Hello Geeks to go ,

Ive been having alot of problems on my old machine .

Its been running since 2002 Its got Microsoft Windows XP Home SP 3...

But ive had alot of issues with it well for first i found a topic here
about one of the issues ive had which was CoolWebsSearch . Which has been
fully removed by one of the guides i found . But i still have issues


ive had Antivirus 2009 which i used a guide and removed


..

Heres my HIJACKTHIS log:



Also if this is helpful
The log i got from Malware-Bytes

MALWARE-BYTES LOG:


Theres all the logs i got ..

Anyway ive also used AVG anti-virus free editon

and i did about 3 scans after running avg 10 times .

with HouseCall

And i get a bunch of random fatal error messages .

don't put the logs in code

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

COMBOFIX LOG:

ComboFix 09-07-05.01 - RANDYANDAMY 07/05/2009 16:47.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.456 [GMT -4:00]
Running from: c:\documents and settings\RANDYANDAMY\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CTL3D.DLL
c:\documents and settings\All Users\Application Data\nsv
c:\documents and settings\All Users\Application Data\nsv\cache\294.dfn
c:\documents and settings\All Users\Application Data\nsv\cache\400.dfn
c:\documents and settings\All Users\Application Data\nsv\cache\404.dfn
c:\documents and settings\All Users\Application Data\nsv\keys.dat
c:\documents and settings\All Users\Application Data\nsv\wmv0104.dbd
c:\documents and settings\All Users\Application Data\nsv\wmv0106.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv0204.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv0315.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv0412.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv0504.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv0904.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv1125.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv1204.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv1215.dbd
c:\documents and settings\All Users\Application Data\nsv\wmv1909.ddx
c:\documents and settings\All Users\Application Data\nsv\wmv1920.dbd
c:\documents and settings\All Users\Application Data\nsv\wmv2007.dbd
c:\documents and settings\RANDYANDAMY\Favorites\Download programs.url
c:\documents and settings\RANDYANDAMY\Favorites\Games.url
c:\documents and settings\RANDYANDAMY\Favorites\Translator.url
c:\documents and settings\RANDYANDAMY\Favorites\Videos.url
c:\documents and settings\RANDYANDAMY\Start Menu\Programs\Download programs.url
c:\documents and settings\RANDYANDAMY\Start Menu\Programs\Games.url
c:\documents and settings\RANDYANDAMY\Start Menu\Programs\Translator.url
c:\documents and settings\RANDYANDAMY\Start Menu\Programs\Videos.url
C:\MSrev23.dll
C:\MSrev43.dll
c:\program files\Mozilla Firefox\extensions\{B619E1D9-760A-4173-B3AC-479A0B42AA0F}
c:\program files\Mozilla Firefox\extensions\{B619E1D9-760A-4173-B3AC-479A0B42AA0F}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{B619E1D9-760A-4173-B3AC-479A0B42AA0F}\chrome\content\_cfg.js
c:\program files\Mozilla Firefox\extensions\{B619E1D9-760A-4173-B3AC-479A0B42AA0F}\chrome\content\c.js
c:\program files\Mozilla Firefox\extensions\{B619E1D9-760A-4173-B3AC-479A0B42AA0F}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{B619E1D9-760A-4173-B3AC-479A0B42AA0F}\install.rdf
c:\windows\Installer\11b56b6.msp
c:\windows\Installer\11b56bb.msp
c:\windows\Installer\14e248.msi
c:\windows\Installer\22395.msi
c:\windows\Installer\2b918.msi
c:\windows\Installer\2b919.msp
c:\windows\Installer\2b91a.msp
c:\windows\Installer\2b91b.msp
c:\windows\Installer\2b91c.msp
c:\windows\Installer\2b91d.msp
c:\windows\Installer\2b91e.msp
c:\windows\Installer\2b91f.msp
c:\windows\Installer\2b920.msp
c:\windows\Installer\2b921.msp
c:\windows\JAVA\TRUSTLIB\xafelo.bak1
c:\windows\JAVA\TRUSTLIB\xafelo.bak2
c:\windows\JAVA\TRUSTLIB\xafelo.ini
c:\windows\patch.exe
c:\windows\start.exe
c:\windows\system32\11796993342348786433196615334234833423483342348.exe
c:\windows\system32\15729153342348786433196615334234833423483342348.exe
c:\windows\system32\instsrv.exe
c:\windows\Web\default.htt
C:\xcrashdump.dat
F:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fci
-------\Legacy_ZESOFT


