00:57 35 a------- c:\users\arrone\appdata\roaming\SetValue.bat
2009-06-19 00:15 122,372 a------- c:\windows\msa.exe
2009-06-14 10:49 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-14 10:49 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-14 10:49 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-14 10:49 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-14 10:49 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-09 08:14 <DIR> --d----- c:\programdata\WindowsSearch
2009-06-05 22:47 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-05 22:01 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-05 21:59 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-05 21:59 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-05 21:58 <DIR> --d----- c:\programdata\Lavasoft
2009-06-05 21:58 <DIR> --d----- c:\program files\Lavasoft
2009-06-05 17:07 <DIR> --d----- c:\program files\Funcom
2009-06-04 19:39 <DIR> --d----- c:\program files\iPod
2009-06-04 19:39 <DIR> --d----- c:\program files\iTunes
2009-06-03 14:32 <DIR> --d----- c:\users\arrone\appdata\roaming\GARMIN
2009-06-03 14:30 <DIR> --d----- c:\program files\Garmin GPS Plugin
2009-06-03 14:29 <DIR> --d----- c:\program files\Garmin

==================== Find3M ====================

2009-06-19 00:57 4,088 a------- c:\windows\system32\tmp.reg
2009-06-11 12:45 281,760 a------- c:\windows\system32\drivers\atksgt.sys
2009-06-11 12:45 25,888 a------- c:\windows\system32\drivers\lirsgt.sys
2009-06-04 19:35 51,200 a------- c:\windows\inf\infpub.dat
2009-06-04 19:35 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-04 19:35 86,016 a------- c:\windows\inf\infstor.dat
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-04-24 12:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 12:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 09:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 08:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-01 21:11 22,328 a------- c:\users\arrone\appdata\roaming\PnkBstrK.sys
2008-06-11 20:03 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:41 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-05-03 06:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 07:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 09:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 21:15:46.00 ===============

Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/20/2009 15:18:50
System Uptime: 6/28/2009 21:07:38 (0 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUSM
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4600+ | Socket AM2 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 32.88 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM (UDF)
J: is CDROM ()
K: is CDROM ()
Z: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
501 Ready-to-Use
Acrobat.com
Ad-Aware
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Anarchy Online
Apple Mobile Device Support
Apple Software Update
Bonjour
Call of Duty® 4 - Modern Warfare™
Choice Guard
Compatibility Pack for the 2007 Office system
Crysis®
DAEMON Tools Toolbar
Digital Photo Navigator 1.5
DivX Web Player
DVD Architect Pro 5.0
FlashGet 1.9.6.1073
Flight Simulator X
Flight Simulator X Service Pack 1
G.H.O.S.T. Hunters
GameSpy Arcade
GameSpy Comrade
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Guitar Pro 5.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
K-Lite Codec Pack 4.7.0 (Full)
Keylight 1.2v8 for After Effects CS3
Lexmark 7300 Series
LIVE gaming on Windows Runtime Version 1.0.6027
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft Halo
Microsoft LifeCam
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Norton AntiVirus
NVIDIA Drivers
PacSteamT
PDF Settings
PowerCinema NE for Everio
PowerDirector Express
PowerISO
PunkBuster Services
QuickTime
R-Word Demo 1.2
RealArcade
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Sins of a Solar Empire
Skype™ 4.0
Soft Data Fax Modem with SmartCP
Sony Vegas Pro 8.0
Starsiege
Steam
SUPER © Version 2009.bld.35 (Jan 5, 2009)
TubeTilla Free
Ultimate Extras sounds from Microsoft® Tinker™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web Games Player Plugin
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Sound Schemes
WinMorph™ 3.01
WinRAR archiver
X Plugin Manager 2.12
X3 Terran Conflict v2.0
Xilisoft DVD Ripper Platinum 5

==== End Of File ===========================

This post has been edited by Arrone: Jun 28 2009, 07:28 PM

Hi,

Please do the following:

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

ComboFix 09-06-26.02 - Arrone 06/28/2009 21:36.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.1674 [GMT -4:00]
Running from: c:\users\Arrone\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msa.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-29 01:48 . 2009-06-29 01:48 -------- d-----w- c:\users\Arrone\AppData\Local\temp
2009-06-28 14:38 . 2009-06-28 14:38 -------- d-----w- c:\program files\DivX
2009-06-28 14:38 . 2009-06-28 14:38 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-23 02:01 . 2009-06-23 02:01 1003344 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-23 00:07 . 2009-06-23 00:07 -------- d-----w- c:\programdata\RealArcade
2009-06-23 00:07 . 2009-03-30 21:13 98304 ----a-w- c:\programdata\RealArcade\npraclient.dll
2009-06-23 00:07 . 2009-06-23 00:07 -------- d-----w- c:\programdata\Zylom
2009-06-23 00:07 . 2009-06-23 00:07 -------- d-----w- c:\program files\Zylom Games
2009-06-23 00:07 . 2009-03-03 14:51 98304 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-06-23 00:07 . 2004-12-20 16:17 147456 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-06-23 00:05 . 2009-06-23 01:22 -------- d-----w- c:\users\Public\RealArcade
2009-06-23 00:04 . 2009-06-23 00:14 -------- d-----w- c:\program files\RealArcade
2009-06-19 04:57 . 2009-06-19 04:57 35 ----a-w- c:\users\Arrone\AppData\Roaming\SetValue.bat
2009-06-14 14:49 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 14:49 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-13 03:36 . 2009-06-13 03:36 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC09E.tmp.exe
2009-06-09 12:14 . 2009-06-09 12:14 -------- d-----w- c:\programdata\WindowsSearch
2009-06-06 02:47 . 2009-06-06 02:01 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-06 02:01 . 2009-06-06 02:01 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-06 02:01 . 2009-06-06 02:01 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-06 02:01 . 2009-06-06 02:01 83808 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-06 02:01 . 2009-06-06 02:01 212848 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-06 02:01 . 2009-06-06 02:01 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-06 02:01 . 2009-06-06 02:01 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-06 01:59 . 2009-06-06 01:59 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-06 01:59 . 2009-01-18 21:43 2892112 -c--a-w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-06-06 01:58 . 2009-06-06 02:01 -------- d-----w- c:\programdata\Lavasoft
2009-06-06 01:58 . 2009-06-06 01:58 -------- d-----w- c:\program files\Lavasoft
2009-06-05 21:07 . 2009-06-05 21:07 -------- d-----w- c:\program files\Funcom
2009-06-04 23:39 . 2009-06-04 23:39 -------- d-----w- c:\program files\iPod
2009-06-04 23:39 . 2009-06-04 23:39 -------- d-----w- c:\program files\iTunes
2009-06-04 23:37 . 2009-06-04 23:38 -------- d-----w- c:\program files\QuickTime
2009-06-04 23:30 . 2009-06-04 23:30 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 18:32 . 2009-06-03 18:32 -------- d-----w- c:\users\Arrone\AppData\Roaming\GARMIN
2009-06-03 18:30 . 2009-06-03 18:30 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-06-03 18:30 . 2009-06-03 18:30 -------- d-----w- c:\program files\DIFX
2009-06-03 18:29 . 2009-06-03 18:29 -------- d-----w- c:\program files\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 01:12 . 2009-03-14 12:08 -------- d-----w- c:\program files\Steam
2009-06-23 18:17 . 2009-03-14 12:08 -------- d-----w- c:\program files\Common Files\Steam
2009-06-23 00:07 . 2009-02-21 03:40 -------- d-----w- c:\program files\Google
2009-06-19 05:02 . 2009-02-20 17:37 1356 ----a-w- c:\users\Arrone\AppData\Local\d3d9caps.dat
2009-06-19 04:57 . 2009-06-19 04:57 691 ----a-w- c:\users\Arrone\AppData\Roaming\GetValue.vbs
2009-06-19 04:39 . 2009-02-21 02:20 -------- d-----w- c:\program files\Lx_cats
2009-06-15 07:04 . 2009-02-20 18:48 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 16:48 . 2009-02-21 14:27 -------- d-----w- c:\users\Arrone\AppData\Roaming\uTorrent
