Hello all!

Spyware Blaster 4.1 I know was working the week before last because I ran the latest update. Now it will not even open!

There is no error message. The mouse gets a hourglass that goes away after about 10 seconds. If I Ctrl-Alt-Delete, under "Processes", "spywareblaster.exe" will show; the strange thing is that it will show up twice, even though I only tried to open it once.

Things I have tried so far:
1) I've removed it, rebooted, reinstalled it -- no change

2) Javacool's website suggested downloading a fresh install package -- no change

3) I've looked on websites and they suggested (as well as on your forum) to try running in Safe Mode -- still will not open

4) Thought maybe one of the updates for AVG Home Edition may have been an issue. Uninstalled both AVG and Spyware Blaster, shut down, then reinstalled Spyware Blaster alone --- no change

I just don't know what else to try!

Below is my HiJack This log.

Spyware/Adware/Anti-Virus programs loaded (never issues before):

1) AVG Anti-Virus Free Edition
2) Ad-Aware 2008
3) Spyware Blaster 4.1
4) Spyware Guard 2.2
5) Spybot Search & Destroy 1.6

Any help in figuring this out would be greatly appreciated.

Thanks,
Steve

----------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:15 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\tempo-F09.tmp
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\TEMP\tempo-157.tmp
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdbty.exe] C:\WINDOWS\system32\kdbty.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webmail.bmico.com/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1223871703953
O17 - HKLM\System\CCS\Services\Tcpip\..\{A828F152-2FC7-4620-8573-2CFABFF8642D}: NameServer = 85.255.112.16;85.255.112.79
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 6268 bytes

Hello

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Here's the text file:

ComboFix 08-11-10.01 - Steven Whited 2008-11-11 20:03:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1496 [GMT -5:00]
Running from: c:\documents and settings\Steven Whited\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\STEVEN~1\LOCALS~1\Temp\tmp2.tmp
C:\resycled
c:\resycled\boot.com
c:\windows\system32\kdbty.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.