((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-05 20:58 . 2009-07-05 20:58 -------- d-----w- c:\windows\LastGood
2009-07-05 09:15 . 2009-07-05 09:15 -------- d-----w- C:\VundoFix Backups
2009-07-05 07:57 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 07:57 . 2009-07-05 07:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 07:57 . 2009-07-05 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-05 07:57 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-02 17:42 . 2009-07-02 17:42 -------- d-----w- c:\program files\CleanUp!
2009-07-02 16:20 . 2009-07-02 16:20 194 ---ha-w- C:\aaw7boot.cmd
2009-07-02 16:19 . 2009-07-02 16:19 -------- d-----w- c:\program files\RegCleaner
2009-07-02 16:13 . 2009-05-21 15:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-02 15:30 . 2009-07-02 15:29 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-02 15:24 . 2009-07-02 15:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-02 15:24 . 2009-03-12 08:17 2902048 ----a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-02 15:24 . 2009-07-02 15:24 -------- d-----w- c:\program files\Lavasoft
2009-07-02 15:24 . 2009-07-02 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-02 14:29 . 2004-08-04 12:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2009-07-02 14:28 . 2004-08-04 12:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-07-02 14:27 . 2004-08-04 12:00 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-07-02 14:26 . 2004-08-04 12:00 480256 ----a-w- c:\windows\system32\dllcache\cintsetp.exe
2009-07-02 14:25 . 2003-03-24 20:52 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
2009-07-02 14:12 . 2004-08-04 02:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-07-02 14:09 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-02 14:09 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-02 14:09 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-02 14:09 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-02 02:37 . 2007-08-14 18:04 9216 ----a-w- c:\windows\system32\ffnd.exe
2009-07-02 02:14 . 2009-07-02 02:14 -------- d-----w- c:\documents and settings\RANDYANDAMY\Local Settings\Application Data\FreeFixer
2009-07-02 02:14 . 2009-07-02 02:14 -------- d-----w- c:\program files\FreeFixer
2009-07-01 22:31 . 2009-07-01 22:31 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-01 12:53 . 2009-07-01 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\12965564
2009-07-01 09:56 . 2009-07-01 09:56 41984 --sh--w- c:\documents and settings\RANDYANDAMY\Application Data\Microsoft\Windows\ms65.exe
2009-07-01 02:08 . 2004-08-04 12:00 16384 ----a-w- c:\windows\system32\dllcache\isignup.exe
2009-06-30 22:58 . 2009-06-30 22:58 -------- d-----w- c:\program files\Intuit
2009-06-30 13:23 . 2009-06-30 13:23 -------- d-----w- c:\program files\Bazooka Scanner
2009-06-30 12:03 . 2009-06-30 12:03 -------- d-----w- c:\program files\Trend Micro
2009-06-27 08:07 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-26 18:00 . 2009-06-26 18:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-26 14:59 . 2009-06-26 14:59 -------- d-----w- c:\windows\system32\scripting
2009-06-26 14:58 . 2009-06-26 14:59 -------- d-----w- c:\windows\system32\en
2009-06-26 14:58 . 2009-06-26 14:59 -------- d-----w- c:\windows\l2schemas
2009-06-26 14:58 . 2009-06-26 14:58 -------- d-----w- c:\windows\system32\bits
2009-06-26 14:56 . 2009-06-26 14:56 -------- d-----w- c:\windows\ServicePackFiles
2009-06-26 14:51 . 2009-06-26 14:51 -------- d-----w- c:\windows\EHome
2009-06-26 13:58 . 2009-06-26 13:59 -------- d-----w- c:\program files\Windows Resource Kits
2009-06-26 02:35 . 2009-06-26 02:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-25 17:14 . 2007-08-02 02:47 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-25 02:54 . 2009-06-25 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-06-25 02:49 . 2009-06-25 02:49 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-19 02:09 . 2009-06-19 02:09 -------- d-----w- c:\program files\Doras Carnival 2 - At the Boardwalk
2009-06-19 02:08 . 2009-06-19 02:09 -------- d-----w- c:\program files\bfgclient
2009-06-19 02:08 . 2009-06-19 02:08 2383904 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2009-06-19 02:08 . 2009-06-19 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 14:19 . 2004-12-27 16:28 23376 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-30 13:17 . 2004-12-27 16:51 50840 ----a-w- c:\documents and settings\RANDYANDAMY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 15:01 . 2004-12-27 16:30 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-24 14:12 . 2009-05-24 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-24 14:12 . 2009-05-24 14:12 -------- d-----w- c:\program files\NOS
2009-05-24 13:46 . 2009-05-24 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-05-19 22:10 . 2009-05-19 22:10 143864 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2atth_s1_l1_gF1559T1L1_d557309401[1].exe
2009-05-19 22:10 . 2009-05-19 22:10 2319528 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
2009-04-20 15:01 . 2009-04-18 13:55 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-02-12 01:33 . 2009-02-12 01:33 501 ----a-w- c:\program files\Shortcut (2) to Mystery P.I. - The Vegas Heist.lnk
2009-02-12 01:33 . 2009-02-12 01:33 501 ----a-w- c:\program files\Shortcut to Mystery P.I. - The Vegas Heist.lnk
2006-02-03 12:21 . 2006-02-03 12:20 948936 ----a-w- c:\program files\install_flash_player.exe
2004-12-27 16:36 . 2004-12-27 16:36 707 ----a-w- c:\program files\MS-DOS Prompt.LNK
2004-04-11 19:49 . 2004-04-11 19:49 3616400 ----a-w- c:\program files\Install_AIM.exe
2003-08-12 09:02 . 1980-01-01 04:00 384 ----a-w- c:\program files\Internet Explorer.lnk
2003-08-12 09:02 . 1980-01-01 04:00 369 ----a-w- c:\program files\Outlook Express.lnk
2003-08-12 09:02 . 1980-01-01 04:00 295 ----a-w- c:\program files\Windows Explorer.lnk
2002-11-15 01:51 . 2002-11-15 01:51 536018 ----a-w- c:\program files\vp3.rar
2002-10-12 06:27 . 1980-01-01 04:00 11079 ---h--w- c:\program files\folder.htt
2002-10-09 05:48 . 2002-10-09 05:48 0 --sh--r- c:\windows\asbmeidAv.sys
2002-10-09 05:48 . 2002-10-09 05:48 200 --sh--r- c:\windows\SYSTEM\vAdiembsa.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\program files\steam\steam.exe" [2009-06-11 1217784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 148480]
"PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304]
"CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LexStart"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-01 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2003-7-13 208896]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
ImageMixer 3 SE Camera Monitor for SD.lnk - g:\program files\CameraMonitor.exe [2008-6-23 253952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWc:\program files\ISTsvc

