Solved Virus Removal Help

[Resolved] Virus Removal Help

A few days ago I acquired a virus from somewhere. Not particularly sure where, could have been a jump drive that was infected or from a shareware program... It bypassed all of my anti virus programs. It tried to connect me to another network, I think. My Comodo Firewall is constantly popping up saying that BN14 or BN(any number or letter) is trying to access some place or modify a registry key. I ran some scans with Malwarebyte's anti virus. I'll post that log on a separate post. I also ran a Spybot scan and it removed some things. I'm not sure if I have that log though. I'll try to find it. I would really appreciate any help. Please and thank you.

 

Here is the MBAM log.
Malwarebytes' Anti-Malware 1.36
Database version: 2016
Windows 5.1.2600 Service Pack 3

4/21/2009 4:59:16 PM
mbam-log-2009-04-21 (16-58-35).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|L:\|)
Objects scanned: 188517
Time elapsed: 2 hour(s), 11 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 46

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NetPumper (Adware.NetPumper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: lfchp4.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digiwet.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\LFCHP4.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\COMODO\COMODO Internet Security\Quarantine\port135sik.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TJFZ3E5L\load[1].exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN18.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN19.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN1A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN1B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN1C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN1D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN1E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN1F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN20.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN21.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN27.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN2C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN2D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN44.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN47.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN52.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN56.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN57.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN58.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN59.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN5A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN5B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN5C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN62.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN65.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN6D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN70.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN76.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN79.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN7A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN7B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN7C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN7D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN7E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN7F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN80.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN81.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN82.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN83.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\temp\BN84.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\digiwet.dll (Trojan.Agent) -> No action taken.

 

And here is the stuff that SPybot did I think.

-- Report generated: 2009-04-19 20:38 ---

SearchPixieBar: [SBI $B4D617E4] Settings (Registry key, fixed)
HKEY_USERS\PE_C_GUEST\Software\BestToolbars\IEToolbar

FunWebProducts: [SBI $8CC75C5A] Settings (Registry value, fixed)
HKEY_USERS\PE_C_GUEST\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}

MyWay.MyWebSearch: [SBI $6404C538] Settings (Registry key, fixed)
HKEY_USERS\PE_C_GUEST\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: [SBI $B1C70274] Browser helper object (Registry key, fixed)
HKEY_USERS\PE_C_GUEST\Software\MyWebSearch

MyWay.MyWebSearch: [SBI $BF485355] IE toolbar (Registry value, fixed)
HKEY_USERS\PE_C_GUEST\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: [SBI $205CC8F2] Settings (Registry key, fixed)
HKEY_USERS\PE_C_GUEST\Software\FunWebProducts


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-07-07 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2006-03-27 unins000.exe (51.41.0.0)
2009-04-19 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2009-03-25 Includes\Adware.sbi (*)
2009-03-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-03-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-03-03 Includes\HijackersC.sbi (*)
2009-03-17 Includes\Keyloggers.sbi (*)
2009-03-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-04-07 Includes\Malware.sbi (*)
2009-04-14 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-03-31 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-03-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-04-07 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti
2009-04-15 Includes\Trojans.sbi (*)
2009-04-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

 

--- Report generated: 2009-04-18 19:57 ---

Hint of the Day: Click the bar at the right of this to see more information! ()

And here's other stuff it did.


