[BTDCU422]

Hello,

After I rebooted my system I got an alert from Avira antivirus that it had detected the TR/Crypt.ZPACK.Gen trojan in C:\WINDOWS\system32\iehelper.dll. Here are all my log files:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 05/24/2009 at 09:35 AM

Application Version : 4.25.1012

Core Rules Database Version : 3924
Trace Rules Database Version: 1868

Scan type : Complete Scan
Total Scan Time : 01:51:45

Memory items scanned : 582
Memory threats detected : 0
Registry items scanned : 9644
Registry threats detected : 2
File items scanned : 130876
File threats detected : 1

Adware.SysGuard/FakeAlert
[system tool] C:\WINDOWS\SYSGUARD.EXE
C:\WINDOWS\SYSGUARD.EXE
HKU\S-1-5-21-380965281-282307238-647647418-1008\Software\Microsoft\Windows\CurrentVersion\Run #system tool [ C:\WINDOWS\sysguard.exe ]

Malwarebytes' Anti-Malware 1.37
Database version: 2232
Windows 5.1.2600 Service Pack 3

2009-05-24 14:07:20
mbam-log-2009-05-24 (14-07-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 373395
Time elapsed: 2 hour(s), 52 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\{5520bd9c-4798-4094-a1d9-3e8573d42b55} (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Components\473d1b29f95b96241830b6a6ade19368 (Rogue.RegistryBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Components\5a144bd76064d1645b6e74c0734ee406 (Rogue.RegistryBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Installer\UserData\S-1-5-18\Components\965dcc82bc551df439b28676f8ab79e0 (Rogue.RegistryBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(defa ult) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Compaq_Administrator\Application Data\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_administrator\application data\errorsmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_administrator\application data\errorsmart\Registry Backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\All Users\Start Menu\Programs\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\installer\{5520bd9c-4798-4094-a1d9-3e8573d42b55}\Icon.exe (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\program files\online services\PeoplePC\ISP5900\utilities\AtlBrowser.exe (Dialer) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_administrator\application data\errorsmart\Log\2008 Dec 19 - 09_21_28 PM_328.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_administrator\application data\errorsmart\Log\2008 Dec 20 - 03_30_02 AM_062.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_administrator\application data\errorsmart\registry backups\2008-12-17_04-58-14.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\errorsmart\ErrorSmart on the Web.lnk (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\errorsmart\ErrorSmart.lnk (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:23, on 2009-05-24
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\cygwin\bin\cygrunsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\cygwin\usr\sbin\sshd.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 security.microsoft.com
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57 Antivirus System PRO Powerfull PC Protection
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [DISCover] "C:\Program Files\DISC\DISCover.exe"
O4 - HKLM\..\Run: [DiscUpdateManager] "C:\Program Files\DISC\DiscUpdMgr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: goezo.bat
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
O23 - Service: Google Update Service (gupdate1c9037012f5dfb6) (gupdate1c9037012f5dfb6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: CYGWIN sshd (sshd) - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 13595 bytes

[evilfantasy]

Did you install this?

Quote:

O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe

----------

Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[BTDCU422]

Quote:

Originally Posted by evilfantasy

Did you install this?

Yes I did. I haven't been able to remove it from my computers so I've just left it there. Here are the log files:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Compaq_Administrator at 8:54:36.53 on 2009-05-24
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.252 [GMT -4:00]

AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Windows\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Registry Clean Pro\Scheduler.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\cygwin\bin\cygrunsrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\cygwin\usr\sbin\sshd.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\microsoft.net\framework\v1.1.4322\csc.e xe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO &pf=desktop
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESAR IO&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESAR IO&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\s wg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Weather Reporter]
uRun: [Google Update] "c:\documents and settings\compaq_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [DISCover] "c:\program files\disc\DISCover.exe"
mRun: [DiscUpdateManager] "c:\program files\disc\DiscUpdMgr.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BigDogPath] c:\windows\VM_STI.EXE Philips SPC 200NC PC Camera
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\ado beg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\mon itor.lnk - c:\program files\registry clean pro\Monitor.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\sch edu~1.lnk - c:\program files\registry clean pro\Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ado beg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\goezo.bat
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\prof iles\70rww2xu.default\
FF - component: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\70rww2xu.default\ext ensions\speedtest@gotomyhelp.com\components\NetDia g.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\compaq_administrator\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\bittorrent_dna\npbtdna.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.121.17\npGoogleOneClick.dl l
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dl l
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcd rdrv.sys [2008-3-8 13440]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-8-1 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-10 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-10 24096]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-8-1 52056]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2005-4-24 13225]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio. sys [2006-9-27 21920]
S3 emuumidi;E-MU USB-MIDI Driver;c:\windows\system32\drivers\emuumidi.sys [2005-4-26 36736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-9 112384]

=============== Created Last 30 ================

2009-05-24 07:30 1,071 a------- c:\windows\psmplay.ini
2009-05-24 07:29 <DIR> --d----- c:\program files\PSM5
2009-05-24 07:27 <DIR> --d----- c:\program files\Lame for Audacity
2009-05-24 07:13 544,768 a------- c:\windows\system32\vsflex8n.ocx
2009-05-24 07:13 <DIR> --d----- c:\program files\Yamaha
2009-05-24 07:11 <DIR> --d----- c:\program files\Sony
2009-05-24 07:11 665,424 a------- c:\windows\system32\wmv8dmoe.dll
2009-05-24 07:11 438,608 a------- c:\windows\system32\wmv8dmod.dll
2009-05-24 07:11 566,272 a------- c:\windows\system32\wmvdmoe.dll
2009-05-24 07:11 285,184 a------- c:\windows\system32\wmidx2.ocx
2009-05-24 07:11 1,683,792 a------- c:\windows\system32\wmvcore2.dll
2009-05-24 07:11 <DIR> --d----- c:\program files\Sony Setup
2009-05-23 18:54 <DIR> --d----- C:\ea37791b38fb920fcfac74
2009-05-21 03:49 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr

==================== Find3M ====================

2009-05-21 10:02 34 a------- c:\documents and settings\compaq_administrator\jagex_runescape_pref erences.dat
2009-05-06 10:01 168,208 a------- c:\windows\system32\guard32.dll
2009-05-06 10:01 24,096 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-05-06 10:01 132,640 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-23 10:52 848 ac------ c:\docume~1\compaq~1\applic~1\wklnhst.dat
2009-04-11 04:23 131,072 a------- c:\windows\system32\SpoonUninstall.exe
2009-04-11 04:23 36,104 a------- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-03-31 01:17 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-03-21 10:06 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-14 19:14 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2008-11-07 11:41 358 ac------ c:\program files\INSTALL.LOG
2008-02-06 14:32 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-12-06 17:13 105 a------- c:\documents and settings\compaq_administrator\Test.exe
2007-12-05 17:40 357 a------- c:\documents and settings\compaq_administrator\.cb_layout.bin
2007-02-15 15:07 2,224 ac------ c:\program files\unins000.dat
2003-06-16 16:23 131,072 a------- c:\program files\T2DXi.dll
2003-06-16 16:17 4,317,184 ac------ c:\program files\Triangle II.dll
2003-06-03 13:33 90,112 ac------ c:\program files\Triangle II.exe
2002-12-17 04:00 82,253 ac------ c:\program files\unins000.exe
1998-06-16 06:07 556,544 a------- c:\documents and settings\compaq_administrator\SETUP.EXE
1998-05-18 20:13 49,152 a------- c:\documents and settings\compaq_administrator\SMSINST.EXE
1998-04-24 21:55 130 ac------ c:\documents and settings\compaq_administrator\KEY.DAT
1998-04-24 20:19 74,352 a------- c:\documents and settings\compaq_administrator\ACMBOOT.EXE
2006-11-12 02:51 56 a--shr-- c:\windows\system32\7C4C6436BB.sys
2006-11-12 02:54 1,682 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-04 03:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080 805\index.dat
2008-08-04 03:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 8:59:13.95 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2006-08-27 16:50:32
System Uptime: 2009-05-24 08:49:31 (0 hours ago)

