# Another annoying virus.



## LPM (Oct 11, 2009)

Hey again guys.

So this time, the computer gods have bestowed yet another plague upon my computer, but this time it's even more annoying than the last. 

This time there is a Red circle with a white x in the menu at the bottom right, and every 2 seconds it gives me a pop up that says: "your computer is infected! Windows has detected spyware infection!" etc etc and asks me to buy their antivirus software.

To get rid of this, I have tried to run antivirus stuff, but it windows keeps telling me that "Windows cannot access the specified device, path or file" for almost any EXE that I try to run. The only things I have gotten to work are AVG 8.5 (which finds nothing in a scan), Chrome, Firefox, and IE. If I boot into safe mode, the computer goes to blue screen. system restore point didn't do anything, and Avast, MWB, HJT, McAfee, Ms office, and all games are all blocked with the above mentioned windows error.

halp.

~LPM


----------



## johnb35 (Oct 11, 2009)

Please download and run combofix from here.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please follow the directions carefully.  And then post the log that it displays at the end back here along with a hijackthis log.


----------



## LPM (Oct 11, 2009)

Part 1

```
ComboFix 09-10-10.02 - Mark 10/10/2009 18:51.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2419 [GMT -7:00]
Running from: e:\downloads\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091010-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mark\Application Data\iniasd.txt
c:\documents and settings\Mark\Application Data\lizkavd.exe
c:\documents and settings\Mark\Application Data\seres.exe
c:\documents and settings\Mark\Application Data\svcst.exe
c:\program files\INSTALL.LOG
C:\test.txt
c:\windows\Install.txt
c:\windows\Installer\a8ff33e.msi
c:\windows\Installer\a8ff33f.msp
c:\windows\Installer\a8ff340.msp
c:\windows\Installer\a8ff341.msp
c:\windows\Installer\a8ff342.msp
c:\windows\Installer\a8ff343.msp
c:\windows\Installer\a8ff344.msp
c:\windows\Installer\a8ff345.msp
c:\windows\Installer\a8ff346.msp
c:\windows\Installer\a8ff347.msp
c:\windows\Installer\a8ff348.msp
c:\windows\Installer\f0fadad.msi
c:\windows\Installer\f0fadb3.msi
c:\windows\Installer\f0fadba.msi
c:\windows\Installer\f0fadd3.msi
c:\windows\Installer\f0fadda.msi
c:\windows\Installer\f0fade0.msi
c:\windows\Installer\f0fade6.msi
c:\windows\Installer\f0fade7.msi
c:\windows\kb913800.exe
c:\windows\run.log
c:\windows\system32\6to4v32.dll
c:\windows\system32\abaHknmp.ini
c:\windows\system32\abaHknmp.ini2
c:\windows\system32\certstore.dat
c:\windows\system32\FInstall.sys
c:\windows\system32\Iasv32.dll
c:\windows\system32\Install.txt
c:\windows\system32\isasdk.sys
c:\windows\system32temp#01.exe
c:\windows\Tasks\atldudbs.job
c:\windows\win32k.sys
E:\install.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected 
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll 

c:\windows\system32\proquota.exe was missing 
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_ISASDK
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_6to4
-------\Service_isasdk


(((((((((((((((((((((((((   Files Created from 2009-09-11 to 2009-10-11  )))))))))))))))))))))))))))))))
.

2009-10-11 01:57 . 2008-04-14 00:12	50176	----a-w-	c:\windows\system32\proquota.exe
2009-10-10 20:35 . 2009-09-15 10:54	52368	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-10-10 20:35 . 2009-09-15 10:54	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-10-10 20:35 . 2009-09-15 10:53	27408	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-10-10 20:35 . 2009-09-15 10:55	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-10-10 20:35 . 2009-09-15 10:55	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-10-10 20:35 . 2009-09-15 10:53	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-10-10 20:35 . 2009-09-15 10:56	93424	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-10-10 20:35 . 2009-09-15 10:56	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-10-10 20:34 . 2009-09-15 10:59	1279968	----a-w-	c:\windows\system32\aswBoot.exe
2009-10-10 20:34 . 2009-10-10 20:34	--------	d-----w-	c:\program files\Alwil Software
2009-10-10 20:16 . 2009-10-11 00:13	--------	d-----w-	c:\program files\Common Files\PC Tools
2009-10-10 20:16 . 2009-10-11 00:13	--------	d-----w-	c:\program files\Spyware Doctor