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SAIMON"=c:\windows\SYSTEM32\SaiMon.exe
"DisableEHCI"=c:\windows\NoUSB20.EXE
"EM_EXEC"=c:\progra~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
"SystemTray"=SysTray.Exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\SYSTEM32\nvcpl.dll,NvStartup
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" /server /nosystray
"PestPatrol Control Center"=c:\progra~1\PESTPA~1\PPControl.exe
"PPMemCheck"=c:\progra~1\PESTPA~1\PPMemCheck.exe
"MMTray"=MMTray.exe
"Cmaudio"=RunDll32 cmicnfg.dll,CMICtrlWnd
"nwiz"=nwiz.exe /install
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"Win Server Updt"=c:\windows\wupdt.exe
"*CATDRV"=c:\windows\HELP\CATDRV.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"*OLEFAX"=c:\windows\JAVA\TRUSTLIB\OLEFAX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"ScriptBlocking"=
"SchedulingAgent"=mstask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"g:\\Program Files\\Steam\\SteamApps\\waycoolsurfer\\half-life 2 deathmatch\\hl2.exe"=
"g:\\Program Files\\Steam\\SteamApps\\waycoolsurfer\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Quake III Arena\\quake3.exe"=
"f:\\World of Warcraft\\Launcher.exe"=
"f:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"f:\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"g:\\Program Files\\trendnet\\WinDomainLogon.exe"=
"c:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe"=
"c:\\Program Files\\Canon\\CAL\\CALMAIN.exe"=
"c:\\Program Files\\Webshots\\Webshots.scr"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.185\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.186\\FP_AX_CAB_INSTALLER.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"g:\\program files\\steam\\steam.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.187\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\System32\\taskmgr.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.188\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.189\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.190\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.191\\FP_AX_CAB_INSTALLER.exe"=
"g:\\Program Files\\Rockstar Games\\GTA San Andreas\\samp.exe"=
"g:\\Program Files\\Rockstar Games\\GTA San Andreas\\gta_sa.exe"=
"c:\\WINDOWS\\System32\\WgaTray.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
"c:\\Program Files\\PestPatrol\\PPMemCheck.exe"=
"c:\\Program Files\\PestPatrol\\PPControl.exe"=
"c:\\Program Files\\PestPatrol\\CookiePatrol.exe"=
"c:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Belkin\\Nostromo\\nost_LM.exe"=
"g:\\Program Files\\CameraMonitor.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\jucheck.exe"=
"c:\\WINDOWS\\system32\\MsiExec.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.204\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.205\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.206\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.207\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.208\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.209\\FP_AX_CAB_INSTALLER.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.210\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.211\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\regedit.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [7/2/2009 11:30 AM 64160]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\SYSTEM32\DRIVERS\tffsport.sys [8/4/2004 12:00 PM 149376]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\SYSTEM32\DRIVERS\rt2870.sys [7/28/2007 2:50 PM 517632]
S1 8589ff;8589ff;c:\windows\system32\drivers\8589ff.sys --> c:\windows\system32\drivers\8589ff.sys [?]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\SYSTEM32\DRIVERS\bcgame.sys [7/23/2003 2:16 PM 22821]
S3 cpuz130;cpuz130;\??\c:\docume~1\RANDYA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\RANDYA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 XDva016;XDva016;\??\c:\windows\system32\XDva016.sys --> c:\windows\system32\XDva016.sys [?]
S4 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:29]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
HKLM-Run-PrinTray - c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe
ShellExecuteHooks-{6809e580-a3a7-11d1-9a00-00a0c945b006} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 16:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(444)
c:\windows\system32\WlanGINA.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'Explorer.exe'(4756)
c:\windows\system32\shdoclc.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
g:\program files\trendnet\WinDomainLogon.exe
c:\program files\PESTPATROL\PPMEMCHECK.EXE
c:\program files\PESTPATROL\PPCONTROL.EXE
c:\program files\PESTPATROL\COOKIEPATROL.EXE
.
**************************************************************************
.
Completion time: 2009-07-05 17:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-05 21:02

