Active Random Error Message Problem!

[Active] Random Error Message Problem!

Hello, I've got a problem that I hope you can help me with. I'll give a condensed version of my story, if there's any questions understanding...please ask, I can go into great detail...

Recently, my computer (running XP) has begun having issues and launches all sorts of error messages. At startup (before the logon page appears) an error message shows up telling me that lsass.exe has encountered a problem and that the memory could not be "read ", and gives me the option to terminate or debug the process. Upon closing the message, yet another message pops up. When I close this one, another one pos up. Basically, there's a whole chain of error messages that keep popping up.
Also, there's error messages that pop up for any program that I launch. For example, when I launch firefox, an error message shows up telling me that firefox has encountered a problem and has to close, and gives me the option to debug, send an error report, or not send the report. This message occurs for any program that I launch, as well as many background processes. However, the message has also popped up for three programs I definitely did NOT have running... these are the names as they appear on the error message: "FI.exe ", "Freeware Implementation of Reg.exe ", and "Dr. Watson PostMortem Debugger ".

As requested, here are the DDS logs:

DDS (Ver_09-03-16.01) - NTFSx86
Run by at 15:21:01.64 on Sat 03/21/2009
Internet Explorer: 6.0.2900.2180

============== Pseudo HJT Report ===============

TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [CPUTray] c:\windows\system32\CPUTray.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [Zone Labs Client] c:\program files\zone labs\zonealarm\zlclient.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [VTTimer] VTTimer.exe
mRun: [RestoreIT!] "c:\program files\phoenix technologies\cme\rpro\ xp\VBPTASK.EXE" VBStart
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [KTPWare] c:\program files\elantech\Ktp.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [AudioDeck] c:\program files\viaudioi\sbadeck\ADeck.exe 1
mRun: [LogonStudio] "c:\program files\logonstudio\logonstudio.exe" /RANDOM
mRun: [Guard] "c:\program files\phoenix technologies\cme\guard\Guard.exe" /background
mRun: [Eval] "c:\program files\phoenix technologies\cme\rpro\eval\Eval.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [avast!] c:\progra~1\avast4\ashDisp.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe "
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: wbsys.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\kf5d1fvq.numba7\
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\kf5d1fvq.numba7\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-20 19:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-20 19:35 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-03-20 19:35 <DIR> --d----- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2009-03-19 22:52 0 a------t c:\windows\10D62E.dmp
2009-03-18 20:50 <DIR> --d----- c:\program files\Trend Micro
2009-03-18 20:27 <DIR> --d----- c:\program files\CCleaner
2009-03-16 21:57 <DIR> --d----- c:\program files\Mozilla Firefox Deleted Junk
2009-03-09 19:21 <DIR> --d----- c:\docume~1\user\applic~1\Desktopicon
2009-03-09 19:21 <DIR> --d----- c:\program files\Unlocker
2009-03-09 19:16 <DIR> --d----- c:\program files\Avast4
2009-03-08 21:50 <DIR> --d----- c:\program files\Avira Anti Rootkit
2009-03-01 18:32 <DIR> --d----- c:\windows\wt

==================== Find3M ====================

2009-01-28 16:25 5,261,824 a------- c:\windows\system32\logonuiX.exe
2009-01-28 16:18 1,014,784 a------- c:\windows\system32\RCXA6.tmp

============= FINISH: 15:22:25.75 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/26/2006 6:25:45 AM
System Uptime: 3/21/2009 2:56:57 PM (1 hours ago)

Motherboard: AVERATEC | | 3700 Series

==== Installed Programs ======================

3Com HomeConnect Cable Modem External with USB
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.5
Adobe Shockwave Player
AIM Pro
AIM Search
AlienGUIse Theme Manager
AOL Instant Messenger
Athlon 64 Processor Driver
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
Autodesk MapGuide(R) Viewer Plug-In Release 6.5
avast! Antivirus
AVI to MPEG Converter
Avira RootKit Detection
AviScreen Classic Version 1.3
BitComet 1.06
ccCommon
CCleaner (remove only)
Config2500 WLAN Software 3.0.1.0
CPU Speed High / Low Status Application
Cycles3D (remove only)
DeepRipper v 1.1
DVD Shrink 3.2
Gadwin PrintScreen
Glary Utilities 2.8.0.366
Google Video Player
Grand Theft Auto Vice City
GraphCalc v4.0.1
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
I8kfanGUI V3.1
Internet Worm Protection
iTunes
IZArc 3.81
J2SE Development Kit 5.0 Update 9
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
JCreator LE 4.00
KTP Ware PS/2-WDM 5.0.2.1
KX-TA Maintenance Console
Lexmark 510 Series
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
LogonStudio
Magic ISO Maker v5.5 (build 0272)
Malwarebytes' Anti-Malware
MediaShow 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Halo Trial
Microsoft Office Standard Edition 2003
Motorola Phone Tools
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.7)
Mozilla Thunderbird (1.5)
MSN
MSXML 4.0
MSXML 4.0 SP2 Parser and SDK
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton WMI Update
O2Micro Flash Memory Card Windows Driver
Phoenix Core Managed Environment (cME)
Phoenix FirstWare Recover Pro 2004
Power2Go 4.0
PowerDVD
PowerProducer
PowerStarter
ProntoEdit NG
PSP Video Express(remove only)
QuickTime
RealPlayer
RollerCoaster Tycoon® 3
S3GSetup
SecondLife (remove only)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SnagIt 8
SopCast 2.0.4
SPBBC
SpeedFan (remove only)
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Symantec
Symantec Network Drivers Update
Symantec Script Blocking Installer
SymNet
Trillian
Uniblue RegistryBooster 2009
Unlocker 1.8.7
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
VC User CRT71 RTL X86 ---
VC User MFC71 RTL X86 ---
VIA Rhine-Family Fast Ethernet Adapter
VIA Vinyl Audio Codecs Driver Setup Program
VIA/S3G Display Driver
WebFldrs XP
WinBoss Classic Version 1.2
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinZip 11.2
Yahoo! Install Manager
Yahoo! Messenger
ZoneAlarm

==== End Of File ===========================

 

Hi RobStewart
Welcome to WindowsBBS.

I see you have P2P software ( Limewire, BitTorrent, BitComet, uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.


Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Thanks
Geri

 

Yes, I have BitComet. However, I only downloaded to download one other program. This occurred around 6 months ago, outside of the time frame of my infection. I do not use it anymore.

 

Hi
OK, the Combofix log please.

Thanks
Geri

 

Ok, I ran into a problem running ComboFix. The program launched and started, but the error messages kept popping up. Then, my computer restarted itself.
When it rebooted, the error messages were flooding and freezing up my computer. The first message that pops up is an error message for lsass.exe. Whether or not I close this message, the computer freezes. So, I closed it...but it started an automatic shutdown timer. I ran shutdown -a, which stopped the shutdown, but the automatic shutdown timer window froze. I launched task manager, which freezed after awhile too.
The above events occured no matter what I did. Within 5 minutes, the computer froze up to the point of unusability, (task manager included). The mouse moved, but the response time of the OS was severely delayed. Pressing ctrl-alt-del did nothing. Clicking on anything brought about no response.
Oh and another thing to note: all of the options in the shutdown menu (from both the start menu and from task manager) did not work. I clicked on them, but nothing happened.
To solve this, I disabled the WIN.INI and SYSTEM.INI files from starting up, and the computer works fine again. There's no random error messages, restarts, or seizures...yet. I ran ComboFix, but I'm not sure how well the log will inform you of my problem. Here's the log.

ComboFix 09-03-22.01 - user 2009-03-23 22:28:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.137 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix23.exe
AV: avast! antivirus 4.8.1335 [VPS 090323-0] *On-access scanning disabled* (Updated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: ZoneAlarm Firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\RCX8C.tmp
c:\windows\system32\RCXA6.tmp
c:\windows\system32\setup.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-20 19:36 . 2009-03-20 19:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-20 19:35 . 2009-03-20 19:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-20 19:35 . 2009-03-20 19:35 <DIR> d-------- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-03-19 22:52 . 2009-03-19 22:52 0 --a----t- c:\windows\10D62E.dmp
2009-03-18 20:50 . 2009-03-18 20:50 <DIR> d-------- c:\program files\Trend Micro
2009-03-18 20:27 . 2009-03-18 20:27 <DIR> d-------- c:\program files\CCleaner
2009-03-16 21:57 . 2009-03-16 21:57 <DIR> d-------- c:\program files\Mozilla Firefox Deleted Junk
2009-03-09 19:21 . 2009-03-18 20:07 <DIR> d-------- c:\program files\Unlocker
2009-03-09 19:21 . 2009-03-09 19:21 <DIR> d-------- c:\documents and settings\user\Application Data\Desktopicon
2009-03-09 19:16 . 2009-03-09 19:16 <DIR> d-------- c:\program files\Avast4
2009-03-08 21:50 . 2009-03-08 21:52 <DIR> d-------- c:\program files\Avira Anti Rootkit
2009-03-01 18:32 . 2009-03-18 20:59 <DIR> d-------- c:\windows\wt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 03:15 35,012 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_03_23_22_00_01_small.dmp.zip
2009-03-24 03:14 2,723,328 ----a-w c:\windows\Internet Logs\xDB2A.tmp
2009-03-24 02:58 38,279 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_03_23_21_48_19_small.dmp.zip
2009-03-24 02:47 47,756 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_03_23_20_33_25_small.dmp.zip
2009-03-24 01:07 51,362 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_03_23_20_04_05_small.dmp.zip
2009-03-24 01:07 51,038 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_03_23_20_07_02_small.dmp.zip
2009-03-24 01:02 993,792 ----a-w c:\windows\Internet Logs\xDB29.tmp
2009-03-21 19:58 13,928,923 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_21_14_40_32_full.dmp.zip
2009-03-21 19:47 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-21 18:38 --------- d-----w c:\program files\Trojan Guarder Gold Version
2009-03-20 03:36 11,413,301 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-20 03:30 2,712,064 ----a-w c:\windows\Internet Logs\xDB28.tmp
2009-03-19 01:10 --------- d-----w c:\program files\AIM6
2009-03-10 00:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-09 02:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 00:40 2,608,640 ----a-w c:\windows\Internet Logs\xDB27.tmp
2009-02-28 00:25 --------- d-----w c:\program files\SpeedFan
2009-02-22 05:24 654,848 ----a-w c:\windows\Internet Logs\xDB25.tmp
2009-02-22 05:24 2,593,792 ----a-w c:\windows\Internet Logs\xDB26.tmp
2009-02-06 02:16 --------- d-----w c:\program files\I8kfanGUI
2009-02-03 00:00 --------- d-----w c:\program files\Autodesk
2009-01-31 04:40 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-31 04:40 --------- d-----w c:\documents and settings\user\Application Data\Malwarebytes
2009-01-31 04:40 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-31 04:37 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-30 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-28 21:25 5,261,824 ----a-w c:\windows\system32\logonuiX.exe

------- Sigcheck -------

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-04 07:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
2008-11-27 20:55 359808 21ed4b2780d9142de292e384e9347c02 c:\windows\system32\dllcache\tcpip.sys
2008-11-27 20:55 359808 21ed4b2780d9142de292e384e9347c02 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig "= "c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"avast! "= "c:\progra~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost "= "c:\windows\system32\logonui.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc "= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"aux "= c:\windows\system32\..\nwijspy.jxk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trojan Guarder Gold Version.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trojan Guarder Gold Version.lnk
backup=c:\windows\pss\Trojan Guarder Gold Version.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Alienware Dock.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Alienware Dock.lnk
backup=c:\windows\pss\Alienware Dock.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-03-04 01:20 512000 c:\program files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-03-23 15:34 58992 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPUTray]
--a------ 2005-05-13 17:46 212992 c:\windows\system32\CPUTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eval]
--a------ 2004-11-10 19:39 1826816 c:\program files\Phoenix Technologies\cME\RPro\Eval\Eval.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
--a------ 2008-12-09 06:08 495616 c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard]
--a------ 2004-10-11 15:53 532480 c:\program files\Phoenix Technologies\cME\Guard\guard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i8kfangui]
--a------ 2007-02-16 11:58 856064 c:\program files\I8kfanGUI\I8kfanGUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 09:36 256576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTPWare]
--a------ 2005-03-02 00:46 253952 c:\program files\Elantech\Ktp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 18:38 987187 c:\program files\LogonStudio\LogonStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--a------ 2006-08-08 20:32 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 18:58 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-07-15 03:07 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreIT!]
--a------ 2004-10-11 01:18 114688 c:\program files\Phoenix Technologies\cME\RPro\ XP\vbptask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-15 16:17 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2006-02-25 14:34 100056 c:\progra~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-08 20:32 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 11:48 2019624 c:\documents and settings\user\desktop\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-01 23:15 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-09-13 13:17 4621816 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2006-03-16 10:34 755480 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2004-12-29 02:01 544768 c:\windows\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-07 14:33 53248 c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2005-01-10 18:33 143360 c:\windows\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe "=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11958:TCP "= 11958:TCP:BitComet 11958 TCP
"11958:UDP "= 11958:UDP:BitComet 11958 UDP

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-07-17 32320]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-07-17 23200]
R0 ptpd;Disk Filter Driver;c:\windows\system32\drivers\ptpd.sys [2005-07-21 6656]
R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [2005-07-21 43512]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-09 114768]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2009-02-05 14464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-09 20560]
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2005-07-17 26112]
R3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [2005-07-21 36096]
S3 3CCMUSB;3Com HomeConnect Cable Modem External with USB Driver;c:\windows\system32\drivers\3ccmusb.sys [2006-06-07 30096]
S3 fspio;fspio;c:\windows\system32\drivers\fspio.sys [2009-02-05 3816]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 TEUSBMU;Panasonic Analog PBX USB Main Unit driver;c:\windows\system32\drivers\TEUSBMU.sys [2006-09-06 20992]
S3 UXDCMN;UXDCMN;\??\e:\winstress\UXDCMN.SYS --> e:\winstress\UXDCMN.SYS [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Browser
*Deregistered* - ccEvtMgr
*Deregistered* - ccSetMgr
*Deregistered* - cisvc
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LexBceS
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NPFMntor
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SBService
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SPBBCSvc
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - upnphost
*Deregistered* - vsmon
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e37fe446-ba2e-11dc-aae1-0013d368a5bc}]
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - E:\portablevaultaes.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities (Cleaning)\initialize.exe [2008-10-29 17:58]

2009-03-21 c:\windows\Tasks\Norton AntiVirus - Scan my computer - user.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 12:20]

2009-03-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 19:26]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.averatec.com/
mStart Page = hxxp://www.averatec.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\kf5d1fvq.Numba7\
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\kf5d1fvq.Numba7\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 22:31:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2475040755-2492608985-4065035123-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2009-03-23 22:48:57
ComboFix-quarantined-files.txt 2009-03-24 03:48:26

Pre-Run: 61,589,798,912 bytes free
Post-Run: 61,692,174,336 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
328

 

Hi
OK please do this.

You have 2 Anti virus programs and 2 Firewalls.

I see that Norton is disabled, is that by choice? If so lets get it off your system.

You should only have 1 AV and 1 Firewall.