Microsoft.Windows.AppFirewallBypass: [SBI $64F78B9F] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\userinit.exe

Microsoft.Windows.AppFirewallBypass: [SBI $9D9B505C] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\userinit.exe


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-08-14 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2008-09-16 TeaTimer.exe (1.6.3.25)
2006-03-27 unins000.exe (51.41.0.0)
2009-01-11 unins001.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-11-04 Includes\Adware.sbi (*)
2008-12-29 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-06 Includes\DialerC.sbi (*)
2008-07-22 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2009-01-04 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2009-01-06 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2009-01-06 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2009-01-06 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-01-05 Includes\Trojans.sbi (*)
2009-01-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

 

This is the Attach file from the DDS scan.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2005 7:04:39 AM
System Uptime: 4/23/2009 3:49:24 PM (1 hours ago)

Motherboard: First International Computer, Inc. | | K8M-800M
Processor: AMD Sempron(tm) Processor 3300+ | Socket 940 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 145 GiB total, 109.759 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.721 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
L: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: VIA AC'97 Audio Controller (WDM)
Device ID: ROOT\MEDIA\0001
Manufacturer: VIA Technologies, Inc.
Name: VIA AC'97 Audio Controller (WDM)
PNP Device ID: ROOT\MEDIA\0001
Service: VIAudio

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SiS 7018 Audio Driver
Device ID: ROOT\MEDIA\0002
Manufacturer: Silicon Integrated Systems Corp.
Name: SiS 7018 Audio Driver
PNP Device ID: ROOT\MEDIA\0002
Service: SiS7018

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: MPU-401 Compatible MIDI Device
Device ID: ROOT\MEDIA\0004
Manufacturer: Microsoft
Name: MPU-401 Compatible MIDI Device
PNP Device ID: ROOT\MEDIA\0004
Service: ms_mpu401

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: YAMAHA OPL3-SAx WDM Driver
Device ID: ROOT\UNKNOWN\0001
Manufacturer: Yamaha
Name: YAMAHA OPL3-SAx WDM Driver
PNP Device ID: ROOT\UNKNOWN\0001
Service: wdm_opl3sax

==== System Restore Points ===================

RP1053: 4/19/2009 4:48:39 AM - System Checkpoint
RP1054: 4/22/2009 6:32:59 AM - System Checkpoint
RP1055: 4/22/2009 1:17:32 PM - System Checkpoint
RP1056: 4/22/2009 4:03:30 PM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Actiontec Gateway
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0
Adobe Shockwave Player 11
Ai AIM Plugin
AIM 6
AOL You've Got Pictures Screensaver
Apple Software Update
Ask Toolbar
AutoUpdate
AviDecode
BufferChm
Choice Guard
CiD Help
Comcast High-Speed Internet Install Wizard
COMODO Internet Security
COMODO SafeSurf
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Media Reader
DivX
DivX Content Uploader
DivX Player
DivX Web Player
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
eSupportQFolder
Final Fantasy VII - Ultima Edition
Give4Free Plugin
GPBaseService
GTOneCare
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
Icewind Dale II
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_12
Java(TM) 6 Update 4
LimeWire 4.16.6
LiveUpdate 2.5 (Symantec Corporation)
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
MagicDisc 2.6.93
Malwarebytes' Anti-Malware
MarketResearch
Merzmorize Screen Saver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Protection Service
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Windows Journal Viewer
Microsoft Windows Live OneCare Resources v2.5.2900.20
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
Microsoft Works
Mozilla Firefox (3.0.8)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
MVision
ObjectBar
Octoshape add-in for Adobe Flash Player
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
OpenOffice.org 2.4
Project64 1.6
PSSWCORE
PX Engine
QuickConnect
QuickTime
Qwest QuickAssist Desktop Tools
Qwest QuickCare 2.2
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Recovery Software Suite eMachines
Rhapsody Player Engine
S3GSetup
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Shop for HP Supplies
SmartWebPrintingOC
SoftV92 Data Fax Modem with SmartCP
SolutionCenter
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Status
Symantec Network Drivers Update
System Requirements Lab
TBS WMP Plug-in
Tibia
Toolbox
TrayApp
UMVPLStandalone
UnloadSupport
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA/S3G Display Driver
VideoToolkit01
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Support Tools
Windows XP Service Pack 3
WinRAR archiver
WLTB Custom Buttons
Yahoo! ¤u¨Ã£¦C

