Inactive I cannot open antivirus sites.

[Inactive] I cannot open antivirus sites.

It seems that this has been a common problem, but please, try to throw me some help sir/maam.

Thank you.

Here is my last report from combofix

ComboFix 09-01-19.03 - hawaian_fridays 2009-01-20 6:22:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1656 [GMT 8:00]
Running from: c:\documents and settings\hawaian_fridays\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\hawaian_fridays\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-20 06:19 . 2009-01-20 06:19 <DIR> d--hs---- c:\documents and settings\hawaian_fridays\UserData
2009-01-20 05:34 . 2009-01-20 05:34 <DIR> d-------- C:\Deckard
2009-01-20 05:28 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-01-18 10:32 . 2009-01-18 10:32 <DIR> d-------- c:\program files\TOM Online Inc
2009-01-17 23:59 . 2009-01-17 23:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-15 09:59 . 2009-01-15 09:59 <DIR> d-------- c:\program files\sohutv_web
2009-01-11 18:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-06 02:35 . 2009-01-06 02:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\File dvd base road
2008-12-27 02:45 . 2008-12-27 02:45 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 17:23 --------- d-----w c:\program files\Garena
2009-01-15 17:22 --------- d-----w c:\program files\Warcraft III
2009-01-12 02:09 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\uTorrent
2009-01-11 10:56 --------- d-----w c:\program files\Panda Security
2009-01-02 17:51 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\LimeWire
2008-12-15 01:18 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Ventrilo
2008-12-15 01:05 --------- d-----w c:\program files\Ventrilo
2008-12-15 01:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-14 05:24 --------- d-----w c:\program files\Electronic Arts
2008-12-11 22:08 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\AVGTOOLBAR
2008-12-11 21:21 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-11 21:21 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-12-11 21:21 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-12-11 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-12-11 19:37 7,218 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-12-11 19:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 19:36 --------- d-----w c:\program files\Yahoo!
2008-12-11 19:36 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Yahoo!
2008-12-11 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-11 18:01 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\SUPERAntiSpyware.com
2008-12-11 16:03 --------- d-----w c:\program files\Web Publish
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-04 06:27 --------- d-----w c:\program files\FREE Hi-Q Recorder
2008-12-03 14:23 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Xilisoft Corporation
2008-12-03 14:22 --------- d-----w c:\program files\Xilisoft
2008-12-03 08:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 06:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-12-01 16:08 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 16:06 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-12-01 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-01 15:26 --------- d-----w c:\program files\The Print Shop 20
2008-12-01 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2008-12-01 15:08 --------- d-----w c:\program files\Common Files\Broderbund
2008-12-01 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\Broderbund Software
2008-11-24 11:28 --------- d-----w c:\program files\Virtual Villagers The Secret City
2008-11-23 11:16 --------- d-----w c:\program files\Bethesda Softworks
2008-11-23 04:37 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-19 15:21 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Leadertech
2008-10-27 02:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 02:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 02:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 02:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-19 21:02 52,736 ----a-w c:\windows\ipuninst.exe
2008-07-01 01:49 22,328 ----a-w c:\documents and settings\hawaian_fridays\Application Data\PnkBstrK.sys
2008-04-13 21:41 164,457 --sha-r c:\windows\system32\ntmwlbrq.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-20_ 5.22.34.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-19 21:05:19 71,584 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-19 21:59:42 71,584 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-19 21:05:19 442,092 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-19 21:59:42 442,092 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG "= Pvmjpg30.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Garena\\Garena.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe "=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe "=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe "=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe "=
"d:\\Installerz\\Gamez\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe "=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58440:TCP "= 58440:TCPando Media Booster
"58440:UDP "= 58440:UDPando Media Booster
"9351:TCP "= 9351:TCP:BitComet 9351 TCP
"9351:UDP "= 9351:UDP:BitComet 9351 UDP
"2056:TCP "= 2056:TCP:zsficloo

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-11 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-12 97928]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-12 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-12 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-12 76040]
S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?]
S4 myulqa;vrhfkfq;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
myulqa

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206db441-912b-11dd-99ad-0019667055ad}]
\Shell\AutoRun\command - G:\qa8sywva.cmd
\Shell\explore\Command - G:\qa8sywva.cmd
\Shell\open\Command - G:\qa8sywva.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36f56392-8c77-11dd-999f-0019667055ad}]
\Shell\Auto\command - H:\Recycled/dllcache32.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
\Shell\explore\Command - H:\Recycled/dllcache32.exe
\Shell\open\Command - H:\Recycled/dllcache32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb2060d7-4732-11dd-98ae-0019667055ad}]
\Shell\AutoRun\command - explorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 c:\windows\Tasks\B46E1978942995A4.job
- c:\docume~1\hawaia~1\applic~1\bodysp~1\Soap Platform Ooze.exe []

2009-01-19 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []

2009-01-18 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
FF - ProfilePath - c:\documents and settings\hawaian_fridays\Application Data\Mozilla\Firefox\Profiles\nndvjwpg.default\
FF - plugin: c:\documents and settings\hawaian_fridays\Application Data\Mozilla\Firefox\Profiles\nndvjwpg.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll
FF - plugin: c:\program files\TOM Online Inc\TOM Live Player\nptcast30.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 06:23:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\myulqa]
"ServiceDll "= "c:\windows\system32\ntmwlbrq.dll "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1004336348-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:1f,84,dd,f3,b2,95,f4,ff,48,6e,82,20,66,70,20,45,38,07,65,f4,46,86,6f,
11,ad,59,b1,aa,01,eb,52,ef,87,b8,67,d4,e6,22,cb,6c,5e,6e,8a,05,38,ca,e1,7e,\
"?? "=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1202660629-1004336348-1801674531-1003\Software\SecuROM\License information*]
"datasecu "=hex:3f,2b,15,df,37,24,fb,8b,f5,75,25,40,24,28,f2,26,f7,73,d6,ba,ec,
a7,5b,01,74,e4,c5,16,71,3c,af,9c,72,19,18,d4,9d,ec,b0,1f,a1,e0,28,2f,95,a8,\
"rkeysecu "=hex:65,63,e6,16,cc,8a,a0,9b,62,96,4b,6b,c1,50,de,b1

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"cd042efbbd7f7af1647644e76e06692b "=hex:2e,e8,e1,00,eb,16,2b,de,b4,a7,65,9c,c7,
ea,fa,6a,c8,28,51,af,b0,29,a3,98,60,54,39,41,c9,6d,e5,43,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"bca643cdc5c2726b20d2ecedcc62c59b "=hex:6a,9c,d6,61,af,45,84,18,5c,ce,dd,e7,55,
5a,2c,6f,71,3b,04,66,8b,46,0d,96,b4,e8,d1,03,e4,fd,46,f7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2c81e34222e8052573023a60d06dd016 "=hex:25,da,ec,7e,55,20,c9,26,df,4b,2e,5d,5e,
be,bf,e9,25,da,ec,7e,55,20,c9,26,20,13,da,97,a6,0c,50,65,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2582ae41fb52324423be06337561aa48 "=hex:6b,65,49,6a,7e,99,74,f7,72,12,ac,c4,28,
2d,2f,26,3e,1e,9e,e0,57,5a,93,61,40,47,49,d3,32,0f,e1,5f,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"caaeda5fd7a9ed7697d9686d4b818472 "=hex:f5,1d,4d,73,a8,13,5c,05,5a,25,0e,93,5d,
09,0c,d9,cd,44,cd,b9,a6,33,6c,cd,2e,9a,39,9e,fc,a1,f6,ed,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"a4a1bcf2cc2b8bc3716b74b2b4522f5d "=hex:df,20,58,62,78,6b,cf,c8,07,cb,d6,5c,13,
8f,fb,70,b0,18,ed,a7,3f,8d,37,a4,8a,86,ff,3b,f7,83,10,6d,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"4d370831d2c43cd13623e232fed27b7b "=hex:fb,a7,78,e6,12,2f,9a,ea,32,ca,1c,8c,cc,
a3,f9,2d,31,77,e1,ba,b1,f8,68,02,b0,58,c5,dc,e3,e0,f0,51,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1d68fe701cdea33e477eb204b76f993d "=hex:83,6c,56,8b,a0,85,96,ab,ba,05,7a,ba,6f,
1f,83,34,83,6c,56,8b,a0,85,96,ab,21,c0,1a,ef,81,83,30,69,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1fac81b91d8e3c5aa4b0a51804d844a3 "=hex:51,fa,6e,91,28,9e,14,cc,67,66,95,63,16,
7d,ec,42,51,fa,6e,91,28,9e,14,cc,5f,27,3a,a2,90,e3,3b,f7,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"f5f62a6129303efb32fbe080bb27835b "=hex:b1,cd,45,5a,a8,c4,f8,b9,5c,22,fe,6c,1e,
3d,32,44,b1,cd,45,5a,a8,c4,f8,b9,49,2f,b5,3f,94,50,1f,83,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"fd4e2e1a3940b94dceb5a6a021f2e3c6 "=hex:e3,0e,66,d5,eb,bc,2f,6b,e9,31,2c,2c,3a,
87,84,3a,e3,0e,66,d5,eb,bc,2f,6b,cf,c4,0e,94,62,0d,b2,73,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"8a8aec57dd6508a385616fbc86791ec2 "=hex:6c,43,2d,1e,aa,22,2f,9c,3c,be,a4,d1,f2,
d1,82,50,fa,ea,66,7f,d4,3b,6b,70,3e,40,ae,7e,16,8e,d7,2a,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-01-20 6:24:40
ComboFix-quarantined-files.txt 2009-01-19 22:24:38
ComboFix2.txt 2009-01-19 22:09:02
ComboFix3.txt 2009-01-19 21:48:34
ComboFix4.txt 2009-01-19 21:23:08

Pre-Run: 18,734,268,416 bytes free
Post-Run: 18,726,137,856 bytes free

246 --- E O F --- 2009-01-14 08:52:16

 

and here is my hijackthis log.. if it may help..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:59 AM, on 1/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2005 bytes

 

Please post the following logs in C:\Qoobox so we can see what was done.

ComboFix2.txt
ComboFix3.txt
ComboFix4.txt

 

Hmm what do you mean? I ran Ad-aware and i think it uninstalled my combofix. Also,It didnt fix the problem really

 

anyway i reinstalled combofix. here is the newest log

ComboFix 09-01-19.05 - hawaian_fridays 2009-01-20 17:45:44.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1611 [GMT 8:00]
Running from: c:\documents and settings\hawaian_fridays\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 )))))))))))))))))))))))))))))))
.

2009-01-20 13:17 . 2009-01-19 05:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-20 09:25 . 2009-01-19 05:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-20 09:21 . 2009-01-20 09:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-20 09:21 . 2009-01-20 09:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-20 09:13 . 2009-01-20 09:13 <DIR> d-------- c:\program files\Lavasoft
2009-01-20 09:13 . 2009-01-20 09:13 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-20 08:56 . 2009-01-20 08:56 227,224 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-01-20 08:23 . 2009-01-20 08:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 08:23 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 08:23 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-20 06:19 . 2009-01-20 06:19 <DIR> d--hs---- c:\documents and settings\hawaian_fridays\UserData
2009-01-18 10:32 . 2009-01-18 10:32 <DIR> d-------- c:\program files\TOM Online Inc
2009-01-17 23:59 . 2009-01-17 23:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-15 09:59 . 2009-01-15 09:59 <DIR> d-------- c:\program files\sohutv_web
2009-01-11 18:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-06 02:35 . 2009-01-06 02:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\File dvd base road
2008-12-27 02:45 . 2008-12-27 02:45 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 09:29 --------- d-----w c:\program files\Warcraft III
2009-01-20 08:00 --------- d-----w c:\program files\Garena
2009-01-20 02:37 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\uTorrent
2009-01-11 10:56 --------- d-----w c:\program files\Panda Security
2009-01-02 17:51 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\LimeWire
2008-12-15 01:18 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Ventrilo
2008-12-15 01:05 --------- d-----w c:\program files\Ventrilo
2008-12-15 01:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-14 05:24 --------- d-----w c:\program files\Electronic Arts
2008-12-11 22:08 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\AVGTOOLBAR
2008-12-11 21:21 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-11 21:21 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-12-11 21:21 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-12-11 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-12-11 19:37 7,218 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-12-11 19:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 19:36 --------- d-----w c:\program files\Yahoo!
2008-12-11 19:36 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Yahoo!
2008-12-11 18:03 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-11 18:01 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\SUPERAntiSpyware.com
2008-12-11 16:03 --------- d-----w c:\program files\Web Publish
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 15:34 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-04 06:27 --------- d-----w c:\program files\FREE Hi-Q Recorder
2008-12-03 14:23 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Xilisoft Corporation
2008-12-03 14:22 --------- d-----w c:\program files\Xilisoft
2008-12-03 08:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 06:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-12-01 16:08 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 16:06 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-12-01 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-01 15:26 --------- d-----w c:\program files\The Print Shop 20
2008-12-01 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2008-12-01 15:08 --------- d-----w c:\program files\Common Files\Broderbund
2008-12-01 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\Broderbund Software
2008-11-24 11:28 --------- d-----w c:\program files\Virtual Villagers The Secret City
2008-11-23 11:16 --------- d-----w c:\program files\Bethesda Softworks
2008-11-23 04:37 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-27 02:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 02:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 02:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 02:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-07-01 01:49 22,328 ----a-w c:\documents and settings\hawaian_fridays\Application Data\PnkBstrK.sys
2008-04-13 21:41 164,457 --sha-r c:\windows\system32\ntmwlbrq.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-19 506712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG "= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Garena\\Garena.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe "=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe "=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe "=
"d:\\Installerz\\Gamez\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe "=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58440:TCP "= 58440:TCPando Media Booster
"58440:UDP "= 58440:UDPando Media Booster
"9351:TCP "= 9351:TCP:BitComet 9351 TCP
"9351:UDP "= 9351:UDP:BitComet 9351 UDP
"2056:TCP "= 2056:TCP:zsficloo