Pre-Run: 21,313,126,400 bytes free
Post-Run: 21,215,641,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

COMBOFIX LOG USING CFSCRIPT:

ComboFix 09-07-05.01 - RANDYANDAMY 07/05/2009 21:22.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.431 [GMT -4:00]
Running from: c:\documents and settings\RANDYANDAMY\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\RANDYANDAMY\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\RANDYANDAMY\Application Data\Microsoft\Windows\ms65.exe"
"c:\windows\asbmeidAv.sys"
"c:\windows\SYSTEM\vAdiembsa.sys"
"c:\windows\system32\drivers\8589ff.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\12965564
c:\documents and settings\RANDYANDAMY\Application Data\Microsoft\Windows\ms65.exe
c:\windows\asbmeidAv.sys
c:\windows\SYSTEM\vAdiembsa.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_8589ff


((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-05 21:17 . 2004-08-04 16:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-07-05 09:15 . 2009-07-05 09:15 -------- d-----w- C:\VundoFix Backups
2009-07-05 07:57 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 07:57 . 2009-07-05 07:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 07:57 . 2009-07-05 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-05 07:57 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-02 17:42 . 2009-07-02 17:42 -------- d-----w- c:\program files\CleanUp!
2009-07-02 16:20 . 2009-07-02 16:20 194 ---ha-w- C:\aaw7boot.cmd
2009-07-02 16:19 . 2009-07-02 16:19 -------- d-----w- c:\program files\RegCleaner
2009-07-02 16:13 . 2009-05-21 15:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-02 15:30 . 2009-07-02 15:29 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-02 15:24 . 2009-07-02 15:24 -------- d--h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-02 15:24 . 2009-03-12 08:17 2902048 ----a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-02 15:24 . 2009-07-02 15:24 -------- d-----w- c:\program files\Lavasoft
2009-07-02 15:24 . 2009-07-02 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-02 14:29 . 2004-08-04 12:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2009-07-02 14:28 . 2004-08-04 12:00 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2009-07-02 14:27 . 2004-08-04 12:00 10129408 ----a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-07-02 14:26 . 2004-08-04 12:00 480256 ----a-w- c:\windows\system32\dllcache\cintsetp.exe
2009-07-02 14:25 . 2003-03-24 20:52 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
2009-07-02 14:12 . 2004-08-04 02:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-07-02 14:09 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-02 14:09 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-02 14:09 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-02 14:09 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-02 02:37 . 2007-08-14 18:04 9216 ----a-w- c:\windows\system32\ffnd.exe
2009-07-02 02:14 . 2009-07-02 02:14 -------- d-----w- c:\documents and settings\RANDYANDAMY\Local Settings\Application Data\FreeFixer
2009-07-02 02:14 . 2009-07-02 02:14 -------- d-----w- c:\program files\FreeFixer
2009-07-01 22:31 . 2009-07-01 22:31 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-01 02:08 . 2004-08-04 12:00 16384 ----a-w- c:\windows\system32\dllcache\isignup.exe
