Solved Problem Downloading from Microsoft

[Resolved] Problem Downloading from Microsoft

I have a problem downloading from Microsoft Download Center. I also cannot update my virus protector. I think it might be caused by a virus. So far I have reinstalled internet explorer and firefox with no results. I also tried doing a system restore.


DDS (Ver_09-02-01.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.289 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Opera\opera.exe
H:\Documents and Settings\My Documents\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://sandiego.cox.net/cci/home
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: SOFTWARE - No File
BHO: Microsoft - No File
BHO: Windows - No File
BHO: CurrentVersion - No File
BHO: Explorer - No File
BHO: Browser Helper Objects - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3AA7637A-EE60-44E0-D126-605508DD2E1A} - No File
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {b56a7d7d-6927-48c8-a975-17df180c71ac} - PCTools Browser Monitor
BHO: {BBE30EB5-CF0C-A684-2340-CEA94D9D5AEF} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FECE3EB0-E23C-9EB5-0E01-F88408AF77AD} - No File
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Y0vFRka6S] chardssp.exe
uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q d:\myshar~1\NEWFOL~1.SH!
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe "
mRun: [Nero Driver] nrvhost.exe
mRunServices: [SchedulingAgent] c:\windows\system32\mstask.exe
mRunServices: [Nero Driver] nrvhost.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
mPolicies-explorer: <NO NAME> =
IE:
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {C29EC7FC-4BA7-4B7A-BD90-E25C97DB9CB2} = 85.255.112.39,85.255.112.40
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\system32\srrstr.

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\deitri~1\applic~1\mozilla\firefox\profiles\dcf2cr5a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/|http://www.google.com/ig?hl=en
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\divx\divx web player\npdivx32.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-10-17 207656]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-11-14 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2006-10-17 144704]
R2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [2004-3-30 85868]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2006-10-17 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-10-17 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-10-17 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-10-17 34152]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-10-17 40488]
S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2004-3-30 12128]
S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2004-3-30 17700]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2004-3-30 120544]
S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2004-3-30 76260]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-8-3 815819]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2009-2-17 42512]

============== File Associations ===============

regfile= "regedit.exe" "%1 "

=============== Created Last 30 ================

2009-03-05 23:20 18,944 ac------ c:\windows\system32\simptcp.dll
2009-03-05 23:20 18,944 ac------ c:\windows\system32\dllcache\simptcp.dll
2009-03-05 01:22 <DIR> -cd-h--- C:\$AVG8.VAULT$
2009-03-05 01:09 10,520 ac------ c:\windows\system32\avgrsstx.dll
2009-03-05 01:09 107,912 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-03-05 01:09 325,640 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-03-05 01:09 <DIR> -cd----- c:\windows\system32\drivers\Avg
2009-03-05 01:09 <DIR> -cd----- c:\docume~1\deitri~1\applic~1\AVGTOOLBAR
2009-03-05 01:08 <DIR> -cd----- c:\program files\AVG
2009-03-05 01:08 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-05 00:32 <DIR> -cd----- c:\docume~1\deitri~1\applic~1\IObit
2009-02-22 12:08 86,824 ac---r-- c:\windows\system32\drivers\sscdserd.sys
2009-02-22 12:08 106,792 ac---r-- c:\windows\system32\drivers\sscdmdm.sys
2009-02-22 12:08 11,944 ac---r-- c:\windows\system32\drivers\sscdmdfl.sys
2009-02-22 12:08 9,256 ac---r-- c:\windows\system32\drivers\sscdcmnt.sys
2009-02-22 12:08 9,256 ac---r-- c:\windows\system32\drivers\sscdcm.sys
2009-02-22 12:08 80,552 ac---r-- c:\windows\system32\drivers\sscdbus.sys
2009-02-22 12:08 9,256 ac---r-- c:\windows\system32\drivers\sscdwhnt.sys
2009-02-22 12:08 9,256 ac---r-- c:\windows\system32\drivers\sscdwh.sys
2009-02-22 11:36 <DIR> -cd----- c:\program files\Samsung
2009-02-17 21:21 240,240 ac------ c:\windows\system32\wpcap.dll
2009-02-17 21:21 88,704 ac------ c:\windows\system32\packet.dll
2009-02-17 21:21 42,512 ac------ c:\windows\system32\drivers\npf.sys
2009-02-17 18:21 900,015 ac------ c:\windows\system32\TmpA282932343
2009-02-17 18:21 1,181,022 ac------ c:\windows\system32\TmpA282920500
2009-02-17 18:21 1,181,022 ac------ c:\windows\system32\TmpA282904640
2009-02-17 18:17 <DIR> -cd----- c:\docume~1\deitri~1\applic~1\Antares
2009-02-15 22:31 <DIR> -cd----- c:\docume~1\deitri~1\applic~1\Deckadance
2009-02-15 14:45 <DIR> -cd----- c:\program files\common files\Digidesign
2009-02-15 14:45 <DIR> -cd----- c:\program files\Antares Audio Technologies
2009-02-15 14:24 1,294,336 ac------ c:\windows\system32\vorbis.acm
2009-02-15 14:22 <DIR> -cd----- c:\program files\Image-Line
2009-02-15 14:22 <DIR> -cd----- c:\program files\Outsim

==================== Find3M ====================

2008-12-20 15:15 826,368 ac------ c:\windows\system32\wininet.dll
2004-09-30 17:56 56 -c-shr-- c:\windows\system32\0084730666.sys
2007-11-12 22:19 6,988 ac-sh--- c:\windows\system32\jlkkj.ini2
2008-12-04 00:06 862,438 ac-sh--- c:\windows\system32\RXyHNqss.ini2
2008-11-07 13:34 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110720081108\index.dat