Motherboard: ASUSTek Computer INC. | | NAGAMI2
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket 939 | 986/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 195 GiB total, 44.109 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.528 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 29 GiB total, 14.19 GiB free.
I: is Removable
J: is CDROM (CDFS)
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\A87D2011D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\A87D2011D800
Service: NIC1394

==== System Restore Points ===================

RP873: 2009-04-20 11:24:09 - System Checkpoint
RP874: 2009-04-20 10:11:47 - System Checkpoint
RP875: 2009-04-20 07:25:17 - System Checkpoint
RP876: 2009-04-21 10:33:01 - System Checkpoint
RP877: 2009-04-22 21:34:46 - System Checkpoint
RP878: 2009-04-23 03:00:32 - Software Distribution Service 3.0
RP879: 2009-04-24 05:43:35 - System Checkpoint
RP880: 2009-04-25 07:23:04 - System Checkpoint
RP881: 2009-04-26 08:40:20 - System Checkpoint
RP882: 2009-04-26 05:50:22 - System Checkpoint
RP883: 2009-04-27 06:50:38 - System Checkpoint
RP884: 2009-04-28 07:38:05 - System Checkpoint
RP885: 2009-04-29 13:10:32 - System Checkpoint
RP886: 2009-04-30 13:44:36 - System Checkpoint
RP887: 2009-05-01 14:09:55 - System Checkpoint
RP888: 2009-05-02 14:31:42 - System Checkpoint
RP889: 2009-05-03 17:37:44 - System Checkpoint
RP890: 2009-05-04 03:00:29 - Software Distribution Service 3.0
RP891: 2009-05-05 03:00:18 - Software Distribution Service 3.0
RP892: 2009-05-06 03:00:23 - Software Distribution Service 3.0
RP893: 2009-05-06 02:29:11 - System Checkpoint
RP894: 2009-05-07 02:36:42 - System Checkpoint
RP895: 2009-05-07 03:00:18 - Software Distribution Service 3.0
RP896: 2009-05-08 03:00:18 - Software Distribution Service 3.0
RP897: 2009-05-09 03:00:23 - Software Distribution Service 3.0
RP898: 2009-05-20 09:33:14 - Software Distribution Service 3.0
RP899: 2009-05-21 03:00:19 - Software Distribution Service 3.0
RP900: 2009-05-21 02:08:54 - System Checkpoint
RP901: 2009-05-22 02:25:26 - System Checkpoint
RP902: 2009-05-22 03:00:18 - Software Distribution Service 3.0
RP903: 2009-05-23 03:00:18 - Software Distribution Service 3.0
RP904: 2009-05-23 18:54:38 - Software Distribution Service 3.0
RP905: 2009-05-23 10:32:36 - System Checkpoint
RP906: 2009-05-23 02:56:51 - System Checkpoint
RP907: 2009-05-24 03:37:19 - System Checkpoint
RP908: 2009-05-24 03:02:51 - System Checkpoint
RP909: 2009-05-24 07:11:44 - Installed Sony Sound Forge 7.0
RP910: 2009-05-24 07:13:52 - Installed Yamaha ATS-MA7-SMAF
RP911: 2009-05-24 02:08:34 - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
2570
2570_Help
2570Trb
4Front Rhode 1.0 VSTi
Ace Utilities
Ad-Aware
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop 6.0 Tryout
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced IP Scanner v1.5
Agere Systems PCI-SV92PP Soft Modem
AIM 6
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
Ares 2.0.9
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Autodesk DirectConnect 2.0
Autodesk Inventor 10
AutoUpdate
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Battlefield 1942
BitTorrent
BitTorrent DNA
BufferChm
Cain & Abel v4.9.22
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCleaner (remove only)
CDex extraction audio
CelsiusConverter
CertBlaster
Certification Preparation
Collab
COMODO Internet Security
Compatibility Pack for the 2007 Office system
ConsoleApplication1
Counter-Strike: Source
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
dBpowerAMP Music Converter
DebugMode Wax 2.0
Destinations
Dev-C++ 5 beta 9 release (4.9.9.2)
DeviceFunctionQFolder
DISCover
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocumentViewer
DocumentViewerQFolder
DVD Flick
E-MU Xboard
Elf Bowling The Last Insult
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fax_CDA
FileZilla Server (remove only)
FinalBurner Free v1.30.0.127
FL Studio 6
FL Studio 7
FL Studio 8
FLV Player 1.3.3
FLV Player 2.0, build 24
Fraps (remove only)
GemMaster Mystic
Google Chrome
Google Earth
