I have been working on getting my mother's computer rid of all the malware because as of right now it will not connect to the internet (cable), it can't boot in normal mode (only in safe mode after several tries, and it is moving extremely slow). The computer had no problems 2 days ago. And then I noticed the flashing yellow icon with the "System Alert: Trojan-Spy.Win32@mx" message. And as I was waiting on the computer to load McAfee popped up saying tinyproxy.exe was attempting an incoming connection, and I blocked it, I think this might be why I can't access the internet.

But I ran McAfee which took over 4 hours, it found 10 viruses of which 9 were "quarantined". I attempted to download and install AdAware with no luck, it keeps giving me an error (I believe that's because I am in Safe Mode). So, I did further research and found that some people were able to remove the Trojan-Spy.Win32@mx infection with SmitFraudFix, I attempted that with no luck. So, now I am here hoping somebody will be able to help me resolve this.

I followed the instructions in this post. And I ran HiJackThis here's the log (I hope by it will be useful even though it's from "Safe Mode"):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:44, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Mama\Desktop\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Piolet Toolbar - {C75C8E7E-5059-4469-AC11-D7544B260382} - C:\Program Files\Piolet Toolbar\v3.3.0.1\Piolet_Toolbar.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176252942\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Mama\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Mama\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\Mama\LOCALS~1\Temp\winlogin.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Mama\LOCALS~1\Temp\csrssc.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all with GPL - C:\Program Files\GetPicturesList\GPL_all.htm
O8 - Extra context menu item: Download with GPL - C:\Program Files\GetPicturesList\GPL_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: GPL: Thumbnails to Pictures - C:\Program Files\GetPicturesList\GPL_pics.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176245828046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176253780937
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC45BA65-97B3-4CA9-AEE1-1C1FFE3261D9}: NameServer = 85.255.116.57;85.255.112.156
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.57;85.255.112.156
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.57;85.255.112.156
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.57;85.255.112.156
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.57;85.255.112.156
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.116.57;85.255.112.156
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.57;85.255.112.156
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: kkrhjt.dll bhrawx.dll
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jkse73hedfdgf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 11292 bytes

I'm not sure if this will be helpful but here's the rapport.txt file from the SmitFraud Fix:

SmitFraudFix v2.386

Scan done at 17:21:23.03, Mon 12/15/2008
Run from C:\Documents and Settings\Mama\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5BF49A2-94F3-42BD-F434-3604812C897D}"="mcb7uehuj3n8weuhejsw"

[HKEY_CLASSES_ROOT\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}\InProcServer32]
@="C:\WINDOWS\system32\jkse73hedfdgf.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}\InProcServer32]
@="C:\WINDOWS\system32\jkse73hedfdgf.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Replacing C:\WINDOWS\system32\userinit.exe
Replacing C:\WINDOWS\system32\userinit.exe
Problem while replacing C:\WINDOWS\system32\userinit.exe
C:\Documents and Settings\Mama\Application Data\Skinux\ Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Spyware Test.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Online Spyware Test.url Deleted
C:\Program Files\WebMediaViewer\ Deleted
C:\resycled\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
Suspicious item found: 90F6BCEC69C08600


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AC45BA65-97B3-4CA9-AEE1-1C1FFE3261D9}: DhcpNameServer=85.255.116.57;85.255.112.156
HKLM\SYSTEM\CCS\Services\Tcpip\..\{AC45BA65-97B3-4CA9-AEE1-1C1FFE3261D9}: NameServer=85.255.116.57;85.255.112.156
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AC45BA65-97B3-4CA9-AEE1-1C1FFE3261D9}: DhcpNameServer=85.255.116.57;85.255.112.156
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AC45BA65-97B3-4CA9-AEE1-1C1FFE3261D9}: NameServer=85.255.116.57;85.255.112.156
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AC45BA65-97B3-4CA9-AEE1-1C1FFE3261D9}: DhcpNameServer=68.87.68.162 68.87.74.162 68.87.64.196
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AC45BA65-97B3-4CA9-AEE1-1C1FFE3261D9}: NameServer=85.255.116.57;85.255.112.156
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AC45BA65-97B3-4CA9-AEE1-1C1FFE3261D9}: DhcpNameServer=68.87.68.162 68.87.74.162 68.87.64.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.116.57;85.255.112.156
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.57;85.255.112.156
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.116.57;85.255.112.156
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.57;85.255.112.156
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162 68.87.64.196
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.57;85.255.112.156
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162 68.87.64.196


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5BF49A2-94F3-42BD-F434-3604812C897D}"="mcb7uehuj3n8weuhejsw"

[HKEY_CLASSES_ROOT\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}\InProcServer32]
@="C:\WINDOWS\system32\jkse73hedfdgf.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C897D}\InProcServer32]
@="C:\WINDOWS\system32\jkse73hedfdgf.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End

and also while I was running the SmitFraudFix I got this error:
Access Denied: C:\DOCUME~1\Mama\LOCALS~1\Temp\inB.tmp

not sure what that means...

I'll be on for a min we're supposed to be having ice/snow tonight so I won'

This post has been edited by FallenStar: Dec 15 2008, 06:50 PM

Hey FallenStar,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.





Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Hello, and thank you for your response. I attempted to do the ComboFix and everytime it starts scanning for infected files I get a "ComboFix has detected the presence of rootkit activity and needs to reboot the machine" ERROR and I have to restart the computer and do the process all over and it gets the same error over and over again, so I'm not able to pass this point.

I finally got the Combofix to work. Here's the log:

ComboFix 08-12-18.01 - Mama 2008-12-19 4:44:52.2 - NTFSx86
Running from: c:\documents and settings\Mama\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\cfeefadfa.dll
c:\windows\system32\drivers\msqpdxpqltoiqt.sys
c:\windows\system32\msqpdxlrvdhrxr.dll
.
---- Previous Run -------
.
c:\documents and settings\Mama\Application Data\gadcom
c:\documents and settings\Mama\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Mama\My Documents\My Documents.url
c:\documents and settings\Mama\My Documents\My Music\My Music.url
c:\documents and settings\Mama\My Documents\My Pictures\My Pictures.url
c:\documents and settings\Mama\My Documents\My Videos\My Video.url
c:\documents and settings\Maraia\Favorites\Online Security Test.url
c:\program files\rhc7k8j0en0a
c:\program files\tinyproxy\tinyproxy.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\awtqNGyA.dll
c:\windows\system32\bhrawx.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\FehkTBeg.ini
c:\windows\system32\FehkTBeg.ini2
c:\windows\system32\fsepvhtk.dll
c:\windows\system32\geBTkheF.dll
c:\windows\system32\gkcppfpl.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\jkse73hedfdgf.dll
c:\windows\system32\kkrhjt.dll
c:\windows\system32\kthvpesf.ini
c:\windows\system32\lpfppckg.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mlJArrpp.dll
c:\windows\system32\njfmgfgf.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vwifwand.dll
c:\windows\system32\WS2Fix.exe
c:\windows\system32\wvUOeFUN.dll
c:\windows\Tasks\mzawxuzj.job
c:\windows\Tasks\nzubwicy.job
c:\windows\wiaserviv.log