============= FINISH: 1:03:37.06 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2003 9:35:10 PM
System Uptime: 3/5/2009 6:49:17 PM (7 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S533VX
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | PGA 478 | 2655/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 16 GiB total, 2.949 GiB free.
D: is FIXED (NTFS) - 96 GiB total, 82.026 GiB free.
E: is Removable
F: is CDROM ()
G: is CDROM (CDFS)
H: is FIXED (NTFS) - 466 GiB total, 211.807 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1639: 2/17/2009 9:23:49 PM - Installed ACID Pro 7.0
RP1640: 2/17/2009 9:36:08 PM - Removed ACID Pro 7.0
RP1641: 2/17/2009 9:45:58 PM - Installed ACID Pro 7.0
RP1642: 2/17/2009 9:51:38 PM - Removed ACID Pro 7.0
RP1643: 2/17/2009 9:56:16 PM - Installed ACID Pro 7.0
RP1644: 2/17/2009 10:02:13 PM - Removed ACID Pro 7.0
RP1645: 2/17/2009 10:07:01 PM - Installed ACID Pro 7.0
RP1646: 2/22/2009 11:36:09 AM - Installed SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
RP1647: 3/5/2009 12:38:01 AM - Advanced SystemCare RestorePoint
RP1648: 3/5/2009 1:08:27 AM - Installed AVG Free 8.5
RP1649: 3/5/2009 8:57:18 AM - Removed ACID Pro 7.0
RP1650: 3/5/2009 6:38:02 PM - Installed Opera 9.64
RP1651: 3/5/2009 6:46:38 PM - Restore Operation

==== Installed Programs ======================

AC3Filter (remove only)
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Reader 8.1.3
Adobe Shockwave Player 11
Age of Mythology
Agere Systems AC'97 Modem
Antares Autotune VST RTAS TDM v5.08
Antares Autotune VST v5.09
Apple Mobile Device Support
Apple Software Update
Art Explosion Scrapbook Factory Deluxe
ASIO4ALL
AutoUpdate
BitPim 1.0.0
BitTorrent
Bonjour
CiD Help
Click to DVD 1.0
Collab
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Deckadance
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVgate
EA Download Manager
Easy CD-DA Extractor 10
Experience Vaio
FL Studio 8
freshplay
GPL MPEG-1/2 DirectShow Decoder Filter
Hauppauge English Help Files and Resources
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV Soft PVR
Hauppauge WinTV Source Selector
Hauppauge WinTV2000
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Product Detection
IL Download Manager
ImageStation Demo
ImageStation Tour
Insaniquarium Deluxe 1.0
InterActual Player
iPod for Windows 2005-02-07
iPod Updater 2004-07-15
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 7
LG USB Drivers
LG USB Modem driver
LimeWire PRO 4.10.0
Lucent Technologies Soft Modem AMR
McAfee SecurityCenter
Media Library Management Wizard
Metal Gear Solid
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Age of Empires II
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Windows Media Video 9 VCM
Microsoft XML Parser and SDK
Motion JPEG Software Decoder
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MovieShaker 3.3
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Music Visualizer Library 1.4.00
Network Play System (Patching)
Network Smart Capture
No.1 Video Convertor 1.2
NVIDIA Drivers
OLYMPUS CAMEDIA Master 4.0
Online Manuals for WinTV (English)
Personal License Update Wizard for Windows Media Player
PicoPlayer
PicoPlayer Demo
PicoPlayerSplashScreen
Pinnacle Hollywood FX 4.6
Plus! MP3 Audio Converter LE
PoiZone
PowerDVD
Punch! 5 in 1 Home Design
QuickTime
RollerCoaster Tycoon 2
RollerCoaster Tycoon Deluxe
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shockwave
SimCity 3000
Sims2Pack Clean Installer
SonicStage 1.5.00
Sony Certificate PCH
Sony DV Shared Library
Sony Sound Forge Audio Studio 9.0
Sony USB Driver
SPOREâ„¢
Studio 8
Support Actions WinXP
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 Seasons
The Sims 2 University
The Sims File Cop
The Sims Superstar
The Simsâ„¢ 2 Apartment Life
The Simsâ„¢ 2 Bon Voyage
The Simsâ„¢ 2 Celebration! Stuff
The Simsâ„¢ 2 FreeTime
The Simsâ„¢ 2 H&M® Fashion Stuff
The Simsâ„¢ 2 IKEA® Home Stuff
The Simsâ„¢ 2 Kitchen & Bath Interior Design Stuff
The Simsâ„¢ 2 Teen Style Stuff
Toxic Biohazard
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
V CAST Music
V CAST Music Manager
VAIO Action Setup
VAIO Brezza Wallpaper
VAIO Edit Components LE
VAIO Grid Wallpaper
VAIO Help & Support
VAIO Media 2.0
VAIO Media Installer 2.0
VAIO Media Music Server 2.0
VAIO Media Photo Server 2.0
VAIO Media Platform 2.0
VAIO Registration
VAIO Serenus Wallpaper
VAIO Support
VERITAS RecordNow DX
VERITAS StorageGuard
Virtual DJ - Atomix Productions
WD Diagnostics
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 2002 OEM
Zoo Tycoon: Complete Collection

==== Event Viewer Messages From Past Week ========

3/5/2009 8:58:13 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/5/2009 8:50:40 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/5/2009 8:49:17 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/5/2009 8:49:17 AM, error: Service Control Manager [7000] - The UDNT service failed to start due to the following error: The system cannot find the device specified.
3/5/2009 12:51:39 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
3/4/2009 4:11:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'gaopdxmdeueolr.dll' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

 

trickster21
it looks like im having the same problem you are. keep an eye on my thread in case i get a reply before you.

p.s. I want to play on your pc... you have all my favorite games!

