Help, my computer is acting up.

momho

momho

New Member
First of all I'm new to this forum so please pardon me if i posted this thread in the wrong place.

Now for the problems.
Problem number 1: I get several pop-ups from IE (even thou I never us it, have been using Mozilla for the past years)

And problem number 2: My sound keeps muting, or to be precise my wave volume goes down to 0 by it self and I have to drag it up all the time (happens about every 10 min most of the time, but some times its every 20 sec)

Could it be some kind of malware or virus?

Would be very happy if there is someone who could help me with this.
 
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Thanks for the fast reply and here are the logs:

MalwareBytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4305

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/14/2010 4:28:40 AM
mbam-log-2010-07-14 (04-28-40).txt

Scan type: Quick scan
Objects scanned: 121073
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:30:31 AM, on 7/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Voddler\service\VNetManager.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OSCAR Editor\OscarEditor.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HJT.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VoddlerNet Manager] C:\Program Files\Voddler\service\VNetManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: &Virtuellt tangentbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: K&ontroll av webbadresser - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - http://games.bigfishgames.com/en_fitness-dash/online/FitnessDashWeb.1.0.0.11.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: VoddlerNet - Voddler - C:\Program Files\Voddler\service\voddler.exe

--
End of file - 8209 bytes
 
Looks like you have AVG and Kaspersky active at the same time, which you can't have. You would need to figure out which one you want to keep and uninstall the other. We'll figure that out later, for now, do this.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
I had to put the logs in separate posts (went over the 30000 letters limit)

Here it the ComboFix log:

ComboFix 10-07-13.02 - Charlie 07/14/2010 5:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.356 [GMT 2:00]
Running from: c:\documents and settings\Charlie\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky PURE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Kaspersky PURE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 )))))))))))))))))))))))))))))))
.