2009-06-30 22:58 . 2009-06-30 22:58 -------- d-----w- c:\program files\Intuit
2009-06-30 13:23 . 2009-06-30 13:23 -------- d-----w- c:\program files\Bazooka Scanner
2009-06-30 12:03 . 2009-06-30 12:03 -------- d-----w- c:\program files\Trend Micro
2009-06-27 08:07 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-26 18:00 . 2009-06-26 18:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-26 14:59 . 2009-06-26 14:59 -------- d-----w- c:\windows\system32\scripting
2009-06-26 14:58 . 2009-06-26 14:59 -------- d-----w- c:\windows\system32\en
2009-06-26 14:58 . 2009-06-26 14:59 -------- d-----w- c:\windows\l2schemas
2009-06-26 14:58 . 2009-06-26 14:58 -------- d-----w- c:\windows\system32\bits
2009-06-26 14:56 . 2009-06-26 14:56 -------- d-----w- c:\windows\ServicePackFiles
2009-06-26 14:51 . 2009-06-26 14:51 -------- d-----w- c:\windows\EHome
2009-06-26 13:58 . 2009-06-26 13:59 -------- d-----w- c:\program files\Windows Resource Kits
2009-06-26 02:35 . 2009-06-26 02:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-25 17:14 . 2007-08-02 02:47 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-25 02:54 . 2009-06-25 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-06-25 02:49 . 2009-06-25 02:49 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-19 02:09 . 2009-06-19 02:09 -------- d-----w- c:\program files\Doras Carnival 2 - At the Boardwalk
2009-06-19 02:08 . 2009-06-19 02:09 -------- d-----w- c:\program files\bfgclient
2009-06-19 02:08 . 2009-06-19 02:08 2383904 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2009-06-19 02:08 . 2009-06-19 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 14:19 . 2004-12-27 16:28 23376 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-30 13:17 . 2004-12-27 16:51 50840 ----a-w- c:\documents and settings\RANDYANDAMY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 15:01 . 2004-12-27 16:30 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-24 14:12 . 2009-05-24 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-24 14:12 . 2009-05-24 14:12 -------- d-----w- c:\program files\NOS
2009-05-24 13:46 . 2009-05-24 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-05-19 22:10 . 2009-05-19 22:10 143864 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2atth_s1_l1_gF1559T1L1_d557309401[1].exe
2009-05-19 22:10 . 2009-05-19 22:10 2319528 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
2009-04-20 15:01 . 2009-04-18 13:55 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-02-12 01:33 . 2009-02-12 01:33 501 ----a-w- c:\program files\Shortcut (2) to Mystery P.I. - The Vegas Heist.lnk
2009-02-12 01:33 . 2009-02-12 01:33 501 ----a-w- c:\program files\Shortcut to Mystery P.I. - The Vegas Heist.lnk
2006-02-03 12:21 . 2006-02-03 12:20 948936 ----a-w- c:\program files\install_flash_player.exe
2004-12-27 16:36 . 2004-12-27 16:36 707 ----a-w- c:\program files\MS-DOS Prompt.LNK
2004-04-11 19:49 . 2004-04-11 19:49 3616400 ----a-w- c:\program files\Install_AIM.exe
2003-08-12 09:02 . 1980-01-01 04:00 384 ----a-w- c:\program files\Internet Explorer.lnk
2003-08-12 09:02 . 1980-01-01 04:00 369 ----a-w- c:\program files\Outlook Express.lnk
2003-08-12 09:02 . 1980-01-01 04:00 295 ----a-w- c:\program files\Windows Explorer.lnk
2002-11-15 01:51 . 2002-11-15 01:51 536018 ----a-w- c:\program files\vp3.rar
2002-10-12 06:27 . 1980-01-01 04:00 11079 ---h--w- c:\program files\folder.htt
.