 

Hi and welcome trickster21

Save these instructions to wordpad/notepad or print them out, while some of the fix will have to be done in safemode this page will not be available for you to follow.



Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop.




NEXT**

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Yes and press Enter Notes

1. If you use SpywareBlaster and/or IE-SPYAD it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
2. As many of the variants of Smitfraud have begun invading the Hosts file, this tool will reset your Hosts file as a necessary precaution. You will also have to reset any specific modifications you may require such as Hosts MVPS.


NEXT**
Open the SmitfraudFix folder on your desktop and double-click smitfraudfix.cmd

Select option #5 - "Search and Clean DNS Hijack" by typing 5 and pressing "Enter" to delete the rogue settings.

Follow the prompts and reboot if asked to do so.




NEXT**
Download Combofix from any of the links below. You must rename it before saving it.
Save it to your desktop.<--Important

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.


In your next reply post:
ComboFix.txt
New DDS log


You may need several replies to post the requested logs, otherwise they might get cut off.

 

Alright heres the 2 logs. While running combofix it also told me to write down
c:\WINDOWS\System32\drivers\gaopdxulfwfnka.sys
c:\WINDOWS\System32\gaopdxmdeueolr.dll

SmitFraudFix v2.400

Scan done at 15:22:07.32, Fri 03/06/2009
Run from C:\Documents and Settings\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 85.255.112.39
DNS Server Search Order: 85.255.112.40

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C29EC7FC-4BA7-4B7A-BD90-E25C97DB9CB2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C29EC7FC-4BA7-4B7A-BD90-E25C97DB9CB2}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C29EC7FC-4BA7-4B7A-BD90-E25C97DB9CB2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C29EC7FC-4BA7-4B7A-BD90-E25C97DB9CB2}: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C29EC7FC-4BA7-4B7A-BD90-E25C97DB9CB2}: DhcpNameServer=24.205.1.14 66.215.64.14
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C29EC7FC-4BA7-4B7A-BD90-E25C97DB9CB2}: DhcpNameServer=24.205.1.14 66.215.64.14
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.39,85.255.112.40
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.205.1.14 66.215.64.14
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.205.1.14 66.215.64.14