Google Gears
Google Talk Plugin
Google Update Helper
Google Updater
GTA San Andreas
Guild Wars
Guitar Pro 5.0
Half-Life 2: Deathmatch
Half-Life 2: Demo
Half-Life Dedicated Server Update Tool
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Document Viewer 5.3
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 5.3.A
HP Solution Center & Imaging Support Tools 5.3
HP Support Overview
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
HyperCam 2
IL Download Manager
ImgBurn
InstantShareDevices
InterActual Player
InterVideo DeviceService
IrfanView (remove only)
J2SE Development Kit 5.0 Update 4
Jahshaka
Java 2 SDK, SE v1.4.2_13
Java 2 SDK, SE v1.4.2_14
Java DB 10.2.2.0
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 1
Java(TM) SE Development Kit 6 Update 3
JCreator Pro 4.50
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
LightScribe 1.4.84.1
LinPlug Organ 3 Demo
LinPlug SaxLab
Look@LAN 2.50 Build 35
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks MX
Macromedia Flash MX 2004
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.5.79
Malwarebytes' Anti-Malware
Maya 8.0 Documentation (en_US)
MeGUI modern media encoder (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Desktop Engine (INVENTORCONTENT)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2007
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual C Runtime
Microsoft Visual C# 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Works
Microsoft WSE 2.0 Runtime
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (2.0.0.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NetBeans IDE 5.5.1
NetworkActiv PIAFCTM 1.5
NewCopy_CDA
Nmap 4.85BETA8
NoCUT
Norton Spyware Scan
Norton Spyware Scan provided by Yahoo!
NoteTab Light (Remove only)
NoteTab Light 5 (Remove only)
NVIDIA Drivers
OP-X Demo
OP-X FREE
OpenLibraries
Opera 9.52
OptionalContentQFolder
Otto
Oxe FM Synth 1.1.2
PanoStandAlone
PC-Doctor 5 for Windows
PDF Settings
PhotoGallery
Picasa 3
Pivot Stickfigure Animator
PoiZone
Power Tab Editor 1.7
PowerISO
PowerTCP 4.1 for Visual C++
ProductContextNPI
Protected Music Converter 1.0.0.3
Python 2.4
Python 2.5.1
Quicken 2006
QuickTime
RandMap
Razer
Readme
RealPlayer
Realtek High Definition Audio Driver
Recuva (remove only)
Registry Clean Pro
rgc:audio Triangle II
rgcAudio z3ta Plus v1.40
RightClick
RPG Maker XP
RPG Maker XP - Postality Knights Edition ENHANCED
Scan
ScannerCopy
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Visio 2007 (KB957831)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sentinel System Driver
SharpDevelop 2.2
Sierra Utilities
SimulationExams
SkillSoft Course Manager
Skins
SkinsHP1
Skype™ 4.0
SlideShow
SlideShowMusic
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sony Sound Forge 7.0
Sony Vegas Pro 8.0
Source Dedicated Server
Source SDK
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
Steam
Sun xVM VirtualBox
SUPERAntiSpyware Free Edition
Swift 3D v4.50
Swift 3D v5.00
Switch Sound File Converter
System Requirements Lab
TBS WMP Plug-in
Test
TestOut Navigator (Stand-Alone Version)
ThreatFire
Toxic Biohazard
TrackMania Nations ESWC 0.1.7.5
TrayApp
Tribes 2
Trillian
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
uCeritify CN10-003 - Network + (2007)
Ulead VideoStudio 11
Uniblue RegistryBooster 2
Uniblue RegistryBooster 2009
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC 9.0 Runtime
Video Edit Magic 4.2
VideoStudio
Viewpoint Media Player
Virtual Earth 3D (Beta)
Vivia
VLC media player 0.9.8a
VNC Enterprise Edition E4.4.2
VNC Mirror Driver 1.8.0
Voxengo Voxformer VST 1.7
VST Bridge 1.1
Weatheradio Software
WebFldrs XP
WebReg
WexTech AnswerWorks
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Movie Maker 2.0
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WindowsApplication1
WinPcap 4.0.2
WinRAR archiver
WinSCP 4.1.8
Wireshark 1.0.4
Wolfenstein - Enemy Territory
Xilisoft HD Video Converter
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Messenger
Yamaha ATS-MA7-SMAF
Zerius Vocoder (remove only)
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