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-11 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-12 97928]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-12 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-12 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-12 76040]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 921936]
S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?]
S4 myulqa;vrhfkfq;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
myulqa

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206db441-912b-11dd-99ad-0019667055ad}]
\Shell\AutoRun\command - G:\qa8sywva.cmd
\Shell\explore\Command - G:\qa8sywva.cmd
\Shell\open\Command - G:\qa8sywva.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36f56392-8c77-11dd-999f-0019667055ad}]
\Shell\Auto\command - H:\Recycled/dllcache32.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled/dllcache32.exe
\Shell\explore\Command - H:\Recycled/dllcache32.exe
\Shell\open\Command - H:\Recycled/dllcache32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb2060d7-4732-11dd-98ae-0019667055ad}]
\Shell\AutoRun\command - explorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2009-01-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-19 05:34]

2009-01-20 c:\windows\Tasks\B46E1978942995A4.job
- c:\docume~1\hawaia~1\applic~1\bodysp~1\Soap Platform Ooze.exe []

2009-01-20 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []

2009-01-18 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
FF - ProfilePath - c:\documents and settings\hawaian_fridays\Application Data\Mozilla\Firefox\Profiles\nndvjwpg.default\
FF - plugin: c:\documents and settings\hawaian_fridays\Application Data\Mozilla\Firefox\Profiles\nndvjwpg.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll
FF - plugin: c:\program files\TOM Online Inc\TOM Live Player\nptcast30.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 17:47:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\myulqa]
"ServiceDll "= "c:\windows\system32\ntmwlbrq.dll "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1004336348-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:1f,84,dd,f3,b2,95,f4,ff,48,6e,82,20,66,70,20,45,38,07,65,f4,46,86,6f,
11,ad,59,b1,aa,01,eb,52,ef,87,b8,67,d4,e6,22,cb,6c,5e,6e,8a,05,38,ca,e1,7e,\
"?? "=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1202660629-1004336348-1801674531-1003\Software\SecuROM\License information*]
"datasecu "=hex:3f,2b,15,df,37,24,fb,8b,f5,75,25,40,24,28,f2,26,f7,73,d6,ba,ec,
a7,5b,01,74,e4,c5,16,71,3c,af,9c,72,19,18,d4,9d,ec,b0,1f,a1,e0,28,2f,95,a8,\
"rkeysecu "=hex:65,63,e6,16,cc,8a,a0,9b,62,96,4b,6b,c1,50,de,b1

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"cd042efbbd7f7af1647644e76e06692b "=hex:2e,e8,e1,00,eb,16,2b,de,b4,a7,65,9c,c7,
ea,fa,6a,c8,28,51,af,b0,29,a3,98,60,54,39,41,c9,6d,e5,43,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"bca643cdc5c2726b20d2ecedcc62c59b "=hex:6a,9c,d6,61,af,45,84,18,5c,ce,dd,e7,55,
5a,2c,6f,71,3b,04,66,8b,46,0d,96,b4,e8,d1,03,e4,fd,46,f7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2c81e34222e8052573023a60d06dd016 "=hex:25,da,ec,7e,55,20,c9,26,df,4b,2e,5d,5e,
be,bf,e9,25,da,ec,7e,55,20,c9,26,20,13,da,97,a6,0c,50,65,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2582ae41fb52324423be06337561aa48 "=hex:6b,65,49,6a,7e,99,74,f7,72,12,ac,c4,28,
2d,2f,26,3e,1e,9e,e0,57,5a,93,61,40,47,49,d3,32,0f,e1,5f,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"caaeda5fd7a9ed7697d9686d4b818472 "=hex:f5,1d,4d,73,a8,13,5c,05,5a,25,0e,93,5d,
09,0c,d9,cd,44,cd,b9,a6,33,6c,cd,2e,9a,39,9e,fc,a1,f6,ed,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"a4a1bcf2cc2b8bc3716b74b2b4522f5d "=hex:df,20,58,62,78,6b,cf,c8,07,cb,d6,5c,13,
8f,fb,70,b0,18,ed,a7,3f,8d,37,a4,8a,86,ff,3b,f7,83,10,6d,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"4d370831d2c43cd13623e232fed27b7b "=hex:fb,a7,78,e6,12,2f,9a,ea,32,ca,1c,8c,cc,
a3,f9,2d,31,77,e1,ba,b1,f8,68,02,b0,58,c5,dc,e3,e0,f0,51,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1d68fe701cdea33e477eb204b76f993d "=hex:83,6c,56,8b,a0,85,96,ab,ba,05,7a,ba,6f,
1f,83,34,83,6c,56,8b,a0,85,96,ab,21,c0,1a,ef,81,83,30,69,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1fac81b91d8e3c5aa4b0a51804d844a3 "=hex:51,fa,6e,91,28,9e,14,cc,67,66,95,63,16,
7d,ec,42,51,fa,6e,91,28,9e,14,cc,5f,27,3a,a2,90,e3,3b,f7,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"f5f62a6129303efb32fbe080bb27835b "=hex:b1,cd,45,5a,a8,c4,f8,b9,5c,22,fe,6c,1e,
3d,32,44,b1,cd,45,5a,a8,c4,f8,b9,49,2f,b5,3f,94,50,1f,83,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"fd4e2e1a3940b94dceb5a6a021f2e3c6 "=hex:e3,0e,66,d5,eb,bc,2f,6b,e9,31,2c,2c,3a,
87,84,3a,e3,0e,66,d5,eb,bc,2f,6b,cf,c4,0e,94,62,0d,b2,73,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"8a8aec57dd6508a385616fbc86791ec2 "=hex:6c,43,2d,1e,aa,22,2f,9c,3c,be,a4,d1,f2,
d1,82,50,fa,ea,66,7f,d4,3b,6b,70,3e,40,ae,7e,16,8e,d7,2a,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-01-20 17:48:58
ComboFix-quarantined-files.txt 2009-01-20 09:48:56