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

ComboFix 09-03-04.01 - Owner 2009-03-06 15:35:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.677 [GMT -8:00]
Running from: c:\documents and settings\Desktop\Fixit.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Start Menu\Programs\freshplay
c:\documents and settings\Start Menu\Programs\freshplay\Uninstall.lnk
c:\program files\download plugin
c:\program files\download plugin\DlPlugin-Moz\buddy.dat
c:\program files\download plugin\DlPlugin-Moz\vendor.txt
c:\windows\Fonts\'
c:\windows\system32\_003955_.tmp.dll
c:\windows\system32\_003956_.tmp.dll
c:\windows\system32\_003957_.tmp.dll
c:\windows\system32\_003958_.tmp.dll
c:\windows\system32\_003965_.tmp.dll
c:\windows\system32\_003966_.tmp.dll
c:\windows\system32\_003967_.tmp.dll
c:\windows\system32\_003969_.tmp.dll
c:\windows\system32\_003970_.tmp.dll
c:\windows\system32\_003973_.tmp.dll
c:\windows\system32\_003974_.tmp.dll
c:\windows\system32\_003977_.tmp.dll
c:\windows\system32\_003978_.tmp.dll
c:\windows\system32\_003980_.tmp.dll
c:\windows\system32\_003983_.tmp.dll
c:\windows\system32\_003984_.tmp.dll
c:\windows\system32\_003989_.tmp.dll
c:\windows\system32\_003991_.tmp.dll
c:\windows\system32\_003992_.tmp.dll
c:\windows\system32\_003994_.tmp.dll
c:\windows\system32\_003997_.tmp.dll
c:\windows\system32\_003999_.tmp.dll
c:\windows\system32\_004000_.tmp.dll
c:\windows\system32\_004003_.tmp.dll
c:\windows\system32\_004004_.tmp.dll
c:\windows\system32\_004005_.tmp.dll
c:\windows\system32\_004006_.tmp.dll
c:\windows\system32\_004007_.tmp.dll
c:\windows\system32\_004012_.tmp.dll
c:\windows\system32\_004014_.tmp.dll
c:\windows\system32\_004015_.tmp.dll
c:\windows\system32\_006503_.tmp.dll
c:\windows\system32\_006504_.tmp.dll
c:\windows\system32\_006505_.tmp.dll
c:\windows\system32\_006506_.tmp.dll
c:\windows\system32\_006513_.tmp.dll
c:\windows\system32\_006514_.tmp.dll
c:\windows\system32\_006515_.tmp.dll
c:\windows\system32\_006516_.tmp.dll
c:\windows\system32\_006518_.tmp.dll
c:\windows\system32\_006519_.tmp.dll
c:\windows\system32\_006522_.tmp.dll
c:\windows\system32\_006523_.tmp.dll
c:\windows\system32\_006526_.tmp.dll
c:\windows\system32\_006527_.tmp.dll
c:\windows\system32\_006529_.tmp.dll
c:\windows\system32\_006532_.tmp.dll
c:\windows\system32\_006533_.tmp.dll
c:\windows\system32\_006538_.tmp.dll
c:\windows\system32\_006540_.tmp.dll
c:\windows\system32\_006541_.tmp.dll
c:\windows\system32\_006543_.tmp.dll
c:\windows\system32\_006546_.tmp.dll
c:\windows\system32\_006547_.tmp.dll
c:\windows\system32\_006549_.tmp.dll
c:\windows\system32\_006550_.tmp.dll
c:\windows\system32\_006553_.tmp.dll
c:\windows\system32\_006554_.tmp.dll
c:\windows\system32\_006555_.tmp.dll
c:\windows\system32\_006556_.tmp.dll
c:\windows\system32\_006557_.tmp.dll
c:\windows\system32\_006562_.tmp.dll
c:\windows\system32\_006564_.tmp.dll
c:\windows\system32\_006565_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\gaopdxulfwfnka.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxmdeueolr.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\jlkkj.ini2
c:\windows\system32\o4Patch.exe
c:\windows\system32\packet.dll
c:\windows\system32\Process.exe
c:\windows\system32\RXyHNqss.ini2
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\qbucpjdl.job
D:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-06 01:28 . 2009-03-06 14:50 <DIR> d----c--- c:\program files\Microsoft Windows OneCare Live
2009-03-05 23:20 . 2001-08-18 04:00 18,944 --a--c--- c:\windows\system32\simptcp.dll
2009-03-05 23:20 . 2001-08-18 04:00 18,944 --a--c--- c:\windows\system32\dllcache\simptcp.dll
2009-03-05 01:22 . 2009-03-05 12:15 <DIR> d--h-c--- C:\$AVG8.VAULT$
2009-03-05 01:09 . 2009-03-05 01:09 <DIR> d----c--- c:\windows\system32\drivers\Avg
2009-03-05 01:09 . 2009-03-05 13:18 <DIR> d----c--- c:\documents and settings\Application Data\AVGTOOLBAR
2009-03-05 01:09 . 2009-03-05 01:09 325,640 --a--c--- c:\windows\system32\drivers\avgldx86.sys
2009-03-05 01:09 . 2009-03-05 01:09 107,912 --a--c--- c:\windows\system32\drivers\avgtdix.sys
2009-03-05 01:09 . 2009-03-05 01:09 10,520 --a--c--- c:\windows\system32\avgrsstx.dll
2009-03-05 01:08 . 2009-03-05 01:08 <DIR> d----c--- c:\program files\AVG
2009-03-05 01:08 . 2009-03-05 13:24 <DIR> d----c--- c:\documents and settings\All Users\Application Data\avg8
2009-03-05 00:32 . 2009-03-06 14:23 <DIR> d----c--- c:\documents and settings\Application Data\IObit
2009-02-22 12:08 . 2007-07-03 15:58 106,792 -ra--c--- c:\windows\system32\drivers\sscdmdm.sys
2009-02-22 12:08 . 2007-07-03 15:59 86,824 -ra--c--- c:\windows\system32\drivers\sscdserd.sys
2009-02-22 12:08 . 2007-07-03 15:54 80,552 -ra--c--- c:\windows\system32\drivers\sscdbus.sys
2009-02-22 12:08 . 2007-07-03 15:57 11,944 -ra--c--- c:\windows\system32\drivers\sscdmdfl.sys
2009-02-22 12:08 . 2007-07-03 16:00 9,256 -ra--c--- c:\windows\system32\drivers\sscdwhnt.sys
2009-02-22 12:08 . 2007-07-03 16:00 9,256 -ra--c--- c:\windows\system32\drivers\sscdwh.sys
2009-02-22 12:08 . 2007-07-03 15:56 9,256 -ra--c--- c:\windows\system32\drivers\sscdcmnt.sys
2009-02-22 12:08 . 2007-07-03 15:56 9,256 -ra--c--- c:\windows\system32\drivers\sscdcm.sys
2009-02-22 11:36 . 2009-02-22 11:36 <DIR> d----c--- c:\program files\Samsung
2009-02-17 18:21 . 2009-02-17 18:21 1,181,022 --a--c--- c:\windows\system32\TmpA282920500
2009-02-17 18:21 . 2009-02-17 18:21 1,181,022 --a--c--- c:\windows\system32\TmpA282904640
2009-02-17 18:21 . 2009-02-17 18:21 900,015 --a--c--- c:\windows\system32\TmpA282932343
2009-02-17 18:17 . 2009-02-17 18:17 <DIR> d----c--- c:\documents and settings\Application Data\Antares
2009-02-15 22:31 . 2009-02-15 22:31 <DIR> d----c--- c:\documents and settings\Application Data\Deckadance
2009-02-15 14:45 . 2009-02-15 14:45 <DIR> d----c--- c:\program files\Common Files\Digidesign
2009-02-15 14:45 . 2009-02-17 18:17 <DIR> d----c--- c:\program files\Antares Audio Technologies
2009-02-15 14:24 . 2002-07-07 14:14 1,294,336 --a--c--- c:\windows\system32\vorbis.acm
2009-02-15 14:22 . 2009-02-15 14:22 <DIR> d----c--- c:\program files\Outsim
2009-02-15 14:22 . 2009-02-15 14:40 <DIR> d----c--- c:\program files\Image-Line