2008-11-10 22:55 . 2008-11-10 22:55 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-10 22:38 . 2008-11-10 22:44 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-10 22:38 . 2008-11-10 22:38 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-10 22:38 . 2008-11-10 22:38 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-10 22:30 . 2008-11-10 22:30 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-10 22:29 . 2008-11-10 22:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-11-02 22:20 . 2008-11-02 22:20 108,336 --a------ c:\windows\system32\mswinsck.ocx
2008-11-02 22:19 . 2008-11-02 22:31 <DIR> d-------- c:\program files\HDTVNetworks
2008-10-28 20:31 . 2008-10-28 20:31 136 --a------ c:\windows\wininit.ini
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-25 17:36 . 2008-10-25 17:36 30,128 --a------ c:\documents and settings\Steven Whited\Application Data\GDIPFONTCACHEV1.DAT
2008-10-23 17:11 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 17:28 . 2008-10-19 17:28 <DIR> d-------- c:\program files\EXPLORER
2008-10-19 16:36 . 2001-03-07 10:13 229,888 --a------ c:\windows\system32\Tiff32.dll
2008-10-19 16:36 . 2001-03-07 10:14 122,880 --a------ c:\windows\system32\Ppremove.dll
2008-10-19 16:36 . 2001-03-07 10:13 118,784 --a------ c:\windows\system32\Jpeg32.dll
2008-10-19 16:29 . 2001-08-17 21:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-10-19 16:29 . 2001-08-17 21:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-10-19 16:29 . 2008-04-13 23:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-10-19 16:29 . 2008-04-13 23:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-19 16:28 . 2008-10-19 16:29 <DIR> d-------- c:\program files\Visioneer OneTouch
2008-10-19 16:28 . 2000-05-23 10:36 716,288 --a------ c:\windows\system32\Ltwvc11n.dll
2008-10-19 16:28 . 2000-05-23 10:36 391,168 --a------ c:\windows\system32\Ltkrn11n.dll
2008-10-19 16:28 . 1999-11-23 17:01 276,992 --a------ c:\windows\system32\LFCMP11n.DLL
2008-10-19 16:28 . 2000-05-23 10:36 262,144 --a------ c:\windows\system32\LTDIS11n.dll
2008-10-19 16:28 . 2000-05-23 10:36 127,488 --a------ c:\windows\system32\Ltimg11n.dll
2008-10-19 16:28 . 2000-05-23 10:36 118,272 --a------ c:\windows\system32\Ltfil11n.dll
2008-10-19 16:28 . 2002-05-20 07:22 36,864 --a------ c:\windows\system32\vizMicro.dll
2008-10-19 16:28 . 2000-05-23 10:36 36,864 --a------ c:\windows\system32\Lfbmp11n.dll
2008-10-19 16:26 . 2008-10-19 16:26 <DIR> d-------- c:\program files\ScanSoft
2008-10-19 16:26 . 2008-10-19 16:26 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2008-10-19 16:26 . 2008-10-19 16:26 <DIR> d-------- c:\documents and settings\Steven Whited\WINDOWS
2008-10-19 16:10 . 2008-10-19 16:10 <DIR> d--h----- c:\windows\PIF
2008-10-19 15:54 . 2008-10-19 15:54 <DIR> d-------- c:\program files\Brownie
2008-10-19 15:54 . 2004-09-16 23:00 196,608 --------- c:\windows\system32\Brdiag2.exe
2008-10-19 15:54 . 2003-12-11 00:52 173,868 --------- c:\windows\system32\BRDIAG.HLP
2008-10-19 15:54 . 2003-12-11 00:52 162,057 --------- c:\windows\system32\BRDIAG2.HLP
2008-10-19 15:54 . 2003-08-21 00:00 77,824 --------- c:\windows\system32\BROSNMP.DLL
2008-10-19 15:54 . 2004-08-15 23:00 73,728 --------- c:\windows\system32\BRRBTOOL.EXE
2008-10-19 15:54 . 2003-02-18 23:01 40,960 --------- c:\windows\system32\BRVPD95A.DLL
2008-10-19 15:54 . 2004-10-04 00:03 36,864 --------- c:\windows\system32\BRVPDNTA.DLL
2008-10-19 15:54 . 2000-09-06 16:47 26,624 --------- c:\windows\system32\BRGSRC32.DLL
2008-10-19 15:54 . 2004-09-23 23:00 24,223 --------- c:\windows\system32\brlm03a.dll
2008-10-19 15:54 . 2008-10-19 15:54 8,975 --a------ c:\windows\HL-2070N.INI
2008-10-19 15:54 . 2000-09-06 16:11 4,608 --------- c:\windows\system32\BRGSRC16.DLL
2008-10-19 15:53 . 2008-10-19 16:10 <DIR> d-------- c:\program files\Brother
2008-10-19 15:53 . 2002-10-31 00:09 81,920 --------- c:\windows\system32\BrWebIns.dll
2008-10-19 15:53 . 2003-07-03 00:08 65,536 --------- c:\windows\system32\BRWEBUP.EXE
2008-10-19 15:53 . 2003-10-21 14:19 45,056 --------- c:\windows\system32\PtrcENG.dll
2008-10-19 15:00 . 2008-10-19 15:00 <DIR> d-------- c:\documents and settings\Steven Whited\Application Data\Media Player Classic
2008-10-19 14:55 . 2008-10-19 14:55 <DIR> d-------- c:\program files\Essentials Codec Pack