Go here and run the Norton Removal Tool for the product version you have.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039


Now do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Code:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
 "aux "=- 

If Combofix does not reboot your computer, please do so.

Please reinable the WIN.INI and SYSTEM.INI files.

Let me know if there was any improvement, and post the new Combofix log.

Thanks
Geri

 

Hey, my computer seems to be running all right now. I ran combofix again, and then re-enabled those ini files. There doesn't seem to be a problem with any random messages at the moment...

Log:

ComboFix 09-03-22.01 - Dube 2009-04-16 21:08:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.78 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix23.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090323-0] *On-access scanning disabled* (Outdated)
AV: Norton AntiVirus 2005 *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-03-20 19:36 . 2009-03-20 19:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-20 19:35 . 2009-03-20 19:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-20 19:35 . 2009-03-20 19:35 <DIR> d-------- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-03-19 22:52 . 2009-03-19 22:52 0 --a----t- c:\windows\10D62E.dmp
2009-03-18 20:50 . 2009-03-18 20:50 <DIR> d-------- c:\program files\Trend Micro
2009-03-18 20:27 . 2009-03-18 20:27 <DIR> d-------- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 00:41 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-12 12:54 701,952 ----a-w c:\windows\Internet Logs\xDB2D.tmp
2009-04-12 12:53 2,756,608 ----a-w c:\windows\Internet Logs\xDB2E.tmp
2009-04-03 20:24 2,749,952 ----a-w c:\windows\Internet Logs\xDB2C.tmp
2009-03-31 03:01 2,743,296 ----a-w c:\windows\Internet Logs\xDB2B.tmp
2009-03-26 01:04 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-24 03:15 35,012 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_03_23_22_00_01_small.dmp.zip
2009-03-24 03:14 2,723,328 ----a-w c:\windows\Internet Logs\xDB2A.tmp
2009-03-24 02:58 38,279 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_03_23_21_48_19_small.dmp.zip
2009-03-24 02:47 47,756 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_03_23_20_33_25_small.dmp.zip
2009-03-24 01:07 51,362 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_03_23_20_04_05_small.dmp.zip
2009-03-24 01:07 51,038 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_03_23_20_07_02_small.dmp.zip
2009-03-24 01:02 993,792 ----a-w c:\windows\Internet Logs\xDB29.tmp
2009-03-21 19:58 13,928,923 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_21_14_40_32_full.dmp.zip
2009-03-21 18:38 --------- d-----w c:\program files\Trojan Guarder Gold Version
2009-03-20 03:36 11,413,301 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-20 03:30 2,712,064 ----a-w c:\windows\Internet Logs\xDB28.tmp
2009-03-19 01:10 --------- d-----w c:\program files\AIM6
2009-03-19 01:07 --------- d-----w c:\program files\Unlocker
2009-03-17 02:57 --------- d-----w c:\program files\Mozilla Firefox Deleted Junk
2009-03-10 00:27 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-10 00:21 --------- d-----w c:\documents and settings\user\Application Data\Desktopicon
2009-03-10 00:16 --------- d-----w c:\program files\Avast4
2009-03-09 02:52 --------- d-----w c:\program files\Avira Anti Rootkit
2009-03-09 02:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 00:40 2,608,640 ----a-w c:\windows\Internet Logs\xDB27.tmp
2009-02-28 00:25 --------- d-----w c:\program files\SpeedFan
2009-02-22 05:24 654,848 ----a-w c:\windows\Internet Logs\xDB25.tmp
2009-02-22 05:24 2,593,792 ----a-w c:\windows\Internet Logs\xDB26.tmp
2009-01-28 21:25 5,261,824 ----a-w c:\windows\system32\logonuiX.exe