2010-07-14 02:14 . 2010-07-14 02:14 -------- d-----w- c:\program files\Trend Micro
2010-07-14 01:33 . 2010-07-14 01:33 -------- d-----w- C:\$AVG
2010-07-14 01:14 . 2010-07-14 01:14 12536 ----a-w- c:\windows.0\system32\avgrsstx.dll
2010-07-14 01:13 . 2010-07-14 01:14 29584 ----a-w- c:\windows.0\system32\drivers\avgmfx86.sys
2010-07-14 01:13 . 2010-07-14 03:18 -------- d-----w- c:\windows.0\system32\drivers\Avg
2010-07-14 01:12 . 2010-07-14 01:12 25168 ----a-w- c:\windows.0\system32\drivers\AVGIDSxx.sys
2010-07-14 01:12 . 2010-07-14 01:12 52872 ----a-w- c:\windows.0\system32\drivers\avgrkx86.sys
2010-07-14 01:12 . 2010-07-14 01:12 243024 ----a-w- c:\windows.0\system32\drivers\avgtdix.sys
2010-07-14 01:12 . 2010-07-14 01:12 216400 ----a-w- c:\windows.0\system32\drivers\avgldx86.sys
2010-07-14 01:11 . 2010-07-14 01:11 50968 ----a-w- c:\windows.0\system32\avgfwdx.dll
2010-07-14 01:11 . 2010-07-14 01:11 30104 ----a-w- c:\windows.0\system32\drivers\avgfwdx.sys
2010-07-14 01:10 . 2010-07-14 01:10 -------- d-----w- c:\program files\AVG
2010-07-14 01:10 . 2010-07-14 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-13 20:15 . 2010-07-06 17:28 15880 ----a-w- c:\windows.0\system32\lsdelete.exe
2010-07-13 15:43 . 2010-07-06 17:28 64288 ----a-w- c:\windows.0\system32\drivers\Lbd.sys
2010-07-13 15:43 . 2010-07-13 15:43 95024 ----a-w- c:\windows.0\system32\drivers\SBREDrv.sys
2010-07-13 15:38 . 2010-07-13 15:38 -------- d-----w- c:\documents and settings\Charlie\Local Settings\Application Data\Sunbelt Software
2010-07-13 14:18 . 2010-07-13 14:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-13 14:18 . 2010-07-13 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-13 14:18 . 2010-07-13 14:18 -------- d-----w- c:\program files\Lavasoft
2010-07-12 20:00 . 2010-07-12 20:00 -------- d-----w- C:\swsetup
2010-07-12 19:52 . 2010-07-12 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-07-12 18:05 . 2010-07-12 18:05 -------- d-----w- c:\documents and settings\Charlie\Application Data\Malwarebytes
2010-07-12 18:05 . 2010-04-29 13:39 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2010-07-12 18:05 . 2010-07-12 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-12 18:05 . 2010-07-12 18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 18:05 . 2010-04-29 13:39 20952 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2010-07-12 15:42 . 2010-07-12 18:22 97549 ----a-w- c:\windows.0\system32\drivers\klick.dat
2010-07-12 15:42 . 2010-07-12 18:22 113933 ----a-w- c:\windows.0\system32\drivers\klin.dat
2010-07-12 15:41 . 2010-02-17 10:04 39352 ----a-w- c:\windows.0\system32\drivers\CSVirtualDiskDrv.sys
2010-07-12 15:41 . 2010-07-13 15:43 -------- dc----w- c:\windows.0\system32\DRVSTORE
2010-07-12 15:41 . 2010-02-17 10:04 88632 ----a-w- c:\windows.0\system32\drivers\CSCrySec.sys
2010-07-12 15:40 . 2010-07-14 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-12 15:40 . 2010-07-12 15:40 -------- d-----w- c:\program files\Kaspersky Lab
2010-07-12 15:40 . 2010-07-12 15:40 -------- d-----w- c:\program files\Common Files\InfoWatch
2010-07-12 15:38 . 2010-07-12 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-07-12 15:29 . 2010-07-14 01:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2010-07-04 21:23 . 2010-07-04 21:28 -------- d-----w- c:\documents and settings\Charlie\Application Data\mIRC
2010-07-01 14:14 . 2010-07-01 14:14 8 ----a-w- c:\windows.0\system32\nvModes.dat
2010-07-01 14:12 . 2010-07-01 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-06-16 01:41 . 2010-07-12 14:14 -------- d-----w- C:\Downloads
2010-06-16 01:41 . 2010-07-12 15:42 -------- d-----w- c:\documents and settings\Charlie\Application Data\BitComet
2010-06-16 01:41 . 2010-06-16 01:41 -------- d-----w- c:\program files\BitComet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 03:32 . 2009-12-06 22:48 -------- d-----w- c:\documents and settings\Charlie\Application Data\Skype
2010-07-14 02:17 . 2009-12-11 12:36 -------- d-----w- c:\program files\BFG
2010-07-14 02:14 . 2010-07-14 02:14 388096 ----a-r- c:\documents and settings\Charlie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-14 01:19 . 2009-12-06 22:49 -------- d-----w- c:\documents and settings\Charlie\Application Data\skypePM
2010-07-13 23:08 . 2009-12-07 19:49 -------- d-----w- c:\program files\Warcraft III
2010-07-13 21:26 . 2010-04-18 21:43 -------- d-----w- c:\documents and settings\Charlie\Application Data\vlc
2010-07-12 20:07 . 2009-12-06 10:30 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-12 17:06 . 2010-07-12 17:05 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-07-12 17:05 . 2010-07-12 17:05 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-07-12 17:05 . 2010-07-12 17:05 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-07-12 17:05 . 2010-07-12 17:05 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-07-12 17:05 . 2010-07-12 17:05 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-07-12 09:32 . 2010-04-17 21:14 -------- d-----w- c:\documents and settings\Charlie\Application Data\dvdcss
2010-07-08 15:43 . 2009-12-21 22:37 -------- d-----w- c:\program files\World of Warcraft
2010-07-06 17:29 . 2010-07-13 14:18 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-03 12:03 . 2009-12-06 23:16 -------- d-----w- c:\documents and settings\Charlie\Application Data\Spotify
2010-07-03 11:07 . 2010-01-23 11:44 -------- d-----w- c:\program files\Diablo II
2010-06-30 08:35 . 2009-12-22 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-06-29 22:13 . 2010-07-02 13:06 52224 ----a-w- c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\0htdr22e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-06-29 22:13 . 2010-07-02 13:06 101376 ----a-w- c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\0htdr22e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-06-16 01:41 . 2010-06-16 01:41 1440768 ----a-w- c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\0htdr22e.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-06-16 01:26 . 2009-12-06 23:02 -------- d-----w- c:\documents and settings\Charlie\Application Data\uTorrent
2010-06-13 12:30 . 2010-03-31 17:49 -------- d-----w- c:\program files\uTorrent
2010-06-03 19:01 . 2010-03-31 17:49 -------- d-----w- c:\program files\Ask.com
2010-06-03 18:09 . 2010-06-03 18:09 2944904 ----a-w- c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\0htdr22e.default\extensions\[email protected]\chrome\temp\askToolbar.exe
2010-05-24 18:18 . 2010-05-24 18:18 503808 ----a-w- c:\documents and settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4ae5bdb5-n\msvcp71.dll
2010-05-24 18:18 . 2010-05-24 18:18 499712 ----a-w- c:\documents and settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4ae5bdb5-n\jmc.dll
2010-05-24 18:18 . 2010-05-24 18:18 348160 ----a-w- c:\documents and settings\Charlie\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4ae5bdb5-n\msvcr71.dll
2010-05-11 15:48 . 2010-05-11 15:48 655360 ----a-w- c:\documents and settings\Charlie\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-11 15:48 . 2010-05-11 15:48 282624 ----a-w- c:\documents and settings\Charlie\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-11 15:48 . 2010-05-11 15:48 208896 ----a-w- c:\documents and settings\Charlie\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows.0\system32\win32k.sys
2010-04-20 05:30 . 2008-04-14 04:39 285696 ----a-w- c:\windows.0\system32\atmfd.dll
2010-04-16 16:09 . 2008-04-14 04:42 667136 ----a-w- c:\windows.0\system32\wininet.dll
2010-04-16 16:09 . 2008-04-14 04:41 81920 ----a-w- c:\windows.0\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 14:42 129552 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-06-21 3883856]
"OscarEditor"="c:\program files\OSCAR Editor\OscarEditor.exe" [2009-11-24 2642432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"IMJPMIG8.1"="c:\windows.0\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"MSPY2002"="c:\windows.0\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows.0\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows.0\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-14 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"VoddlerNet Manager"="c:\program files\Voddler\service\VNetManager.exe" [2010-03-25 580296]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2005-10-10 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-14 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows.0\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-14 01:14 12536 ----a-w- c:\windows.0\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Documents and Settings\\Charlie\\Desktop\\WC3\\pickup.listchecker.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Voddler\\service\\voddler.exe"=
"c:\\Documents and Settings\\Charlie\\Desktop\\vbalink173\\VisualBoyAdvance.exe"=
"c:\\Program Files\\TrueGames\\Warrior Epic\\launcher.ui.exe"=
"c:\\Program Files\\TrueGames\\Warrior Epic\\WEShell_TGI.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27147:TCP"= 27147:TCP:BitComet 27147 TCP
"27147:UDP"= 27147:UDP:BitComet 27147 UDP