2009-05-24 14:11:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
2009-05-24 08:55:49, error: System Error [1003] - Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3 00000000, parameter4 00000000.
2009-05-24 07:27:31, error: W32Time [34] - The time service has detected that the system time needs to be changed by +993621 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.101:123->207.46.232.182:123) is working properly.
2009-05-24 07:20:12, error: ntcdrdrv [43] -
2009-05-24 02:26:22, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
2009-05-23 22:03:08, error: W32Time [34] - The time service has detected that the system time needs to be changed by +820833 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.101:123->207.46.197.32:123) is working properly.
2009-05-23 14:09:00, error: VPCNetS2 [11] - The attempt to unregister the MAC address 00-03-FF-41-36-14 failed.
2009-05-23 14:03:55, error: W32Time [34] - The time service has detected that the system time needs to be changed by +561616 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.101:123->207.46.232.182:123) is working properly.
2009-05-23 13:57:19, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2009-05-23 13:56:59, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001731463614 has been denied by the DHCP server 10.0.1.1 (The DHCP Server sent a DHCPNACK message).
2009-05-22 20:34:00, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the file specified.
2009-05-22 20:34:00, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
2009-05-21 22:09:02, error: W32Time [34] - The time service has detected that the system time needs to be changed by +129640 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.101:123->207.46.197.32:123) is working properly.
2009-05-21 01:52:37, error: DCOM [10000] - Unable to start a DCOM Server: {601AC3DC-786A-4EB0-BF40-EE3521E70BFB}. The error: "%5" Happened while starting this command: rundll32.exe shell32.dll,SHCreateLocalServerRunDll {601ac3dc-786a-4eb0-bf40-ee3521e70bfb} -Embedding

==== End Of File ===========================

[evilfantasy]

Go to Add or Remove Programsn and uninstall (if found)

- AutoUpdate
- Viewpoint Media Player

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O4 - Startup: Monitor.lnk = C:\Program Files\Registry Clean Pro\Monitor.exe
- O4 - Startup: Scheduler.lnk = C:\Program Files\Registry Clean Pro\Scheduler.exe

Now click Fix checked.

Exit HijackThis.