==== Event Viewer Messages From Past Week ========

4/22/2009 7:34:28 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
4/22/2009 6:28:14 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'dnserror[1]' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/22/2009 3:31:29 PM, error: Service Control Manager [7034] - The Windows Live OneCare Health Monitor service terminated unexpectedly. It has done this 1 time(s).
4/22/2009 10:57:19 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\wuapi.dll. Reference error message: The operation completed successfully. .
4/22/2009 10:49:53 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\wuauclt.exe. Reference error message: The operation completed successfully. .
4/22/2009 10:19:12 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .
4/22/2009 10:19:12 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Microsoft Windows OneCare Live\WinSSPlatform.dll. Reference error message: The operation completed successfully. .
4/22/2009 10:00:15 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .
4/22/2009 10:00:13 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\TAPI32.dll. Reference error message: The operation completed successfully. .
4/22/2009 10:00:03 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
4/22/2009 10:00:03 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .
4/22/2009 10:00:03 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .
4/22/2009 1:18:21 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
4/21/2009 8:36:50 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
4/21/2009 8:30:55 PM, error: MSFWDrv [12] - The driver detected an internal driver error on .
4/20/2009 3:15:56 PM, error: Service Control Manager [7022] - The Telephony service hung on starting.
4/20/2009 3:15:56 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: After starting, the service hung in a start-pending state.
4/20/2009 10:11:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/20/2009 10:11:21 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/19/2009 4:43:46 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/19/2009 4:43:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
4/18/2009 8:47:06 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
4/18/2009 8:40:04 PM, error: W32Time [46] - The time service encountered an error and was forced to shut down. The error was: 0x800706BA
4/18/2009 8:40:04 PM, error: SRService [104] - The System Restore initialization process failed.
4/18/2009 8:40:04 PM, error: Distributed Link Tracking Client [12502] - Service failed to start. Error = 80070862
4/18/2009 8:40:04 PM, error: Distributed Link Tracking Client [12500] - An internal error occured in Distributed Link Tracking. The error code was 80070862.
4/18/2009 7:49:40 PM, error: Service Control Manager [7034] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 5 time(s).
4/18/2009 7:42:38 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/18/2009 7:35:34 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/18/2009 7:27:30 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/18/2009 7:19:08 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
4/18/2009 7:14:06 PM, error: MSFWDrv [9] - The device, , did not respond within the timeout period.
4/18/2009 6:52:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL TopSpeed Monitor service to connect.
4/18/2009 6:43:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WindowsShell.Manifest. Reference error message: Error Message is unavailable .
4/18/2009 6:43:30 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\COMCTL32.DLL. Reference error message: The operation completed successfully. .
4/18/2009 11:45:15 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
4/16/2009 5:31:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
4/16/2009 5:31:30 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

 

And here's the DDS log.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 16:25:52.90 on Thu 04/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.111 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Outdated)
FW: Windows Live OneCare Firewall *enabled*
FW: COMODO Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\Documents and Settings\Owner\Owner.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comodo.com/search/
mStart Page = hxxp://qwest.live.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! ¤u¨Ã£¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Yahoo! ¤u¨Ã£¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Owner] c:\documents and settings\owner\Owner.exe /i
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - ?p=ZUfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: myspace.com\ www
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} - hxxp://www.gamescampus.com/xiah/luncher/GamesCampus.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll, digiwet.dll
LSA: Notification Packages = scecli LFCHP4.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\fxl85fro.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - SearchKindly.org
FF - prefs.js: browser.startup.homepage - hxxp://searchkindly.org/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-12 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-1-12 24336]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-1-12 700152]
S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S2 fips32cup;fips32cup;\??\c:\windows\system32\drivers\fips32cup.sys --> c:\windows\system32\drivers\fips32cup.sys [?]
S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S2 systemntmi;systemntmi;\??\c:\windows\system32\drivers\systemntmi.sys --> c:\windows\system32\drivers\systemntmi.sys [?]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2003-11-17 99476]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-1-11 38496]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [2006-3-23 15104]
S3 wdm_opl3sax;YAMAHA OPL3-SAx Audio Driver (WDM);c:\windows\system32\drivers\opl3sax.sys [2006-11-3 54528]