2009-10-10 19:57 . 2009-10-10 19:57	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-10 19:56 . 2009-10-11 01:55	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-10-10 19:56 . 2009-10-10 19:56	--------	d-----w-	c:\documents and settings\Mark\Application Data\SUPERAntiSpyware.com
2009-10-10 19:50 . 2009-10-11 01:40	93136	--sh--w-	c:\windows\system32\TerNb.exe
2009-10-10 18:36 . 2009-10-10 18:36	89552	--sh--w-	c:\windows\system32\TerNa.exe
2009-10-10 18:34 . 2009-10-10 18:34	--------	d-----w-	C:\movies
2009-10-09 00:39 . 2009-10-09 00:39	--------	d-----w-	c:\documents and settings\Mark\workspace
2009-10-08 01:41 . 2009-10-08 01:55	--------	d-----w-	c:\documents and settings\Mark\bluej
2009-10-08 01:23 . 2009-10-08 01:23	--------	d-----w-	C:\BlueJ
2009-09-29 03:58 . 2009-09-29 03:58	--------	d-----w-	C:\EAGLE_EYE_D1_AC
2009-09-25 04:41 . 2009-09-25 04:41	--------	d-----w-	c:\program files\DownloadToolz
2009-09-23 21:35 . 2009-09-23 21:35	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{BE672698-4DAC-4C83-9056-C07C3170F628}
2009-09-23 01:21 . 2009-09-23 03:07	--------	d-----w-	c:\program files\llsumo
2009-09-20 06:30 . 2009-09-20 06:30	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-09-12 16:15 . 2009-09-12 16:15	--------	d-----w-	c:\program files\Nobilis

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 01:43 . 2008-05-06 00:04	--------	d-----w-	c:\documents and settings\Mark\Application Data\uTorrent
2009-10-11 01:37 . 2007-12-23 05:03	--------	d-----w-	c:\documents and settings\Mark\Application Data\Skype
2009-10-11 00:56 . 2007-12-23 05:04	--------	d-----w-	c:\documents and settings\Mark\Application Data\skypePM
2009-10-11 00:14 . 2008-08-25 02:13	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-10-10 19:56 . 2007-12-23 22:59	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-10-10 18:38 . 2007-12-25 01:23	--------	d-----w-	c:\program files\LogMeIn
2009-10-08 01:33 . 2008-09-21 04:46	--------	d-----w-	c:\program files\Sun
2009-10-08 01:33 . 2008-09-21 04:46	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-10-08 01:30 . 2006-07-01 02:04	--------	d-----w-	c:\program files\Java
2009-10-02 03:12 . 2007-12-25 01:24	83288	----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 03:12 . 2007-12-25 01:24	28984	----a-w-	c:\windows\system32\LMIport.dll
2009-10-02 03:12 . 2007-12-25 01:23	87352	----a-w-	c:\windows\system32\LMIinit.dll
2009-09-25 22:53 . 2008-03-27 05:41	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-23 05:24 . 2009-05-14 06:03	47	----a-w-	c:\windows\popcinfot.dat
2009-09-22 05:59 . 2006-07-01 02:10	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-22 05:47 . 2008-02-23 02:07	45	-c--a-w-	c:\windows\popcinfo.dat
2009-09-19 03:27 . 2008-02-23 01:37	--------	d-----w-	c:\program files\PopCap Games
2009-09-08 04:09 . 2008-01-08 06:21	139072	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-09-08 04:06 . 2008-01-08 06:20	189672	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-09-08 02:37 . 2007-11-16 02:46	11552	----a-w-	c:\windows\system32\lmimirr2.dll
2009-09-08 02:37 . 2007-11-16 02:46	25248	----a-w-	c:\windows\system32\lmimirr.dll
2009-09-04 06:59 . 2008-03-21 18:20	--------	d-----w-	c:\documents and settings\Mark\Application Data\McAfee
2009-09-04 06:59 . 2006-07-01 02:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee
2009-08-31 01:51 . 2007-12-23 06:15	--------	d-----w-	c:\program files\Logitech
2009-08-26 22:12 . 2008-03-09 03:36	98528	-c--a-w-	c:\windows\War3Unin.dat
2009-08-25 22:03 . 2007-12-23 21:21	48576	-c--a-w-	c:\documents and settings\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 06:25 . 2008-01-17 02:21	--------	d-----w-	c:\program files\Microsoft ActiveSync
2009-08-25 06:25 . 2008-01-17 02:21	--------	d-----w-	c:\program files\Microsoft Works
2009-08-23 22:15 . 2009-08-23 22:15	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{761863BE-97F1-4682-A796-73F6F162ED8A}
2009-08-23 17:56 . 2009-08-23 08:14	--------	d-----w-	c:\documents and settings\Mark\Application Data\Winamp
2009-08-20 16:54 . 2009-05-21 21:23	11952	----a-w-	c:\windows\system32\avgrsstx.dll
2009-08-20 16:54 . 2009-05-21 21:23	335240	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-08-20 16:54 . 2008-03-21 22:08	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 01:27 . 2009-08-20 01:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-14 02:11 . 2009-08-13 22:48	--------	d-----w-	c:\program files\Microsoft Windows OneCare Live
