here is my log from high jack this

**keper** · 10-08-2010, 07:47 AM

Hi Jholland1964 I did not know that MBA-M did not scan all files in safe mode. I just finished a complete scan in normal mode and it did not pick up bsf.exe.I did do an update. Here is my log . Thanks keperMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4775

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/8/2010 9:12:58 AM
mbam-log-2010-10-08 (09-12-58).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 188289
Time elapsed: 1 hour(s), 22 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**jholland1964** · 10-08-2010, 08:26 AM

This is very unusual, not maybe that MBA-M has not found the file BUT that your Avira has not found the file. Avira is one of the scanners at Virus Total that HAS identified it.
The file is identified as part of full speed internet booster, to make sure settings stay after reboot.So your Full Speed internet booster is NOT all gone. So it is exactly as causzomb said, this one is extremely difficult to remove.
I am going to recommend that you do the following:

You must follow these instructions EXACTLY so read them very carefully,
Please download ComboFix by sUBs from HERE

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

**keper** · 10-08-2010, 11:49 AM

ok that was weird combofix was making log all my programs started up threat fire, avira, superantispyware.can't find log but i have log hjt Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:44:33 PM, on 10/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [bsf] "bsf.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1262390586982
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 7093 bytes

**jholland1964** · 10-08-2010, 11:52 AM

ok that was weird combofix was making log all my programs started up threat fire, avira, superantispyware

You mean they started on their own? They should not have started on their own you should have had to restart them.

I cannot do anything until I see that combofix log. It can be found at C:\ComboFix.txt.

What the heck is this and when did you install it? Nobody here told you to do that

RemoveIT Pro v7Ent

**keper** · 10-08-2010, 12:12 PM

Hi I found the combofix log. I downloaded removeit pro v7Ent in hopes that I could remove the infected file .I was wrong sorry.The programs did automaticly turned on by themselves.Thanks keper
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:44:33 PM, on 10/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [bsf] "bsf.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RemoveIT Pro v7Ent] C:\Program Files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1262390586982
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 7093 bytes

**jholland1964** · 10-08-2010, 12:23 PM

I need to see the combofix log. You found it where is it?
Where did you get this RemoveIT Pro v7Ent program? did you investigate this program before downloading it?
Read these comments on CNET about it posted on

Sept. 6, 2010....
2 TROJAN virus' come with the download
August 25, 2010 ...
virus & trojan in download
September 29, 2010 ...
I've watched this program mess up more than 1 computer

Did you PAY for this program? It is a paid program.

**jholland1964** · 10-08-2010, 01:18 PM

I need to see that combofix log or we can go no further. If I don't see it within 12 hours this thread will be locked.

**keper** · 10-08-2010, 01:19 PM

i guess there is a lot of bad programs out there and bad people makeing them. As for the program as it states in cnet it is a trial version 30 days "lesson learned" apparently the scan was interupeted. Here is the log Thank Keper
ComboFix 10-10-07.02 - KEITH 10/08/2010 12:37:53.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1473 [GMT -3:00]
Running from: C:\Documents and Settings\KEITH\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
PEV Error: AppFolder

**jholland1964** · 10-08-2010, 01:28 PM

There is no log here. It is a VERY long log. What little that appears shows me you didn't follow instructions. You ran it from My Documents not from the Desktop.

Uninstall combofix using these instructions:
* Click START then RUN
* Now type ComboFix /Uninstall in the runbox and click OK. The space between the combofix and the /uninstall, it must be there.
When shown the disclaimer, Select "2"
Download the program from this link http://download.bleepingcomputer.com...5/ComboFix.exe

download link will expire in 10 minutes from the time you open that page! So do this immediately

and this time choose Save as....and rename it to combolog.exe and SAVE it TO YOUR DESKTOP.
Then follow the instructions I all ready gave and run it again.

**keper** · 10-08-2010, 04:03 PM

ComboFix 10-10-07.02 - KEITH 10/08/2010 17:44:55.5.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1763 [GMT -3:00]
Running from: c:\documents and settings\KEITH\Desktop\security\commy.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe

--------

.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 13:16 . 2010-10-08 13:16 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-10-07 23:48 . 2010-10-07 23:48 -------- d-----w- c:\program files\InCode Solutions
2010-10-07 20:33 . 2010-10-07 20:33 -------- d-----w- c:\program files\VS Revo Group
2010-10-06 15:22 . 2010-10-06 15:22 388096 ----a-r- c:\documents and settings\KEITH\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-06 11:35 . 2010-10-06 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-10-05 21:38 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-10-05 21:37 . 2010-10-05 21:37 -------- d-----w- c:\program files\Panda Security
2010-10-05 18:51 . 2010-10-05 18:51 -------- d-----w- c:\program files\Common Files\Skype
2010-10-04 01:07 . 2010-10-04 00:46 81920 ----a-w- c:\windows\system32\bsf.exe
2010-10-02 13:53 . 2010-10-02 14:02 -------- d-----w- C:\aidualc3
2010-10-01 18:28 . 2010-10-01 18:28 -------- d-----w- c:\documents and settings\KEITH\Application Data\MozillaControl
2010-10-01 18:08 . 2010-10-01 18:08 -------- d-----w- c:\windows\'Full Speed' Internet Booster + Performance Tests
2010-10-01 17:32 . 2010-10-01 17:32 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-09-29 18:24 . 2010-09-29 18:24 -------- d-----w- c:\program files\uTorrent
2010-09-29 17:26 . 2010-09-29 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-09-18 16:39 . 2010-09-18 16:39 -------- d-----w- c:\documents and settings\KEITH\Application Data\Adobe Mini Bridge CS5
2010-09-18 16:38 . 2010-09-18 16:38 -------- d-----w- c:\documents and settings\KEITH\Application Data\StageManager.BD092818F67280F4B42B04877600987F 0111B594.1
2010-09-18 14:38 . 2010-09-18 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-09-18 14:21 . 2010-09-18 14:21 -------- d-----w- c:\program files\Adobe Media Player
2010-09-18 14:17 . 2010-09-18 14:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-15 00:26 . 2010-09-15 00:28 -------- d-----w- c:\documents and settings\KEITH\Application Data\vlc
2010-09-13 01:01 . 2010-09-13 01:01 -------- d-----w- c:\program files\Microsoft.NET
2010-09-13 00:57 . 2010-09-13 00:58 -------- d-----w- c:\documents and settings\KEITH\Local Settings\Application Data\Deployment
2010-09-12 19:23 . 2010-09-12 19:23 -------- d-----w- C:\DISNEY
2010-09-08 21:50 . 2010-09-08 21:50 -------- d-----w- c:\program files\TrendMicro
2010-09-08 21:26 . 2010-09-08 21:26 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-10-08 19:37 . 2010-08-23 20:00 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-10-08 19:03 . 2010-08-23 14:42 -------- d-----w- c:\documents and settings\KEITH\Application Data\skypePM
2010-10-08 18:34 . 2010-02-22 01:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-10-08 16:50 . 2010-07-14 18:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-08 16:03 . 2010-08-23 07:03 -------- d-----w- c:\documents and settings\KEITH\Application Data\Skype
2010-10-08 13:27 . 2010-08-12 13:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-08 12:55 . 2010-09-07 21:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-07 13:26 . 2010-09-07 23:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-10-07 12:25 . 2010-07-20 16:18 -------- d-----w- c:\documents and settings\KEITH\Application Data\godzHell
2010-10-07 05:29 . 2009-12-18 20:45 -------- d-----w- c:\program files\Lx_cats
2010-10-05 18:51 . 2010-08-23 07:02 -------- d-----r- c:\program files\Skype
2010-10-05 18:51 . 2010-08-23 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-10-05 01:12 . 2010-07-14 18:49 63488 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-10-05 01:11 . 2010-07-14 18:49 117760 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-10-01 23:11 . 2009-12-26 23:32 -------- d-----w- c:\documents and settings\KEITH\Application Data\Media Player Classic
2010-09-30 19:22 . 2010-04-22 19:52 -------- d-----w- c:\program files\Google
2010-09-29 17:39 . 2010-02-09 00:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-18 15:12 . 2009-12-16 21:45 60392 ----a-w- c:\documents and settings\KEITH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-18 14:17 . 2010-10-07 22:48 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2010-09-13 11:57 . 2010-08-11 22:50 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-09-08 19:35 . 2010-09-08 19:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-07 23:10 . 2010-09-07 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-07 21:41 . 2010-09-07 21:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-09-07 18:44 . 2010-09-04 22:27 -------- d-----w- c:\documents and settings\KEITH\Application Data\Raptr
2010-09-07 18:43 . 2010-09-04 22:27 -------- d-----w- c:\program files\Raptr
2010-09-07 14:21 . 2010-09-07 14:21 -------- d-----w- c:\program files\ThreatFire
2010-09-07 14:21 . 2010-09-07 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-06 13:46 . 2010-09-06 13:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Azureus
2010-09-06 13:43 . 2010-01-03 20:13 -------- d-----w- c:\program files\CCleaner
2010-09-06 13:36 . 2010-09-06 13:36 310208 ----a-w- c:\documents and settings\NetworkService\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-09-04 22:24 . 2010-01-27 21:14 -------- d-----w- c:\program files\Vuze
2010-09-04 22:23 . 2010-09-04 22:23 -------- d-----w- c:\program files\Conduit
2010-09-04 22:23 . 2010-09-04 22:23 -------- d-----w- c:\program files\Vuze_Remote
2010-08-31 15:11 . 2010-08-31 15:11 3401880 ----a-w- c:\documents and settings\KEITH\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 14:55 . 2010-08-31 14:55 275096 ----a-w- c:\documents and settings\KEITH\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 14:39 . 2010-08-31 14:39 3734536 ----a-w- c:\documents and settings\KEITH\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-30 16:17 . 2010-08-30 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SBT
2010-08-30 16:17 . 2010-08-30 16:17 -------- d-----w- c:\program files\Snapshot Viewer
2010-08-30 16:16 . 2009-12-16 20:19 -------- d-----w- c:\program files\microsoft frontpage
2010-08-30 16:09 . 2010-08-30 16:09 -------- d-----w- c:\documents and settings\KEITH\Application Data\Microsoft Web Folders
2010-08-23 15:30 . 2010-02-11 15:49 -------- d-----w- c:\program files\Common Files\Logitech
2010-08-23 15:29 . 2010-02-11 15:49 -------- d-----w- c:\program files\Logitech
2010-08-23 15:29 . 2009-12-17 17:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-23 14:42 . 2010-08-23 14:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-18 03:01 . 2010-08-10 22:47 81920 ----a-w- c:\windows\system32\tcp2.exe
2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 13:59 . 2010-08-12 13:59 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 13:59 . 2010-08-12 13:59 61440 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-6d89770c-n\decora-sse.dll
2010-08-12 13:59 . 2010-08-12 13:59 503808 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-147b8274-n\msvcp71.dll
2010-08-12 13:59 . 2010-08-12 13:59 499712 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-147b8274-n\jmc.dll
2010-08-12 13:59 . 2010-08-12 13:59 348160 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-147b8274-n\msvcr71.dll
2010-08-12 13:59 . 2010-08-12 13:59 12800 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-6d89770c-n\decora-d3d.dll
2010-08-12 13:58 . 2010-08-12 13:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-12 13:58 . 2010-08-12 13:58 -------- d-----w- c:\program files\Java
2010-08-12 13:58 . 2010-08-12 13:58 79488 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\jre1.6.0_21\gtapi.dll
2010-08-12 13:58 . 2010-08-12 13:58 152576 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\jre1.6.0_21\lzma.dll
2010-08-11 23:56 . 2010-07-19 15:04 -------- d-----w- c:\documents and settings\KEITH\Application Data\MSN6
2010-08-11 13:08 . 2010-08-11 13:08 -------- d-----w- c:\program files\ESET
2010-08-10 22:39 . 2010-08-04 15:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-12-17 23:35 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 07:44 . 2009-12-16 21:26 0 ----a-w- c:\windows\system32\drivers\OMCI.SYS
2010-07-20 16:42 . 2010-07-20 16:42 17 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jag2png.bat
2010-07-14 18:49 . 2010-07-14 18:49 52224 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-30 2424560]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2010-08-23 32768]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXCFtime.dll" [2005-04-27 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-09-01 221184]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-09-07 434176]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-09-07 09:39 73728]
"LogitechCameraService(E)"="c:\windows\system32\El kCtrl.exe" [2004-11-01 262144]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-09-11 6305088]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" [2010-07-23 402432]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"bsf"="bsf.exe" [2010-10-04 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-8-23 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-19 21:20 135664 ----atw- c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2010-08-23 15:28 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-29 18:24 386936 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\KEITH\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"29156:TCP"= 29156:TCP:ares