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows.0\system32\drivers\AVGIDSxx.sys [7/14/2010 3:12 AM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows.0\system32\drivers\avgrkx86.sys [7/14/2010 3:12 AM 52872]
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows.0\system32\drivers\CSCrySec.sys [7/12/2010 5:41 PM 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows.0\system32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [7/13/2010 5:43 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows.0\system32\drivers\avgldx86.sys [7/14/2010 3:12 AM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows.0\system32\drivers\avgtdix.sys [7/14/2010 3:12 AM 243024]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows.0\system32\drivers\CSVirtualDiskDrv.sys [7/12/2010 5:41 PM 39352]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/14/2010 3:12 AM 921440]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/14/2010 3:12 AM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/14/2010 3:12 AM 2331032]
R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [3/12/2010 1:32 PM 743992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 7:28 PM 1352832]
R2 VoddlerNet;VoddlerNet;c:\program files\Voddler\service\voddler.exe [3/25/2010 12:38 PM 1160912]
R3 Avgfwdx;Avgfwdx;c:\windows.0\system32\drivers\avgfwdx.sys [7/14/2010 3:11 AM 30104]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows.0\system32\drivers\klim5.sys [9/14/2009 1:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows.0\system32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
S3 Avgfwfd;AVG network filter service;c:\windows.0\system32\drivers\avgfwdx.sys [7/14/2010 3:11 AM 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/14/2010 3:12 AM 5897808]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [7/14/2010 3:12 AM 122448]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [7/14/2010 3:12 AM 30288]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [7/14/2010 3:12 AM 26192]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows.0\system32\drivers\Mkd2kfNT.sys [12/22/2009 12:58 AM 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows.0\system32\drivers\Mkd2Nadr.sys [12/22/2009 12:58 AM 79104]
.
Contents of the 'Scheduled Tasks' folder

2010-07-14 c:\windows.0\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]

2010-07-14 c:\windows.0\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]

2010-07-14 c:\windows.0\Tasks\WGASetup.job
- c:\windows.0\system32\KB905474\wgasetup.exe [2009-12-08 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} - hxxp://games.bigfishgames.com/en_fitness-dash/online/FitnessDashWeb.1.0.0.11.cab
FF - ProfilePath - c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\0htdr22e.default\
FF - component: c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\0htdr22e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\0htdr22e.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\0htdr22e.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\0htdr22e.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\Voddler\plugin\npvoddler.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Final Fantasy VII - c:\program files\Final Fantasy VII\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-14 05:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2092)
c:\program files\OSCAR Editor\Win32Share.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows.0\system32\nvsvc32.exe
c:\windows.0\system32\RUNDLL32.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows.0\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-07-14 05:40:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-14 03:39