2009-06-11 16:45 . 2009-04-20 02:04 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-11 16:45 . 2009-04-20 02:04 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-06-11 01:45 . 2009-04-20 01:25 -------- d-----w- c:\program files\EGOSOFT
2009-06-04 23:39 . 2009-02-21 01:00 -------- d-----w- c:\program files\Common Files\Apple
2009-05-26 02:45 . 2009-05-16 13:50 -------- d-----w- c:\program files\X Plugin Manager
2009-05-13 00:41 . 2009-05-12 01:09 -------- d-----w- c:\users\Arrone\AppData\Roaming\DAEMON Tools Lite
2009-05-12 20:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 01:09 . 2009-05-12 01:09 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-05-12 01:09 . 2009-05-12 01:09 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-05-12 01:09 . 2009-05-12 01:09 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-11 23:25 . 2009-05-11 23:25 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-04-24 16:05 . 2009-06-11 14:18 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 14:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 14:18 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-11 14:18 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 14:18 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 14:18 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-20 01:18 . 2009-02-20 18:33 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-18 03:49 . 2009-02-20 17:26 105312 ----a-w- c:\users\Arrone\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2009-02-26 03:14 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-02-26 03:14 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-02-26 03:14 216064 --sh--r- c:\windows\System32\nbDX.dll
2008-04-09 23:35 . 2008-04-09 23:35 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-12 1217784]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"LXCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-05-11 103344]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-20 518488]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-25 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C62B8DDA-7916-4ABC-B27B-4BFA8091264E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FAB72AFF-61F2-49EC-B0EA-13396B2F24B0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7DA6CADF-0ACB-4EFA-8AAD-B4252EEAD39F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{24E54FDF-7D9D-4194-A9CB-26449B3AA270}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5B01579E-4338-4143-B088-7BFD9BD04B87}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{6FE159C4-EB40-4E11-99A8-A9FE0892E740}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"TCP Query User{575E82F6-F0CB-4B71-AFA4-5FA8C2975785}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{E33CF0F9-3845-40DD-9DC5-06DBC97B14B4}c:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"{5C8DDFA0-D881-4154-96BE-AB9A82FF0BEE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4988A49C-934E-4B4E-95FC-9B0242AA0883}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{EB3C4FB8-7327-456B-8BCC-2230F813C48E}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{71DC78C6-9C13-46C4-BEA1-B9B7671837DD}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{C9E9EBB6-2653-4BF3-8232-E6E2CD1923A4}c:\\games\\freespace2\\fs2_open_r_20060425_kara.exe"= UDP:c:\games\freespace2\fs2_open_r_20060425_kara.exe:FreeSpace
"UDP Query User{3DCD1A4C-E60F-4D2D-8B09-9FE28F1BBBF0}c:\\games\\freespace2\\fs2_open_r_20060425_kara.exe"= TCP:c:\games\freespace2\fs2_open_r_20060425_kara.exe:FreeSpace