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys [9/7/2010 11:21 AM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys [9/7/2010 11:21 AM 59664]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [10/5/2010 6:38 PM 28552]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 3:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 3:41 PM 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2010 5:18 PM 135336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sy s [2/15/2007 9:04 AM 250752]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/10/2004 8:00 AM 14336]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNe tMon.sys [9/7/2010 11:21 AM 33552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\AdobeAAMUpdater-1.0-KEITH-ROF6TH9D8-KEITH.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.e xe [2010-09-18 06:44]

2010-10-08 c:\windows\Tasks\bsf.job
- c:\windows\system32\bsf.exe [2010-10-04 00:46]

2010-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-73586283-725345543-1004Core.job
- c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 21:20]

2010-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-73586283-725345543-1004UA.job
- c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 21:20]

2010-10-08 c:\windows\Tasks\tcp2.job
- c:\windows\system32\tcp2.exe [2010-08-10 03:01]

2010-10-08 c:\windows\Tasks\User_Feed_Synchronization-{48502727-2E09-4630-9A71-CB897CEE2B35}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\KEITH\Application Data\Mozilla\Firefox\Profiles\j8vb72o4.default\
FF - plugin: c:\documents and settings\KEITH\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\KEITH\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dl l
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-RemoveIT Pro v7Ent - c:\program files\InCode Solutions\RemoveIT Pro v7 Enterprise\removeit.exe

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\T hreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-10-08 17:55:52
ComboFix-quarantined-files.txt 2010-10-08 20:55

Pre-Run: 54,135,705,600 bytes free
Post-Run: 54,104,866,816 bytes free

- - End Of File - - 6A3E4689D1919310D26D6562410E2DCB
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:06:23 PM, on 10/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msfeedssync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [bsf] "bsf.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1262390586982
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 7082 bytes

Thread: here is my log from high jack this

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions