Inactive [InActive] Hotmail account hacked

Hello, it seems that someone obtained my login and password for my hotmail account, and used it to send an unlettered email to my entire contact list, advertising electronics products. (killer marketing campaign!)

My entire contact list was also deleted. I've since changed my password - but I'm wondering how this happened in the first place. Do you think there might be some sort of spyware on my computer?

Best regards,
Alex


Here are the requested logs:



DDS (Ver_09-03-16.01) - NTFSx86
Run by Alex1 at 17:28:58.29 on Thu 04/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2704 [GMT 10:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS.0\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\SOUNDMAN.EXE
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\WINDOWS.0\system32\hdsp32.exe
C:\WINDOWS.0\system32\hdspmix.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
I:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows.0\system32\dvmurl.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows.0\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe "
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ICQ] "c:\program files\icq6.5\ICQ.exe" silent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GEST] =
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows.0\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows.0\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDSPTray1] hdsp32.exe
mRun: [HDSPTray2] hdspmix.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\alex1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alex1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows.0\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex1\applic~1\mozilla\firefox\profiles\kjgq3wad.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

============= SERVICES / DRIVERS ===============

R0 sfdrv02;FrontLine Environment Driver (v2);c:\windows.0\system32\drivers\sfdrv02.sys [2006-9-11 67960]
R0 sfsync05;FrontLine Synchronization Driver (v5);c:\windows.0\system32\drivers\sfsync05.sys [2006-8-12 59776]
R1 Asapi;Asapi;c:\windows.0\system32\drivers\asapi.sys [2009-3-15 11264]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-2-12 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-2-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-2-12 151297]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-2-12 52032]
R3 hdsp;RME Hammerfall Audio Device;c:\windows.0\system32\drivers\hdsp.sys [2008-10-14 42624]
R3 Powercore;PowerCore;c:\windows.0\system32\drivers\PCore.sys [2008-10-16 76800]
R3 SynasUSB;SynasUSB;c:\windows.0\system32\drivers\synasUSB.sys [2009-1-14 23288]
R3 USBMM2X2;Midiman USB MidiSport 2x2 Midi Driver;c:\windows.0\system32\drivers\usbmm2x2.sys [2009-1-14 32508]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows.0\system32\sfrem02.exe svc --> c:\windows.0\system32\sfrem02.exe svc [?]
S3 USB22LDR;Midiman USB MidiSport 2x2 Loader;c:\windows.0\system32\drivers\usb22ldr.sys [2009-1-14 16508]

=============== Created Last 30 ================

2009-04-16 12:28 <DIR> --d----- c:\program files\Trend Micro
2009-04-16 01:07 2,560 -------- c:\windows.0\system32\xpsp4res.dll
2009-03-30 22:16 <DIR> --d----- c:\program files\Yahoo!
2009-03-29 19:02 <DIR> --d----- c:\program files\Antares Audio Technologies