------- Sigcheck -------

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2004-08-04 07:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
2008-11-27 20:55 359808 21ed4b2780d9142de292e384e9347c02 c:\windows\system32\dllcache\tcpip.sys
2008-11-27 20:55 359808 21ed4b2780d9142de292e384e9347c02 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-03-23_22.32.35.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-16 21:57:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_764.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager "= "c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-09-13 4621816]
"Uniblue RegistryBooster 2009 "= "c:\documents and settings\user\Desktop\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"Power2GoExpress "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"i8kfangui "= "c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Gadwin PrintScreen "= "c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast! "= "c:\progra~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Zone Labs Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 755480]
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-08 180269]
"Symantec NetDriver Monitor "= "c:\progra~1\SYMNET~1\SNDMon.exe" [2006-02-25 100056]
"RestoreIT! "= "c:\program files\Phoenix Technologies\cME\RPro\ XP\VBPTASK.EXE" [2004-10-11 114688]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"LogonStudio "= "c:\program files\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"KTPWare "= "c:\program files\Elantech\Ktp.exe" [2005-03-02 253952]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"Guard "= "c:\program files\Phoenix Technologies\cME\Guard\Guard.exe" [2004-10-11 532480]
"Eval "= "c:\program files\Phoenix Technologies\cME\RPro\Eval\Eval.exe" [2004-11-10 1826816]
"CPUTray "= "c:\windows\system32\CPUTray.exe" [2005-05-13 212992]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-03-23 58992]
"AudioDeck "= "c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"VTTrayp "= "VTtrayp.exe" [2005-01-10 c:\windows\system32\VTTrayp.exe]
"VTTimer "= "VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
"SMSERIAL "= "sm56hlpr.exe" [2004-12-29 c:\windows\sm56hlpr.exe]

c:\documents and settings\user\Start Menu\Programs\Startup\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-11-21 2074360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Trojan Guarder Gold Version.lnk - c:\program files\Trojan Guarder Gold Version\Trojan Guarder.exe [2009-01-21 620544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost "= "c:\windows\system32\logonui.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc "= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe "=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11958:TCP "= 11958:TCP:BitComet 11958 TCP
"11958:UDP "= 11958:UDP:BitComet 11958 UDP

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-07-17 32320]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-07-17 23200]
R0 ptpd;Disk Filter Driver;c:\windows\system32\drivers\ptpd.sys [2005-07-21 6656]
R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [2005-07-21 43512]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-09 114768]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2009-02-05 14464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-09 20560]
R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2005-07-17 26112]
R3 PhnxVcd;PhnxVcd;c:\windows\system32\drivers\phnxvcd.sys [2005-07-21 36096]
S3 3CCMUSB;3Com HomeConnect Cable Modem External with USB Driver;c:\windows\system32\drivers\3ccmusb.sys [2006-06-07 30096]
S3 fspio;fspio;c:\windows\system32\drivers\fspio.sys [2009-02-05 3816]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 TEUSBMU;Panasonic Analog PBX USB Main Unit driver;c:\windows\system32\drivers\TEUSBMU.sys [2006-09-06 20992]
S3 UXDCMN;UXDCMN;\??\e:\winstress\UXDCMN.SYS --> e:\winstress\UXDCMN.SYS [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e37fe446-ba2e-11dc-aae1-0013d368a5bc}]
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - E:\portablevaultaes.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities (Cleaning)\initialize.exe [2008-10-29 17:58]

2009-03-21 c:\windows\Tasks\Norton AntiVirus - Scan my computer - user.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 12:20]

2009-04-16 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 19:26]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.averatec.com/
mStart Page = hxxp://www.averatec.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\kf5d1fvq.Numba7\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\kf5d1fvq.Numba7\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 21:09:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2475040755-2492608985-4065035123-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2009-04-16 21:13:40
ComboFix-quarantined-files.txt 2009-04-17 02:12:44
ComboFix2.txt 2009-03-24 03:48:59

Pre-Run: 61,446,397,952 bytes free
Post-Run: 61,433,614,336 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
234

 

Hi
OK the log looks good.
Did you remove 1 of the Anti Virus programs?

Still shows 2 in the Combofix log.

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now lets get a on line scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Geri