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 23:01 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-06 23:00 --------- dc----w c:\program files\Sony
2009-03-06 22:56 --------- dc----w c:\program files\Electronic Arts
2009-03-06 22:26 --------- dc-h--w c:\documents and settings\Application Data\GTek
2009-03-05 16:57 --------- dc----w c:\program files\VSTplugins
2009-03-05 16:57 --------- dc----w c:\documents and settings\Application Data\Sony
2009-03-05 16:49 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-22 20:11 --------- dc----w c:\documents and settings\Application Data\Smith Micro
2009-02-22 19:22 --------- dc----w c:\program files\Microsoft ActiveSync
2009-02-20 02:11 --------- dc----w c:\documents and settings\Application Data\BitTorrent
2009-02-15 18:55 --------- dc----w c:\program files\VirtualDJ
2009-02-06 19:16 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore
2009-02-04 21:09 --------- dc----w c:\program files\McAfee
2009-01-20 22:51 --------- dc----w c:\program files\Western Digital Technologies
2009-01-20 22:38 --------- dc----w c:\program files\Canon
2009-01-20 22:27 --------- dc-ha-w c:\documents and settings\All Users\Application Data\GTek
2009-01-20 22:25 --------- dc----w c:\program files\Microsoft Picture It! 7
2009-01-20 22:21 --------- dc----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-01-20 22:20 --------- dc----w c:\program files\Common Files\Real
2009-01-20 22:16 --------- dc----w c:\program files\Zuma Deluxe
2009-01-20 22:15 --------- dc----w c:\program files\Screenblast
2009-01-15 09:23 --------- dc----w c:\documents and settings\Application Data\NetMedia Providers
2004-10-01 01:56 56 -csh--r c:\windows\system32\0084730666.sys
2008-11-07 21:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110720081108\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools "= "h:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SmartRAM "= "d:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"DelayShred "= "c:\progra~1\mcafee\mshr\ShrCL.EXE" [2008-07-09 111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebSavingsfromEbates "= "wjview" [X]
"ezShieldProtector for Px "= "c:\windows\system32\ezSP_Px.exe" [2002-07-03 40960]
"ZTgServerSwitch "= "c:\program files\support.com\client\lserver\server.vbs" [2002-07-14 11406]
"SiSUSBRG "= "c:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"PrinTray "= "c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 36864]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"StorageGuard "= "c:\program files\VERITAS Software\StorageGuard\sgtray.exe" [2001-12-07 155648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz "= "nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"LTSMMSG "= "LTSMMSG.exe" [2002-07-20 c:\windows\LTSMMSG.exe]
"AGRSMMSG "= "AGRSMMSG.exe" [2003-02-14 c:\windows\AGRSMMSG.exe]

c:\documents and settings\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-01-31 947544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoStart IR.lnk - d:\program files\WinTV\Ir.exe [2006-10-05 102455]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons "= 0 (0x0)
"NoSimpleStartMenu "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG "= Pvmjpg21.dll
"VIDC.PIM1 "= pclepim1.dll
"msacm.ac3filter "= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CleanupProgram
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc "=3 (0x3)
"Creative Service for CDROM Access "=2 (0x2)
"sdCoreService "=3 (0x3)
"sdAuxService "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"d:\\Program Files\\LimeWire\\LimeWire.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe "=
"c:\\Program Files\\BitPim\\bitpim.exe "=
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"d:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-08-28 206096]
R2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [2004-03-30 85868]
S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2004-03-30 12128]
S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2004-03-30 17700]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2004-03-30 120544]
S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2004-03-30 76260]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-08-03 815819]
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\AD55BED7918A3277.job
- c:\docume~1\applic~1\logboo~1\love close keep.exe []

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-07 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-11-07 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-03-05 c:\windows\Tasks\SmartDefrag.job
- d:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-03-05 c:\windows\Tasks\SmartDefrag.job
- d:\program files\IObit\IObit SmartDefrag\ [2009-03-05 00:32]

2008-12-04 c:\windows\Tasks\{90B0D779-BA41-4ADA-AAB9-43229882F953}_Owner.job
- c:\windows\system32\mobsync.exe [2008-04-14 05:42]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-_{0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
URLSearchHooks-_{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
URLSearchHooks-_{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
BHO-{3AA7637A-EE60-44E0-D126-605508DD2E1A} - (no file)
BHO-{BBE30EB5-CF0C-A684-2340-CEA94D9D5AEF} - (no file)
BHO-{FECE3EB0-E23C-9EB5-0E01-F88408AF77AD} - (no file)
HKLM-Run-Nero Driver - nrvhost.exe
HKLM-RunServices-SchedulingAgent - c:\windows\system32\mstask.exe
HKLM-RunServices-Nero Driver - nrvhost.exe
SafeBoot-OneCareMP


.
------- Supplementary Scan -------
.
uStart Page = hxxp://sandiego.cox.net/cci/home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE:
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Application Data\Mozilla\Firefox\Profiles\dcf2cr5a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/|http://www.google.com/ig?hl=en
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-06 16:06:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\¸*
*0 ]
"AlwaysCovertFormat "=dword:00000000
"Format "=dword:00000000
"Format_Channel "=dword:00000002
"Format_Value "=dword:00000000
"Format_Quality "=dword:0001f400
"Encoding Language "=dword:00000000

[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\Æ
*0 ]
"AlwaysCovertFormat "=dword:00000000
"Format "=dword:00000000
"Format_Channel "=dword:00000002
"Format_Value "=dword:00000000
"Format_Quality "=dword:0001f400
"Encoding Language "=dword:00000000

[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\SecuROM\License information*]
"datasecu "=hex:01,05,ee,2e,93,c4,b6,fc,e3,be,12,29,0b,6c,b6,df,66,47,3e,5a,32,
85,b7,ec,9d,3e,1b,6e,4c,20,0b,e0,53,c7,96,3a,fe,92,4d,2b,80,29,c8,01,b9,86,\
"rkeysecu "=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlbccoms.exe
c:\windows\system32\imapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
c:\program files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\wscript.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\support.com\client\bin\tgcmd.exe
c:\progra~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************
.
Completion time: 2009-03-06 16:10:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-07 00:10:44

Pre-Run: 3,272,310,784 bytes free
Post-Run: 3,155,275,776 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
359 --- E O F --- 2009-02-15 11:41:54

 

Welcome back

P2P software/programs are a major contributor to infections. I see you have BitTorrent and LimeWire. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs can also be found
Here and Here

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system.