==================== Find3M ====================

2009-03-09 04:19 410,984 a------- c:\windows.0\system32\deploytk.dll
2009-03-07 00:22 284,160 a------- c:\windows.0\system32\pdh.dll
2009-03-03 10:18 826,368 a------- c:\windows.0\system32\wininet.dll
2009-02-21 19:11 49,608 a------- c:\windows.0\War3Unin.dat
2009-02-21 04:09 78,336 a------- c:\windows.0\system32\ieencode.dll
2009-02-12 17:54 139,264 a------- c:\windows.0\War3Unin.exe
2009-02-12 17:54 2,829 a------- c:\windows.0\War3Unin.pif
2009-02-09 22:10 729,088 a------- c:\windows.0\system32\lsasrv.dll
2009-02-09 22:10 714,752 a------- c:\windows.0\system32\ntdll.dll
2009-02-09 22:10 617,472 a------- c:\windows.0\system32\advapi32.dll
2009-02-09 22:10 401,408 a------- c:\windows.0\system32\rpcss.dll
2009-02-09 21:13 1,846,784 a------- c:\windows.0\system32\win32k.sys
2009-02-06 21:11 110,592 a------- c:\windows.0\system32\services.exe
2009-02-06 21:06 2,145,280 a------- c:\windows.0\system32\ntoskrnl.exe
2009-02-06 20:39 35,328 a------- c:\windows.0\system32\sc.exe
2009-02-06 20:32 2,023,936 a------- c:\windows.0\system32\ntkrnlpa.exe
2009-02-06 17:52 49,504 a------- c:\windows.0\system32\sirenacm.dll
2009-02-04 05:59 56,832 a------- c:\windows.0\system32\secur32.dll
2009-01-28 00:08 413,696 a------- c:\windows.0\system32\wrap_oal.dll
2009-01-28 00:08 86,016 a------- c:\windows.0\system32\OpenAL32.dll
2009-01-23 12:20 184,320 a------- c:\windows.0\system32\nvStInst.exe
2009-01-23 12:20 81,920 a------- c:\windows.0\system32\nvStereoApiI.dll
2009-01-23 12:20 49,152 a------- c:\windows.0\system32\stereoi.dll
2009-01-23 12:19 3,653,632 a------- c:\windows.0\system32\nvstres.dll
2009-01-23 12:19 1,593,344 a------- c:\windows.0\system32\nvsttest.exe
2009-01-23 12:19 421,888 a------- c:\windows.0\system32\nvstview.exe
2009-01-23 12:19 385,024 a------- c:\windows.0\system32\nvimage.dll
2009-01-23 12:19 167,936 a------- c:\windows.0\system32\nvSCPAPISvr.exe
2009-01-23 12:19 118,784 a------- c:\windows.0\system32\nvSCPAPI.dll
2009-01-23 12:19 106,496 a------- c:\windows.0\system32\nvstreg.exe
2009-01-23 12:19 92,160 a------- c:\windows.0\system32\nvSCPAPI64.dll
2009-01-23 12:19 20,861 a------- c:\windows.0\system32\oglstreg.reg
2009-01-23 12:19 1,656 a------- c:\windows.0\system32\nvstdef.reg

============= FINISH: 17:29:11.34 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/10/2009 5:44:34 PM
System Uptime: 4/16/2009 3:48:30 AM (14 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP45-EXTREME
Processor: Intel Pentium III Xeon processor | Socket 775 | 2833/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 94.997 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 2.42 GiB free.
E: is FIXED (NTFS) - 699 GiB total, 446.659 GiB free.
F: is FIXED (NTFS) - 112 GiB total, 1.677 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is FIXED (NTFS) - 233 GiB total, 0.091 GiB free.
J: is CDROM ()
L: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&33BA0C0F&0&00E4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC #2
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&33BA0C0F&0&00E4
Service: RTLE8023xp