((((((((((((((((((((((((((((( SnapShot@2009-07-05_20.58.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-06 01:32 . 2009-07-06 01:32 16384 c:\windows\temp\Perflib_Perfdata_52c.dat
+ 2004-12-28 16:38 . 2008-10-16 18:08 34328 c:\windows\SYSTEM32\wups.dll
+ 2004-12-27 16:28 . 2008-10-16 18:09 51224 c:\windows\SYSTEM32\wuauclt.exe
+ 2009-07-05 20:59 . 2008-10-16 18:08 34328 c:\windows\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2009-07-05 21:48 . 2009-07-05 21:48 84661 c:\windows\SYSTEM32\MACROMED\Flash\uninstall_plugin.exe
+ 2004-12-27 16:28 . 2008-10-16 18:09 51224 c:\windows\SYSTEM32\dllcache\wuauclt.exe
+ 2004-12-27 16:28 . 2008-10-16 18:12 323608 c:\windows\SYSTEM32\wucltui.dll
+ 2004-12-27 16:28 . 2008-10-16 18:12 561688 c:\windows\SYSTEM32\wuapi.dll
- 2009-07-02 12:10 . 2009-02-02 22:15 240544 c:\windows\SYSTEM32\MACROMED\Flash\NPSWF32_FlashUtil.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\SYSTEM32\MACROMED\Flash\NPSWF32_FlashUtil.exe
+ 2004-12-27 16:28 . 2008-10-16 18:12 323608 c:\windows\SYSTEM32\dllcache\wucltui.dll
+ 2004-12-27 16:28 . 2008-10-16 18:13 1809944 c:\windows\SYSTEM32\wuaueng.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\SYSTEM32\MACROMED\Flash\NPSWF32.dll
- 2009-07-02 12:10 . 2009-02-02 22:15 3771296 c:\windows\SYSTEM32\MACROMED\Flash\NPSWF32.dll
+ 2004-12-27 16:28 . 2008-10-16 18:13 1809944 c:\windows\SYSTEM32\dllcache\wuaueng.dll
+ 2009-02-02 22:07 . 2009-02-02 22:07 1914440 c:\windows\Downloaded Program Files\CONFLICT.219\FP_AX_CAB_INSTALLER.exe
+ 2009-02-02 22:07 . 2009-02-02 22:07 1914440 c:\windows\Downloaded Program Files\CONFLICT.218\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\program files\steam\steam.exe" [2009-06-11 1217784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 148480]
"PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304]
"CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LexStart"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-01 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2003-7-13 208896]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
ImageMixer 3 SE Camera Monitor for SD.lnk - g:\program files\CameraMonitor.exe [2008-6-23 253952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWC:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Lh'þ9Óœð3rÅWc:\program files\ISTsvc