************
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



NEXT*********
Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================



NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
ComboFix.txt
Kaspersky log
New DDS log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.



How's the computer now?

 

My computer is working fine now. I still can't download from Microsoft however. I think the issue may be with their website however because I have been able to at least pull it up and got an Microsft Error Code, which is a lot bettter than when I couldnt even get on the site. My Mcafee Is working again and is now able to update.


ComboFix 09-03-04.01 - 2009-03-07 10:13:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.666 [GMT -8:00]
Running from: c:\documents and settings\Desktop\Fixit.exe
Command switches used :: c:\documents and settings\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\Tasks\AD55BED7918A3277.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\AD55BED7918A3277.job

.
((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-06 01:28 . 2009-03-06 14:50 <DIR> d----c--- c:\program files\Microsoft Windows OneCare Live
2009-03-05 23:20 . 2001-08-18 04:00 18,944 --a--c--- c:\windows\system32\simptcp.dll
2009-03-05 23:20 . 2001-08-18 04:00 18,944 --a--c--- c:\windows\system32\dllcache\simptcp.dll
2009-03-05 01:22 . 2009-03-05 12:15 <DIR> d--h-c--- C:\$AVG8.VAULT$
2009-03-05 01:09 . 2009-03-05 01:09 <DIR> d----c--- c:\windows\system32\drivers\Avg
2009-03-05 01:09 . 2009-03-05 13:18 <DIR> d----c--- c:\documents and settings\Application Data\AVGTOOLBAR
2009-03-05 01:09 . 2009-03-05 01:09 325,640 --a--c--- c:\windows\system32\drivers\avgldx86.sys
2009-03-05 01:09 . 2009-03-05 01:09 107,912 --a--c--- c:\windows\system32\drivers\avgtdix.sys
2009-03-05 01:09 . 2009-03-05 01:09 10,520 --a--c--- c:\windows\system32\avgrsstx.dll
2009-03-05 01:08 . 2009-03-05 01:08 <DIR> d----c--- c:\program files\AVG
2009-03-05 01:08 . 2009-03-05 13:24 <DIR> d----c--- c:\documents and settings\All Users\Application Data\avg8
2009-03-05 00:32 . 2009-03-06 14:23 <DIR> d----c--- c:\documents and settings\Application Data\IObit
2009-02-22 12:08 . 2007-07-03 15:58 106,792 -ra--c--- c:\windows\system32\drivers\sscdmdm.sys
2009-02-22 12:08 . 2007-07-03 15:59 86,824 -ra--c--- c:\windows\system32\drivers\sscdserd.sys
2009-02-22 12:08 . 2007-07-03 15:54 80,552 -ra--c--- c:\windows\system32\drivers\sscdbus.sys
2009-02-22 12:08 . 2007-07-03 15:57 11,944 -ra--c--- c:\windows\system32\drivers\sscdmdfl.sys
2009-02-22 12:08 . 2007-07-03 16:00 9,256 -ra--c--- c:\windows\system32\drivers\sscdwhnt.sys
2009-02-22 12:08 . 2007-07-03 16:00 9,256 -ra--c--- c:\windows\system32\drivers\sscdwh.sys
2009-02-22 12:08 . 2007-07-03 15:56 9,256 -ra--c--- c:\windows\system32\drivers\sscdcmnt.sys
2009-02-22 12:08 . 2007-07-03 15:56 9,256 -ra--c--- c:\windows\system32\drivers\sscdcm.sys
2009-02-22 11:36 . 2009-02-22 11:36 <DIR> d----c--- c:\program files\Samsung
2009-02-17 18:21 . 2009-02-17 18:21 1,181,022 --a--c--- c:\windows\system32\TmpA282920500
2009-02-17 18:21 . 2009-02-17 18:21 1,181,022 --a--c--- c:\windows\system32\TmpA282904640
2009-02-17 18:21 . 2009-02-17 18:21 900,015 --a--c--- c:\windows\system32\TmpA282932343
2009-02-17 18:17 . 2009-02-17 18:17 <DIR> d----c--- c:\documents and settings\Application Data\Antares
2009-02-15 22:31 . 2009-02-15 22:31 <DIR> d----c--- c:\documents and settings\Application Data\Deckadance
2009-02-15 14:45 . 2009-02-15 14:45 <DIR> d----c--- c:\program files\Common Files\Digidesign
2009-02-15 14:45 . 2009-02-17 18:17 <DIR> d----c--- c:\program files\Antares Audio Technologies
2009-02-15 14:24 . 2002-07-07 14:14 1,294,336 --a--c--- c:\windows\system32\vorbis.acm
2009-02-15 14:22 . 2009-02-15 14:22 <DIR> d----c--- c:\program files\Outsim
2009-02-15 14:22 . 2009-02-15 14:40 <DIR> d----c--- c:\program files\Image-Line