=============== Created Last 30 ================

2009-04-18 10:48 20,961 ----h--- c:\documents and settings\owner\Owner.exe
2009-04-18 10:47 18,432 a------- c:\windows\system32\digiwet.dll
2009-04-15 12:47 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 12:47 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 12:47 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 12:47 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 12:47 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 12:47 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 12:47 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 12:47 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 12:47 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 12:46 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 12:46 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 12:46 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-09 22:01 <DIR> --d----- c:\documents and settings\owner\Tracing
2009-04-09 21:55 <DIR> --d----- c:\program files\Microsoft
2009-04-09 21:55 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-09 21:27 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-04-18 21:01 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-04-18 20:55 155,384 a------- c:\windows\system32\guard32.dll
2009-04-18 20:55 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-04-10 07:06 11,558 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2008-09-03 21:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 16:28:04.01 ===============

 

Oh yeah, The computer has been moving very slowly and when it starts up it freezes when it's setting up Network Connections. Also it shuts off out of nowhere sometimes.

 

and svchost always fails.

 

Hi and welcome


Let me see if I can help.


Please go to your add/remove programs list and uninstall the below applications.

Ask Toolbar
CiD Help
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_12


Next, we need to get a handle on how many antivirus and firewalls are on the computer

AV: COMODO Antivirus *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Outdated)
FW: Windows Live OneCare Firewall *enabled*
FW: COMODO Firewall *disabled*

Please get this down to 1 Antivirus and 1 Firewall or attempts we make to clean the computer will be hindered or corrupted.

Please take care of this first before continuing.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

ComboFix Log

ComboFix 09-05-06.02 - Owner 05/06/2009 19:35.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.187 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning disabled* (Outdated)
FW: COMODO Firewall *disabled*
FW: Windows Live OneCare Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\digiwet.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-07 to 2009-05-07 )))))))))))))))))))))))))))))))
.