Pre-Run: 18,458,734,592 bytes free
Post-Run: 18,444,038,144 bytes free

249 --- E O F --- 2009-01-14 08:52:16

 

and here is another hijackthis log.. Latest.. Please help..I even lose connection at times now and sometimes my pc just crashes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:25 PM, on 1/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2113 bytes

 

My instructions were very clear. Post the contents of 3 logs, which I gave you the name and location of. While I might be made to believe that Ad-aware could have detected and remove the ComboFix executable, or infected files in ComboFix's quarantine folder, I cannot believe that Ad-aware uninstalled ComboFix, nor removed it's quarantine folder. The logs I requested from that folder, as well as several other items in that folder could prove quite important in the future. I did not ask you to run ComboFix again either.

Frankly, I'm debating whether or not to continue advising you any further for fear of you deviating from my instructions. It's been my experience that it's those folks that do not follow instructions are the ones that blame the advisor and/or the tools recommended for use when instructions are not followed and something goes wrong. Had you read the announcement at the top of this forum titled *** READ THIS BEFORE YOU POST A LOG *** , you would have also seen that we request logs from a DDS scan to start a new topic for help, not a ComboFix log, nor do we ask for a HijackThis log.

 

Hello again.. I am sorry for all the inconvenience.. I did use combofix on the first post for the reason that i cannot download DDS Scanner then.. I may have been to panicky because i really have a lot of important data saved in this computer plus some exams and grades for my students..For these I sincerely am sorry and please know that I am not the type who will blame others, if there's anyone, it should be me because I am the one who caused all this havoc to myself after all.

After I post that combofix log. I did use Adaware and for some weird reason, It really did uninstalled combofix so I really cannot find those folders you stated. Out of desperation (perhaps stupid) thinking it might help, I downloaded the combofix program again and ran it so i can post another log which might help and upon lurking in the net for help I also came along hijackthis so I also had that log posted. All this in thinking that It might help. Its true.

I know it's been my BIG mistake for doing this altogether without instruction.. so again for that I am sorry.. I just really am needing help and any that you guys can throw at me would be much appreciated.. I dont need you to actually fix my pc.. I guess I just want help and if that fails. Its ok. I would be so glad that you guys at least I tried. we tried.

I am willing to start again with your guidance so.. If you still do want to help me in any way at all please instruct me and I will do my best to follow everything. Thank you.

I wil try and download DDs again and post a log here.

Please Sir/Maam..If you can throw me anything..If not..Just tell me and id accept that wholeheartedly..

 

DDS (Ver_09-01-07.01) - NTFSx86
Run by hawaian_fridays at 18:53:08.81 on Wed 01/21/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1586 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hawaian_fridays\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hawaia~1\applic~1\mozilla\firefox\profiles\nndvjwpg.default\
FF - plugin: c:\documents and settings\hawaian_fridays\application data\mozilla\firefox\profiles\nndvjwpg.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-1-11 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-12 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-12 26824]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-12-12 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-12 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-12 76040]
S3 XDva208;XDva208;\??\c:\windows\system32\xdva208.sys --> c:\windows\system32\XDva208.sys [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 921936]
S4 myulqa;vrhfkfq;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]

=============== Created Last 30 ================

2009-01-20 17:44 161,792 a------- c:\windows\SWREG.exe
2009-01-20 17:44 98,816 a------- c:\windows\sed.exe
2009-01-20 17:44 <DIR> --d----- C:\ComboFix
2009-01-20 13:17 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-20 09:25 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-20 09:21 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-20 09:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-20 09:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-20 09:13 <DIR> --d----- c:\program files\Lavasoft
2009-01-20 08:56 227,224 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-01-20 08:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-20 08:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 08:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 06:19 <DIR> --dsh--- c:\documents and settings\hawaian_fridays\UserData
2009-01-20 05:51 <DIR> a-dshr-- C:\autorun.inf
2009-01-20 05:13 <DIR> a-dshr-- C:\cmdcons
2009-01-17 23:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-01-15 09:59 <DIR> --d----- c:\program files\sohutv_web
2009-01-11 18:58 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-01-06 02:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\File dvd base road
2008-12-27 02:45 <DIR> --d----- C:\Downloads

==================== Find3M ====================

2008-12-12 05:21 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-12 05:21 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-12 05:21 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-12 03:37 7,218 a------- c:\windows\system32\ealregsnapshot1.reg
2008-12-11 18:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-23 12:37 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-23 20:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-07-01 09:49 22,328 a------- c:\docume~1\hawaia~1\applic~1\PnkBstrK.sys
2008-04-14 05:41 164,457 a--shr-- c:\windows\system32\ntmwlbrq.dll

============= FINISH: 18:53:24.95 ===============

 

and here is the attach file.. I read the announcement and it said I should just post it..So here we go... Sorry again and thank you


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/26/2008 11:17:08 PM
System Uptime: 1/21/2009 6:06:58 PM (0 hours ago)

Motherboard: | | 4Core1333-GLAN.
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPUSocket | 1994/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 17.273 GiB free.
D: is FIXED (NTFS) - 51 GiB total, 3.057 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/19/2009 12:26:31 PM - System Checkpoint
RP2: 1/20/2009 5:12:00 AM - ComboFix created restore point
RP3: 1/20/2009 5:34:24 AM - Deckard's System Scanner Restore Point
RP4: 1/20/2009 6:06:24 AM - ComboFix created restore point
RP5: 1/20/2009 6:22:10 AM - ComboFix created restore point
RP6: 1/20/2009 5:45:17 PM - ComboFix created restore point
RP7: 1/21/2009 9:08:10 AM - Revo Uninstaller's restore point - TOM Live Player
RP8: 1/21/2009 9:08:18 AM - Removed TOM Live Player

