Solved Adware and possible virus

[Resolved] Adware and possible virus

I recently became infected with something that keeps giving me popups mostly for registration fixing software. I beleive with all of my tampering I may have damaged the registry because I cant seem to install any programs. I tried to download windows defender and it wouldnt recognize the file extension. Now my computer sounds as though the hard drive is constantly running in spurts, its run pause run pause run pause. any help anyone could give would be greatly appreciated. Also my network printer icon disappeared. the printer still seems to be functioning but is no longer recognized on my network. Please help. Thanks!

Shawn T.

 

update

I got back my printer icon. I ran combofix but I beleive I may still be infected here is the combofix report:
ComboFix 09-03-06.02 - patti 2009-03-07 11:20:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2528 [GMT -5:00]
Running from: F:\kitty.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\sysguard.exe
c:\windows\syssvc.exe
c:\windows\system32\alanokeh.ini
c:\windows\system32\alumesad.ini
c:\windows\system32\gzbnlq.dll
c:\windows\system32\hovolile.dll
c:\windows\system32\iehelper.dll
c:\windows\system32\isegudek.ini
c:\windows\system32\mozubolu.dll
c:\windows\system32\pvycwa.dll

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
.
((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-07 10:21 . 2009-03-07 11:15 <DIR> d-------- C:\ComboFix
2009-03-07 08:32 . 2009-03-07 08:32 4,316 --a------ C:\DVD.MDS
2009-03-07 08:13 . 2009-03-07 08:32 4,008,146,944 --a------ C:\DVD.ISO
2009-03-07 04:39 . 2009-03-07 04:39 2,713 ---hs---- c:\windows\system32\wekavire.dll
2009-03-07 04:38 . 2009-03-07 04:38 2,713 ---hs---- c:\windows\system32\fokituze.dll
2009-03-07 04:38 . 2009-03-07 04:38 2,713 ---hs---- c:\windows\system32\dayapepa.dll
2009-03-05 18:08 . 2009-03-05 18:08 <DIR> d-------- c:\windows\ERUNT
2009-03-05 18:00 . 2009-03-07 10:24 <DIR> d-------- C:\SDFix
2009-03-04 16:14 . 2009-03-04 16:14 <DIR> d-------- c:\documents and settings\Administrator.SHAWNTHOMPSON\Application Data\Verizon
2009-03-04 15:40 . 2009-03-07 10:24 <DIR> d---s---- c:\documents and settings\Administrator.SHAWNTHOMPSON
2009-02-27 17:35 . 2009-02-28 08:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Barbie Fashion Show
2009-02-27 17:35 . 2009-02-27 17:35 119 --a------ c:\windows\ka.ini
2009-02-27 17:33 . 2009-02-27 17:33 <DIR> d-------- c:\program files\Common Files\Vivendi Universal Games
2009-02-27 17:33 . 2009-02-27 17:33 <DIR> d-------- c:\program files\Barbie(TM)
2009-02-21 10:56 . 2009-02-25 19:33 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-21 10:56 . 2009-02-21 10:57 1,409 --a------ c:\windows\QTFont.for
2009-02-20 05:04 . 2009-02-20 05:04 <DIR> d-------- c:\documents and settings\patti\Application Data\Skinux
2009-02-20 00:09 . 2009-02-20 00:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Eastman Kodak Company
2009-02-20 00:09 . 2008-10-30 10:58 12,800 --a------ c:\windows\system32\EKDeviceServices.dll
2009-02-20 00:07 . 2009-02-20 00:07 <DIR> d-------- c:\windows\system32\kodak
2009-02-19 23:47 . 2009-02-19 23:47 <DIR> d-------- C:\KPCMS
2009-02-19 23:45 . 2009-02-20 22:30 <DIR> d-------- c:\program files\Common Files\Kodak
2009-02-19 18:31 . 2009-02-19 18:31 <DIR> d-------- c:\documents and settings\patti\Application Data\KodakCredentialStore
2009-02-08 12:46 . 2009-02-08 12:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\SugarGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 16:28 689,696 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-07 16:24 65,636 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-07 16:24 392,420 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-07 16:24 29,404,960 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-07 15:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 14:54 --------- d-----w c:\documents and settings\patti\Application Data\GetRightToGo
2009-03-06 21:37 84,992 --sha-w c:\windows\system32\sunupidi.dll
2009-03-06 21:37 79,872 --sha-w c:\windows\system32\hekonala.dll
2009-03-06 09:37 84,992 --sha-w c:\windows\system32\kuyorusi.dll
2009-03-03 18:44 --------- d-----w c:\program files\AOL Toolbar
2009-03-03 14:02 84,992 --sha-w c:\windows\system32\vijusewu.dll
2009-03-03 02:02 84,992 --sha-w c:\windows\system32\nowiwowo.dll
2009-02-23 00:50 --------- d-----w c:\documents and settings\patti\Application Data\ZoomBrowser EX
2009-02-23 00:50 --------- d-----w c:\documents and settings\patti\Application Data\CameraWindowDC
2009-02-20 09:57 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-02-20 05:07 --------- d-----w c:\program files\Kodak
2009-02-08 18:48 --------- d-----w c:\program files\PlayFirst
2009-02-08 17:46 --------- d-----w c:\documents and settings\patti\Application Data\PlayFirst
2009-01-26 21:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-26 21:01 --------- d-----w c:\program files\Nancy Drew
2009-01-24 03:01 --------- d-----w c:\program files\Oberon Media
2009-01-23 22:30 --------- d-----w c:\documents and settings\patti\Application Data\Pogo Games
2009-01-23 21:37 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-23 21:37 --------- d-----w c:\program files\Java
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-11-01 16:55 1,572,864 ----a-w c:\documents and settings\dgl4500_firmware_113\dgl4500_firmware_113.bin
2008-05-11 05:01 47,360 ----a-w c:\documents and settings\patti\Application Data\pcouffin.sys
2008-05-08 23:28 487,424 ----a-w c:\documents and settings\patti\GoToAssist_phone__268_en.exe
2006-12-19 00:16 774,144 ----a-w c:\program files\RngInterstitial.dll
1601-01-01 00:12 47,616 --sha-w c:\windows\system32\fodarewo.dll
1601-01-01 00:12 47,616 --sha-w c:\windows\system32\vujitema.dll
2008-08-31 22:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a5de145-f1fc-4d4d-8907-2b709ffb5166}]
47616 --ahs---- c:\windows\system32\vujitema.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh "= "c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"system tool "= "c:\windows\sysguard.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Verizon_McciTrayApp "= "c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"VerizonServicepoint.exe "= "c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-09-16 2065648]
"nmctxth "= "c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp "= "c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"EKIJ5000StatusMonitor "= "c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"wiwiwebola "= "c:\windows\system32\fodarewo.dll" [ 47616]
"f0290918 "= "c:\windows\system32\hekonala.dll" [2009-03-06 79872]
"CPMf31a3a84 "= "c:\windows\system32\vijusewu.dll" [2009-03-03 84992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2007-01-11 4898816]