2009-04-24 23:42 . 2009-04-24 23:42 -------- d-----w c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-04-24 23:41 . 2009-04-24 23:41 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-04-15 19:47 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 19:47 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 19:47 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 19:47 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 19:47 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 19:47 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 19:47 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 19:47 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 19:47 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 19:46 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 19:46 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 05:01 . 2009-05-07 02:46 -------- d-----w c:\documents and settings\Owner\Tracing
2009-04-10 04:55 . 2009-04-10 04:55 -------- d-----w c:\program files\Microsoft
2009-04-10 04:55 . 2009-04-10 04:55 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-10 04:27 . 2009-04-10 04:27 -------- d-----w c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 02:52 . 2008-08-28 23:02 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-05-06 23:44 . 2005-07-29 12:24 -------- d-----w c:\program files\Java
2009-04-20 23:24 . 2006-03-18 14:25 -------- d-----w c:\program files\Web Accelerator
2009-04-20 22:41 . 2009-01-12 06:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 22:26 . 2007-04-04 22:29 -------- d--h--w c:\program files\Give4Free Plugin
2009-04-20 02:15 . 2006-03-27 22:20 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-19 04:01 . 2009-01-13 00:03 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-19 03:55 . 2009-01-13 00:03 155384 ----a-w c:\windows\system32\guard32.dll
2009-04-19 03:55 . 2009-01-13 00:03 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-16 23:32 . 2005-12-25 17:50 55920 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 23:31 . 2008-08-30 21:03 -------- d-----w c:\program files\Tibia
2009-04-10 14:06 . 2006-02-14 02:06 11558 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-04-10 04:59 . 2008-02-29 09:12 -------- d-----w c:\program files\Windows Live
2009-04-06 22:32 . 2009-01-12 06:18 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2009-01-12 06:18 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-18 02:43 . 2006-04-15 14:40 -------- d-----w c:\program files\LimeWire
2009-03-13 04:21 . 2005-07-29 12:28 -------- d-----w c:\program files\Common Files\Adobe
2009-03-06 14:22 . 2004-08-26 16:12 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-26 16:12 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-26 16:11 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-26 16:11 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-26 16:12 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-26 16:12 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-26 16:11 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2004-08-26 16:12 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 02:02 . 2004-08-04 05:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-07 01:52 . 2009-02-07 01:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-26 16:12 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2004-08-26 16:12 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-26 16:12 35328 ----a-w c:\windows\system32\sc.exe
.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck "= "c:\windows\system32\dumprep 0 -u" [X]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"COMODO SafeSurf "= "c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-13 278264]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-04-19 1851128]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=" "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Check for OneTouch Updates.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Check for OneTouch Updates.lnk
backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"c:\\Program Files\\Common Files\\AOL\\1216603751\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Common Files\\AOL\\1216603751\\EE\\aolsoftware.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\WINDOWS\\system32\\WgaTray.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSTE08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqbam08.exe "=
"c:\\Program Files\\AIM6\\aolsoftware.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe "=
"c:\\Program Files\\Microsoft Windows OneCare Live\\GtCC.exe "=
"c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe "=
"c:\\Program Files\\COMODO\\SafeSurf\\cssurf.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [1/12/2009 5:03 PM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/12/2009 5:03 PM 24336]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [11/5/2008 2:16 PM 25968]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/31/2008 5:52 PM 24652]
S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
S2 fips32cup;fips32cup;\??\c:\windows\system32\drivers\fips32cup.sys --> c:\windows\system32\drivers\fips32cup.sys [?]
S2 i386si;i386si;\??\c:\windows\system32\drivers\i386si.sys --> c:\windows\system32\drivers\i386si.sys [?]
S2 nicsk32;nicsk32;\??\c:\windows\system32\drivers\nicsk32.sys --> c:\windows\system32\drivers\nicsk32.sys [?]
S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S2 securentm;securentm;\??\c:\windows\system32\drivers\securentm.sys --> c:\windows\system32\drivers\securentm.sys [?]
S2 systemntmi;systemntmi;\??\c:\windows\system32\drivers\systemntmi.sys --> c:\windows\system32\drivers\systemntmi.sys [?]
S2 ws2_32sik;ws2_32sik;\??\c:\windows\system32\drivers\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [11/17/2003 8:39 PM 99476]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/11/2009 11:18 PM 38496]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [3/23/2006 8:43 AM 15104]
S3 wdm_opl3sax;YAMAHA OPL3-SAx Audio Driver (WDM);c:\windows\system32\drivers\opl3sax.sys [11/3/2006 5:45 PM 54528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2005-12-25 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12]

2009-05-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-07-29 00:26]
.
- - - - ORPHANS REMOVED - - - -

Notify-crypt - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
mStart Page = hxxp://qwest.live.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - ?p=ZUfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: myspace.com\ www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fxl85fro.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - SearchKindly.org
FF - prefs.js: browser.startup.homepage - hxxp://searchkindly.org/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkanevapatch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 19:46
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

 

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(5492)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\guard32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-05-07 20:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-07 03:02

Pre-Run: 117,888,860,160 bytes free
Post-Run: 117,846,024,192 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
268 --- E O F --- 2009-04-16 10:27

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:12 PM, on 5/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qwest.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! ¤u¨Ã£¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZUfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O9 - Extra button: Qwest Live - {ADC80FC6-6666-4849-A7B4-A2FC9440A00F} - http://qwest.live.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

 