----------

Download Revo Uninstaller

• Go in to Revo, right click Registry Clean Pro and choose Uninstall.
• Next choose Advanced Mode
• This will launch the programs built in uninstaller and go through the normal uninstall process.
• Note: Even if the uninstaller fails still continue on with Revo.
• Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
  • This scan can take several seconds.
• Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
• Choose Select All then click Delete
• Click Next and Revo will scan for any files or folders that were not removed.
• If any files/folders are found choose Select all > Delete

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

DDS::
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
mRun: [Alcmtr] ALCMTR.EXE
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Folder::
C:\Program Files\Registry Clean Pro

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Click Additional Tasks
• Place a check next to Remove Useless JRE Files and click Go
• Exit JavaRa
• Delete the JavaRa files from the Desktop

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

[BTDCU422]

ComboFix 09-06-04.A1 - Compaq_Administrator 2009-05-24 12:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.339 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Administrator\AUTORUN.INF
c:\documents and settings\Compaq_Administrator\EULA.TXT
c:\program files\INSTALL.LOG
c:\program files\messenger\msmsgs.exe
C:\setup.exe
c:\windows\Install.txt
c:\windows\system32\drivers\Msft_Kernel_zumbus_010 05.Wdf
c:\windows\system32\drivers\Msft_Kernel_zumbus_010 07.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf
c:\windows\system32\Install.txt
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_WSERVING