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SAIMON"=c:\windows\SYSTEM32\SaiMon.exe
"DisableEHCI"=c:\windows\NoUSB20.EXE
"EM_EXEC"=c:\progra~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
"SystemTray"=SysTray.Exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\SYSTEM32\nvcpl.dll,NvStartup
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" /server /nosystray
"PestPatrol Control Center"=c:\progra~1\PESTPA~1\PPControl.exe
"PPMemCheck"=c:\progra~1\PESTPA~1\PPMemCheck.exe
"MMTray"=MMTray.exe
"Cmaudio"=RunDll32 cmicnfg.dll,CMICtrlWnd
"nwiz"=nwiz.exe /install
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\windows\SYSTEM32\qttask.exe" -atboottime
"Win Server Updt"=c:\windows\wupdt.exe
"*CATDRV"=c:\windows\HELP\CATDRV.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"*OLEFAX"=c:\windows\JAVA\TRUSTLIB\OLEFAX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"ScriptBlocking"=
"SchedulingAgent"=mstask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubi Soft\\IL2 Sturmovik\\il2.exe"=
"g:\\Program Files\\Steam\\SteamApps\\waycoolsurfer\\half-life 2 deathmatch\\hl2.exe"=
"g:\\Program Files\\Steam\\SteamApps\\waycoolsurfer\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\Quake III Arena\\quake3.exe"=
"f:\\World of Warcraft\\Launcher.exe"=
"f:\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"f:\\World of Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-enUS-downloader.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"g:\\Program Files\\trendnet\\WinDomainLogon.exe"=
"c:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe"=
"c:\\Program Files\\Canon\\CAL\\CALMAIN.exe"=
"c:\\Program Files\\Webshots\\Webshots.scr"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.185\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.186\\FP_AX_CAB_INSTALLER.exe"=
"c:\\Program Files\\WinRAR\\WinRAR.exe"=
"g:\\program files\\steam\\steam.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.187\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\System32\\taskmgr.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.188\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.189\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.190\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\system32\\dumprep.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.191\\FP_AX_CAB_INSTALLER.exe"=
"g:\\Program Files\\Rockstar Games\\GTA San Andreas\\samp.exe"=
"g:\\Program Files\\Rockstar Games\\GTA San Andreas\\gta_sa.exe"=
"c:\\WINDOWS\\System32\\WgaTray.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"=
"c:\\Program Files\\PestPatrol\\PPMemCheck.exe"=
"c:\\Program Files\\PestPatrol\\PPControl.exe"=
"c:\\Program Files\\PestPatrol\\CookiePatrol.exe"=
"c:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Belkin\\Nostromo\\nost_LM.exe"=
"g:\\Program Files\\CameraMonitor.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\jucheck.exe"=
"c:\\WINDOWS\\system32\\MsiExec.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.204\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.205\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.206\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.207\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.208\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.209\\FP_AX_CAB_INSTALLER.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.210\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\CONFLICT.211\\FP_AX_CAB_INSTALLER.exe"=
"c:\\WINDOWS\\regedit.exe"=
"c:\\WINDOWS\\system32\\regsvr32.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [7/2/2009 11:30 AM 64160]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\SYSTEM32\DRIVERS\tffsport.sys [8/4/2004 12:00 PM 149376]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\SYSTEM32\DRIVERS\rt2870.sys [7/28/2007 2:50 PM 517632]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\SYSTEM32\DRIVERS\bcgame.sys [7/23/2003 2:16 PM 22821]
S3 cpuz130;cpuz130;\??\c:\docume~1\RANDYA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\RANDYA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 XDva016;XDva016;\??\c:\windows\system32\XDva016.sys --> c:\windows\system32\XDva016.sys [?]
S4 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:29]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{6809e580-a3a7-11d1-9a00-00a0c945b006} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\RANDYANDAMY\Application Data\Mozilla\Firefox\Profiles\gqlk35dz.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 21:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\WlanGINA.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'Explorer.exe'(4376)
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
g:\program files\trendnet\WinDomainLogon.exe
c:\program files\Common Files\Seagate\Schedule2\schedul2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\PESTPATROL\PPMEMCHECK.EXE
c:\program files\PESTPATROL\PPCONTROL.EXE
c:\program files\PESTPATROL\COOKIEPATROL.EXE
c:\program files\LAVASOFT\AD-AWARE\AAWTRAY.EXE
.
**************************************************************************
.
Completion time: 2009-07-06 21:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 01:37
ComboFix2.txt 2009-07-05 21:02

Pre-Run: 21,164,752,896 bytes free
Post-Run: 21,153,120,256 bytes free

355 --- E O F --- 2009-06-27 18:02

hi

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  
  :Services
  
  :Reg
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#  Lh'þ9Óœð3rÅWC:]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#  Lh'þ9Óœð3rÅWC:\Program Files]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³#  Lh'þ9Óœð3rÅWc:\program files\ISTsvc]
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  
  
• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.