==== System Restore Points ===================

RP25: 1/16/2009 6:08:00 PM - Installed QuickTime
RP26: 1/16/2009 8:05:01 PM - Removed QuickTime
RP27: 1/16/2009 8:29:26 PM - Unsigned driver install
RP28: 1/17/2009 8:09:10 AM - Avg8 Update
RP29: 1/17/2009 2:19:42 PM - Installed Java(TM) 6 Update 11
RP30: 1/17/2009 2:30:47 PM - Unsigned driver install
RP31: 1/18/2009 5:20:18 PM - System Checkpoint
RP32: 1/19/2009 8:54:33 PM - System Checkpoint
RP33: 1/22/2009 8:40:12 PM - System Checkpoint
RP34: 1/23/2009 7:27:08 PM - Installed Windows Media Player 11
RP35: 1/23/2009 7:27:29 PM - Installed Windows XP Wudf01000.
RP36: 1/23/2009 7:28:37 PM - Installed Windows XP MSCompPackV1.
RP37: 1/23/2009 8:20:55 PM - Software Distribution Service 3.0
RP38: 1/24/2009 4:00:57 PM - Software Distribution Service 3.0
RP39: 1/25/2009 8:27:39 PM - System Checkpoint
RP40: 1/26/2009 2:12:36 PM - Unsigned driver install
RP41: 1/27/2009 12:43:05 PM - Installed QuickTime
RP42: 1/27/2009 3:23:32 PM - Removed QuickTime
RP43: 1/27/2009 10:40:53 PM - Removed AVG Free 8.0
RP44: 1/27/2009 10:41:35 PM - Installed AVG Free 8.0
RP45: 1/28/2009 12:36:25 AM - Installed VDMSound 2.0.4
RP46: 1/28/2009 1:07:51 AM - Installed DirectX
RP47: 1/28/2009 8:29:11 AM - Unsigned driver install
RP48: 1/29/2009 7:10:45 PM - System Checkpoint
RP49: 1/30/2009 8:42:42 PM - System Checkpoint
RP50: 1/31/2009 5:04:25 PM - Installed DirectX
RP51: 2/1/2009 6:02:54 PM - System Checkpoint
RP52: 2/2/2009 6:35:11 PM - System Checkpoint
RP53: 2/4/2009 1:04:30 AM - System Checkpoint
RP54: 2/5/2009 2:19:58 AM - Installed DirectX
RP55: 2/6/2009 3:12:39 AM - System Checkpoint
RP56: 2/6/2009 11:36:39 PM - Unsigned driver install
RP57: 2/8/2009 2:01:06 AM - System Checkpoint
RP58: 2/8/2009 10:09:18 AM - Unsigned driver install
RP59: 2/9/2009 2:18:29 PM - System Checkpoint
RP60: 2/9/2009 11:54:56 PM - Installed QuickTime
RP61: 2/11/2009 1:25:38 PM - System Checkpoint
RP62: 2/12/2009 2:05:42 PM - System Checkpoint
RP63: 2/12/2009 9:30:19 PM - Avira AntiVir Personal - 2/12/2009 21:30
RP64: 2/13/2009 3:00:13 AM - Software Distribution Service 3.0
RP65: 2/14/2009 3:00:13 AM - Software Distribution Service 3.0
RP66: 2/15/2009 10:38:47 AM - System Checkpoint
RP67: 2/16/2009 11:23:18 AM - System Checkpoint
RP68: 2/17/2009 12:56:01 PM - System Checkpoint
RP69: 2/18/2009 12:36:26 PM - Installed AmpliTube2
RP70: 2/19/2009 1:27:33 PM - System Checkpoint
RP71: 2/20/2009 3:05:51 PM - System Checkpoint
RP72: 2/21/2009 4:21:20 PM - System Checkpoint
RP73: 2/22/2009 4:21:56 PM - System Checkpoint
RP74: 2/23/2009 7:15:47 PM - System Checkpoint
RP75: 2/24/2009 7:25:12 PM - System Checkpoint
RP76: 2/25/2009 8:04:05 PM - System Checkpoint
RP77: 2/26/2009 3:00:13 AM - Software Distribution Service 3.0
RP78: 2/26/2009 3:07:19 PM - Installed Melodyne 3.1
RP79: 2/26/2009 3:47:14 PM - Removed Melodyne 3.1
RP80: 2/26/2009 3:49:04 PM - Installed Melodyne 3.2
RP81: 2/27/2009 11:27:00 AM - Installed Java(TM) 6 Update 7
RP82: 2/27/2009 11:27:35 AM - Installed OpenOffice.org 3.0
RP83: 2/28/2009 3:55:42 PM - System Checkpoint
RP84: 3/2/2009 3:14:41 PM - System Checkpoint
RP85: 3/3/2009 4:41:10 PM - System Checkpoint
RP86: 3/4/2009 7:16:32 PM - System Checkpoint
RP87: 3/5/2009 11:12:07 PM - System Checkpoint
RP88: 3/7/2009 1:51:44 PM - System Checkpoint
RP89: 3/8/2009 6:51:40 PM - System Checkpoint
RP90: 3/9/2009 8:33:45 PM - System Checkpoint
RP91: 3/11/2009 10:42:14 AM - System Checkpoint
RP92: 3/12/2009 3:00:13 AM - Software Distribution Service 3.0
RP93: 3/13/2009 10:11:21 AM - System Checkpoint
RP94: 3/15/2009 9:15:51 AM -
RP95: 3/15/2009 9:17:22 AM - Unsigned driver install
RP96: 3/15/2009 9:47:37 AM - Removed Java(TM) 6 Update 11
RP97: 3/15/2009 9:48:01 AM - Installed Java(TM) 6 Update 12
RP98: 3/16/2009 10:25:15 AM - System Checkpoint
RP99: 3/17/2009 1:17:59 PM - System Checkpoint
RP100: 3/18/2009 6:28:42 PM - System Checkpoint
RP101: 3/19/2009 8:07:35 PM - System Checkpoint
RP102: 3/20/2009 10:52:35 PM - System Checkpoint
RP103: 3/22/2009 3:00:14 AM - Software Distribution Service 3.0
RP104: 3/23/2009 8:49:08 PM - System Checkpoint
RP105: 3/24/2009 10:55:48 PM - System Checkpoint
RP106: 3/26/2009 2:25:38 PM - System Checkpoint
RP107: 3/27/2009 3:05:48 PM - System Checkpoint
RP108: 3/29/2009 8:23:34 PM - System Checkpoint
RP109: 3/30/2009 8:47:26 PM - System Checkpoint
RP110: 4/1/2009 12:50:56 PM - System Checkpoint
RP111: 4/1/2009 1:12:00 PM - Installed Java(TM) 6 Update 13
RP112: 4/2/2009 1:37:54 PM - System Checkpoint
RP113: 4/3/2009 1:38:52 PM - System Checkpoint
RP114: 4/4/2009 1:39:48 PM - System Checkpoint
RP115: 4/5/2009 6:37:42 PM - System Checkpoint
RP116: 4/6/2009 6:42:28 PM - System Checkpoint
RP117: 4/7/2009 7:34:32 PM - System Checkpoint
RP118: 4/8/2009 10:11:08 PM - System Checkpoint
RP119: 4/9/2009 10:22:14 PM - System Checkpoint
RP120: 4/11/2009 11:53:34 AM - System Checkpoint
RP121: 4/12/2009 12:22:10 PM - System Checkpoint
RP122: 4/13/2009 3:53:38 PM - System Checkpoint
RP123: 4/14/2009 11:08:13 PM - System Checkpoint
RP124: 4/16/2009 3:00:15 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
AmpliTube2
Antares Autotune VST RTAS TDM v5.08
AoA Audio Extractor 1.0
Apple Software Update
ArmA Uninstall
Art Vista Virtual Grand Piano
ASAPI Update
AudioEase Altiverb VST RTAS v6.10
Avira AntiVir Personal - Free Antivirus
BitTorrent
Browser Configuration Utility
Bullzip PDF Printer 6.0.0.702
CDisplay 1.8
Chicken Systems Translator v2.9.1.5
Choice Guard
Critical Update for Windows Media Player 11 (KB959772)
DNA
East West Orchestra 1 - Strings
EZdrummer
FileZilla Client 3.2.2.1
Foxit Reader
GoldWave v5.08
GPL Ghostscript Lite 8.63
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InfraRecorder
iZotope Vinyl
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Junk Mail filter update
K-Lite Codec Pack 4.1.7 (Full)
Melodyne 3.1
Melodyne 3.2
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.8)
Mpeg Layer3 Codec FHG-Radium v1.263
MSVCRT
N.I. Guitar Rig v2.0.2
Native Instruments B4 v2.0.0.7
Native Instruments Kontakt 2
NVIDIA Drivers
NVIDIA PhysX v8.10.13
NVIDIA Windows Vista Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.0
PeaZip 2.4.1
QuickTime
Real Alternative 1.9.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RME Hammerfall DSP
Sample Logic Ambience Impacts Rhythms
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Sibelius v3.1
Steinberg WaveLab 5.01a
Syncrosoft's License Control
Syncrosoft License Control
System Requirements Lab
TmNationsForever
Unix Utilities for Yahoo! Widgets
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VDMSound 2.0.4
VSS3 Stereo Source Reverb
Warcraft III: All Products
Waves Diamond Bundle v5.0
Waves IR1 v5.0
Waves L3 Multimaximizer v1.0
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Install Manager
Yahoo! Widgets