"{2C0F148F-EDEF-4EB5-A5A2-BEFF77E60C13}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{2ABBDF45-CF6B-4BC7-A7C1-6DBF6F4A8F42}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{9E158C95-D5BC-4832-86E9-2E7DA29D87C9}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F47104E1-CED9-41B2-A17F-28111CF23FA8}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{FCEDC4DA-A7AC-426C-A0A7-30AAA7FEBD86}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{61D2E61F-AB97-4D89-BD8D-5BBB0EC2E2A8}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{21AD0672-6BE2-4265-8960-9416FBFB7F4B}"= c:\program files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"{F9C64CE9-C6BE-4FDA-8953-E843C0965086}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{645E7832-64C9-4A6A-A846-892198FF71DE}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{F39D3FA4-D2EE-454E-9F2F-69CD2C0C248B}"= UDP:c:\program files\Microsoft LifeCam\LifeEnC2.exe:LifeEnC2.exe
"{E68C5B7F-5061-49E5-B7CD-480DE322CE77}"= TCP:c:\program files\Microsoft LifeCam\LifeEnC2.exe:LifeEnC2.exe
"{B939BE25-D5AB-46F0-BEFF-AE876D2E9754}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{81970365-FA26-4354-981A-80CB7295EB14}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{92FAAEC0-C7DC-42C4-9482-7DA4E98637FE}"= UDP:c:\program files\Microsoft LifeCam\LifeTray.exe:LifeTray.exe
"{2B4E25BC-983B-427D-A854-FD7DC84C35CB}"= TCP:c:\program files\Microsoft LifeCam\LifeTray.exe:LifeTray.exe
"TCP Query User{57B5472A-EC13-4ADB-9412-417C0C3D6E90}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{3409456B-28CD-43A7-BE1D-EAFBD6859AA6}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"{ABEB90AD-5594-4026-9297-C81E66471DD8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{05BE2F4C-5623-4645-8F1C-AAE768A27B7D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FFA14AFE-AA57-4CD9-90C9-13D4EC0AEF79}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{81F6E41C-586E-4A9D-9E2B-B07FCF3A0DDB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B4F6173A-A18E-4589-9DCC-F43A38DB0036}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{12B1453E-E498-48D8-8F9B-6E627AC12B31}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5C2EDF93-65AB-48A6-AA7F-8A00768D7F4E}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{73B2F1CC-7A31-409A-8C68-E10CC124B92E}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F7202034-6F04-4973-A041-D9E5DF0B5BC1}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{2F80FCA1-7D16-4A61-ACEF-36A86E12A60F}"= UDP:c:\windows\System32\lxcicoms.exe:Lexmark Communications System
"{2C258A8D-46EF-495C-9830-BD25674233FA}"= TCP:c:\windows\System32\lxcicoms.exe:Lexmark Communications System
"{0A996ED3-D57B-4E73-A4FA-D057942FF9CF}"= UDP:c:\windows\System32\lxcicoms.exe:Lexmark Communications System
"{532D59E1-CB98-4683-816B-E92BD0AC7FB9}"= TCP:c:\windows\System32\lxcicoms.exe:Lexmark Communications System
"{503DF280-F28F-4091-A285-9D1674166AD9}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxcipswx.exe:Printer Status Window
"{24AC4553-5BC8-4F53-A1E7-FCAF35A47FDE}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxcipswx.exe:Printer Status Window
"TCP Query User{30C04AF7-4EA3-4B39-B075-64D3F97F5F8C}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{7EC6CC72-77E4-492B-9506-52E7EE56C340}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"{60F23F73-8CC7-4BB4-9489-224DFE214C01}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FFA1D73D-83F2-46BF-AA73-E1DF6DAADB14}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C309DB3E-E863-4F07-9EED-427714C40130}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0AF9CB9F-5CFA-4D73-A2A7-A322BD149C52}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3B4C172A-5303-4786-A4BE-B9EBBD728E6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D5B46648-A961-4F98-B95A-1DB0970E0DD1}c:\\users\\arrone\\downloads\\anarchyonline_17.9.1-large.exe"= UDP:c:\users\arrone\downloads\anarchyonline_17.9.1-large.exe:anarchyonline_17.9.1-large.exe
"UDP Query User{D6D55D86-365A-4DFB-BBE1-C55B3FA5FA89}c:\\users\\arrone\\downloads\\anarchyonline_17.9.1-large.exe"= TCP:c:\users\arrone\downloads\anarchyonline_17.9.1-large.exe:anarchyonline_17.9.1-large.exe
"{EF133537-FC6D-4CEC-910E-1BCC9F64B646}"= UDP:c:\program files\Funcom\Anarchy Online\Anarchy.exe:Anarchy Online
"{AF7B02D4-92A5-4037-A290-8F0FA8A53043}"= TCP:c:\program files\Funcom\Anarchy Online\Anarchy.exe:Anarchy Online

R0 amacpi;Microsoft Away Mode System;c:\windows\System32\drivers\null.sys [1/20/2008 22:21 4608]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/5/2009 22:01 64160]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1002000.007\BHDrvx86.sys [2/21/2009 09:54 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1002000.007\cchpx86.sys [2/21/2009 09:54 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090303.001\IDSvix86.sys [3/4/2009 16:55 292912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 17:34 1003344]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2/21/2009 09:54 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/1/2009 05:00 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NAV\1002000.007\symndisv.sys [2/21/2009 09:54 40496]
S2 gupdate1c9be07ca20ada7;Google Update Service (gupdate1c9be07ca20ada7);c:\program files\Google\Update\GoogleUpdate.exe [4/15/2009 16:21 133104]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [1/20/2008 22:21 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [1/20/2008 22:21 251904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 02:01]

2009-06-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 20:21]

2009-06-29 c:\windows\Tasks\User_Feed_Synchronization-{6FBBD91E-AE62-47EE-9651-11168433E38D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:23]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {AF79B0ED-FF34-4635-AE35-50ECB6D48C1A} = 192.168.0.106
FF - ProfilePath - c:\users\Arrone\AppData\Roaming\Mozilla\Firefox\Profiles\5evcv0o7.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\extensions\npmozax@real.com\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\RealArcade\npraclient.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 21:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-29 21:50
ComboFix-quarantined-files.txt 2009-06-29 01:50

Pre-Run: 35,630,542,848 bytes free
Post-Run: 39,791,239,168 bytes free

272 --- E O F --- 2009-06-25 20:46

Hi,

Please do the following:

Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

NEXT

• Please open your MalwareBytes AntiMalware Program
• Click the Update Tab and search for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.





NEXT

**Vista users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
[list][*]Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
[*]Once the scan is complete, it will display if your system has been infected. It does not provide an op

Alright, ran everything and scanners picked up nothing.

Malwarebytes' Anti-Malware 1.38
Database version: 2353
Windows 6.0.6001 Service Pack 1

6/29/2009 23:09:36
mbam-log-2009-06-29 (23-09-36).txt

Scan type: Quick Scan
Objects scanned: 81915
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi,

Please post a fresh HJT log and advise in detail, how your computer is running now and if there are any outstanding issues.

Computer runs just as fine and msa.exe is no longer in the process list.

Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:26, on 6/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\FlashGet\flashget.exe
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Arrone\Documents\Junk\Killer.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF79B0ED-FF34-4635-AE35-50ECB6D48C1A}: NameServer = 192.168.0.106
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9be07ca20ada7) (gupdate1c9be07ca20ada7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxci_device - - C:\Windows\system32\lxcicoms.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8775 bytes

Hi,

Please do the following:

I would like you to upload a file to be scanned

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  

  
  C:\Users\Arrone\Documents\Junk\Killer.exe.exe
  

• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

NEXT

• Open HiJackThis
• Click on Do a system scan only
• Check the boxes next to ONLY the entries listed below (if still present):

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

• Close all windows except Hijackthis and click Fix Checked
• Click Yes when prompted
• Close HijackThis.

Actually the Killer.exe is Hijackthis, it's just renamed.

And I have just deleted that entry.

aha...it was the double exe.exe that I was curious about...usually a sign of a different infection.

That means, you are clean, time to do some housekeeping.

Please do the following:

Follow these steps to uninstall Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

NEXT

Now to remove the rest of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  
  
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
  
  
• For Firefox, I highly recommend this add-on to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Hey thanks a lot and really do appreciate your help. Thanks again 8)

You are more than welcome

stay safe

CB

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.