----- BITS: Possible infected sites -----

hxxp://b9n.org
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSQPDXSERV.SYS
-------\Legacy_ICF
-------\Legacy_LOGICAL_DISK_MANAGER_(DMSERVER)_
-------\Service_ICF
-------\Service_Logical Disk Manager (dmserver)
-------\Legacy_ICF
-------\Legacy_LOGICAL_DISK_MANAGER_(DMSERVER)_


((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-19 04:12 . 2008-12-19 04:12 <DIR> d-------- c:\documents and settings\Mama\Application Data\Skinux
2008-12-17 20:14 . 2008-12-17 20:15 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-17 20:14 . 2008-12-17 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 17:21 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-15 02:44 . 2008-12-15 02:44 <DIR> d-------- c:\program files\Trend Micro
2008-12-15 01:52 . 2008-12-15 01:52 <DIR> d-------- c:\program files\Lavasoft
2008-12-15 01:52 . 2008-12-15 01:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-15 01:47 . 2008-12-15 01:50 <DIR> d-------- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-12-14 21:42 . 2008-12-19 03:08 <DIR> d--hs---- c:\windows\system32\90F6BCEC69C08600
2008-12-14 19:19 . 2008-12-14 19:19 160 --a------ C:\log.udt
2008-12-14 19:15 . 2008-12-19 05:11 93,420 --a------ c:\windows\system32\drivers\glaide32.sys
2008-12-14 19:13 . 2008-12-14 19:13 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-14 19:12 . 2008-12-14 19:14 2 --a------ C:\1419480880
2008-12-14 17:49 . 2008-04-13 18:12 26,112 --a------ c:\windows\system32\stu2.exe
2008-12-14 10:26 . 2008-12-14 10:26 <DIR> d-------- c:\documents and settings\Maraia\Application Data\Skinux
2008-12-11 02:10 . 2008-12-11 02:10 <DIR> d-------- c:\documents and settings\Mama\Application Data\CyberLink
2008-12-07 22:11 . 2008-12-07 22:13 <DIR> d-------- c:\program files\Common Files\Kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 08:35 --------- d-----w c:\program files\Torrent Harvester
2008-12-15 07:59 --------- d-----w c:\documents and settings\Maraia\Application Data\COMCASTTOOLBAR
2008-12-15 01:12 14,336 ----a-w c:\windows\system32\svchost.exe
2008-12-14 23:49 8,704 ----a-w c:\windows\system32\userinit.exe
2008-12-13 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 04:09 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-12-06 07:59 --------- d-----w c:\program files\Piolet
2008-11-26 06:05 --------- d-----w c:\documents and settings\Maraia\Application Data\FileZilla
2008-11-18 13:21 --------- d-----w c:\documents and settings\Mama\Application Data\FileZilla
2008-11-15 03:13 --------- d-----w c:\program files\Java
2008-10-28 17:24 --------- d-----w c:\documents and settings\Mama\Application Data\Yahoo!
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-19 18:07 --------- d-----w c:\program files\FileZilla Client
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-12-15 01:22 66,576 ----a-w c:\program files\mozilla firefox\components\cfeefadfa.dll
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

2004-08-04 01:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2008-12-14 17:49 8704 93849ab2d7b9c8c81f20a99d16c8ab36 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C75C8E7E-5059-4469-AC11-D7544B260382}"= "c:\program files\Piolet Toolbar\v3.3.0.1\Piolet_Toolbar.dll" [2008-08-11 806912]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C75C8E7E-5059-4469-AC11-D7544B260382}"= "c:\program files\Piolet Toolbar\v3.3.0.1\Piolet_Toolbar.dll" [2008-08-11 806912]

[HKEY_CLASSES_ROOT\clsid\{c75c8e7e-5059-4469-ac11-d7544b260382}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"HostManager"="c:\program files\Common Files\AOL\1176252942\ee\AOLSoftware.exe" [2006-09-25 50736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472]

c:\documents and settings\Mama\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-19 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-07-07 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-09-11 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kkrhjt.dll bhrawx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeefirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Piolet\\Piolet.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\awtqNGyA.dll
BHO-{7207cc0b-5b22-4b04-92d9-376d297657ab} - c:\windows\system32\geBTkheF.dll
BHO-{C5BF49A2-94F3-42BD-F434-3604812C897D} - c:\windows\system32\jkse73hedfdgf.dll
SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C897D} - c:\windows\system32\jkse73hedfdgf.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\awtqNGyA.dll
Notify-awtqngya - awtqNGyA.dll
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys


.
------- Supplementary Scan -------
.
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download all with GPL - c:\program files\GetPicturesList\GPL_all.htm
IE: Download with GPL - c:\program files\GetPicturesList\GPL_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: GPL: Thumbnails to Pictures - c:\program files\GetPicturesList\GPL_pics.htm
IE: {{3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php
IE: {{3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php -
FF - ProfilePath - c:\documents and settings\Mama\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9090
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\cfeefadfa.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 05:04:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\446c626638e700e12fc800edf2fa117c.sys 36864 bytes executable
c:\windows\system32\_446c626638e700e12fc800edf2fa117c.sys_.vir 36864 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset005\Services\446c626638e700e12fc800edf2fa117c]
"ImagePath"="system32\446c626638e700e12fc800edf2fa117c.sys"

[HKEY_LOCAL_MACHINE\System\controlset005\Services\glaide32]
"ImagePath"="\??\c:\windows\system32\drivers\glaide32.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee\VIRUSS~1\mcvsshld.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-12-19 5:17:47 - machine was rebooted [Mama]
ComboFix-quarantined-files.txt 2008-12-19 11:17:14

Pre-Run: 42,425,769,984 bytes free
Post-Run: 42,319,540,224 bytes free

286 --- E O F --- 2008-12-13 23:20:10


This post has been edited by FallenStar: Dec 19 2008, 05:28 AM

Your welcome.

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • c:\windows\system32\wininet.dll
  • c:\windows\system32\stu2.exe
  • c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
  
  
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Here is the viruscan.org logs:

VirSCAN.org Scanned Report :
Scanned time : 2008/12/20 03:31:36 (CST)
Scanner results: All Scanners reported not find malware!
File Name : wininet.dll
File Size : 826368 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 6741eaf7b7f110e803a6e38f6e5fa6b0
SHA1 : 05206a1b49dfe4abea8bdccd747010f56fc16676
Online report : http://virscan.org/report/bb8ab0f913267801...9e2ee8e2db.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081219013143 2008-12-19 5.24 -
AhnLab V3 2008.12.20.00 2008.12.20 2008-12-20 1.01 -
AntiVir 7.9.0.45 7.1.1.14 2008-12-19 1.65 -
Antiy 2.0.18 20081220.1879959 2008-12-20 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.24 -
Authentium 5.1.1 200812192224 2008-12-19 1.10 -
AVAST! 3.0.1 081219-0 2008-12-19 0.05 -
AVG 7.5.52.442 270.9.19/1857 2008-12-19 1.79 -
BitDefender 7.81008.2368391 7.22651 2008-12-20 2.18 -
CA (VET) 9.0.0.143 31.6.6269 2008-12-19 5.44 -
ClamAV 0.94.1 8787 2008-12-20 0.17 -
Comodo 3.0 781 2008-12-19 0.82 -
CP Secure 1.1.0.715 2008.12.20 2008-12-20 6.19 -
Dr.Web 4.44.0.9170 2008.12.19 2008-12-19 3.76 -
ewido 4.0.0.2 2008.12.19 2008-12-19 7.26 -
F-Prot 4.4.4.56 20081219 2008-12-19 1.08 -
F-Secure 5.51.6100 2008.12.20.01 2008-12-20 0.08 -
Fortinet 2.81-3.117 9.831 2008-12-19 0.27 -
GData 19.1997/19.151 20081220 2008-12-20 3.32 -
ViRobot 20081219 2008.12.19 2008-12-19 0.41 -
Ikarus T3.1.01.45 2008.12.20.72035 2008-12-20 4.21 -
JiangMin 11.0.706 11.0.706.. 11.0.706-- 1.57 -
Kaspersky 5.5.10 2008.12.20 2008-12-20 0.06 -
KingSoft 2008.9.8.18 2008.12.19.17 2008-12-19 0.57 -
McAfee 5.3.00 5469 2008-12-19 2.63 -
Microsoft 1.4205 2008.12.20 2008-12-20 7.77 -
mks_vir 2.01 2008.12.19 2008-12-19 2.66 -
Norman 5.93.01 5.93.00 2008-12-18 5.96 -
Panda 9.05.01 2008.12.19 2008-12-19 3.04 -
Trend Micro 8.700-1004 5.724.04 2008-12-19 0.03 -
Quick Heal 10.00 2008.12.20 2008-12-20 1.07 -
Rising 20.0 21.08.51.00 2008-12-20 0.73 -
Sophos 2.82.1 4.37 2008-12-20 1.89 -
Sunbelt 4754 4754 2008-12-10 1.18 -
Symantec 1.3.0.24 20081219.005 2008-12-19 0.23 -
nProtect 20081215.03 2773539 2008-12-15 4.58 -
The Hacker 6.3.1.2 v00193 2008-12-19 0.56 -
VBA32 3.12.8.10 20081219.2214 2008-12-19 1.63 -
VirusBuster 4.5.11.10 10.98.3/730823 2008-12-19 1.48 -


=========

VirSCAN.org Scanned Report :
Scanned time : 2008/12/20 03:35:50 (CST)
Scanner results: All Scanners reported not find malware!
File Name : stu2.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report : http://virscan.org/report/17a2413e03ffca0e...0b8f93c5bf.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081219013143 2008-12-19 3.10 -
AhnLab V3 2008.12.20.00 2008.12.20 2008-12-20 1.01 -
AntiVir 7.9.0.45 7.1.1.14 2008-12-19 1.67 -
Antiy 2.0.18 20081220.1879959 2008-12-20 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.23 -
Authentium 5.1.1 200812192224 2008-12-19 1.07 -
AVAST! 3.0.1 081219-0 2008-12-19 0.01 -
AVG 7.5.52.442 270.9.19/1857 2008-12-19 1.76 -
BitDefender 7.81008.2368391 7.22651 2008-12-20 2.17 -
CA (VET) 9.0.0.143 31.6.6269 2008-12-19 2.60 -
ClamAV 0.94.1 8787 2008-12-20 0.01 -
Comodo 3.0 781 2008-12-19 0.81 -
CP Secure 1.1.0.715 2008.12.20 2008-12-20 6.18 -
Dr.Web 4.44.0.9170 2008.12.19 2008-12-19 3.74 -
ewido 4.0.0.2 2008.12.19 2008-12-19 4.63 -
F-Prot 4.4.4.56 20081219 2008-12-19 1.05 -
F-Secure 5.51.6100 2008.12.20.01 2008-12-20 0.06 -
Fortinet 2.81-3.117 9.831 2008-12-19 0.19 -
GData 19.1997/19.151 20081220 2008-12-20 2.79 -
ViRobot 20081219 2008.12.19 2008-12-19 0.41 -
Ikarus T3.1.01.45 2008.12.20.72035 2008-12-20 3.69 -
JiangMin 11.0.706 11.0.706.. 11.0.706-- 1.94 -
Kaspersky 5.5.10 2008.12.20 2008-12-20 0.06 -
KingSoft 2008.9.8.18 2008.12.19.17 2008-12-19 0.57 -
McAfee 5.3.00 5469 2008-12-19 2.65 -
Microsoft 1.4205 2008.12.20 2008-12-20 9.19 -
mks_vir 2.01 2008.12.19 2008-12-19 2.68 -
Norman 5.93.01 5.93.00 2008-12-18 6.14 -
Panda 9.05.01 2008.12.19 2008-12-19 2.67 -
Trend Micro 8.700-1004 5.724.04 2008-12-19 0.03 -
Quick Heal 10.00 2008.12.20 2008-12-20 0.86 -
Rising 20.0 21.08.51.00 2008-12-20 0.80 -
Sophos 2.82.1 4.37 2008-12-20 1.85 -
Sunbelt 4754 4754 2008-12-10 0.51 -
Symantec 1.3.0.24 20081219.005 2008-12-19 0.20 -
nProtect 20081215.03 2773539 2008-12-15 10.00 -
The Hacker 6.3.1.2 v00193 2008-12-19 1.05 -
VBA32 3.12.8.10 20081219.2214 2008-12-19 1.65 -
VirusBuster 4.5.11.10 10.98.3/730823 2008-12-19 0.95 -

*** The "c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP" could not be found on the system anymore...I'm guessing McAfee deleted it after it did an auto-scan this morning while I was away from the computer.

And here's the ComboFix log:

ComboFix 08-12-18.01 - Mama 2008-12-20 4:02:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.33 [GMT -6:00]
Running from: c:\documents and settings\Mama\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mama\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\log.udt
c:\windows\system32\drivers\glaide32.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\log.udt
c:\program files\Piolet Toolbar
c:\program files\Piolet Toolbar\settings.dat
c:\program files\Piolet Toolbar\uninstall.txt
c:\program files\Piolet Toolbar\v3.3.0.1\installer.ico
c:\program files\Piolet Toolbar\v3.3.0.1\Piolet_Toolbar.dll
c:\program files\Piolet Toolbar\v3.3.0.1\resources\checkmark.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\go1.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\go1_hot.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\go2.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\go2_hot.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\intro\intro_bg.png
c:\program files\Piolet Toolbar\v3.3.0.1\resources\intro\intro_feature_bracket.gif
c:\program files\Piolet Toolbar\v3.3.0.1\resources\intro\intro_logo.gif
c:\program files\Piolet Toolbar\v3.3.0.1\resources\intro\intro_search_bracket.gif
c:\program files\Piolet Toolbar\v3.3.0.1\resources\intro\intro_star_bullet.png
c:\program files\Piolet Toolbar\v3.3.0.1\resources\intro\intro_toolbar.png
c:\program files\Piolet Toolbar\v3.3.0.1\resources\intro\toolbar_intro.htm
c:\program files\Piolet Toolbar\v3.3.0.1\resources\popup_blocker_off.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\popup_blocker_on.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\radiodot.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\accuweather.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\amazon.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\dictionary.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\ebay.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\flickr.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\google_groups.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\google_images.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\google_maps.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\google_news.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\shopping.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\technorati.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\wikipedia.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\yahoo.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\yahoo_answers.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\search\youtube.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\searchbg.bmp
c:\program files\Piolet Toolbar\v3.3.0.1\resources\Toolbar.js
c:\program files\Piolet Toolbar\v3.3.0.1\resources\toolbar_logo.bmp
c:\windows\system32\drivers\glaide32.sys

----- BITS: Possible infected sites -----

hxxp://b9n.org
c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_glaide32


((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-19 05:36 . 2008-12-19 05:36 <DIR> d-------- c:\program files\Lavasoft
2008-12-19 04:12 . 2008-12-19 04:12 <DIR> d-------- c:\documents and settings\Mama\Application Data\Skinux
2008-12-17 20:14 . 2008-12-17 20:15 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-17 20:14 . 2008-12-17 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 17:21 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-15 02:44 . 2008-12-15 02:44 <DIR> d-------- c:\program files\Trend Micro
2008-12-15 01:52 . 2008-12-19 05:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-14 21:42 . 2008-12-19 03:08 <DIR> d--hs---- c:\windows\system32\90F6BCEC69C08600
2008-12-14 19:13 . 2008-12-14 19:13 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-14 19:12 . 2008-12-14 19:14 2 --a------ C:\1419480880
2008-12-14 17:49 . 2008-04-13 18:12 26,112 --a------ c:\windows\system32\stu2.exe
2008-12-14 10:26 . 2008-12-14 10:26 <DIR> d-------- c:\documents and settings\Maraia\Application Data\Skinux
2008-12-11 02:10 . 2008-12-11 02:10 <DIR> d-------- c:\documents and settings\Mama\Application Data\CyberLink
2008-12-07 22:11 . 2008-12-07 22:13 <DIR> d-------- c:\program files\Common Files\Kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 08:35 --------- d-----w c:\program files\Torrent Harvester
2008-12-15 07:59 --------- d-----w c:\documents and settings\Maraia\Application Data\COMCASTTOOLBAR
2008-12-15 01:12 14,336 ----a-w c:\windows\system32\svchost.exe
2008-12-13 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 04:09 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-12-06 07:59 --------- d-----w c:\program files\Piolet
2008-11-26 06:05 --------- d-----w c:\documents and settings\Maraia\Application Data\FileZilla
2008-11-18 13:21 --------- d-----w c:\documents and settings\Mama\Application Data\FileZilla
2008-11-15 03:13 --------- d-----w c:\program files\Java
2008-10-28 17:24 --------- d-----w c:\documents and settings\Mama\Application Data\Yahoo!
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-12-15 01:22 66,576 ----a-w c:\program files\mozilla firefox\components\cfeefadfa.dll
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\1419480880 ----

c:\1419480880\

---- Directory of c:\windows\system32\90F6BCEC69C08600 ----

2008-12-14 21:42 16384 --a------ c:\windows\system32\90F6BCEC69C08600\90F6BCEC69C08600.x86


((((((((((((((((((((((((((((( snapshot@2008-12-19_ 5.15.25.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-15 07:00:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-20 10:21:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-15 07:00:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-20 10:21:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-15 07:00:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-20 10:21:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 00:12:38 26,112 -c--a-w c:\windows\system32\dllcache\userinit.exe
- 2008-12-14 23:49:26 8,704 ----a-w c:\windows\system32\userinit.exe
+ 2008-04-14 00:12:38 26,112 ----a-w c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"HostManager"="c:\program files\Common Files\AOL\1176252942\ee\AOLSoftware.exe" [2006-09-25 50736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472]

c:\documents and settings\Mama\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-19 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-07-07 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-09-11 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kkrhjt.dll bhrawx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeefirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Piolet\\Piolet.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download all with GPL - c:\program files\GetPicturesList\GPL_all.htm
IE: Download with GPL - c:\program files\GetPicturesList\GPL_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: GPL: Thumbnails to Pictures - c:\program files\GetPicturesList\GPL_pics.htm
FF - ProfilePath - c:\documents and settings\Mama\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9090
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\cfeefadfa.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 04:19:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\446c626638e700e12fc800edf2fa117c.sys 36864 bytes executable
c:\windows\system32\_446c626638e700e12fc800edf2fa117c.sys_.vir 36864 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset005\Services\446c626638e700e12fc800edf2fa117c]
"ImagePath"="system32\446c626638e700e12fc800edf2fa117c.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-12-20 4:37:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-20 10:37:20
ComboFix2.txt 2008-12-19 11:18:15

Pre-Run: 42,679,218,176 bytes free
Post-Run: 42,692,481,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

279 --- E O F --- 2008-12-13 23:20:10

Torrent harvester is also a Torrent Program and I advise you remove it, but it is up to you. I added it to the removal using ComboFix but you may take it out if you want to keep it. I see you removed LimeWire which is good!



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Here is the new ComboFix log:

ComboFix 08-12-18.01 - Mama 2008-12-22 4:46:06.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.50 [GMT -6:00]
Running from: c:\documents and settings\Mama\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mama\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Torrent Harvester
c:\program files\Torrent Harvester\Download\Chris Brown-Chris Brown-2005-h8me.torrent
c:\program files\Torrent Harvester\Download\Chris Brown-Chris Brown (with Covers) a 2005 COD Release.torrent
c:\program files\Torrent Harvester\Download\Chris Brown - Chris Brown (2005) [TNTVillage.org].torrent
c:\program files\Torrent Harvester\Download\Chris Brown - Chris Brown (2005) [www.mp3nova.org].torrent
c:\program files\Torrent Harvester\Download\Chris Brown - Chris Brown (2005).torrent
c:\program files\Torrent Harvester\Download\Chris%20Brown%20-%20Chris%20Brown%20%282005%29%5Bwww%20bitmp3%20com%5D.torrent
c:\program files\Torrent Harvester\Download\Chris%20Brown%20-%20Chris%20Brown%20%282005%29%5Bwww.severedbytes.com%5D%20-%20TBD.torrent
c:\program files\Torrent Harvester\Download\Microsoft Office 2007 Enterprise-WiNK[keznews com].torrent
c:\program files\Torrent Harvester\Download\Microsoft Office 2007 Professional Edition + WORKING Serial Code.torrent
c:\program files\Torrent Harvester\Download\Microsoft.Office.2007.Enterprise.Proper.Activation.Patch-WiNK.torrent
c:\program files\Torrent Harvester\Download\www iluvmp3s com Chris Brown - Chris Brown (RETAiL).torrent

.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-22 04:40 . 2008-12-22 04:40 <DIR> d-------- C:\32788R22FWJFW
2008-12-19 05:36 . 2008-12-19 05:36 <DIR> d-------- c:\program files\Lavasoft
2008-12-19 04:12 . 2008-12-19 04:12 <DIR> d-------- c:\documents and settings\Mama\Application Data\Skinux
2008-12-17 20:14 . 2008-12-17 20:15 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-17 20:14 . 2008-12-17 20:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 17:21 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-15 02:44 . 2008-12-15 02:44 <DIR> d-------- c:\program files\Trend Micro
2008-12-15 01:52 . 2008-12-19 05:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-14 21:42 . 2008-12-19 03:08 <DIR> d--hs---- c:\windows\system32\90F6BCEC69C08600
2008-12-14 19:13 . 2008-12-14 19:13 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-14 19:12 . 2008-12-14 19:14 2 --a------ C:\1419480880
2008-12-14 17:49 . 2008-04-13 18:12 26,112 --a------ c:\windows\system32\stu2.exe
2008-12-14 10:26 . 2008-12-14 10:26 <DIR> d-------- c:\documents and settings\Maraia\Application Data\Skinux
2008-12-11 02:10 . 2008-12-11 02:10 <DIR> d-------- c:\documents and settings\Mama\Application Data\CyberLink
2008-12-07 22:11 . 2008-12-07 22:13 <DIR> d-------- c:\program files\Common Files\Kodak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 07:59 --------- d-----w c:\documents and settings\Maraia\Application Data\COMCASTTOOLBAR
2008-12-15 01:12 14,336 ----a-w c:\windows\system32\svchost.exe
2008-12-13 23:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 04:09 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-12-06 07:59 --------- d-----w c:\program files\Piolet
2008-11-26 06:05 --------- d-----w c:\documents and settings\Maraia\Application Data\FileZilla
2008-11-18 13:21 --------- d-----w c:\documents and settings\Mama\Application Data\FileZilla
2008-11-15 03:13 --------- d-----w c:\program files\Java
2008-10-28 17:24 --------- d-----w c:\documents and settings\Mama\Application Data\Yahoo!
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-12-15 01:22 66,576 ----a-w c:\program files\mozilla firefox\components\cfeefadfa.dll
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-19_ 5.15.25.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-15 07:00:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-20 10:35:56 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-15 07:00:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-20 10:35:56 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-15 07:00:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-20 10:35:56 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 00:12:38 26,112 -c--a-w c:\windows\system32\dllcache\userinit.exe
- 2008-12-14 23:49:26 8,704 ----a-w c:\windows\system32\userinit.exe
+ 2008-04-14 00:12:38 26,112 ----a-w c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"HostManager"="c:\program files\Common Files\AOL\1176252942\ee\AOLSoftware.exe" [2006-09-25 50736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-13 54472]

c:\documents and settings\Mama\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-19 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-07-07 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-09-11 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeefirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Piolet\\Piolet.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download all with GPL - c:\program files\GetPicturesList\GPL_all.htm
IE: Download with GPL - c:\program files\GetPicturesList\GPL_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: GPL: Thumbnails to Pictures - c:\program files\GetPicturesList\GPL_pics.htm
FF - ProfilePath - c:\documents and settings\Mama\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9090
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\cfeefadfa.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 04:53:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\446c626638e700e12fc800edf2fa117c.sys 36864 bytes executable
c:\windows\system32\_446c626638e700e12fc800edf2fa117c.sys_.vir 36864 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\controlset005\Services\446c626638e700e12fc800edf2fa117c]
"ImagePath"="system32\446c626638e700e12fc800edf2fa117c.sys"
.
Completion time: 2008-12-22 4:58:32
ComboFix-quarantined-files.txt 2008-12-22 10:57:58
ComboFix2.txt 2008-12-20 10:37:52
ComboFix3.txt 2008-12-19 11:18:15

Pre-Run: 42,689,777,664 bytes free
Post-Run: 42,669,551,616 bytes free

206 --- E O F --- 2008-12-13 23:20:10

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

OK I've done that also. So, is that it? You didn't say to reply with the results but I will anyway, and just let me know if I need to do anything else. Thanks in advance.

sprtupdate.dll;c:\program files\comcast\desktop doctor\bin;Probably DLOADER.Trojan;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4161.3.4;Probably BACKDOOR.Trojan;;
sprtupdate.dll;C:\Program Files\Comcast\Desktop Doctor\bin;Probably DLOADER.Trojan;;
uninst.exe\data003;C:\Program Files\Common Files\aol\acs\uninst.exe;Trojan.StartPage.21845;;
uninst.exe;C:\Program Files\Common Files\aol\acs;Archive contains infected objects;Moved.;
acslaeu.exe\data003;C:\Program Files\Common Files\aol\Backup\ACS\Current\EU\acslaeu.exe;Trojan.StartPage.21845;;
acslaeu.exe;C:\Program Files\Common Files\aol\Backup\ACS\Current\EU;Archive contains infected objects;Moved.;
setup.exe;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite;Probably BACKDOOR.Trojan;;
acscore.exe\data003;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\acscore.exe;Trojan.StartPage.21845;;
data057\data003;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\acscore.exe\data057;Trojan.StartPage.21845;;
data057;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\acscore.exe;Archive contains infected objects;;
acscore.exe;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps;Archive contains infected objects;Moved.;
acslaeu.exe\data003;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\acslaeu.exe;Trojan.StartPage.21845;;
acslaeu.exe;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps;Archive contains infected objects;Moved.;
acslang.exe\data003;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\acslang.exe;Trojan.StartPage.21845;;
acslang.exe;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps;Archive contains infected objects;Moved.;
acsnet.exe\data003;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\acsnet.exe;Trojan.StartPage.21845;;
acsnet.exe;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps;Archive contains infected objects;Moved.;
ecuinst.exe\data003;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\ecuinst.exe;Trojan.StartPage.21845;;
data016\data002;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\ecuinst.exe\data016;Trojan.StartPage.21845;;
data016;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps\ecuinst.exe;Archive contains infected objects;;
ecuinst.exe;C:\Program Files\Common Files\aol\Backup\ACS\Current\Suite\comps;Archive contains infected objects;Moved.;
acslang.exe\data003;C:\Program Files\Common Files\aol\Backup\ACS\Current\US\acslang.exe;Trojan.StartPage.21845;;
acslang.exe;C:\Program Files\Common Files\aol\Backup\ACS\Current\US;Archive contains infected objects;Moved.;
acssetup.exe\data010;C:\Program Files\Common Files\aol\Backup\ACS\Current\US\acssetup.exe;Probably BACKDOOR.Trojan;;
acssetup.exe;C:\Program Files\Common Files\aol\Backup\ACS\Current\US;Archive contains infected objects;Moved.;
acslang.exe\data003;C:\Program Files\Common Files\aol\Backup\ACS\Rollback\acslang.exe;Trojan.StartPage.21845;;
acslang.exe;C:\Program Files\Common Files\aol\Backup\ACS\Rollback;Archive contains infected objects;Moved.;
uninst.exe\data002;C:\Program Files\Common Files\aol\ECU\uninst.exe;Trojan.StartPage.21845;;
uninst.exe;C:\Program Files\Common Files\aol\ECU;Archive contains infected objects;Moved.;
stream000\file_pf_391;C:\Program Files\support.com\temp\DesktopDoctor.msi\stream000;Probably DLOADER.Trojan;;
stream000;C:\Program Files\support.com\temp\DesktopDoctor.msi;Archive contains infected objects;;
DesktopDoctor.msi;C:\Program Files\support.com\temp;Archive contains infected objects;Moved.;
awtqNGyA.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.375;;
bhrawx.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.60;Deleted.;
cfeefadfa.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably DLOADER.Trojan;;
fsepvhtk.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.375;;
geBTkheF.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.855;Deleted.;
gkcppfpl.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.854;Deleted.;
jkse73hedfdgf.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.4660;Deleted.;
kkrhjt.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.375;;
mlJArrpp.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.25701;Deleted.;
msqpdxlrvdhrxr.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DnsChange.13;Deleted.;
njfmgfgf.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.375;;
Process.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Tool.Prockill;;
vwifwand.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.60;Deleted.;
wvUOeFUN.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.25701;Deleted.;
90F6BCEC69C08600.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\90F6BCEC69C08600;Trojan.NtRootKit.2523;Deleted.;
A0163752.EXE;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP696;Program.PsExec.170;;
A0163831.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP697\A0163831.exe;Tool.Prockill;;
A0163831.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP697\A0163831.exe;Trojan.Shutdown.134;;
A0163831.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP697;Archive contains infected objects;Moved.;
A0163851.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP697;Tool.Prockill;;
A0163853.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP697;Trojan.Shutdown.134;Deleted.;
A0164962.exe\data003;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164962.exe;Trojan.StartPage.21845;;
A0164962.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
A0164963.exe\data003;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164963.exe;Trojan.StartPage.21845;;
A0164963.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
A0164964.exe\data003;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164964.exe;Trojan.StartPage.21845;;
data057\data003;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164964.exe\data057;Trojan.StartPage.21845;;
data057;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164964.exe;Archive contains infected objects;;
A0164964.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
A0164965.exe\data003;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164965.exe;Trojan.StartPage.21845;;
A0164965.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
A0164966.exe\data003;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164966.exe;Trojan.StartPage.21845;;
A0164966.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
A0164967.exe\data003;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164967.exe;Trojan.StartPage.21845;;
A0164967.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
A0164968.exe\data003;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164968.exe;Trojan.StartPage.21845;;
data016\data002;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164968.exe\data016;Trojan.StartPage.21845;;
data016;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164968.exe;Archive contains infected objects;;
A0164968.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
A0164969.exe\data003;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164969.exe;Trojan.StartPage.21845;;
A0164969.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
A0164970.exe\data010;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164970.exe;Probably BACKDOOR.Trojan;;
A0164970.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
A0164971.exe\data003;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164971.exe;Trojan.StartPage.21845;;
A0164971.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
A0164972.exe\data002;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164972.exe;Trojan.StartPage.21845;;
A0164972.exe;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
stream000\file_pf_391;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164973.msi\stream000;Probably DLOADER.Trojan;;
stream000;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699\A0164973.msi;Archive contains infected objects;;
A0164973.msi;C:\System Volume Information\_restore{AC967448-E228-4CC8-BB98-9842E0D24B39}\RP699;Archive contains infected objects;Moved.;
Rare Recording.wma;H:\LimeWire Music;Trojan.DownLoader.61860;Deleted.;

Thanks,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

Also, due to the holidays, I will be in and out of the forums, so if It seems like I am delayed in responding, thats why.

Hello, I hope you enjoyed your holidays.

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/31/2008 7:47:27 AM
mbam-log-2008-12-31 (07-47-27).txt

Scan type: Quick Scan
Objects scanned: 70371
Time elapsed: 9 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\446c626638e700e12fc800edf2fa117c.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_446c626638e700e12fc800edf2fa117c.sys_.vir (Trojan.Agent) -> Quarantined and deleted successfully.


Kas log:

Detected
--------
Status Object
------ ------
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.ezc File: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0GGMCKX\nww32[1].exe
deleted: adware not-a-virus:AdWare.Win32.SuperJuan.ezc File: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0GGMCKX\nww32[2].exe
not found: virus Heur.Invader (modification) File: C:\Documents and Settings\Mama\Desktop\ComboFix.exe//PE_Patch.UPX/32788R22FWJFW\catchme.cfexe
deleted: Trojan program Trojan-Downloader.Win32.Injecter.bel File: C:\Qoobox\Quarantine\C\WINDOWS\system32\awtqNGyA.dll.vir
deleted: Trojan program Trojan-Downloader.Win32.Agent.auff File: C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir
deleted: virus Worm.Win32.AutoRun.raz File: C:\Qoobox\Quarantine\C\WINDOWS\system32\_cfeefadfa_.dll.zip/cfeefadfa.dll
deleted: virus Worm.Win32.AutoRun.raz File: C:\Qoobox\Quarantine\C\WINDOWS\system32\_cfeefadfa_.dll.zip/cfeefadfa.dll.1
deleted: Trojan program Rootkit.Win32.Agent.fkl File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\glaide32.sys.vir
deleted: Trojan program Rootkit.Win32.Agent.fkl File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_glaide32_.sys.zip/glaide32.sys
deleted: adware not-a-virus:AdWare.Win32.BHO.elx File: C:\WINDOWS\system32\spria.dll

I did thank you. How was yours? Happy New Year

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

It was great! Thanks for asking!



Logfile of random's system information tool 1.05 (written by random/random)
Run by Mama at 2009-01-02 09:09:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (53%) free of 76 GB
Total RAM: 254 MB (12% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-09-05 816400]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-08-20 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-03-28 622592]
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-04-10 61440]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"D-Link RangeBooster G WUA-2340"=C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [2008-09-23 1667072]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1176252942\ee\AOLSoftware.exe [2006-09-25 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-07-07 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2007-09-11 972064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mama^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager"
"C:\Program Files\Piolet\Piolet.exe"="C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Disabled:Flashget"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-01-02 09:09:35 ----D---- C:\rsit
2009-01-01 13:17:16 ----A---- C:\WINDOWS\system32\wnicapi.dll
2009-01-01 13:17:16 ----A---- C:\WINDOWS\system32\wlanapp.dll
2009-01-01 13:17:16 ----A---- C:\WINDOWS\system32\odSupp_M.dll
2009-01-01 13:17:16 ----A---- C:\WINDOWS\system32\JJAKEn.dll
2009-01-01 13:17:16 ----A---- C:\WINDOWS\system32\AQCKGen.dll
2009-01-01 13:17:16 ----A---- C:\WINDOWS\system32\ANIWZCS2.dll
2009-01-01 13:17:16 ----A---- C:\WINDOWS\system32\ANICtl.dll
2009-01-01 13:17:16 ----A---- C:\WINDOWS\system32\aIPH.dll
2009-01-01 13:16:53 ----A---- C:\WINDOWS\system32\ANIOApi.dll
2009-01-01 13:16:52 ----D---- C:\Program Files\ANI
2009-01-01 13:16:33 ----A---- C:\WINDOWS\system32\jswscsup.dll
2009-01-01 13:16:32 ----A---- C:\WINDOWS\system32\DWLInst.dll
2009-01-01 13:16:31 ----D---- C:\Program Files\D-Link
2009-01-01 13:16:10 ----D---- C:\Documents and Settings\Mama\Application Data\InstallShield
2008-12-31 07:33:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-30 01:34:56 ----D---- C:\Documents and Settings\Mama\Application Data\Malwarebytes
2008-12-30 01:34:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-24 00:04:16 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-12-23 23:44:58 ----D---- C:\WINDOWS\pss
2008-12-22 04:58:36 ----A---- C:\ComboFix.txt
2008-12-22 04:40:23 ----A---- C:\Bug.txt
2008-12-22 04:40:07 ----D---- C:\32788R22FWJFW
2008-12-20 03:58:02 ----A---- C:\Boot.bak
2008-12-20 03:57:30 ----RASHD---- C:\cmdcons
2008-12-19 05:36:39 ----D---- C:\Program Files\Lavasoft
2008-12-19 04:12:21 ----D---- C:\Documents and Settings\Mama\Application Data\Skinux
2008-12-19 02:33:49 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-19 02:33:48 ----A---- C:\WINDOWS\zip.exe
2008-12-19 02:33:48 ----A---- C:\WINDOWS\VFIND.exe
2008-12-19 02:33:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-19 02:33:48 ----A---- C:\WINDOWS\SWSC.exe
2008-12-19 02:33:48 ----A---- C:\WINDOWS\SWREG.exe
2008-12-19 02:33:48 ----A---- C:\WINDOWS\sed.exe
2008-12-19 02:33:48 ----A---- C:\WINDOWS\grep.exe
2008-12-19 02:33:48 ----A---- C:\WINDOWS\fdsv.exe
2008-12-19 02:33:28 ----D---- C:\WINDOWS\ERDNT
2008-12-19 02:33:28 ----D---- C:\Qoobox
2008-12-17 20:14:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-17 20:14:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 17:22:09 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-15 17:21:23 ----A---- C:\rapport.txt
2008-12-15 17:21:08 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2008-12-15 02:44:00 ----D---- C:\Program Files\Trend Micro
2008-12-15 01:52:19 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-14 21:42:35 ----SHD---- C:\WINDOWS\system32\90F6BCEC69C08600
2008-12-14 19:13:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 17:49:58 ----A---- C:\WINDOWS\system32\stu2.exe
2008-12-14 00:58:09 ----A---- C:\WINDOWS\system32\5fb84be1-.txt
2008-12-13 17:18:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 17:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 17:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 17:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 02:10:21 ----D---- C:\Documents and Settings\Mama\Application Data\CyberLink
2008-12-07 22:11:44 ----D---- C:\Program Files\Common Files\Kodak