Pre-Run: 21,720,137,728 bytes free
Post-Run: 21,846,126,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 42711695DD1594A5550EA0774BB74A69
 
And now for the HiJackThis log :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:46:30 AM, on 7/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Voddler\service\VNetManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\OSCAR Editor\OscarEditor.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS.0\system32\msiexec.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.0\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VoddlerNet Manager] C:\Program Files\Voddler\service\VNetManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\OSCAR Editor\OscarEditor.exe" Minimum
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Lägg till i Skydd mot webbannonser - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
O9 - Extra button: &Virtuellt tangentbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: K&ontroll av webbadresser - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - http://games.bigfishgames.com/en_fitness-dash/online/FitnessDashWeb.1.0.0.11.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: VoddlerNet - Voddler - C:\Program Files\Voddler\service\voddler.exe

--
End of file - 8473 bytes


And my sound still keeps turning down the Wave volume by itself, no pop-ups so far thou.
 
Ok. lets do some general clean up.

Download and run Ccleaner

http://www.filehippo.com/download_ccleaner/

Click up top right where it says download latest version and install the program. Then run it and set it for the options that are checked in the attached image and click on run cleaner.

Provide an uninstall list using hijackthis. Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save the log, then copy and paste it back here.
 

Attachments

  • ccleaner.JPG
    ccleaner.JPG
    76.3 KB · Views: 89
Here are the uninstall list:

µTorrent
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
AhnLab Online Security
Ask Toolbar
AVG 9.0
BitComet 1.21
CCleaner
Diablo II
Final Fantasy VII - Ultima Edition
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java(TM) 6 Update 17
Kaspersky PURE
Kaspersky PURE
K-Lite Codec Pack 5.4.4 (Full)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.10)
MSVCRT
NVIDIA Drivers
OSCAR Editor
Peggle (remove only)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Segoe UI
Skype Toolbars
Skype™ 4.2
Spotify
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Ventrilo Client
VentriloMIX
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
VoddlerNet
VoddlerPlayer
VoddlerPlayer
Warrior Epic
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
World of Warcraft
 
You need to uninstall these programs via add/remove programs in control panel.

Ad-Aware Adaware is old and outdated and not recommended anymore. Use Malwarebytes instead.
Ask Toolbar
Java(TM) 6 Update 17

You have the following security programs installed.

AhnLab Online Security
AVG 9.0

You need to only have 1 installed at any given time. I would rather trust avg then a program that possibly your isp gives you.

What kind of popups are you getting? It's possible they are related to a program you have installed.

Also try downloading, updating and running superantispyware.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

Then post the logfile from it. To get to the log, click on preferences on the main page, then click in statistics/logs tab and then open the log and copy and paste it back here.
 
Do you want me to do a full or a quick scan with SuperAntiSpyware? And the pop-ups are all kinds of advertisement.
 
Anyway I made a full scan and here is the log :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/15/2010 at 00:32 AM

Application Version : 4.40.1002

Core Rules Database Version : 5200
Trace Rules Database Version: 3012

Scan type : Complete Scan
Total Scan Time : 01:42:07

Memory items scanned : 491
Memory threats detected : 0
Registry items scanned : 5708
Registry threats detected : 0
File items scanned : 18300
File threats detected : 30

Adware.Tracking Cookie
C:\Documents and Settings\Charlie\Cookies\[email protected][2].txt
C:\Documents and Settings\Charlie\Cookies\charlie@atdmt[1].txt
C:\Documents and Settings\Charlie\Cookies\charlie@serving-sys[2].txt
C:\Documents and Settings\Charlie\Cookies\[email protected][2].txt
C:\Documents and Settings\Charlie\Cookies\charlie@cgi-bin[2].txt
www.bannerconnect.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\HRNURXRY ]
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adtech[1].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\LocalService\Cookies\system@linksynergy[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@bannerconnect[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@zanox[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@tradedoubler[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@game-advertising-online[1].txt

Adware.MyWebSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0CEAFFEB-8F0B-49A7-8036-264A8FD9850D}\RP103\A0022813.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0CEAFFEB-8F0B-49A7-8036-264A8FD9850D}\RP105\A0022872.DLL
 
You must log in or register to reply here.
Back
Top