c:\documents and settings\dale\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\palm\HOTSYNC.EXE [2004-04-13 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 16432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} "= "c:\windows\system32\vijusewu.dll" [2009-03-03 84992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL "= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vijusewu.dll [2009-03-03 84992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\system32\vijusewu.dll,c:\windows\system32\fiwoyiwi.dll
"LoadAppInit_DLLs "=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0SsiEfr.e\0SsiEfr.e

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\fiwoyiwi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 22:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 07:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-07-13 20:10 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-09-30 00:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-10-29 08:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
--------- 2003-02-08 17:42 86102 c:\program files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2003-08-06 00:04 114741 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 19:24 50760 c:\program files\Common Files\AOL\1165248481\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 16:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 05:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-01-11 20:45 4898816 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
--a------ 2007-04-05 15:29 684118 c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 08:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-05-02 20:11 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2003-10-31 18:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-17 13:04 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-02 20:10 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
--a------ 2008-10-24 18:49 356592 c:\program files\Verizon\Verizon Internet Security Suite\RPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-09-12 17:46 160160 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2003-02-20 17:27 110592 c:\windows\system32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-02-20 17:45 28672 c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Palm\\PPLTReg.exe "=
"c:\\WINDOWS\\system32\\LEXPPS.EXE "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\1165248481\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\WINDOWS\\system32\\dwwin.exe "=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe "=
"c:\\Program Files\\Raxco\\PerfectDisk\\PDAgent.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe "=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\EKIJ5000MUI.exe "=
"c:\\Program Files\\Verizon\\McciTrayApp.exe "=
"c:\\WINDOWS\\system32\\taskmgr.exe "=
"c:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmctxth.exe "=
"c:\\WINDOWS\\system32\\rundll32.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP "= 67:UDPHCP Discovery Service
"9322:TCP "= 9322:TCP:EKDiscovery
"9323:TCP "= 9323:TCP:EKDiscovery

R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2005-12-10 3744]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2006-03-20 66048]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\Printer\Center\EKDiscovery.exe [2008-10-10 274432]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2008-10-30 28672]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2005-12-10 3904]
R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-03-20 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-03-20 13532]
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-02-21 c:\windows\Tasks\EasyShare Registration Task.job
- c:\docume~1\ALLUSE~1\APPLIC~1\Kodak\EASYSH~3\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16 []

2009-03-07 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe []

2009-03-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{630119ca-232f-40d7-b1bc-589a3263224f} - c:\windows\system32\gzbnlq.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;localhost
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS
Trusted Zone: quicktime.com\www
Trusted Zone: wifeysworld.com\www
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://real.gamehouse.com/games/delicious/zylomplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 11:26:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Verizon\Verizon Internet Security Suite\Fws.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\ScsiAccess.EXE
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\rundll32.exe
c:\program files\Zune\ZuneNss.exe
c:\docume~1\patti\LOCALS~1\temp\bwgo0001bfef.exe
c:\program files\Kodak\Printer\Center\AiOHomeCenter.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\program files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe
.
**************************************************************************
.
Completion time: 2009-03-07 11:34:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-07 16:33:02
ComboFix2.txt 2009-03-05 00:55:55

Pre-Run: 25,615,769,600 bytes free
Post-Run: 25,598,029,824 bytes free

319 --- E O F --- 2009-03-02 08:00:22

 

Hi and welcome


Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.




Please locate where you have downloaded ComboFix, (F:\kitty.exe) right click and select delete.
We can't use it where it is located.


We'll get an updated copy.

Download Combofix from any of the links below.

Save it to your desktop.

Link 1
Link 2
Link 3



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
c:\windows\system32\wekavire.dll
c:\windows\system32\fokituze.dll
c:\windows\system32\dayapepa.dll
c:\windows\system32\sunupidi.dll
c:\windows\system32\hekonala.dll
c:\windows\system32\kuyorusi.dll
c:\windows\system32\vijusewu.dll
c:\windows\system32\nowiwowo.dll
c:\windows\system32\fodarewo.dll
c:\windows\system32\vujitema.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a5de145-f1fc-4d4d-8907-2b709ffb5166}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "system tool "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "wiwiwebola "=-
 "f0290918 "=-
 "CPMf31a3a84 "=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Share dTaskScheduler]
 "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
 "SSODL "=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
 "AppInit_DLLs "=" " 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
 "Notification Packages "=hex(7):73,63,65,63,6c,69,00,00

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment.
No need for that though ..... just post it as you would any other log.








Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.




NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
ComboFix.txt
DDS log
Kaspersky log



You may need several replies to post the requested logs, otherwise they might get cut off.

 

Here is the combofix log:

ComboFix 09-03-06.02 - patti 2009-03-10 0:30:42.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2328 [GMT -4:00]
Running from: c:\documents and settings\patti\Desktop\Kitty.exe
Command switches used :: c:\documents and settings\patti\Desktop\CFScript.txt
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*

FILE ::
c:\windows\system32\dayapepa.dll
c:\windows\system32\fodarewo.dll
c:\windows\system32\fokituze.dll
c:\windows\system32\hekonala.dll
c:\windows\system32\kuyorusi.dll
c:\windows\system32\nowiwowo.dll
c:\windows\system32\sunupidi.dll
c:\windows\system32\vijusewu.dll
c:\windows\system32\vujitema.dll
c:\windows\system32\wekavire.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090309175143265.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
c:\windows\system32\alanokeh.ini
c:\windows\system32\aseladel.ini
c:\windows\system32\bugirasa.dll
c:\windows\system32\cppkmn.dll
c:\windows\system32\crypts.dll
c:\windows\system32\ctcjnb.dll
c:\windows\system32\dayapepa.dll
c:\windows\system32\fodarewo.dll
c:\windows\system32\fokituze.dll
c:\windows\system32\hekonala.dll
c:\windows\system32\ibehajit.ini
c:\windows\system32\kuyorusi.dll
c:\windows\system32\nowiwowo.dll
c:\windows\system32\pifesoju.dll
c:\windows\system32\pivejehu.dll
c:\windows\system32\sunupidi.dll
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twain32\user.ds.lll
c:\windows\system32\twex.exe
c:\windows\system32\vijusewu.dll
c:\windows\system32\vujitema.dll
c:\windows\system32\wekavire.dll
c:\windows\system32\yomusf.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-08 11:43 . 2009-03-08 11:43 <DIR> d-------- c:\windows\LastGood.Tmp
2009-03-08 09:56 . 2009-03-08 09:56 <DIR> d-------- c:\program files\Trend Micro
2009-03-07 17:50 . 2009-03-07 17:50 134,144 --a------ c:\windows\eqasujoxu.dll
2009-03-07 17:39 . 2009-03-10 00:40 96,366 --a------ c:\windows\system32\drivers\a4072d82.sys
2009-03-07 17:38 . 2009-03-07 17:38 41,984 --a------ c:\windows\Ltomexizod.dll
2009-03-07 17:38 . 2009-03-07 17:38 10,240 --a------ c:\windows\instsp1.exe
2009-03-07 17:38 . 2009-03-07 17:38 2 --a------ C:\-265745993
2009-03-07 09:32 . 2009-03-07 09:32 4,316 --a------ C:\DVD.MDS
2009-03-07 09:13 . 2009-03-07 09:32 4,008,146,944 --a------ C:\DVD.ISO
2009-03-05 19:08 . 2009-03-05 19:08 <DIR> d-------- c:\windows\ERUNT
2009-03-05 19:00 . 2009-03-07 11:24 <DIR> d-------- C:\SDFix
2009-03-04 17:14 . 2009-03-04 17:14 <DIR> d-------- c:\documents and settings\Administrator.SHAWNTHOMPSON\Application Data\Verizon
2009-03-04 16:40 . 2009-03-07 11:24 <DIR> d---s---- c:\documents and settings\Administrator.SHAWNTHOMPSON
2009-02-27 18:35 . 2009-02-28 09:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Barbie Fashion Show
2009-02-27 18:35 . 2009-02-27 18:35 119 --a------ c:\windows\ka.ini
2009-02-27 18:33 . 2009-02-27 18:33 <DIR> d-------- c:\program files\Common Files\Vivendi Universal Games
2009-02-21 11:56 . 2009-03-08 13:05 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-21 11:56 . 2009-02-21 11:57 1,409 --a------ c:\windows\QTFont.for
2009-02-20 06:04 . 2009-02-20 06:04 <DIR> d-------- c:\documents and settings\patti\Application Data\Skinux
2009-02-20 01:09 . 2009-02-20 01:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Eastman Kodak Company
2009-02-20 01:09 . 2008-10-30 11:58 12,800 --a------ c:\windows\system32\EKDeviceServices.dll
2009-02-20 01:07 . 2009-02-20 01:07 <DIR> d-------- c:\windows\system32\kodak
2009-02-20 00:47 . 2009-02-20 00:47 <DIR> d-------- C:\KPCMS
2009-02-20 00:45 . 2009-02-20 23:30 <DIR> d-------- c:\program files\Common Files\Kodak
2009-02-19 19:31 . 2009-02-19 19:31 <DIR> d-------- c:\documents and settings\patti\Application Data\KodakCredentialStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 04:40 710,176 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-10 04:40 29,743,648 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-10 04:36 67,556 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-10 04:36 399,356 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-07 15:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 14:54 --------- d-----w c:\documents and settings\patti\Application Data\GetRightToGo
2009-03-03 18:44 --------- d-----w c:\program files\AOL Toolbar
2009-02-23 00:50 --------- d-----w c:\documents and settings\patti\Application Data\ZoomBrowser EX
2009-02-23 00:50 --------- d-----w c:\documents and settings\patti\Application Data\CameraWindowDC
2009-02-20 09:57 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-02-20 05:07 --------- d-----w c:\program files\Kodak
2009-02-08 18:48 --------- d-----w c:\program files\PlayFirst
2009-02-08 17:46 --------- d-----w c:\documents and settings\patti\Application Data\PlayFirst
2009-02-08 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\SugarGames
2009-01-26 21:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-26 21:01 --------- d-----w c:\program files\Nancy Drew
2009-01-24 03:01 --------- d-----w c:\program files\Oberon Media
2009-01-23 22:30 --------- d-----w c:\documents and settings\patti\Application Data\Pogo Games
2009-01-23 21:37 --------- d-----w c:\program files\Java
2008-11-01 16:55 1,572,864 ----a-w c:\documents and settings\dgl4500_firmware_113\dgl4500_firmware_113.bin
2008-05-11 05:01 47,360 ----a-w c:\documents and settings\patti\Application Data\pcouffin.sys
2008-05-08 23:28 487,424 ----a-w c:\documents and settings\patti\GoToAssist_phone__268_en.exe
2006-12-19 00:16 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-08-31 22:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh "= "c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Verizon_McciTrayApp "= "c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"VerizonServicepoint.exe "= "c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-09-16 2065648]
"nmctxth "= "c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp "= "c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"EKIJ5000StatusMonitor "= "c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"Ksomure "= "c:\windows\Ltomexizod.dll" [2009-03-07 41984]
"Vxulokofatahi "= "c:\windows\eqasujoxu.dll" [2009-03-07 134144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2007-01-11 4898816]

c:\documents and settings\dale\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\palm\HOTSYNC.EXE [2004-04-13 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 16432]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0SsiEfr.e\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-07-13 21:10 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-09-30 01:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-10-29 09:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
--------- 2003-02-08 18:42 86102 c:\program files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2003-08-06 01:04 114741 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 c:\program files\Common Files\AOL\1165248481\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 07:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-01-11 21:45 4898816 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
--a------ 2007-04-05 16:29 684118 c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-05-02 21:11 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2003-10-31 19:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-17 14:04 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-02 21:10 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
--a------ 2008-10-24 19:49 356592 c:\program files\Verizon\Verizon Internet Security Suite\RPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-09-12 18:46 160160 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2003-02-20 18:27 110592 c:\windows\system32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-02-20 18:45 28672 c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Palm\\PPLTReg.exe "=
"c:\\WINDOWS\\system32\\LEXPPS.EXE "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\1165248481\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\WINDOWS\\system32\\dwwin.exe "=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe "=
"c:\\Program Files\\Raxco\\PerfectDisk\\PDAgent.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe "=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\EKIJ5000MUI.exe "=
"c:\\Program Files\\Verizon\\McciTrayApp.exe "=
"c:\\WINDOWS\\system32\\taskmgr.exe "=
"c:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmctxth.exe "=
"c:\\Program Files\\Verizon\\VSP\\VerizonServicepoint.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP "= 67:UDPHCP Discovery Service
"9322:TCP "= 9322:TCP:EKDiscovery
"9323:TCP "= 9323:TCP:EKDiscovery

R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2005-12-10 3744]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2006-03-20 66048]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\Printer\Center\EKDiscovery.exe [2008-10-10 274432]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2008-10-30 28672]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2005-12-10 3904]
R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-03-20 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-03-20 13532]
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-02-21 c:\windows\Tasks\EasyShare Registration Task.job
- c:\docume~1\ALLUSE~1\APPLIC~1\Kodak\EASYSH~3\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16 []

2009-03-10 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe []

2009-03-07 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{68516610-3a9a-428b-be39-d883f3dbd318} - c:\windows\system32\yomusf.dll
HKU-Default-Run-MS AntiSpyware 2009 - c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;localhost
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS
Trusted Zone: quicktime.com\www
Trusted Zone: wifeysworld.com\www
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://real.gamehouse.com/games/delicious/zylomplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 00:38:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a4072d82]
"ImagePath "= "\SystemRoot\System32\drivers\a4072d82.sys "
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Verizon\Verizon Internet Security Suite\Fws.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\ScsiAccess.EXE
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Kodak\Printer\Center\AiOHomeCenter.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\windows\system32\rundll32.exe
c:\docume~1\patti\LOCALS~1\temp\bwgo0003003f.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\program files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe
.
**************************************************************************
.
Completion time: 2009-03-10 0:45:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-10 04:44:15

Pre-Run: 24,567,001,088 bytes free
Post-Run: 24,740,798,464 bytes free

326 --- E O F --- 2009-03-02 08:00:22

 

Here are the DDS and Attach Logs.


DDS (Ver_09-02-01.01) - NTFSx86
Run by patti at 0:49:23.95 on Tue 03/10/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2582 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Kodak\Printer\Center\EKDiscovery.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Kodak\Printer\Center\AiOHomeCenter.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\patti\LOCALS~1\Temp\bwgo0003003f.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\patti\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;localhost
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\verizon\verizon internet security suite\pkR.dll
BHO: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} - Verizon Broadband Toolbar
BHO: Form Filler BHO: {56071e0d-c61b-11d3-b41c-00e02927a304} - ZKBho Class
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-d0fc-e57af4d5fa7d} -
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe "
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Ksomure] rundll32.exe "c:\windows\Ltomexizod.dll ",e
mRun: [Vxulokofatahi] rundll32.exe "c:\windows\eqasujoxu.dll ",e
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\backWeb-7288971.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: quicktime.com\www
Trusted Zone: wifeysworld.com\www
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/2.0.4.69/cab/aolpPlugins.10.4.0.4.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142016273062
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143205460281
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://real.gamehouse.com/games/delicious/zylomplayer.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://download.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.44.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 KL1;KL1;c:\windows\system32\drivers\kl1.sys [2008-11-28 112144]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-11-28 196368]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2005-12-10 3744]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2006-3-20 66048]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\printer\center\EKDiscovery.exe [2008-10-10 274432]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-10-30 28672]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2005-12-10 3904]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\verizon\verizon internet security suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-3-20 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-3-20 13532]

=============== Created Last 30 ================

2009-03-08 11:43 <DIR> --d----- c:\windows\LastGood.Tmp
2009-03-08 09:56 <DIR> --d----- c:\program files\Trend Micro
2009-03-07 17:50 134,144 a------- c:\windows\eqasujoxu.dll
2009-03-07 17:39 96,366 a------- c:\windows\system32\drivers\a4072d82.sys
2009-03-07 17:38 2 a------- C:\-265745993
2009-03-07 17:38 41,984 a------- c:\windows\Ltomexizod.dll
2009-03-07 17:38 10,240 a------- c:\windows\instsp1.exe
2009-03-07 09:32 4,316 a------- C:\DVD.MDS
2009-03-07 09:13 4,008,146,944 a------- C:\DVD.ISO
2009-03-05 19:08 <DIR> --d----- c:\windows\ERUNT
2009-03-05 19:00 <DIR> --d----- C:\SDFix
2009-03-03 23:26 <DIR> a-dshr-- C:\cmdcons
2009-03-03 23:25 161,792 a------- c:\windows\SWREG.exe
2009-03-03 23:25 98,816 a------- c:\windows\sed.exe
2009-02-27 18:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Barbie Fashion Show
2009-02-27 18:35 119 a------- c:\windows\ka.ini
2009-02-27 18:33 <DIR> --d----- c:\program files\common files\Vivendi Universal Games
2009-02-21 11:56 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-21 11:56 1,409 a------- c:\windows\QTFont.for
2009-02-20 06:04 <DIR> --d----- c:\docume~1\patti\applic~1\Skinux
2009-02-20 01:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Eastman Kodak Company
2009-02-20 01:09 12,800 a------- c:\windows\system32\EKDeviceServices.dll
2009-02-20 01:07 <DIR> --d----- c:\windows\system32\kodak
2009-02-20 00:47 <DIR> --d----- C:\KPCMS
2009-02-20 00:45 <DIR> --d----- c:\program files\common files\Kodak
2009-02-19 19:31 <DIR> --d----- c:\docume~1\patti\applic~1\KodakCredentialStore
2009-02-08 13:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SugarGames

==================== Find3M ====================

2009-03-10 00:49 711,712 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-03-10 00:47 29,763,360 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-10 00:36 399,356 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-10 00:36 67,556 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-09 16:42 84,992 a--sh--- c:\windows\system32\sapinaza.dll
2009-03-09 16:42 79,872 a--sh--- c:\windows\system32\tijahebi.dll
2009-03-08 05:38 79,872 -------- c:\windows\system32\ledalesa.dll
2009-03-08 05:38 84,992 a--sh--- c:\windows\system32\yeteyohi.dll
2009-03-07 17:38 84,992 a--sh--- c:\windows\system32\suwidusu.dll
2009-03-07 17:38 79,872 a--sh--- c:\windows\system32\hobavana.dll
2009-01-23 17:37 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2008-05-11 01:01 47,360 a------- c:\docume~1\patti\applic~1\pcouffin.sys
2008-05-08 19:28 487,424 a------- c:\documents and settings\patti\GoToAssist_phone__268_en.exe
2006-12-18 20:16 774,144 a------- c:\program files\RngInterstitial.dll
2008-08-31 18:56 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH: 0:49:37.79 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/10/2006 1:18:14 PM
System Uptime: 3/9/2009 11:37:04 PM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0W2562
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 23.056 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP6: 3/4/2009 2:47:59 AM - System Checkpoint
RP7: 3/4/2009 7:41:00 PM - ComboFix created restore point
RP8: 3/5/2009 6:33:30 PM - Software Distribution Service 3.0
RP9: 3/5/2009 7:13:48 PM - Restore Operation
RP10: 3/6/2009 7:46:12 PM - System Checkpoint
RP11: 3/7/2009 9:44:54 AM - Restore Operation
RP12: 3/7/2009 9:49:09 AM - Restore Operation
RP13: 3/7/2009 10:26:30 AM - Restore Operation
RP14: 3/7/2009 11:19:36 AM - ComboFix created restore point
RP15: 3/8/2009 11:22:13 AM - System Checkpoint
RP16: 3/9/2009 11:29:17 PM - ComboFix created restore point

==== Installed Programs ======================


µTorrent
3DVIA Player 4.1
ABBYY FineReader 5.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
aiofw
aioocr
aioprnt
aioscnnr
Apple Mobile Device Support
Apple Software Update
aspi
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoUpdate
BitTorrent
Bonjour
Cake Mania (remove only)
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCHelp
CCScore
center
CheckIt Diagnostics
Conexant D850 56K V.9x DFVc Modem
ConvertXtoDVD 3.1.0.18
CR2
Creative MediaSource
Dell AIO Printer A940
Dell Photo Printer 720
Dell ResourceCD
Dell TrueMobile 2300 Control Utility
Dell TrueMobile 2300 Wireless Broadband Router Control Utility
Diner Dash Hometown Hero - Gourmet
Disney Pirates of the Caribbean Online
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DNA
Dungeon Runners
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD X Copy Platinum 4.0.3
DVD X Rescue
Envelop
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSTOOLS
ESSTUTOR
essvatgt
ESSvpaht
ESSvpot
FaxTools
FW LiveUpdate
Genesys USB Mass Storage Device
Google Toolbar for Internet Explorer
HelloKitty (remove only)
Help_CTR
helptut
helpug
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Connections Drivers
InterActual Player
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
KODAK All-in-One Printer Software
ksdip
KSU
Learn2 Player (Uninstall Only)
LightScribe 1.4.89.1
LimeWire 4.18.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Plus! for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Move Networks Media Player for Internet Explorer
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySpaceIM
Nancy Drew: The Phantom of Venice
Nero 8
neroxml
netbrdg
Network Magic
Notifier
OfotoXMI
OLYMPUS CAMEDIA Master 4.1
OTtBP
Palm Desktop
PCDLNCH
PerfectDisk
PlayNC Launcher
PopCap ActiveX Control
PowerDVD
Pure Networks Platform
QuickTime
Radialpoint Security Services
RealArcade
RealPlayer
Rhapsody Player Engine
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS Backup
RPS Burn
RPS CRT
RPS Diagnostic Utility
RPS Firewall
RPS Ksdk
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Sandlot Games Client Services
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SFR
SFR2
SHASTA
skin0001
SKINXSDK
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2
staticcr
The Rosetta Stone
tooltips
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Vampire - The Masquerade Bloodlines
VCRedistSetup
VeohTV BETA
Verizon Broadband Toolbar
Verizon FiOS Connection Wizard
Verizon Internet Security Suite
Verizon Online Help and Support
Verizon Servicepoint 1.5.22
Viewpoint Media Player
ViewSonic Monitor Drivers
VPRINTOL
WebFldrs XP
Wedding Dash 2
WG111v2 Configuration Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
WordPerfect Office 12
Yahoo! Toolbar
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

3/7/2009 4:57:52 PM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
3/7/2009 1:10:16 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/7/2009 10:40:48 AM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
3/7/2009 10:40:48 AM, error: Service Control Manager [7031] - The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
3/7/2009 10:40:48 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
3/7/2009 10:40:48 AM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/7/2009 10:40:48 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
3/5/2009 6:33:48 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430).
3/5/2009 6:07:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/5/2009 6:07:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec KL1 KLIF MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss StarOpen Tcpip WS2IFSL
3/5/2009 6:07:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2009 6:07:00 PM, error: Service Control Manager [7001] - The Kodak AiO Network Discovery Service service depends on the Bonjour Service service which failed to start because of the following error: The dependency service or group failed to start.
3/5/2009 6:07:00 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2009 6:07:00 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2009 6:07:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2009 6:07:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2009 6:07:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/5/2009 6:06:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/5/2009 6:06:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/4/2009 3:48:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KL1 KLIF OMCI StarOpen
3/3/2009 10:59:22 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/9/2009 3:05:06 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

 

Welcome back

Were you able to run Kaspersky?
I need to see the results.


Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a4072d82]

File:: 
c:\windows\eqasujoxu.dll
c:\windows\system32\drivers\a4072d82.sys
c:\windows\Ltomexizod.dll
c:\windows\instsp1.exe


Folder:: 
C:\-265745993

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Ksomure "=-
 "Vxulokofatahi "=-

DDS::
BHO: NoExplorer - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [Ksomure] rundll32.exe  "c:\windows\Ltomexizod.dll ",e
mRun: [Vxulokofatahi] rundll32.exe  "c:\windows\eqasujoxu.dll ",e

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Please post
ComboFix.txt
Kaspersky log


How's the computer now?

 

Here is the Kscan Report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 10, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 10, 2009 21:32:06
Records in database: 1886441
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 132600
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:06:40

No malware has been detected. The scan area is clean.

The selected area was scanned.

 

Hi!

Here is ComboFix#2:

ComboFix 09-03-10.01 - patti 2009-03-10 17:56:15.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2305 [GMT -4:00]
Running from: c:\documents and settings\patti\Desktop\Kitty.exe
Command switches used :: c:\documents and settings\patti\Desktop\CFScript.txt
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\eqasujoxu.dll
c:\windows\instsp1.exe
c:\windows\Ltomexizod.dll
c:\windows\system32\drivers\a4072d82.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\-265745993\
c:\windows\eqasujoxu.dll
c:\windows\instsp1.exe
c:\windows\Ltomexizod.dll
c:\windows\system32\drivers\a4072d82.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_a4072d82


((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-10 01:07 . 2009-03-10 01:07 607,640 --a------ C:\jre-6u12-windows-i586-p-iftw.exe
2009-03-10 01:06 . 2009-03-10 01:08 <DIR> d-------- c:\documents and settings\patti\.SunDownloadManager
2009-03-08 09:56 . 2009-03-08 09:56 <DIR> d-------- c:\program files\Trend Micro
2009-03-07 17:38 . 2009-03-07 17:38 2 --a------ C:\-265745993
2009-03-07 09:32 . 2009-03-07 09:32 4,316 --a------ C:\DVD.MDS
2009-03-07 09:13 . 2009-03-07 09:32 4,008,146,944 --a------ C:\DVD.ISO
2009-03-05 19:08 . 2009-03-05 19:08 <DIR> d-------- c:\windows\ERUNT
2009-03-05 19:00 . 2009-03-07 11:24 <DIR> d-------- C:\SDFix
2009-03-04 17:14 . 2009-03-04 17:14 <DIR> d-------- c:\documents and settings\Administrator.SHAWNTHOMPSON\Application Data\Verizon
2009-03-04 16:40 . 2009-03-07 11:24 <DIR> d---s---- c:\documents and settings\Administrator.SHAWNTHOMPSON
2009-02-27 18:35 . 2009-02-28 09:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Barbie Fashion Show
2009-02-27 18:35 . 2009-02-27 18:35 119 --a------ c:\windows\ka.ini
2009-02-27 18:33 . 2009-02-27 18:33 <DIR> d-------- c:\program files\Common Files\Vivendi Universal Games
2009-02-21 11:56 . 2009-03-08 13:05 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-21 11:56 . 2009-02-21 11:57 1,409 --a------ c:\windows\QTFont.for
2009-02-20 06:04 . 2009-02-20 06:04 <DIR> d-------- c:\documents and settings\patti\Application Data\Skinux
2009-02-20 01:09 . 2009-02-20 01:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Eastman Kodak Company
2009-02-20 01:09 . 2008-10-30 11:58 12,800 --a------ c:\windows\system32\EKDeviceServices.dll
2009-02-20 01:07 . 2009-02-20 01:07 <DIR> d-------- c:\windows\system32\kodak
2009-02-20 00:47 . 2009-02-20 00:47 <DIR> d-------- C:\KPCMS
2009-02-20 00:45 . 2009-02-20 23:30 <DIR> d-------- c:\program files\Common Files\Kodak
2009-02-19 19:31 . 2009-02-19 19:31 <DIR> d-------- c:\documents and settings\patti\Application Data\KodakCredentialStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 22:02 719,136 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-10 22:01 29,974,816 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-10 21:58 68,372 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-10 21:58 402,428 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-10 05:03 --------- d-----w c:\program files\Java
2009-03-07 15:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 14:54 --------- d-----w c:\documents and settings\patti\Application Data\GetRightToGo
2009-03-03 18:44 --------- d-----w c:\program files\AOL Toolbar
2009-02-23 00:50 --------- d-----w c:\documents and settings\patti\Application Data\ZoomBrowser EX
2009-02-23 00:50 --------- d-----w c:\documents and settings\patti\Application Data\CameraWindowDC
2009-02-20 09:57 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2009-02-20 05:07 --------- d-----w c:\program files\Kodak
2009-02-08 18:48 --------- d-----w c:\program files\PlayFirst
2009-02-08 17:46 --------- d-----w c:\documents and settings\patti\Application Data\PlayFirst
2009-02-08 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\SugarGames
2009-01-26 21:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-26 21:01 --------- d-----w c:\program files\Nancy Drew
2009-01-24 03:01 --------- d-----w c:\program files\Oberon Media
2009-01-23 22:30 --------- d-----w c:\documents and settings\patti\Application Data\Pogo Games
2008-11-01 16:55 1,572,864 ----a-w c:\documents and settings\dgl4500_firmware_113\dgl4500_firmware_113.bin
2008-05-11 05:01 47,360 ----a-w c:\documents and settings\patti\Application Data\pcouffin.sys
2008-05-08 23:28 487,424 ----a-w c:\documents and settings\patti\GoToAssist_phone__268_en.exe
2006-12-19 00:16 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-08-31 22:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083120080901\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-10_ 0.43.09.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-10 21:59:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh "= "c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-09-26 3660848]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Verizon_McciTrayApp "= "c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"VerizonServicepoint.exe "= "c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-09-16 2065648]
"nmctxth "= "c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp "= "c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"EKIJ5000StatusMonitor "= "c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2007-01-11 4898816]