2009-08-14 00:50 . 2009-08-14 00:50	--------	d-----w-	c:\program files\Trend Micro
2009-08-13 23:58 . 2009-07-05 00:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-08-07 02:24 . 2005-08-16 09:40	327896	----a-w-	c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2005-08-16 09:40	209632	----a-w-	c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2007-07-31 03:19	44768	----a-w-	c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2005-08-16 09:40	35552	----a-w-	c:\windows\system32\wups.dll
2009-08-07 02:24 . 2005-08-16 09:40	53472	----a-w-	c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2005-08-16 09:18	96480	----a-w-	c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2005-08-16 09:40	575704	----a-w-	c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2009-08-14 02:32	215920	----a-w-	c:\windows\system32\muweb.dll
2009-08-07 02:23 . 2009-08-14 02:32	274288	----a-w-	c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2005-08-16 09:40	1929952	----a-w-	c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2005-08-16 09:18	204800	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-03 20:36 . 2009-07-05 00:42	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2009-07-05 00:42	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-27 19:32 . 2007-12-24 21:30	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-07-19 03:01 . 2008-01-08 06:20	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-07-19 02:12 . 2008-01-08 06:21	139152	-c--a-w-	c:\documents and settings\Mark\Application Data\PnkBstrK.sys
2009-07-19 02:11 . 2008-05-11 06:18	794408	----a-w-	c:\windows\system32\pbsvc.exe
2009-07-17 19:01 . 2005-08-16 09:18	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-14 06:43 . 2005-08-16 09:19	286208	----a-w-	c:\windows\system32\wmpdxm.dll
2003-12-18 19:33 . 2008-02-15 07:36	20102	-c--a-w-	c:\program files\Readme.txt
2003-09-03 15:46 . 2008-02-15 07:36	10960	-c--a-w-	c:\program files\EULA.txt
2008-07-18 07:17 . 2007-12-23 04:05	67696	----a-w-	c:\program files\mozilla firefox\components\jar50.dll
2008-07-18 07:17 . 2007-12-23 04:05	54376	----a-w-	c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-18 07:17 . 2007-12-23 04:05	34952	----a-w-	c:\program files\mozilla firefox\components\myspell.dll
2008-07-18 07:17 . 2007-12-23 04:05	46720	----a-w-	c:\program files\mozilla firefox\components\spellchk.dll
2008-07-18 07:17 . 2007-12-23 04:05	172144	----a-w-	c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-14 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-01-29 270128]
"Steam"="e:\program files\steam\steam.exe" [2009-06-13 1217784]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"CurseClient"="e:\program files\Curse\CurseClient.exe" [2009-08-01 1935360]
"Leaf"="e:\program files\Leaf Networks\Leaf\bin\Leaf.exe" [2009-06-19 554368]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-15 1998576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2007-11-20 731136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-09-27 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RivaTuner"="e:\program files\RivaTuner v2.22\RivaTuner.exe" [2008-12-29 2732032]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-08 149280]
"TerNa"="c:\windows\system32\TerNa.exe" [2009-10-10 89552]
"TerNb"="c:\windows\system32\ternb.exe" [2009-10-11 93136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-9-3 114688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 16:54	11952	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 03:12	87352	----a-w-	c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"e:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"e:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"e:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
"e:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"e:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"e:\\Program Files\\Curse\\CurseClient.exe"=
"e:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\tom clany's hawx\\HAWX.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\tom clany's hawx\\HAWX_dx10.exe"=
"e:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"e:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Program Files\\Leaf Networks\\Leaf\\bin\\Leaf.exe"=
"c:\\Program Files\\Valve\\Garry's Mod\\hl2.exe"=
"c:\\Program Files\\Valve\\Garry's Mod\\srcds.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Stardock Games\\Demigod Demo\\bin\\Demigod.exe"=
"e:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
```