((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 16:44 . 2009-05-24 16:44 -------- d-----w- c:\program files\VS Revo Group
2009-05-24 11:29 . 2009-05-24 11:29 -------- d-----w- c:\program files\PSM5
2009-05-24 11:27 . 2009-05-24 11:27 -------- d-----w- c:\program files\Lame for Audacity
2009-05-24 11:17 . 2009-05-24 11:17 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Sony
2009-05-24 11:13 . 2009-05-24 11:13 -------- d-----w- c:\program files\Yamaha
2009-05-24 11:11 . 2009-05-24 11:11 -------- d-----w- c:\program files\Sony
2009-05-24 11:11 . 2001-10-19 19:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2009-05-24 11:11 . 2001-10-19 19:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2009-05-24 11:11 . 2002-10-09 17:21 566272 ----a-w- c:\windows\system32\wmvdmoe.dll
2009-05-24 11:11 . 2001-10-19 19:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2009-05-24 11:11 . 2009-05-24 11:11 -------- d-----w- c:\program files\Sony Setup
2009-05-23 22:54 . 2009-05-23 22:54 -------- d-----w- C:\ea37791b38fb920fcfac74
2009-05-21 07:49 . 2009-05-21 07:49 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-26 17:20 . 2008-07-31 04:06 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2008-07-31 04:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-24 17:16 . 2009-03-31 05:48 117760 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-05-24 17:13 . 2007-03-22 23:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-24 16:49 . 2008-08-21 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-24 16:14 . 2008-09-13 13:39 -------- d-----w- c:\program files\Cain
2009-05-24 13:50 . 2008-07-31 04:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-24 13:47 . 2008-10-09 14:02 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-24 12:51 . 2008-08-03 06:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-24 11:36 . 2008-07-31 17:43 -------- d-----w- c:\program files\CCleaner
2009-05-24 11:13 . 2006-05-05 03:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-24 10:52 . 2008-09-21 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-23 13:29 . 2008-10-29 09:32 165232 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2009-05-22 20:35 . 2008-08-01 20:24 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-22 09:39 . 2006-05-05 03:31 -------- d-----w- c:\program files\Google
2009-05-21 14:02 . 2008-07-07 20:04 34 ----a-w- c:\documents and settings\Compaq_Administrator\jagex_runescape_pref erences.dat
2009-05-21 09:31 . 2008-08-04 07:56 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-06 14:21 . 2009-01-15 08:26 -------- d-----w- c:\program files\Sandboxie
2009-05-06 14:01 . 2009-04-10 12:39 168208 ----a-w- c:\windows\system32\guard32.dll
2009-05-06 14:01 . 2009-04-10 12:39 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-05-06 14:01 . 2009-04-10 12:39 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-05-06 14:01 . 2009-04-10 12:39 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-05-02 15:33 . 2006-08-29 17:12 -------- d-----w- c:\program files\Steam
2009-04-23 14:52 . 2006-11-07 13:50 848 -c--a-w- c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2009-04-23 07:01 . 2007-01-10 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-20 10:47 . 2009-04-20 10:46 -------- d-----w- c:\program files\Nmap
2009-04-17 08:54 . 2009-04-17 08:54 -------- d-----w- c:\program files\FileZilla Server
2009-04-15 11:30 . 2009-04-15 11:30 -------- d-----w- c:\program files\WinSCP
2009-04-14 12:55 . 2009-04-14 12:53 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Ringtone
2009-04-14 12:40 . 2008-08-04 16:03 -------- d-----w- c:\program files\Audacity
2009-04-13 11:43 . 2009-03-26 19:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Skype
2009-04-13 11:41 . 2008-02-06 18:32 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\skypePM
2009-04-12 15:25 . 2009-04-12 15:25 -------- d-----w- c:\program files\RealVNC
2009-04-12 09:04 . 2008-08-26 13:20 -------- d-----w- c:\program files\Vstplugins
2009-04-12 09:04 . 2006-09-03 04:11 -------- d-----w- c:\program files\Image-Line
2009-04-12 09:03 . 2009-04-12 09:03 -------- d-----w- c:\program files\Outsim
2009-04-11 08:23 . 2009-04-11 08:23 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-04-11 08:23 . 2009-04-11 08:23 131072 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-04-11 08:22 . 2009-04-11 08:22 -------- d-----w- c:\program files\Illustrate
2009-04-11 07:45 . 2009-04-11 07:44 -------- d-----w- c:\program files\CDex_170b2
2009-04-10 14:08 . 2009-04-10 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-04-10 12:39 . 2009-04-10 12:39 -------- d-----w- c:\program files\COMODO
2009-04-10 01:04 . 2006-05-05 02:45 -------- d-----w- c:\program files\Java
2009-04-10 01:01 . 2009-04-10 01:01 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-31 05:43 . 2008-10-04 23:21 6805991 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-03-31 05:17 . 2008-08-03 16:05 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-03-27 01:53 . 2007-09-29 13:11 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\BitTorrent
2009-03-26 19:05 . 2009-03-26 19:05 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-03-26 19:01 . 2009-03-26 19:01 -------- d-----r- c:\program files\Skype
2009-03-26 19:01 . 2007-06-27 22:34 -------- d-----w- c:\program files\Common Files\Skype
2009-03-26 19:01 . 2007-06-27 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-03-24 22:33 . 2009-03-24 22:33 237264 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-03-14 23:14 . 2009-03-14 23:14 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-03-11 00:15 . 2009-03-11 00:15 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 09:19 . 2008-11-18 10:12 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-09 03:01 . 2006-05-05 03:07 140760 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-08-09 21:00 284160 ----a-w- c:\windows\system32\pdh.dll
2009-03-03 18:19 . 2008-08-01 19:43 39184 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-03-03 18:19 . 2008-08-01 19:43 33040 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-03-03 18:19 . 2008-08-01 19:43 12560 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-03-03 18:19 . 2008-08-01 19:43 51472 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-03-03 00:18 . 2004-08-09 21:00 826368 ----a-w- c:\windows\system32\wininet.dll
2007-02-15 19:07 . 2007-02-15 19:07 2224 -c--a-w- c:\program files\unins000.dat
2003-06-16 20:23 . 2003-06-16 20:23 131072 ----a-w- c:\program files\T2DXi.dll
2003-06-16 20:17 . 2003-06-16 20:17 4317184 -c--a-w- c:\program files\Triangle II.dll
2003-06-03 17:33 . 2003-06-03 17:33 90112 -c--a-w- c:\program files\Triangle II.exe
2002-12-17 08:00 . 2002-12-17 08:00 82253 -c--a-w- c:\program files\unins000.exe
2006-11-12 06:51 . 2006-09-22 03:50 56 --sha-r- c:\windows\system32\7C4C6436BB.sys
2006-11-12 06:54 . 2006-09-22 03:33 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-24 1830128]
"Google Update"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-08 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-05 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-05-06 1794320]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-03-03 263440]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-24 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-10-25 16855552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-31 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-31 113664]
goezo.bat [2009-4-10 134]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-26 17:40 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Compaq_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Compaq_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabled:@xpsp2res.dll,-22009