======List of files/folders modified in the last 1 months======

2009-01-02 09:08:36 ----D---- C:\WINDOWS\Temp
2009-01-02 09:08:04 ----D---- C:\WINDOWS
2009-01-02 09:08:01 ----D---- C:\WINDOWS\system32
2009-01-01 13:22:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-01 13:21:31 ----D---- C:\WINDOWS\Prefetch
2009-01-01 13:19:03 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-01 13:18:52 ----D---- C:\WINDOWS\security
2009-01-01 13:18:50 ----D---- C:\WINDOWS\system32\drivers
2009-01-01 13:18:48 ----HD---- C:\WINDOWS\inf
2009-01-01 13:17:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-01 13:16:52 ----D---- C:\Program Files
2009-01-01 13:12:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-01 09:28:12 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-31 07:56:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-31 07:54:26 ----D---- C:\Program Files\Mozilla Firefox
2008-12-24 00:13:40 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-24 00:13:06 ----D---- C:\Program Files\Common Files
2008-12-24 00:09:13 ----SD---- C:\WINDOWS\Tasks
2008-12-23 23:51:23 ----SHD---- C:\Config.Msi
2008-12-23 23:48:55 ----RASH---- C:\boot.ini
2008-12-23 23:48:55 ----A---- C:\WINDOWS\win.ini
2008-12-23 23:48:55 ----A---- C:\WINDOWS\system.ini
2008-12-23 23:36:06 ----SHD---- C:\WINDOWS\Installer
2008-12-23 23:35:15 ----D---- C:\Program Files\Replay AV 8
2008-12-23 23:24:22 ----D---- C:\Program Files\FlashGet
2008-12-22 04:49:59 ----D---- C:\WINDOWS\AppPatch
2008-12-20 04:12:20 ----D---- C:\WINDOWS\system32\config
2008-12-20 04:10:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 02:48:20 ----SHD---- C:\WINDOWS\CSC
2008-12-14 19:12:35 ----A---- C:\WINDOWS\system32\svchost.exe
2008-12-13 17:20:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-13 17:17:49 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 17:17:25 ----D---- C:\Program Files\Internet Explorer
2008-12-13 17:17:09 ----D---- C:\WINDOWS\ie7updates
2008-12-13 17:16:54 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 22:13:06 ----RSD---- C:\WINDOWS\assembly
2008-12-07 22:09:11 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2008-12-06 01:59:10 ----D---- C:\Program Files\Piolet
2008-12-04 18:00:33 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-02-12 57440]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2008-06-13 386784]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2007-09-05 20480]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-12-14 14336]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2008-05-19 356434]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-02 09:09:43

======Uninstall list======

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
7-Zip 4.58 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 2.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Broadcom 440x 10/100 Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
Bulk Rename Utility-->MsiExec.exe /I{CB48E66B-2B62-4669-89B3-2C5E907222EA}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Comcast Toolbar-->C:\Program Files\ComcastToolbar\uninstall.exe
Crimson Editor (remove only)-->C:\Program Files\Crimson Editor\uninstall.exe
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
FileZilla Client 3.1.4.1-->C:\Program Files\FileZilla Client\uninstall.exe
Fotosizer 1.8.0.95-->C:\Program Files\Fotosizer\uninst.exe
GetPicturesList-->C:\Program Files\GetPicturesList\uninstall.exe
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Jasc Animation Shop 3-->MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
K-Lite Mega Codec Pack 2.01-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_c57c36\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Moyea FLV Downloader version 1.9.0.5-->"C:\Program Files\Moyea\FLV Downloader\unins000.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
Piolet 3.0.4-->"C:\WINDOWS\Piolet_Toolbar_Uninstaller_2484.exe" -hu _?=C:\Program Files\Piolet Toolbar
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
QuickBooks Simple Start 2008-->msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start 2008" ADDREMOVE=1 OEMVENDOR=DIRECT
RangeBooster G WUA-2340-->C:\Program Files\InstallShield Installation Information\{188CEE76-0503-4910-A845-E1DC45685DA0}\setup.exe -runfromtemp -l0x0009 -removeonly
Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

System event log

Computer Name: HOME-
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000BDBB44315. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 374
Source Name: Dhcp
Time Written: 20081214191940.000000-360
Event Type: warning
User:

Computer Name: HOME-
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000BDBB44315. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 373
Source Name: Dhcp
Time Written: 20081214191940.000000-360
Event Type: warning
User:

Computer Name: HOME-
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000BDBB44315. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 372
Source Name: Dhcp
Time Written: 20081214191940.000000-360
Event Type: warning
User:

Computer Name: HOME-
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000BDBB44315. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 371
Source Name: Dhcp
Time Written: 20081214191940.000000-360
Event Type: warning
User:

Computer Name: HOME-
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000BDBB44315. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 370
Source Name: Dhcp
Time Written: 20081214191940.000000-360
Event Type: warning
User:

Application event log

Computer Name: HOME-
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16608, faulting module flash9d.ocx, version 9.0.47.0, fault address 0x00099a25.

Record Number: 3451
Source Name: Application Error
Time Written: 20080426072848.000000-300
Event Type: error
User:

Computer Name: HOME-
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16608, faulting module flash9d.ocx, version 9.0.47.0, fault address 0x00099a25.

Record Number: 3450
Source Name: Application Error
Time Written: 20080422180807.000000-300
Event Type: error
User:

Computer Name: HOME-
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 3449
Source Name: SecurityCenter
Time Written: 20080421144328.000000-300
Event Type: information
User:

Computer Name: HOME-
Event Code: 1
Message:
Record Number: 3448
Source Name: sprtsvc_ddoctorv2
Time Written: 20080421144302.000000-300
Event Type: information
User:

Computer Name: HOME-
Event Code: 0
Message: Service started successfully.

Record Number: 3447
Source Name: QBCFMonitorService
Time Written: 20080421144251.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Step #1

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):


Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Java™ SE Runtime Environment 6




Step #2

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to update.

http://www.adobe.com/products/acrobat/readstep2.html



Step #3

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :processes
  explorer.exe
  
  :Files
  C:\32788R22FWJFW
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

I completed steps 1, 2, and 3.

Here are the results from OTMoveIt:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\32788R22FWJFW moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Mama\LOCALS~1\Temp\etilqs_hsFPYjeHX7Pkw8jMv9mY scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Mama\LOCALS~1\Temp\Perflib_Perfdata_1ec.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_350.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01032009_094608

Files moved on Reboot...
File C:\DOCUME~1\Mama\LOCALS~1\Temp\etilqs_hsFPYjeHX7Pkw8jMv9mY not found!
File C:\DOCUME~1\Mama\LOCALS~1\Temp\Perflib_Perfdata_1ec.dat not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_350.dat not found!
C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Mama\Local Settings\Application Data\Mozilla\Firefox\Profiles\2k02mz14.Marleshia\XUL.mfl moved successfully.