----------



## LPM (Oct 11, 2009)

part 2

```
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/10/2009 1:35 PM 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/21/2009 2:23 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/21/2009 2:23 PM 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/10/2009 1:35 PM 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/21/2009 2:23 PM 297752]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [8/16/2005 2:18 AM 14336]
R2 fastnetsrv;fastnetsrv  Service;c:\windows\system32\FastNetSrv.exe [8/10/2004 3:00 AM 94208]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [12/24/2007 6:24 PM 47640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/27/2008 8:23 PM 24652]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [12/22/2007 5:54 PM 53307]
R3 FwHookDrv;FwHookDrv;c:\windows\system32\drivers\FwHookDrv.sys [9/6/2006 1:58 PM 6016]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [5/2/2007 4:48 PM 55296]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys --> c:\windows\system32\drivers\WPRO_40_1123.sys [?]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);c:\windows\system32\drivers\p35u.sys [12/22/2007 11:16 PM 116448]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 6TO4
*NewlyCreated* - BTWSRV
*NewlyCreated* - ISASDK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1159565619-2269191428-3719403665-1005Core.job
- c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 22:05]

2009-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1159565619-2269191428-3719403665-1005UA.job
- c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-21 22:05]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-23 20:32]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-23 20:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.battlefieldheroes.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {B0984220-A0C1-4D0F-9F14-92C3529D25B0} = 68.94.156.1,68.94.157.1
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\tlm69meq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\tlm69meq.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

BHO-{35B8892A-2419-4823-98B4-9FDF6E1954AA} - c:\windows\system32\pmnkHaba.dll
HKCU-Run-WebCamRT.exe - (no file)
AddRemove-wcmdmgr.exe - c:\windows\wt\updater\wcmdmgr.exe
AddRemove-wtdmmp - c:\windows\wt\updater\wcmdmgr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 19:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


c:\docume~1\Mark\LOCALS~1\Temp\etilqs_2lqQMUWTXU6xPjz 0 bytes
c:\docume~1\Mark\LOCALS~1\Temp\etilqs_4DkF8V7h5QOEL6Z 0 bytes
c:\docume~1\Mark\LOCALS~1\Temp\etilqs_b6JGgbTnRaJeNMA 0 bytes
c:\docume~1\Mark\LOCALS~1\Temp\etilqs_VvN8gFTTM4GQYbg 0 bytes
c:\docume~1\Mark\LOCALS~1\Temp\etilqs_wuGevKyVh0BlUja 0 bytes
c:\windows\system32\WPRO_40_1123woem.tmp 100880 bytes executable
c:\windows\system32\FInstall.sys 8 bytes

scan completed successfully
hidden files: 7

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1159565619-2269191428-3719403665-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:91,2c,c9,87,44,3c,30,44,9e,4e,9a,2b,89,1c,44,52,d1,0a,74,7b,41,24,3b,