2008-10-19 14:54 . 2008-10-19 14:54 <DIR> d-------- c:\program files\MP3Gain
2008-10-18 08:10 . 2008-11-11 20:13 30,120 --a------ c:\windows\system32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-00511102}.rfx
2008-10-18 08:10 . 2008-11-11 20:13 30,120 --a------ c:\windows\system32\BMXState-{00000005-00000000-00000000-00001102-00000004-00511102}.rfx
2008-10-18 08:10 . 2008-11-11 20:13 27,408 --a------ c:\windows\system32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-00511102}.rfx
2008-10-18 08:10 . 2008-11-11 20:13 27,408 --a------ c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-00511102}.rfx
2008-10-18 08:10 . 2008-11-11 20:13 11,564 --a------ c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000004-00511102}.rfx
2008-10-18 08:10 . 2008-11-11 20:13 1,080 --a------ c:\windows\system32\settingsbkup.sfm
2008-10-18 08:10 . 2008-11-11 20:13 1,080 --a------ c:\windows\system32\settings.sfm
2008-10-18 08:09 . 2008-11-11 19:58 3,162,278 --a------ c:\windows\{00000005-00000000-00000000-00001102-00000004-00511102}.CDF
2008-10-18 08:08 . 2005-12-08 10:41 193 --------- c:\windows\system32\ctzapxx.ini
2008-10-16 20:34 . 2008-10-16 20:57 <DIR> d-------- c:\documents and settings\Steven Whited\Application Data\DivX
2008-10-16 20:33 . 2008-11-04 20:43 <DIR> d-------- c:\program files\DivX
2008-10-16 20:33 . 2008-09-15 19:14 120,056 --------- c:\windows\system32\pxcpyi64.exe
2008-10-16 20:33 . 2008-09-15 19:14 118,520 --------- c:\windows\system32\pxinsi64.exe
2008-10-15 20:55 . 2008-10-15 20:55 <DIR> dr------- c:\documents and settings\Steven Whited\Application Data\Brother
2008-10-15 20:55 . 2008-10-19 15:54 146 --a------ c:\windows\BRVIDEO.INI
2008-10-15 20:55 . 2008-10-19 15:54 40 --a------ c:\windows\BRDIAG.INI
2008-10-15 20:55 . 2008-10-19 15:54 23 --a------ c:\windows\Brownie.ini
2008-10-15 20:54 . 2004-10-12 00:24 188,416 --------- c:\windows\system32\Pdrvinst.dll
2008-10-15 20:54 . 2008-10-19 16:18 410 --a------ c:\windows\BRWMARK.INI
2008-10-15 20:54 . 2008-10-19 16:18 34 --a------ c:\windows\system32\BD2070N.DAT
2008-10-15 19:37 . 2004-09-28 12:08 458,112 --------- c:\windows\system32\drivers\MarvinUsb.sys
2008-10-15 19:36 . 2008-10-15 19:36 <DIR> d-------- c:\windows\system32\Quicktime
2008-10-15 19:36 . 2008-10-15 19:36 <DIR> d-------- c:\program files\SmartSound Software
2008-10-15 19:36 . 2008-10-15 19:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-10-15 19:31 . 2008-10-18 08:08 <DIR> d-------- c:\windows\system32\Data
2008-10-15 19:31 . 2008-10-18 08:09 <DIR> d-------- c:\program files\Creative
2008-10-15 19:31 . 2008-10-17 18:20 <DIR> d-------- c:\documents and settings\Steven Whited\Application Data\Creative
2008-10-15 19:31 . 2000-12-05 08:11 4,174,814 --------- c:\windows\system32\CT4MGM.SF2
2008-10-15 19:31 . 2005-12-08 11:54 50,410 --------- c:\windows\system32\e10kxwdm.ini
2008-10-15 19:31 . 2008-04-13 23:15 10,624 --------- c:\windows\system32\drivers\gameenum.sys
2008-10-15 19:31 . 2008-04-13 23:15 10,624 -----c--- c:\windows\system32\dllcache\gameenum.sys
2008-10-15 19:27 . 2008-11-10 23:05 69 --a------ c:\windows\NeroDigital.ini
2008-10-14 21:49 . 2005-01-28 14:36 171,008 --------- c:\windows\system32\drivers\MarvinBus.sys
2008-10-14 21:47 . 2003-03-18 21:20 1,060,864 --------- c:\windows\system32\MFC71.dll
2008-10-14 21:44 . 2008-10-14 21:44 63 --a------ c:\windows\PixieTool.INI
2008-10-14 21:43 . 2008-10-14 21:48 <DIR> d-------- c:\program files\Pinnacle
2008-10-14 21:43 . 2008-10-19 13:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2008-10-14 21:42 . 2002-03-19 09:29 14,165 --------- c:\windows\system32\drivers\Pclepci.sys
2008-10-14 21:34 . 2008-10-14 21:34 <DIR> d-------- c:\documents and settings\Steven Whited\Application Data\Publish Providers
2008-10-14 21:33 . 2008-10-14 21:33 <DIR> d-------- c:\program files\Sony
2008-10-14 21:33 . 2008-10-14 21:33 <DIR> d-------- c:\documents and settings\Steven Whited\Application Data\Sony
2008-10-14 21:33 . 2001-10-19 14:40 1,683,792 --------- c:\windows\system32\wmvcore2.dll
2008-10-14 21:33 . 2001-10-19 14:40 665,424 --------- c:\windows\system32\wmv8dmoe.dll
2008-10-14 21:33 . 2002-10-09 12:21 566,272 --------- c:\windows\system32\wmvdmoe.dll
2008-10-14 21:33 . 2001-10-19 14:40 438,608 --------- c:\windows\system32\wmv8dmod.dll
2008-10-14 21:33 . 2001-10-19 02:05 285,184 --------- c:\windows\system32\wmidx2.ocx