==== End Of File ===========================

 

Hi an welcome

As far as seeing anything malicious, no.

I did see a couple of folders for AVG?....we need to make sure you have only 1 antivirus on the machine or it will hinder scans or fixes we attempt.



Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Hi, I downloaded combofix.exe, renamed it like you said, and ran it (after disabling antivir) - after an initial loading bar appeared briefly, it has since just sat on this blue dos window in windows, and doesn't seem to have done anything. It's been several hours since I ran it.

 

OK

Let's start over.

Locate the Combofix icon on your desktop > right click and select delete.

Download Combofix from any of the links below. Save it to your desktop.

Link 1
Link 2
Link 3


Follow the same instructions as before and post the log from the updated copy.

 

Ok - thank you, that worked this time! Here's the log:

ComboFix 09-04-19.01 - Alex1 04/19/2009 9:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2600 [GMT 10:00]
Running from: c:\documents and settings\Alex1\Desktop\Combo-Fix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows.0\system32\msvcsv60.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.

2009-04-16 02:28 . 2009-04-16 02:28 -------- d-----w c:\program files\Trend Micro
2009-04-15 15:07 . 2008-05-03 11:55 2560 ------w c:\windows.0\system32\xpsp4res.dll
2009-03-30 12:19 . 2009-03-30 12:19 -------- d-----w c:\documents and settings\Alex1\Local Settings\Application Data\Yahoo
2009-03-30 12:16 . 2009-03-30 12:19 -------- d-----w c:\program files\Yahoo!
2009-03-29 09:02 . 2009-03-29 09:02 -------- d-----w c:\program files\Antares Audio Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 23:20 . 2009-01-14 09:13 -------- d-----w c:\documents and settings\Alex1\Application Data\DNA
2009-04-17 06:16 . 2009-01-14 09:14 -------- d-----w c:\documents and settings\Alex1\Application Data\BitTorrent
2009-04-15 17:50 . 2008-10-20 23:03 -------- d-----w c:\program files\DNA
2009-04-05 15:32 . 2009-03-04 12:51 -------- d-----w c:\documents and settings\Alex1\Application Data\U3
2009-04-01 02:12 . 2009-01-17 03:19 -------- d-----w c:\program files\Java
2009-03-29 09:02 . 2008-10-21 10:56 -------- d-----w c:\program files\VstPlugins
2009-03-27 00:52 . 2008-12-03 23:58 -------- d-----w c:\program files\Translator
2009-03-26 03:43 . 2009-01-24 14:08 -------- d-----w c:\program files\PeaZip
2009-03-15 14:09 . 2008-10-23 22:48 -------- d-----w c:\program files\Real Alternative
2009-03-14 22:16 . 2008-10-31 15:52 -------- d-----w c:\program files\Steinberg
2009-03-14 22:16 . 2008-10-17 16:46 -------- d-----w c:\program files\Syncrosoft
2009-03-14 22:04 . 2009-03-14 22:04 -------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Pinnacle
2009-03-08 18:19 . 2009-01-17 03:19 410984 ----a-w c:\windows.0\system32\deploytk.dll
2009-03-06 14:22 . 2008-04-14 04:42 284160 ----a-w c:\windows.0\system32\pdh.dll
2009-03-03 22:37 . 2009-02-10 05:53 -------- d-----w c:\documents and settings\Alex1\Application Data\FileZilla
2009-03-03 22:26 . 2008-10-19 09:07 -------- d-----w c:\program files\FileZilla FTP Client
2009-03-03 09:47 . 2009-03-03 08:37 -------- d-----w c:\documents and settings\Alex1\Application Data\InfraRecorder
2009-03-03 08:36 . 2008-10-21 16:15 -------- d-----w c:\program files\InfraRecorder
2009-03-03 00:18 . 2008-04-14 04:42 826368 ----a-w c:\windows.0\system32\wininet.dll
2009-03-02 22:13 . 2009-01-10 07:37 22208 ----a-w c:\documents and settings\Alex1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-27 00:29 . 2009-02-27 00:29 -------- d-----w c:\documents and settings\Alex1\Application Data\OpenOffice.org
2009-02-27 00:27 . 2009-02-27 00:27 -------- d-----w c:\program files\JRE
2009-02-27 00:27 . 2009-02-27 00:27 -------- d-----w c:\program files\OpenOffice.org 3
2009-02-27 00:27 . 2009-02-27 00:27 -------- d-----w c:\program files\Common Files\Java
2009-02-26 04:50 . 2009-02-26 04:50 -------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\Celemony Software GmbH
2009-02-26 04:49 . 2008-10-27 15:08 -------- d-----w c:\program files\Celemony
2009-02-26 00:42 . 2009-02-26 00:42 -------- d-----w c:\program files\AoA Audio Extractor
2009-02-23 23:53 . 2009-02-23 23:53 -------- d-----w c:\program files\CDisplay
2009-02-23 04:52 . 2009-01-31 10:48 -------- d-----w c:\documents and settings\All Users.WINDOWS.0\Application Data\TrackMania
2009-02-21 09:11 . 2009-02-12 07:49 49608 ----a-w c:\windows.0\War3Unin.dat
2009-02-20 18:09 . 2008-04-14 04:41 78336 ----a-w c:\windows.0\system32\ieencode.dll
2009-02-20 00:27 . 2009-02-20 00:27 -------- d-----w c:\documents and settings\Alex1\Application Data\Bullzip
2009-02-19 00:10 . 2009-02-19 00:10 -------- d-----w c:\program files\iZotope
2009-02-19 00:10 . 2009-02-19 00:10 -------- d-----w c:\program files\Common Files\iZotope
2009-02-18 01:36 . 2008-10-17 15:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 01:36 . 2009-02-18 01:36 -------- d-----w c:\program files\IK Multimedia
2009-02-12 07:54 . 2009-02-12 07:49 2829 ----a-w c:\windows.0\War3Unin.pif
2009-02-12 07:54 . 2009-02-12 07:49 139264 ----a-w c:\windows.0\War3Unin.exe
2009-02-09 12:10 . 2008-04-14 04:41 729088 ----a-w c:\windows.0\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 04:42 401408 ----a-w c:\windows.0\system32\rpcss.dll
2009-02-09 12:10 . 2008-04-14 04:41 617472 ----a-w c:\windows.0\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 04:41 714752 ----a-w c:\windows.0\system32\ntdll.dll
2009-02-09 11:13 . 2008-04-14 00:00 1846784 ----a-w c:\windows.0\system32\win32k.sys
2009-02-06 11:11 . 2008-04-14 04:42 110592 ----a-w c:\windows.0\system32\services.exe
2009-02-06 11:06 . 2008-04-13 23:54 2145280 ----a-w c:\windows.0\system32\ntoskrnl.exe
2009-02-06 10:39 . 2001-08-23 11:00 35328 ----a-w c:\windows.0\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w c:\windows.0\system32\ntkrnlpa.exe
2009-02-06 07:52 . 2009-02-06 07:52 49504 ----a-w c:\windows.0\system32\sirenacm.dll
2009-02-03 19:59 . 2008-04-14 04:42 56832 ----a-w c:\windows.0\system32\secur32.dll
2009-01-27 14:08 . 2009-01-27 14:08 86016 ----a-w c:\windows.0\system32\OpenAL32.dll
2009-01-27 14:08 . 2009-01-27 14:08 413696 ----a-w c:\windows.0\system32\wrap_oal.dll
2009-01-23 02:20 . 2009-01-23 02:20 81920 ----a-w c:\windows.0\system32\nvStereoApiI.dll
2009-01-23 02:20 . 2009-01-23 02:20 49152 ----a-w c:\windows.0\system32\stereoi.dll
2009-01-23 02:20 . 2009-01-23 02:20 184320 ----a-w c:\windows.0\system32\nvStInst.exe
2009-01-23 02:19 . 2009-01-23 02:19 92160 ----a-w c:\windows.0\system32\nvSCPAPI64.dll
2009-01-23 02:19 . 2009-01-23 02:19 421888 ----a-w c:\windows.0\system32\nvstview.exe
2009-01-23 02:19 . 2009-01-23 02:19 385024 ----a-w c:\windows.0\system32\nvimage.dll
2009-01-23 02:19 . 2009-01-23 02:19 3653632 ----a-w c:\windows.0\system32\nvstres.dll
2009-01-23 02:19 . 2009-01-23 02:19 20861 ----a-w c:\windows.0\system32\oglstreg.reg
2009-01-23 02:19 . 2009-01-23 02:19 167936 ----a-w c:\windows.0\system32\nvSCPAPISvr.exe
2009-01-23 02:19 . 2009-01-23 02:19 1656 ----a-w c:\windows.0\system32\nvstdef.reg
2009-01-23 02:19 . 2009-01-23 02:19 1593344 ----a-w c:\windows.0\system32\nvsttest.exe
2009-01-23 02:19 . 2009-01-23 02:19 118784 ----a-w c:\windows.0\system32\nvSCPAPI.dll
2009-01-23 02:19 . 2009-01-23 02:19 106496 ----a-w c:\windows.0\system32\nvstreg.exe
2008-11-19 23:24 . 2008-10-25 17:24 17136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows.0\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"BitTorrent DNA "= "c:\program files\DNA\btdna.exe" [2009-01-14 342848]
"DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST "= "=" [X]
"NvCplDaemon "= "c:\windows.0\system32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter "= "c:\windows.0\system32\NvMcTray.dll" [2008-12-25 86016]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"RTHDCPL "= "RTHDCPL.EXE" - c:\windows.0\RTHDCPL.exe [2008-06-27 16875008]
"SoundMan "= "SOUNDMAN.EXE" - c:\windows.0\SoundMan.exe [2008-06-18 77824]
"AlcWzrd "= "ALCWZRD.EXE" - c:\windows.0\alcwzrd.exe [2008-06-19 2808832]
"nwiz "= "nwiz.exe" - c:\windows.0\system32\nwiz.exe [2008-12-25 1657376]
"HDSPTray1 "= "hdsp32.exe" - c:\windows.0\system32\hdsp32.exe [2005-07-28 389120]
"HDSPTray2 "= "hdspmix.exe" - c:\windows.0\system32\hdspmix.exe [2005-11-24 303104]