==== Installed Programs ======================

µTorrent
3DMark06
Ad-Aware
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe PageMaker 7.0
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
AVG Free 8.0
Baldur's Gate(TM) II - Shadows of Amn(TM)
CDisplay
CiD Help
CloneCD
Dead Space™
DVD Suite
EA Download Manager
Eusing Free Registry Cleaner
EVEREST Ultimate Edition v4.50
Fallout
Fallout 3
FREE Hi-Q Recorder 1.92
Garena
Google Toolbar for Internet Explorer
GPGNet
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 7
K-Lite Codec Pack 4.1.7 (Full)
LG ODD Auto Firmware Update
LightScribe System Software 1.10.13.1
LimeWire 4.18.8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Web Publishing Wizard 1.52
Morrowind
Mosby's Comprehensive Review of Nursing for the NCLEX-RN®, 18th Edition
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MySQL Connector/ODBC 3.51
Neffy 1,2,0,22
Nero 7 Essentials
neroxml
NVIDIA Drivers
Oblivion
OpenOffice.org Installer 1.0
Outspark Sharp Launcher
Panda ActiveScan 2.0
Pando Media Booster
Pcsx2 0.9.2 Watermoose
Pinnacle Instant DVD Recorder
Planescape - Torment
PunkBuster Services
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.75
S.T.A.L.K.E.R. - Shadow of Chernobyl
SecurDisc Viewer
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Shockwave
Sins of a Solar Empire
Sogou PXP Accelerator 1.0.0.4
Spybot - Search & Destroy
Studio 11
TES Construction Set
The Print Shop 20
The Witcher
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Vampire - The Masquerade Bloodlines
Ventrilo Client
VideoLAN VLC media player 0.8.6h
Virtual Villagers The Secret City
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III: All Products
Warhammer Online - Age of Reckoning
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
Xilisoft Video Converter Ultimate
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/20/2009 5:01:11 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/20/2009 5:01:08 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
1/20/2009 5:01:08 AM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
1/20/2009 5:01:08 AM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
1/20/2009 3:58:49 AM, error: Service Control Manager [7023] - The vrhfkfq service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
1/20/2009 3:58:49 AM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
1/20/2009 5:18:15 AM, error: Service Control Manager [7000] - The helpsvc service failed to start due to the following error: The system cannot find the file specified.
1/21/2009 12:46:54 PM, error: Service Control Manager [7017] - Detected circular dependencies demand starting Fast User Switching Compatibility.

==== End Of File ===========================

 

Does zsficloo mean anything to you? It's been allowed access through the Windows Firewall.


Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Next, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/malware-virus-removal/80703-active-i-cannot-open-antivirus-sites.html#post439489
Collect::
c:\windows\system32\ntmwlbrq.dll
File::
c:\windows\Tasks\B46E1978942995A4.job
Driver::
myulqa
NetSvcs::
myulqa
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206db441-912b-11dd-99ad-0019667055ad}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36f56392-8c77-11dd-999f-0019667055ad}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb2060d7-4732-11dd-98ae-0019667055ad}]
RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. If the upload fails you will be be presented with instructions for uploading it manually. Please do so and let me know the results. This will assist the author in adding the files for removal in future updates. Thanks!


Finally, download Lop S&D and save it to your desktop.

Please disable resident protections (Antivirus...) you'll re-enable them after the scan

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created at C:\lopR.txt

Don't forget to re-enable your resident protections now!

 

Now, you mentioned having student's exams and grades, and other important data on your computer. Having data of that type on your computer requires a great deal of responsibilty in protecting it. Running P2P applications, such as Limewire, uTorrent and BitComet, can and should be considered irresponsible. I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

 

I really dont know what zsficloo is....
Also ill be uninstalling the p2p stuff next i guess...Also i installed Avast and Comodo..A friend suggested them to me

Here is my combofix log:

ComboFix 09-01-21.04 - hawaian_fridays 2009-01-24 10:28:04.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1534 [GMT 8:00]
Running from: c:\documents and settings\hawaian_fridays\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\hawaian_fridays\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090123-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\Tasks\B46E1978942995A4.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\B46E1978942995A4.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYULQA
-------\Service_myulqa


((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-24 10:18 . 2009-01-24 10:22 <DIR> d-------- C:\Lop SD
2009-01-24 07:16 . 2009-01-24 07:16 <DIR> d-------- c:\documents and settings\hawaian_fridays\Application Data\AdobeUM
2009-01-22 09:58 . 2009-01-22 10:02 <DIR> d-------- c:\program files\SopCast
2009-01-22 06:34 . 2009-01-22 06:34 <DIR> d-------- c:\program files\Alwil Software
2009-01-22 05:58 . 2009-01-22 05:58 <DIR> d-------- c:\program files\COMODO
2009-01-22 05:58 . 2009-01-22 06:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2009-01-22 05:58 . 2009-01-22 05:58 147,192 --a------ c:\windows\system32\guard32.dll
2009-01-22 05:58 . 2009-01-22 05:58 101,776 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-01-22 05:58 . 2009-01-22 05:58 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-01-22 05:35 . 2009-01-22 05:50 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-21 22:40 . 2009-01-21 22:33 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-21 22:33 . 2009-01-21 22:33 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-21 22:29 . 2009-01-21 22:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 22:13 . 2009-01-22 05:40 <DIR> d-------- c:\program files\Security Task Manager
2009-01-21 22:13 . 2009-01-21 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-01-20 09:21 . 2009-01-20 09:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-20 09:21 . 2009-01-20 09:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-20 09:13 . 2009-01-21 22:28 <DIR> d-------- c:\program files\Lavasoft
2009-01-20 08:56 . 2009-01-22 06:44 81,432 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-01-20 08:23 . 2009-01-20 08:23 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-20 08:23 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-20 08:23 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-20 06:19 . 2009-01-20 06:19 <DIR> d--hs---- c:\documents and settings\hawaian_fridays\UserData
2009-01-17 23:59 . 2009-01-17 23:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-11 18:58 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-27 02:45 . 2008-12-27 02:45 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 11:58 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\uTorrent
2009-01-22 01:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-21 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-21 07:20 --------- d-----w c:\program files\Warcraft III
2009-01-21 06:18 --------- d-----w c:\program files\Garena
2009-01-11 10:56 --------- d-----w c:\program files\Panda Security
2009-01-02 17:51 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\LimeWire
2008-12-15 01:18 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Ventrilo
2008-12-15 01:05 --------- d-----w c:\program files\Ventrilo
2008-12-15 01:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-14 05:24 --------- d-----w c:\program files\Electronic Arts
2008-12-11 19:37 7,218 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-12-11 19:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 19:36 --------- d-----w c:\program files\Yahoo!
2008-12-11 19:36 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Yahoo!
2008-12-11 16:03 --------- d-----w c:\program files\Web Publish
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 06:27 --------- d-----w c:\program files\FREE Hi-Q Recorder
2008-12-03 14:23 --------- d-----w c:\documents and settings\hawaian_fridays\Application Data\Xilisoft Corporation
2008-12-03 14:22 --------- d-----w c:\program files\Xilisoft
2008-12-02 06:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-12-01 16:08 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 16:06 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2008-12-01 16:06 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-01 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2008-11-24 11:28 --------- d-----w c:\program files\Virtual Villagers The Secret City
2008-11-23 04:37 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-27 02:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 02:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 02:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 02:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-07-01 01:49 22,328 ----a-w c:\documents and settings\hawaian_fridays\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-20_17.48.19.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-11-26 17:21:30 1,236,208 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-26 17:15:10 97,480 ----a-w c:\windows\system32\AvastSS.scr
+ 2008-11-26 17:15:35 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-26 17:17:25 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-26 17:18:25 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-26 17:18:18 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-26 17:16:29 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-26 17:17:36 111,184 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-26 17:16:38 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2009-01-21 21:58:15 79,504 ----a-w c:\windows\system32\drivers\inspect.sys
+ 2009-01-21 14:33:12 64,160 -c--a-w c:\windows\system32\DRVSTORE\lbd_892F2B7A4448DA5C219FC4D7F848CA7238174215\Lbd.sys
- 2009-01-20 00:51:11 665,800 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-21 22:39:06 296,456 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-01-20 09:36:33 71,584 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-23 23:06:41 71,584 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-20 09:36:33 442,092 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-23 23:06:41 442,092 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-24 02:33:30 16,384 ----atw c:\windows\temp\Perflib_Perfdata_590.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-21 507224]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-01-22 1797880]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-27 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG "= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe "=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Garena\\Garena.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe "=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe "=
"d:\\Installerz\\Gamez\\Dead.Space.Multi-5.Repack.Skullptura\\Dead Space\\Dead Space.exe "=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe "=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58440:TCP "= 58440:TCPando Media Booster
"58440:UDP "= 58440:UDPando Media Booster
"9351:TCP "= 9351:TCP:BitComet 9351 TCP
"9351:UDP "= 9351:UDP:BitComet 9351 UDP
"2056:TCP "= 2056:TCP:zsficloo

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-21 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-11 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-22 111184]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-01-22 101776]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-01-22 31504]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-22 20560]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 942416]
S3 pmgfp;pmgfp;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-21 22:33]

2009-01-24 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []

2009-01-18 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
FF - ProfilePath - c:\documents and settings\hawaian_fridays\Application Data\Mozilla\Firefox\Profiles\nndvjwpg.default\
FF - plugin: c:\documents and settings\hawaian_fridays\Application Data\Mozilla\Firefox\Profiles\nndvjwpg.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 10:34:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmgfp]
"ImagePath "= "\??\c:\windows\system32\01.tmp "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1004336348-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:1f,84,dd,f3,b2,95,f4,ff,48,6e,82,20,66,70,20,45,38,07,65,f4,46,86,6f,
11,ad,59,b1,aa,01,eb,52,ef,87,b8,67,d4,e6,22,cb,6c,5e,6e,8a,05,38,ca,e1,7e,\
"?? "=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1202660629-1004336348-1801674531-1003\Software\SecuROM\License information*]
"datasecu "=hex:3f,2b,15,df,37,24,fb,8b,f5,75,25,40,24,28,f2,26,f7,73,d6,ba,ec,
a7,5b,01,74,e4,c5,16,71,3c,af,9c,72,19,18,d4,9d,ec,b0,1f,a1,e0,28,2f,95,a8,\
"rkeysecu "=hex:65,63,e6,16,cc,8a,a0,9b,62,96,4b,6b,c1,50,de,b1
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-24 10:36:31 - machine was rebooted [hawaian_fridays]
ComboFix-quarantined-files.txt 2009-01-24 02:36:28
ComboFix2.txt 2009-01-20 09:48:59

Pre-Run: 25,284,112,384 bytes free
Post-Run: 25,709,260,800 bytes free

218 --- E O F --- 2009-01-14 08:52:16

 

AND ALSO HERE IS THE LOG FROM S AND D..

I dont know what you did but i can now open the sites that i cannot open.. Thank you.. Please tell me if there are still but datas i must remove. Thank you!!


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : Default System BIOS
USER : hawaian_fridays ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090123-0] 4.8.1296 (Not Activated)
Firewall : COMODO Firewall 3.5 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:97 Go (Free:24 Go)
D:\ (Local Disk) - NTFS - Total:51 Go (Free:5 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 01/24/2009|13:57 )

--------------------\\ Listing folders in APPLIC~1

[12/12/2008|12:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[01/22/2009|12:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[07/12/2008|08:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {0E8E33D8-193A-414A-A909-0F101A142D26}
[01/21/2009|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {83C91755-2546-441D-AC40-9A6B4B860800}
[12/02/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/02/2008|12:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[07/01/2008|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[01/22/2009|06:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> comodo
[01/17/2009|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Electronic Arts
[11/01/2008|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Fallout3
[10/23/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/01/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Grisoft
[09/30/2008|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[01/21/2009|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[07/01/2008|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LightScribe
[11/02/2008|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[09/26/2008|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[11/01/2008|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[07/01/2008|01:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[08/15/2008|08:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle
[08/15/2008|08:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle Studio
[10/27/2008|09:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PMB Files
[12/01/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Riverdeep Interactive Learning Limited
[01/21/2009|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SecTaskMan
[01/20/2009|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/02/2008|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[01/22/2009|09:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[12/02/2008|02:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[08/10/2008|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ubisoft
[06/27/2008|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[09/26/2008|07:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[09/26/2008|08:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[06/26/2008|11:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[12/05/2008|01:42] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Adobe
[01/24/2009|07:16] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> AdobeUM
[07/11/2008|04:21] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Ahead
[06/26/2008|11:44] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> DAEMON Tools
[09/28/2008|01:38] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> fltk.org
[10/23/2008|12:54] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Google
[09/04/2008|03:14] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Help
[06/26/2008|11:20] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Identities
[06/26/2008|11:31] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> InstallShield
[11/15/2008|02:24] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> InstallShield Installation Information
[01/03/2009|01:51] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> LimeWire
[06/26/2008|11:49] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Macromedia
[11/02/2008|02:02] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Malwarebytes
[10/04/2008|05:20] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Media Player Classic
[01/23/2009|10:41] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Microsoft
[12/18/2008|05:06] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Mozilla
[07/12/2008|01:20] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> My Games
[06/27/2008|01:16] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> SecuROM
[10/01/2008|09:20] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Sun
[01/22/2009|07:58] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> uTorrent
[12/15/2008|09:18] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Ventrilo
[06/27/2008|11:57] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> vlc
[10/22/2008|10:15] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> WeGame
[06/27/2008|01:14] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> WinRAR
[12/03/2008|10:23] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Xilisoft Corporation
[12/12/2008|03:36] C:\DOCUME~1\HAWAIA~1\APPLIC~1\<DIR> Yahoo!