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-06 23:01 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-06 23:00 --------- dc----w c:\program files\Sony
2009-03-06 22:56 --------- dc----w c:\program files\Electronic Arts
2009-03-06 22:55 11,070 -c--a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-06 22:26 --------- dc-h--w c:\documents and settings\Application Data\GTek
2009-03-05 16:57 --------- dc----w c:\program files\VSTplugins
2009-03-05 16:57 --------- dc----w c:\documents and settings\Application Data\Sony
2009-03-05 16:49 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-22 20:11 --------- dc----w c:\documents and settings\Application Data\Smith Micro
2009-02-22 19:22 --------- dc----w c:\program files\Microsoft ActiveSync
2009-02-15 18:55 --------- dc----w c:\program files\VirtualDJ
2009-02-06 19:16 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore
2009-02-04 21:09 --------- dc----w c:\program files\McAfee
2009-01-20 22:51 --------- dc----w c:\program files\Western Digital Technologies
2009-01-20 22:38 --------- dc----w c:\program files\Canon
2009-01-20 22:27 --------- dc-ha-w c:\documents and settings\All Users\Application Data\GTek
2009-01-20 22:25 --------- dc----w c:\program files\Microsoft Picture It! 7
2009-01-20 22:21 --------- dc----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-01-20 22:20 --------- dc----w c:\program files\Common Files\Real
2009-01-20 22:16 --------- dc----w c:\program files\Zuma Deluxe
2009-01-20 22:15 --------- dc----w c:\program files\Screenblast
2009-01-15 09:23 --------- dc----w c:\documents and settings\Application Data\NetMedia Providers
2008-12-20 23:15 826,368 -c--a-w c:\windows\system32\wininet.dll
2004-10-01 01:56 56 -csh--r c:\windows\system32\0084730666.sys
2008-11-07 21:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110720081108\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\system32\TmpA282920500 ----

c:\windows\system32\TmpA282920500\


((((((((((((((((((((((((((((( SnapShot@2009-03-06_16.09.32.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-06 22:54:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-07 18:03:27 32,768 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-06 22:54:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-07 18:03:27 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-06 23:40:24 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2009-03-07 17:55:35 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_664.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools "= "h:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SmartRAM "= "d:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"DelayShred "= "c:\progra~1\mcafee\mshr\ShrCL.EXE" [2008-07-09 111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebSavingsfromEbates "= "wjview" [X]
"ezShieldProtector for Px "= "c:\windows\system32\ezSP_Px.exe" [2002-07-03 40960]
"ZTgServerSwitch "= "c:\program files\support.com\client\lserver\server.vbs" [2002-07-14 11406]
"SiSUSBRG "= "c:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"PrinTray "= "c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 36864]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"StorageGuard "= "c:\program files\VERITAS Software\StorageGuard\sgtray.exe" [2001-12-07 155648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz "= "nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"LTSMMSG "= "LTSMMSG.exe" [2002-07-20 c:\windows\LTSMMSG.exe]
"AGRSMMSG "= "AGRSMMSG.exe" [2003-02-14 c:\windows\AGRSMMSG.exe]

c:\documents and settings\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-01-31 947544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoStart IR.lnk - d:\program files\WinTV\Ir.exe [2006-10-05 102455]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons "= 0 (0x0)
"NoSimpleStartMenu "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG "= Pvmjpg21.dll
"VIDC.PIM1 "= pclepim1.dll
"msacm.ac3filter "= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc "=3 (0x3)
"Creative Service for CDROM Access "=2 (0x2)
"sdCoreService "=3 (0x3)
"sdAuxService "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe "=
"c:\\Program Files\\BitPim\\bitpim.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"d:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-08-28 206096]
R2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [2004-03-30 85868]
S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2004-03-30 12128]
S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2004-03-30 17700]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2004-03-30 120544]
S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2004-03-30 76260]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-08-03 815819]
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-07 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-11-07 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2009-03-05 c:\windows\Tasks\SmartDefrag.job
- d:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-03-05 c:\windows\Tasks\SmartDefrag.job
- d:\program files\IObit\IObit SmartDefrag\ [2009-03-05 00:32]

2008-12-04 c:\windows\Tasks\{90B0D779-BA41-4ADA-AAB9-43229882F953}_D.job
- c:\windows\system32\mobsync.exe [2008-04-14 05:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sandiego.cox.net/cci/home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE:
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Application Data\Mozilla\Firefox\Profiles\dcf2cr5a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/|http://www.google.com/ig?hl=en
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-07 10:16:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\¸*
*0 ]
"AlwaysCovertFormat "=dword:00000000
"Format "=dword:00000000
"Format_Channel "=dword:00000002
"Format_Value "=dword:00000000
"Format_Quality "=dword:0001f400
"Encoding Language "=dword:00000000

[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\Æ
*0 ]
"AlwaysCovertFormat "=dword:00000000
"Format "=dword:00000000
"Format_Channel "=dword:00000002
"Format_Value "=dword:00000000
"Format_Quality "=dword:0001f400
"Encoding Language "=dword:00000000

[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\SecuROM\License information*]
"datasecu "=hex:01,05,ee,2e,93,c4,b6,fc,e3,be,12,29,0b,6c,b6,df,66,47,3e,5a,32,
85,b7,ec,9d,3e,1b,6e,4c,20,0b,e0,53,c7,96,3a,fe,92,4d,2b,80,29,c8,01,b9,86,\
"rkeysecu "=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Completion time: 2009-03-07 10:19:08
ComboFix-quarantined-files.txt 2009-03-07 18:18:43
ComboFix2.txt 2009-03-07 00:10:53

Pre-Run: 3,145,273,344 bytes free
Post-Run: 3,205,066,752 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
234 --- E O F --- 2009-02-15 11:41:54

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, March 8, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, March 08, 2009 12:35:10
Records in database: 1880070
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 234015
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 04:23:39


File name / Threat name / Threats count
C:\bpc_bundleware.exe Infected: not-a-virus:AdWare.Win32.Broadcap.c 1
C:\Documents and Settings\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{2B3CB516-B1BD-422E-9B5F-4EB9A05A0E49} Infected: Trojan.Win32.Qhost.ahq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxmdeueolr.dll.vir Infected: Rootkit.Win32.TDSS.gxu 1

The selected area was scanned.