c:\documents and settings\Alex1\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1 "= hdspmme.dll
"midi1 "= hdspmme.dll
"midi2 "= usbmn2x2.dll
"midi3 "= usbmn2x2.dll
"midi4 "= usbmn2x2.dll
"midi5 "= usbmn2x2.dll
"midi6 "= usbmn2x2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\DNA\\btdna.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"e:\\Games\\Steam\\Steam.exe "=
"i:\\Games\\gta2\\gta2.exe "=
"c:\\WINDOWS.0\\system32\\dplaysvr.exe "=
"e:\\Games\\Unreal\\System\\Unreal.exe "=
"i:\\Games\\arma\\arma.exe "=
"i:\\Games\\TmNationsForever\\TmForever.exe "=
"i:\\Games\\rainbow prick\\Binaries\\R6Vegas_Game.exe "=
"e:\\Games\\Warcraft III\\Warcraft III.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\WINDOWS.0\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"e:\\Games\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe "=

R2 sfrem02;FrontLine Drivers Auto Removal (v2); [x]
R3 USB22LDR;Midiman USB MidiSport 2x2 Loader;c:\windows.0\system32\drivers\usb22ldr.sys [2002-06-10 16508]
S0 sfdrv02;FrontLine Environment Driver (v2);c:\windows.0\system32\drivers\sfdrv02.sys [2006-09-11 67960]
S0 sfsync05;FrontLine Synchronization Driver (v5);c:\windows.0\system32\drivers\sfsync05.sys [2006-08-11 59776]
S1 Asapi;Asapi; [x]
S3 hdsp;RME Hammerfall Audio Device;c:\windows.0\system32\DRIVERS\hdsp.sys [2005-09-15 42624]
S3 Powercore;Powercore;c:\windows.0\system32\DRIVERS\PCore.sys [2006-02-21 76800]
S3 SynasUSB;SynasUSB;c:\windows.0\system32\drivers\SynasUSB.sys [2007-10-24 23288]
S3 USBMM2X2;Midiman USB MidiSport 2x2 Midi Driver;c:\windows.0\system32\drivers\usbmm2x2.sys [2002-06-10 32508]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d7a4598-1221-11de-b8a1-001fd026467e}]
\Shell\AutoRun\command - m:\wd_windows_tools\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff856906-0851-11de-b895-001fd026467e}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff856908-0851-11de-b895-001fd026467e}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
Notify-AtiExtEvent - (no file)