[09/30/2008|12:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe
[01/22/2009|12:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[07/01/2008|07:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Xfire
[09/30/2008|12:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Yahoo!

[01/22/2009|12:27] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/21/2009 10:33 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[01/24/2009 01:51 PM][--a------] C:\WINDOWS\tasks\PCConfidential.job
[01/18/2009 09:00 AM][--a------] C:\WINDOWS\tasks\rpc.job
[01/24/2009 01:51 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 07:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/14/2008|07:35] C:\Program Files\<DIR> Activision
[01/11/2009|06:44] C:\Program Files\<DIR> Adobe
[01/22/2009|06:34] C:\Program Files\<DIR> Alwil Software
[11/13/2008|12:17] C:\Program Files\<DIR> AVG
[11/23/2008|07:16] C:\Program Files\<DIR> Bethesda Softworks
[11/18/2008|06:51] C:\Program Files\<DIR> Black Isle
[09/04/2008|03:14] C:\Program Files\<DIR> CDisplay
[01/24/2009|10:29] C:\Program Files\<DIR> Common Files
[01/22/2009|05:58] C:\Program Files\<DIR> COMODO
[06/26/2008|11:47] C:\Program Files\<DIR> DAEMON Tools Lite
[08/10/2008|10:51] C:\Program Files\<DIR> directx
[12/14/2008|01:24] C:\Program Files\<DIR> Electronic Arts
[11/02/2008|11:43] C:\Program Files\<DIR> Eusing Free Registry Cleaner
[12/04/2008|02:27] C:\Program Files\<DIR> FREE Hi-Q Recorder
[06/27/2008|09:39] C:\Program Files\<DIR> Futuremark
[01/21/2009|02:18] C:\Program Files\<DIR> Garena
[10/23/2008|12:53] C:\Program Files\<DIR> Google
[12/12/2008|03:37] C:\Program Files\<DIR> InstallShield Installation Information
[06/26/2008|11:21] C:\Program Files\<DIR> Intel
[12/12/2008|02:53] C:\Program Files\<DIR> Internet Explorer
[10/10/2008|06:55] C:\Program Files\<DIR> Interplay
[09/29/2008|08:36] C:\Program Files\<DIR> Java
[10/04/2008|05:32] C:\Program Files\<DIR> K-Lite Codec Pack
[06/30/2008|11:38] C:\Program Files\<DIR> Lavalys
[01/21/2009|10:28] C:\Program Files\<DIR> Lavasoft
[11/01/2008|09:38] C:\Program Files\<DIR> lg_fwupdate
[09/29/2008|08:29] C:\Program Files\<DIR> LimeWire
[01/20/2009|08:23] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[11/01/2008|12:02] C:\Program Files\<DIR> Maxis
[09/26/2008|02:39] C:\Program Files\<DIR> Messenger
[06/27/2008|01:09] C:\Program Files\<DIR> Microsoft ActiveSync
[06/26/2008|11:15] C:\Program Files\<DIR> microsoft frontpage
[06/27/2008|01:08] C:\Program Files\<DIR> Microsoft Office
[06/27/2008|01:08] C:\Program Files\<DIR> Microsoft Visual Studio
[06/27/2008|01:08] C:\Program Files\<DIR> Microsoft Works
[06/27/2008|01:07] C:\Program Files\<DIR> Microsoft.NET
[06/27/2008|07:14] C:\Program Files\<DIR> Movie Maker
[01/24/2009|01:52] C:\Program Files\<DIR> Mozilla Firefox
[09/29/2008|04:05] C:\Program Files\<DIR> MSBuild
[06/26/2008|11:11] C:\Program Files\<DIR> MSN
[06/26/2008|11:12] C:\Program Files\<DIR> MSN Gaming Zone
[09/26/2008|02:38] C:\Program Files\<DIR> MSXML 4.0
[09/28/2008|04:54] C:\Program Files\<DIR> Neffy
[07/01/2008|01:23] C:\Program Files\<DIR> Nero
[06/27/2008|07:12] C:\Program Files\<DIR> NetMeeting
[06/26/2008|11:12] C:\Program Files\<DIR> Online Services
[06/27/2008|07:12] C:\Program Files\<DIR> Outlook Express
[01/11/2009|06:56] C:\Program Files\<DIR> Panda Security
[10/27/2008|09:17] C:\Program Files\<DIR> Pando Networks
[11/17/2008|10:16] C:\Program Files\<DIR> Pcsx2
[08/15/2008|08:05] C:\Program Files\<DIR> Pinnacle
[06/27/2008|01:32] C:\Program Files\<DIR> Prime95
[06/26/2008|11:22] C:\Program Files\<DIR> Realtek
[09/29/2008|04:04] C:\Program Files\<DIR> Reference Assemblies
[07/09/2008|12:06] C:\Program Files\<DIR> Saxton NCLEX-RN® 18e
[01/22/2009|05:40] C:\Program Files\<DIR> Security Task Manager
[01/22/2009|10:02] C:\Program Files\<DIR> SopCast
[01/20/2009|09:21] C:\Program Files\<DIR> Spybot - Search & Destroy
[01/22/2009|05:50] C:\Program Files\<DIR> SpywareBlaster
[11/13/2008|12:37] C:\Program Files\<DIR> The Witcher
[10/18/2008|09:14] C:\Program Files\<DIR> THQ
[11/01/2008|11:30] C:\Program Files\<DIR> Trend Micro
[06/26/2008|11:20] C:\Program Files\<DIR> Uninstall Information
[06/26/2008|11:35] C:\Program Files\<DIR> uTorrent
[12/15/2008|09:05] C:\Program Files\<DIR> Ventrilo
[06/27/2008|11:33] C:\Program Files\<DIR> VideoLAN
[11/24/2008|07:28] C:\Program Files\<DIR> Virtual Villagers The Secret City
[09/26/2008|06:59] C:\Program Files\<DIR> VS Revo Group
[01/21/2009|03:20] C:\Program Files\<DIR> Warcraft III
[12/12/2008|12:03] C:\Program Files\<DIR> Web Publish
[10/08/2008|02:24] C:\Program Files\<DIR> Windows Media Player
[06/27/2008|07:12] C:\Program Files\<DIR> Windows NT
[06/26/2008|11:14] C:\Program Files\<DIR> WindowsUpdate
[06/27/2008|11:25] C:\Program Files\<DIR> WinRAR
[06/26/2008|11:15] C:\Program Files\<DIR> xerox
[12/03/2008|10:22] C:\Program Files\<DIR> Xilisoft
[12/12/2008|03:36] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[12/02/2008|12:08] C:\Program Files\Common Files\<DIR> Adobe
[12/02/2008|12:06] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[07/01/2008|01:25] C:\Program Files\Common Files\<DIR> Ahead
[06/27/2008|01:08] C:\Program Files\Common Files\<DIR> DESIGNER
[09/28/2008|08:08] C:\Program Files\Common Files\<DIR> DirectX
[09/27/2008|12:16] C:\Program Files\Common Files\<DIR> INCA Shared
[11/14/2008|07:34] C:\Program Files\Common Files\<DIR> InstallShield
[09/29/2008|08:31] C:\Program Files\Common Files\<DIR> Java
[06/27/2008|01:09] C:\Program Files\Common Files\<DIR> L&H
[07/01/2008|01:27] C:\Program Files\Common Files\<DIR> LightScribe
[06/27/2008|01:09] C:\Program Files\Common Files\<DIR> Microsoft Shared
[06/26/2008|11:13] C:\Program Files\Common Files\<DIR> MSSoap
[06/27/2008|06:57] C:\Program Files\Common Files\<DIR> ODBC
[06/26/2008|11:13] C:\Program Files\Common Files\<DIR> Services
[06/27/2008|06:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[06/27/2008|01:08] C:\Program Files\Common Files\<DIR> System
[12/15/2008|09:05] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Love Remote Sign]
"DisplayName "= "CiD Help "
"UninstallString "= "C:\\DOCUME~1\\HAWAIA~1\\APPLIC~1\\BODYSP~1\\Default Vga.exe -uninstall "

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 13:59:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\Call.Of.Duty.4.Modern.Warfare.(v1.5).Single.&.Multiplayer.Crack.Incl.KeyGen-XiNiTHAOUS.rar.torrent
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\crysis crack.zip.torrent
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\Crysis.Win32.Razor1911.Crack.Only.torrent
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK.torrent
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\rld-ra3cCRACKFIXcampaign.rar.torrent
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\Virtual villagers 3 + Crack.torrent
C:\DOCUME~1\HAWAIA~1\Favorites\GTA.IV.Crack.Securom.Bypass.Launcher.UBER-PROPER-FeD0R.Neo-REPAC (download torrent) - TPB.url
C:\DOCUME~1\HAWAIA~1\My Documents\LimeWire\Incomplete\5OQIUABUTN4KWQXYGGG5IU2LMMJ2BHQQ\The Elder Scrolls III - Morrowind - Yahaa\No-Cd Crack
C:\DOCUME~1\HAWAIA~1\My Documents\LimeWire\Incomplete\5OQIUABUTN4KWQXYGGG5IU2LMMJ2BHQQ\The Elder Scrolls III - Morrowind - Yahaa\No-Cd Crack\deviance.nfo
C:\DOCUME~1\HAWAIA~1\My Documents\LimeWire\Incomplete\5OQIUABUTN4KWQXYGGG5IU2LMMJ2BHQQ\The Elder Scrolls III - Morrowind - Yahaa\No-Cd Crack\Morrowind.exe


[F:4][D:0]-> C:\DOCUME~1\HAWAIA~1\Cookies
[F:2][D:0]-> C:\DOCUME~1\HAWAIA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sat 01/24/2009|10:22 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sat 01/24/2009|14:00 - Option : [1]

--------------------\\ Scan completed at 14:00:13

 

We do not approve of hacked, cracked or otherwise stolen programs, before we can continue you need to delete/remove any and all such programs. I again appeal to your duty as an educator ..... to be a good role model. The list of what I know of is below.

C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\Call.Of.Duty.4.Modern.Warfare.(v1.5).Single.&.Multiplayer.Cra ck.Incl.KeyGen-XiNiTHAOUS.rar.torrent
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\crysis crack.zip.torrent
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\Crysis.Win32.Razor1911.Crack.Only.torrent
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK.torrent
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\rld-ra3cCRACKFIXcampaign.rar.torrent
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent\Virtual villagers 3 + Crack.torrent
C:\DOCUME~1\HAWAIA~1\Favorites\GTA.IV.Crack.Securom.Bypass.Launcher.UBER-PROPER-FeD0R.Neo-REPAC (download torrent) - TPB.url
C:\DOCUME~1\HAWAIA~1\My Documents\LimeWire\Incomplete\5OQIUABUTN4KWQXYGGG5IU2LMMJ2BHQQ\The Elder Scrolls III - Morrowind - Yahaa

 

I have deleted those things already. I wonder why they are still there. I just removed the utorrent folder instead. They seem to be connected there

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\DOCUME~1\HAWAIA~1\Favorites\GTA.IV.Crack.Securom.Bypass.Launcher.UBER-PROPER-FeD0R.Neo-REPAC (download torrent) - TPB.url
c:\windows\Tasks\rpc.job
Folder::
C:\DOCUME~1\HAWAIA~1\Application Data\uTorrent
C:\DOCUME~1\HAWAIA~1\My Documents\LimeWire
C:\DOCUME~1\HAWAIA~1\APPLIC~1\LimeWire
Registry::
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Love Remote Sign]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pmgfp]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
 "c:\\Program Files\\uTorrent\\uTorrent.exe "=-
 "c:\\Program Files\\LimeWire\\LimeWire.exe "=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
 "9351:TCP "=-
 "9351:UDP "=-
 "2056:TCP "=-
Driver::
pmgfp
XDva208

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.