c:\documents and settings\dale\Start Menu\Programs\Startup\
HotSync Manager.LNK - c:\palm\HOTSYNC.EXE [2004-04-13 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 16432]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0SsiEfr.e\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-07-13 21:10 339968 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-09-30 01:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-10-29 09:18 49152 c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
--------- 2003-02-08 18:42 86102 c:\program files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2003-08-06 01:04 114741 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-05-09 20:24 50760 c:\program files\Common Files\AOL\1165248481\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 07:03 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-01-11 21:45 4898816 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
--a------ 2007-04-05 16:29 684118 c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-05-02 21:11 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2003-10-31 19:42 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-17 14:04 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-02 21:10 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon Internet Security Suite]
--a------ 2008-10-24 19:49 356592 c:\program files\Verizon\Verizon Internet Security Suite\RPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-09-12 18:46 160160 c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2003-02-20 18:27 110592 c:\windows\system32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-02-20 18:45 28672 c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Palm\\PPLTReg.exe "=
"c:\\WINDOWS\\system32\\LEXPPS.EXE "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\1165248481\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\WINDOWS\\system32\\dwwin.exe "=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe "=
"c:\\Program Files\\Raxco\\PerfectDisk\\PDAgent.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe "=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\EKIJ5000MUI.exe "=
"c:\\Program Files\\Verizon\\McciTrayApp.exe "=
"c:\\WINDOWS\\system32\\taskmgr.exe "=
"c:\\Program Files\\Common Files\\Pure Networks Shared\\Platform\\nmctxth.exe "=
"c:\\Program Files\\Verizon\\VSP\\VerizonServicepoint.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP "= 67:UDPHCP Discovery Service
"9322:TCP "= 9322:TCP:EKDiscovery
"9323:TCP "= 9323:TCP:EKDiscovery

R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2005-12-10 3744]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2006-03-20 66048]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\Printer\Center\EKDiscovery.exe [2008-10-10 274432]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [2008-10-30 28672]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2005-12-10 3904]
R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2006-03-20 112384]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-03-20 13532]
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-02-21 c:\windows\Tasks\EasyShare Registration Task.job
- c:\docume~1\ALLUSE~1\APPLIC~1\Kodak\EASYSH~3\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16 []

2009-03-10 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe []

2009-03-10 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0MSN&bm=ms_home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;localhost
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzeb004YYUS
Trusted Zone: quicktime.com\www
Trusted Zone: wifeysworld.com\www
DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://clubgames.pogo.com/online2/pogop/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://real.gamehouse.com/games/delicious/zylomplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 18:00:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Verizon\Verizon Internet Security Suite\Fws.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\ScsiAccess.EXE
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\docume~1\patti\LOCALS~1\temp\bwgo00029d8e.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\program files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe
.
**************************************************************************
.
Completion time: 2009-03-10 18:07:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-10 22:06:10
ComboFix2.txt 2009-03-10 04:45:36

Pre-Run: 24,770,310,144 bytes free
Post-Run: 24,846,536,704 bytes free

294 --- E O F --- 2009-03-02 08:00:22

 

The computer seems to be running ok. But now it seems that I am unable to to get verizon internet security suite to load and my printer Icon is missing again.

 

Ok, I restored verizon internet security suite to it's default settings and it fixed it. This also brought back my printer icon....weird. But everything seems to be working fine now.

 

Have you rebooted the computer once more and their still missing?

Your logs are clean.

 

OK shawn

I can see we were posting at the same time.....

How's the computer now?

 

Seems to be running fine now. So far so good, I appreciate all of your help, you are my hero!

 

OK
Let's do final clean up and get you on your way.


Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below




Your good to go, good job!



Please take the time to read over a few of my preventive tips.


Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software
Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

 

Glad we could help.

Since this issue appears resolved ... this Topic is closed.