.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Alex1\Application Data\Mozilla\Firefox\Profiles\kjgq3wad.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 09:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"cd042efbbd7f7af1647644e76e06692b "=hex:c8,28,51,af,b0,29,a3,98,9f,93,5d,66,a6,
de,05,45,e2,63,26,f1,3f,c8,ff,68,9b,e7,e6,df,dd,ac,27,60,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"bca643cdc5c2726b20d2ecedcc62c59b "=hex:6a,9c,d6,61,af,45,84,18,fe,6a,e8,7f,40,
78,8b,f5,6a,9c,d6,61,af,45,84,18,61,80,96,87,61,3e,fb,01,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"2c81e34222e8052573023a60d06dd016 "=hex:25,da,ec,7e,55,20,c9,26,33,d5,87,80,52,
f5,88,a1,ff,7c,85,e0,43,d4,0e,fe,3c,b3,02,3e,af,03,aa,aa,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"2582ae41fb52324423be06337561aa48 "=hex:3e,1e,9e,e0,57,5a,93,61,82,db,70,9a,e9,
a4,ca,1b,86,8c,21,01,be,91,eb,e7,6c,a6,5f,d3,1d,9e,32,59,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"caaeda5fd7a9ed7697d9686d4b818472 "=hex:cd,44,cd,b9,a6,33,6c,cd,eb,9f,59,36,b0,
54,de,0d,f5,1d,4d,73,a8,13,5c,05,05,5c,ff,12,1c,3b,49,6c,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"a4a1bcf2cc2b8bc3716b74b2b4522f5d "=hex:50,93,e5,ab,ec,6a,4e,ab,51,d2,12,6a,a8,
3f,16,b5,df,20,58,62,78,6b,cf,c8,e6,46,b4,49,26,83,bd,d4,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"4d370831d2c43cd13623e232fed27b7b "=hex:97,20,4e,9a,c7,f1,35,ee,58,6c,91,15,09,
5c,d1,55,fb,a7,78,e6,12,2f,9a,ea,c8,d3,2e,93,47,08,f5,be,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"1d68fe701cdea33e477eb204b76f993d "=hex:83,6c,56,8b,a0,85,96,ab,2a,a9,48,f4,d3,
a2,7a,d3,01,3a,48,fc,e8,04,4a,f1,f8,8a,67,38,ad,1b,2c,22,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"1fac81b91d8e3c5aa4b0a51804d844a3 "=hex:51,fa,6e,91,28,9e,14,cc,87,91,80,1e,b6,
47,84,be,f6,0f,4e,58,98,5b,89,c9,4c,e5,9c,e1,48,c2,3d,0f,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"f5f62a6129303efb32fbe080bb27835b "=hex:b1,cd,45,5a,a8,c4,f8,b9,1f,79,83,1c,63,
d5,57,e8,3d,ce,ea,26,2d,45,aa,78,6a,dd,66,80,11,35,5b,1a,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"fd4e2e1a3940b94dceb5a6a021f2e3c6 "=hex:e3,0e,66,d5,eb,bc,2f,6b,eb,7e,23,6b,3a,
85,fc,4f,2a,b7,cc,b5,b9,7f,41,e7,fa,37,c6,8e,fb,7a,ac,1b,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS.0\\system32\\OLE32.DLL "
"8a8aec57dd6508a385616fbc86791ec2 "=hex:6c,43,2d,1e,aa,22,2f,9c,af,52,75,40,e1,
7c,cb,81,6c,43,2d,1e,aa,22,2f,9c,7c,43,76,7d,db,c4,f3,4a,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows.0\system32\hdspmme.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows.0\system32\hdspmme.dll
.
Completion time: 2009-04-18 9:27
ComboFix-quarantined-files.txt 2009-04-18 23:27

Pre-Run: 102,072,905,728 bytes free
Post-Run: 105,106,403,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

256 --- E O F --- 2009-04-15 17:02

 

And here is the latest hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:10 AM, on 4/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\system32\hdsp32.exe
C:\WINDOWS.0\system32\hdspmix.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
E:\Games\Steam\Steam.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS.0\system32\notepad.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS.0\system32\dvmurl.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS.0\system32\sfrem02.exe

--
End of file - 5763 bytes

 

Welcome back


Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
Kaspersky log
New HJT log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.

 

Hi, thanks for all the help!

Looks like the virus scan was clean:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, April 19, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, April 19, 2009 03:04:33
Records in database: 2059558
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 595279
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 06:44:14


And here's the latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:40 AM, on 4/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\system32\hdsp32.exe
C:\WINDOWS.0\system32\hdspmix.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
E:\Games\Steam\Steam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS.0\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\Cubase SX2\Cubasesx.exe
C:\PROGRA~1\SYNCRO~1\POS\SYNSOPOS.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS.0\system32\dvmurl.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS.0\system32\sfrem02.exe

--
End of file - 5916 bytes

 

Welcome back


Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
(Description: System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel. Removing this entry will free up a small amount of system resources. )

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [GEST] =


O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
(Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \ "C:\Program Files\Java\jre6\bin\jusched.exe\ "
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe


Now please reboot your computer.

Please post back and let me know how things are now.