   ff,98,ae,00,f4,93,71,59,c0,83,68,98,8b,ec,78,a8,6b,3d,e1,b2,87,a4,17,66,df,\
"??"=hex:09,1b,14,d2,0b,b4,a6,3c,a9,7f,96,ba,87,22,40,47

[HKEY_USERS\S-1-5-21-1159565619-2269191428-3719403665-1005\Software\SecuROM\License information*]
"datasecu"=hex:90,22,f9,ce,6f,dc,c3,d1,32,32,54,96,5e,57,62,a7,8b,34,aa,9f,93,
   db,72,30,1a,8a,e8,34,72,b7,25,a2,a9,7a,3c,c9,fe,17,b0,31,1b,8f,46,01,e6,f3,\
"rkeysecu"=hex:8e,da,ba,c2,e5,3a,ae,eb,94,e9,a7,28,a5,9f,13,7f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wmdtc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\lsm32.sys
.
**************************************************************************
.
Completion time: 2009-10-11 19:11 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-11 02:11

Pre-Run: 36,256,550,912 bytes free
Post-Run: 40,103,493,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
457	--- E O F ---	2009-09-25 22:51
```

ComboFix log
HJT and all other previously mentioned programs are still locked out, same access error.


----------



## johnb35 (Oct 11, 2009)

Can you run them in safe mode now since running combofix or have you not tried?  

I'm still going through your combofix log.


----------



## LPM (Oct 11, 2009)

well, i guess this is technically an improvement...

I can get in to safe mode now, but all the programs that were blocked are still blocked in safe mode.

Also, I don't know if this is relevant, but I get the "Microsoft just in time debugger" window coming up every 30 seconds or so, sometimes several times in quick succession.


----------



## johnb35 (Oct 11, 2009)

Just in time debugger is associated with visual studio or visual basic, do you have those installed? 

Also in your log I noticed you are using 4 different virus scanners.  You should only have 1 installed at a time or you will have issues, they don't play well together.  Please decide which one you want to use and uninstall all others.  

Also, I'm suspecting you are infected with some new malware that doesn't have database definitions against it yet.  It is these 2 items, I have found nothing online about them.  Acccording to these dates, this infection was just today or yesterday depending on where you live.  If you don't know these processes then you may be able to go into safe mode and delete these items.

2009-10-10 19:50 . 2009-10-11 01:40	93136	--sh--w-	c:\windows\system32\TerNb.exe
2009-10-10 18:36 . 2009-10-10 18:36	89552	--sh--w-	c:\windows\system32\TerNa.exe


----------



## LPM (Oct 11, 2009)

I googled TerNa.exe and TerNb.exe. Came up with one site that had the names, said it was some program that fiddled with the registry, and that the first time/place it was seen was today in the US. so it looks like you were right, it must be something really new.

Also, I don't think i have visual studio or visual basic. Add or remove program list agrees with me.

Edit (to avoid double posting): Tried to go into safe mode to delete the files and i got a blue screen. is it maybe safe to delete those files from normal mode?


----------



## johnb35 (Oct 11, 2009)

If it's an active process than it won't be able to be deleted.  You can try doing it in regular mode.


Go to this website and upload both of those files and see what results you get back.

http://virusscan.jotti.org/en


----------



## kale_hemant (Oct 11, 2009)

hey dude,

try to scan with *NETPROTECTOR ANTIVIRUS*. it's really rocking, to know about it pls visit www.indiaantivirus.com. I suggest *purchace* it's really effective.


----------



## johnb35 (Oct 11, 2009)

Do NOT follow his advice.  Nothing needs to be purchased.


----------



## schw32m (Oct 11, 2009)

sounds like a variant on the security center virus. (Google it. you'll find reams on this one) pops up a fake screen telling you that you are infected and need to run a scan to find this bugger (of course it finds it.. the whole thing is fake. it makes it's own files) and then asks you to register (for a fee of course) this security software which will remove it.. it never does. 

Malewarebytes may pick it up but removal is sometimes difficult since it scrambles random file names in the win/system32 folder. It is an insidious bugger, very difficult to remove.

I ended up after a while of battling this thing having to wipe the drive and re-install the op system to finally get rid of it.

Good luck.


----------



## LPM (Oct 11, 2009)

I looked in C:/windows/System32 and saw no files named TerNa.exe or TerNb.exe. I made sure hidden files were being shown and i did a search, but nothing came up.

Also, my computer has started giving me this "Windows - no disk" error and tells me that "There is no disk in the drive. Please insert a disk into drive ." and specifies no drive. No matter what I click, it comes back instantly.

man, my computer is going to hell in a handbasket this weekend...


----------



## johnb35 (Oct 11, 2009)

I looked through your combofix log again and I'm now recommending to do a reformat of your system as I've seen some backdoor infections and it's possible we may never get this system cleaned.


----------



## LPM (Oct 11, 2009)

damn.

Although, I was kinda thinking it would come to the nuclear option (i've already started backing things up) but I still really don't want to do that...

Ah well. Such is life.

EDIT: quick question. Did your scan of the combofix log lead you to believe anything bad is on my external drive? because if not, I can use it to save all the info i need and move it back to my C: drive when I'm done, making my life a heck of a lot easier.

tl;dr: is my E: drive infected?


----------



## LPM (Oct 12, 2009)

i really hate to double post but I really need to know if I can safely use my E: drive to back stuff up.

I plan on saving the big things to the E: drive, reformatting C:, then moving stuff from E: over to C:, then reformatting E:. But if E: is infected and doing that would infect C: again, then I want to know so i can back stuff up on other media.


----------



## johnb35 (Oct 12, 2009)

Please don't edit your posts unless its within a minute or so of posting the original message.  I read your original post but not the edit.  

There was one infection on your E drive.  If there was any way to scan your external with virus program, I would do that.  It's possible but not probably that you can infect your external by copying data over.  You can if you copy over an infected file however.


----------



## LPM (Oct 13, 2009)

well this is rather odd. 

So i wiped my computer (both drives). Since the reformat I've installed all the windows updates and most of the basic programs I need on my computer (browsers, AVG, etc) yet my computer still feels really sluggish. More sluggish than before the reformat, in fact. I've gotten all the drivers for all my hardware and everything, but the screen kinda flickers every once in a while, programs crash frighteningly often, and once or twice my entire computer has just locked up. could something be left over from the original infection? I dont see how anything could survive a reformat...

HJT:

```
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:47 PM, on 10/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Curse\CurseClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mark P\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Mark P\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mark P\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mark P\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mark P\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 8310 bytes
```


----------



## eckx (Oct 13, 2009)

yo, did you try system restore?


----------



## johnb35 (Oct 13, 2009)

Nothing bad in that log.  How was the speed of the computer before you started installing programs?  I'm suspecting it's a program that you have installed causing the slowdown or a hardware issue.


----------