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcd rdrv.sys [2008-03-08 13440]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMo n.sys [2008-08-01 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSy sMon.sys [2008-08-01 39184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-04-10 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-04-10 24096]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-11-29 100560]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService .exe [2008-10-28 156968]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;c:\pro gram files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT [?]
R2 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe [2009-04-12 68096]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2005-04-24 13225]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio. sys [2006-09-27 21920]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNe tMon.sys [2008-08-01 33040]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-02-28 87568]
S2 gupdate1c9037012f5dfb6;Google Update Service (gupdate1c9037012f5dfb6);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-21 133104]
S3 emuumidi;E-MU USB-MIDI Driver;c:\windows\system32\drivers\emuumidi.sys [2005-04-26 36736]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-03-09 112384]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT; c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT --> c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT [?]
S4 NoCUT;NoCUT;c:\windows\system32\NoCUT.exe [2006-03-28 18432]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-21 03:29]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-21 13:58]

2009-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-380965281-282307238-647647418-1008.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-08 00:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKCU-Run-Weather Reporter - (no file)
HKLM-Run-PCDrProfiler - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESAR IO&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\70rww2xu.default\
FF - prefs.js: browser.startup.homepage - Google
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\70rww2xu.default\ext ensions\speedtest@gotomyhelp.com\components\NetDia g.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\BitTorrent_DNA\npbtdna.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dl l
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-24 13:14
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-380965281-282307238-647647418-1008\Software\Microsoft\Windows\CurrentVersion\Exp lorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll

- - - - - - - > 'lsass.exe'(1320)
c:\windows\system32\guard32.dll
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(6016)
c:\program files\ThreatFire\TFWAH.dll
c:\windows\system32\guard32.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\ThreatFire\TFNI.dll
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FileZilla Server\FileZilla server.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\ThreatFire\TFService.exe
c:\cygwin\usr\sbin\sshd.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DISC\DiscStreamHub.exe
.
************************************************** ************************
.
Completion time: 2009-05-24 13:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 17:32

Pre-Run: 47,111,208,960 bytes free
Post-Run: 47,024,488,448 bytes free

357 --- E O F --- 2009-05-23 07:06

[evilfantasy]

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
 
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
  
• Then hit Enter.

• The above procedure will:
  
• Delete the following:
  
• ComboFix and its associated files and folders.
  
• Reset the clock settings.
  
• Hide file extensions, if required.
  
• Hide System/Hidden files, if required.
  
• Set a new, clean Restore Point.

----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
• Click Accept.
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
• The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
• In the File name area use KScan, or something similar.
• In Save as type: click the drop arrow and select: Text file [*.txt]
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.

[BTDCU422]

The registry file merged without a problem.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, June 05, 2009 20:22:54
Records in database: 2314232
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
I:\
J:\
K:\
L:\
M:\

Scan statistics:
Files scanned: 333306
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 06:31:40


File name / Threat name / Threats count
C:\Program Files\NetworkActiv PIAFCTM 1.5\NetworkActivPIAFCTMv1.5.exe Infected: not-a-virus:NetTool.Win32.Piafctm.152 1
D:\I386\APPS\APP18921\src\CompaqPresario_Spring06. exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
D:\I386\APPS\APP18921\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1

The selected area was scanned.

[evilfantasy]

Did you install NetworkActiv PIAFCTM 1.5?

NetworkActiv Software - Network Security and Administration

[BTDCU422]

Quote:

Originally Posted by evilfantasy

Did you install NetworkActiv PIAFCTM 1.5?

NetworkActiv Software - Network Security and Administration

I can't recall doing so. Thanks for the help but I decided to just nuke XP and am now happily running Linux Mint .