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F1AE82C6-EC45-4CEF-84E5-81D93C739BDB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.gameamp.com/modules/core/user_avatars/24610_UC_sephiroth_Avatar.gif
O24 - Desktop Component 1: (no name) - http://www.teamflap.com/~teamflap/from_titi/ashhatch.gif
O24 - Desktop Component 2: (no name) - http://img.photobucket.com/albums/v54/Nefariouskitten/animations/FMA/slap.gif
O24 - Desktop Component 3: (no name) - http://members.tripod.com/kenshinhimura_13/sitebuildercontent/sitebuilderpictures/hot.gif
O24 - Desktop Component 4: (no name) - http://www5.big.or.jp/~otake/hey/kanji/gifmoji/f2/bijutu.gif
O24 - Desktop Component 5: (no name) - http://www.inuyasya.com/A-HASIRU-S.gif
O24 - Desktop Component 6: (no name) - http://www.myidproject.com/web/smith/laarnip/32058-MustangFlames.jpg
O24 - Desktop Component 7: (no name) - http://www.ponju.net/html/avatars/gravitation/gravitation_Ryuichi03.gif
O24 - Desktop Component 8: (no name) - http://www.roy-mustang.net/misc/chibi_roy.gif
O24 - Desktop Component 9: (no name) - http://www.roy-mustang.net/misc/chibi_riza.gif

--
End of file - 23643 bytes

 

Welcome back


AV: COMODO Antivirus *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning disabled* (Outdated)
FW: COMODO Firewall *disabled*
FW: Windows Live OneCare Firewall *disabled*

Need to get this computer down to 1 Antivirus and 1 Firewall.



Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
c:\windows\system32\drivers\ws2_32sik.sys
c:\windows\system32\drivers\systemntmi.sys
c:\windows\system32\drivers\securentm.sys
c:\windows\system32\drivers\port135sik.sys
c:\windows\system32\drivers\nicsk32.sys
c:\windows\system32\drivers\fips32cup.sys
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\drivers\i386si.sys
Driver::
ws2_32sik;ws2_32sik
systemntmi
securentm
ati64si
fips32cup
i386si
nicsk32
port135sik
Firefox::
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
DDS::
IE: &Search - ?p=ZUfox000

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your current copy of Java is very out of date and is needed to run the following scan.

• Download the latest version of Java Runtime Environment (JRE)
• Second install down listed on the page
  
  *** be sure that when you update Java, to uncheck any toolbars for OpenOffice.org if you don't want those added to you computer***
  
  Click on the Accept License Agreement button Next Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment License Agreement. ".
  Download Now! Windows Offline Installation, Multi-language
  
  Now close all windows, including your browser.
  Double click on the Java installation that you downloaded and follow the prompts.
  
  NEXT-remove all older versions of Java Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) Select it and click Remove.
• Close any programs you may have running - especially your web browser.
• Repeat as many times as necessary to remove each older Java versions.

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
ComboFix.txt
Kaspersky log
New HJT log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.


Please tell me how the computer is now.

 

Right now, after running the the combo fix the first time, my computer is running a lot faster and nothing seems to be going wrong.

 

The ComboFix will not run after I drag the CFScript into it. I labeled it "CFScript.txt" with the quotations too. It says that I don't have access to some things. :/

 

I'm sure it's just hit a small snag.

C:\qoobox\quarantined_files.txt <-- is this file present? If so -- please post its contents.

How about c:\Combofix\combofix.txt <-- is it here?

Can you run the Kaspersky scan?

 

2009-05-07 02:57:54 . 2009-05-07 02:57:54 264 ----a-w C:\Qoobox\Quarantine\Registry_backups\Notify-crypt.reg.dat
2009-05-07 02:38:26 . 2009-05-07 02:38:26 13,373 ----a-w C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-05-07 02:33:13 . 2009-05-07 02:33:14 51 ----a-w C:\Qoobox\Quarantine\catchme.log
2009-04-18 17:47:15 . 2009-04-18 17:47:15 18,432 ----a-w C:\Qoobox\Quarantine\C\WINDOWS\system32\digiwet.dll.vir