2008-10-14 21:33 . 2008-10-14 21:33 156,910 --a------ c:\windows\WMSysPr8.prx
2008-10-14 21:32 . 2008-10-14 21:32 <DIR> d-------- c:\program files\Sony Setup
2008-10-14 20:29 . 2008-10-14 20:30 <DIR> d-------- c:\program files\Common Files\Nero
2008-10-14 20:07 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-14 20:04 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 20:03 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 20:03 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 20:03 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 20:03 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 19:55 . 2008-10-15 20:48 <DIR> d-------- c:\program files\Rufus
2008-10-14 19:55 . 2008-10-14 19:55 <DIR> d-------- c:\documents and settings\Steven Whited\Application Data\Nero
2008-10-14 19:55 . 2008-10-14 19:55 <DIR> d-------- C:\bittorrent
2008-10-14 19:52 . 2008-10-14 19:52 203,776 --------- c:\windows\system32\clrviddc.dll
2008-10-14 19:52 . 1999-09-10 06:06 45,056 --------- c:\windows\system32\wnaspi32.dll
2008-10-14 19:52 . 1999-09-10 06:06 25,244 --------- c:\windows\system32\drivers\aspi32.sys
2008-10-14 19:52 . 1999-09-10 06:06 5,600 --------- c:\windows\system\winaspi.dll
2008-10-14 19:52 . 1999-09-10 06:06 4,672 --------- c:\windows\system\wowpost.exe
2008-10-14 19:50 . 2008-10-14 19:50 <DIR> d-------- c:\program files\Real
2008-10-14 19:50 . 2008-10-14 19:50 <DIR> d-------- c:\program files\Common Files\xing shared
2008-10-14 19:50 . 2008-10-14 19:50 <DIR> d-------- c:\program files\Common Files\Real
2008-10-14 19:50 . 2008-10-14 19:50 499,712 --------- c:\windows\system32\msvcp71.dll
2008-10-14 19:50 . 2008-10-14 19:50 348,160 --------- c:\windows\system32\msvcr71.dll
2008-10-13 22:14 . 2008-10-13 22:14 <DIR> d-------- c:\documents and settings\Steven Whited\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 15:28 315,392 ----a-w c:\windows\HideWin.exe
2008-10-12 14:45 --------- d-----w c:\program files\microsoft frontpage
2008-09-17 13:55 6,132,576 ------w c:\windows\system32\drivers\nv4_mini.sys
2008-08-25 18:31 524,288 ----a-w c:\windows\opuc.dll
2006-06-24 06:48 32,768 ------w c:\windows\inf\UpdateUSB.exe
2002-05-28 12:19 61,440 ----a-w c:\windows\inf\i386\onetUSD.dll
2002-05-20 12:22 36,864 ----a-w c:\windows\inf\i386\Vizmicro.dll
2002-05-20 12:20 172,032 ----a-w c:\windows\inf\i386\viceo.dll
2002-05-20 12:02 225,280 ----a-w c:\windows\inf\i386\rtscan.dll
2001-08-03 22:29 13,824 ----a-w c:\windows\inf\i386\Usbscan.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-06-24 132392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-14 185872]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-05-28 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-10 1234712]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]
"CTHelper"="CTHELPER.EXE" [2005-12-08 c:\windows\CTHELPER.EXE]

c:\documents and settings\Steven Whited\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rufus\\rufus.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-06-23 150568]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-10 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-10 231704]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2008-11-10 27904]
.
Contents of the 'Scheduled Tasks' folder

2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-c:\windows\system32\kdbty.exe - c:\windows\system32\kdbty.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Steven Whited\Application Data\Mozilla\Firefox\Profiles\yyx22qwt.default\
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 20:14:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\STEVEN~1\LOCALS~1\Temp\ab024499-7d96-4946-9ff4-060e6f514a70.tmp 0 bytes
c:\docume~1\STEVEN~1\LOCALS~1\Temp\de2887e5-ccc5-4242-8bc0-226dab3f88d1.tmp

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-11 20:17:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-12 01:17:18

Pre-Run: 185,268,555,776 bytes free
Post-Run: 185,260,625,920 bytes free

244 --- E O F --- 2008-10-15 01:45:27


--------------------------------------------------------------------------------------------------------------------------------
Tried running Spyware Blaster after the ComboFix program finished.

It works now!!!!!

Thanks! (I guess the HiJack This log file is clean).

Steve