DDS (Ver_09-02-01.01) - NTFSx86
Run at 14:17:59.26 on Sun 03/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.438 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\WINDOWS\system32\imapi.exe
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\system32\ezSP_Px.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Documents and Settings\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://sandiego.cox.net/cci/home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: SOFTWARE - No File
BHO: Microsoft - No File
BHO: Windows - No File
BHO: CurrentVersion - No File
BHO: Explorer - No File
BHO: Browser Helper Objects - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {b56a7d7d-6927-48c8-a975-17df180c71ac} - PCTools Browser Monitor
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DAEMON Tools] "h:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SmartRAM] "d:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q d:\myshar~1\NEWFOL~1.SH!
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\2\printray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe "
mRun: [WebSavingsfromEbates] wjview /cp "c:\program files\websavingsfromebates\system\code" main lp: "c:\program files\WebSavingsfromEbates "
mRun: [StorageGuard] "c:\program files\veritas software\storageguard\sgtray.exe" /r
mRun: [LTSMMSG] LTSMMSG.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe "
mRun: [SmartDefrag] "d:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
StartupFolder: c:\docume~1\deitri~1\startm~1\programs\startup\memoni~1.lnk - c:\program files\verizon wireless\v cast music manager\MEMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - d:\program files\wintv\Ir.exe
uPolicies-explorer: SpecifyDefaultButtons = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
mPolicies-explorer: <NO NAME> =
IE:
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\deitri~1\applic~1\mozilla\firefox\profiles\dcf2cr5a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/|http://www.google.com/ig?hl=en
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\divx\divx web player\npdivx32.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-10-17 207656]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-11-14 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2006-10-17 144704]
R2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [2004-3-30 85868]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2006-10-17 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-10-17 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-10-17 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-10-17 40488]
S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2004-3-30 12128]
S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2004-3-30 17700]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2004-3-30 120544]
S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2004-3-30 76260]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-8-3 815819]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-10-17 34152]

=============== Created Last 30 ================

2009-03-07 11:36 73,728 ac------ c:\windows\system32\javacpl.cpl
2009-03-07 11:35 0 ac------ c:\windows\system32\REN10A.tmp
2009-03-07 11:35 0 ac------ c:\windows\system32\REN109.tmp
2009-03-07 11:35 0 ac------ c:\windows\system32\REN108.tmp
2009-03-06 16:29 <DIR> acdsh--- C:\cmdcons
2009-03-06 16:26 161,792 ac------ c:\windows\SWREG.exe
2009-03-06 16:26 98,816 ac------ c:\windows\sed.exe
2009-03-06 02:28 <DIR> -cd----- c:\program files\Microsoft Windows OneCare Live
2009-03-06 00:20 18,944 ac------ c:\windows\system32\simptcp.dll
2009-03-06 00:20 18,944 ac------ c:\windows\system32\dllcache\simptcp.dll
2009-03-05 02:22 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-03-05 02:09 10,520 ac------ c:\windows\system32\avgrsstx.dll
2009-03-05 02:09 107,912 ac------ c:\windows\system32\drivers\avgtdix.sys
2009-03-05 02:09 325,640 ac------ c:\windows\system32\drivers\avgldx86.sys
2009-03-05 02:09 <DIR> -cd----- c:\windows\system32\drivers\Avg
2009-03-05 02:09 <DIR> -cd----- c:\docume~1\deitri~1\applic~1\AVGTOOLBAR
2009-03-05 02:08 <DIR> -cd----- c:\program files\AVG
2009-03-05 02:08 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-05 01:32 <DIR> -cd----- c:\docume~1\deitri~1\applic~1\IObit
2009-02-22 13:08 86,824 ac---r-- c:\windows\system32\drivers\sscdserd.sys
2009-02-22 13:08 106,792 ac---r-- c:\windows\system32\drivers\sscdmdm.sys
2009-02-22 13:08 11,944 ac---r-- c:\windows\system32\drivers\sscdmdfl.sys
2009-02-22 13:08 9,256 ac---r-- c:\windows\system32\drivers\sscdcmnt.sys
2009-02-22 13:08 9,256 ac---r-- c:\windows\system32\drivers\sscdcm.sys
2009-02-22 13:08 80,552 ac---r-- c:\windows\system32\drivers\sscdbus.sys
2009-02-22 13:08 9,256 ac---r-- c:\windows\system32\drivers\sscdwhnt.sys
2009-02-22 13:08 9,256 ac---r-- c:\windows\system32\drivers\sscdwh.sys
2009-02-22 12:36 <DIR> -cd----- c:\program files\Samsung
2009-02-17 19:21 900,015 ac------ c:\windows\system32\TmpA282932343
2009-02-17 19:21 1,181,022 ac------ c:\windows\system32\TmpA282920500
2009-02-17 19:21 1,181,022 ac------ c:\windows\system32\TmpA282904640
2009-02-17 19:17 <DIR> -cd----- c:\docume~1\deitri~1\applic~1\Antares
2009-02-15 23:31 <DIR> -cd----- c:\docume~1\deitri~1\applic~1\Deckadance
2009-02-15 15:45 <DIR> -cd----- c:\program files\common files\Digidesign
2009-02-15 15:45 <DIR> -cd----- c:\program files\Antares Audio Technologies
2009-02-15 15:24 1,294,336 ac------ c:\windows\system32\vorbis.acm
2009-02-15 15:22 <DIR> -cd----- c:\program files\Image-Line
2009-02-15 15:22 <DIR> -cd----- c:\program files\Outsim

==================== Find3M ====================

2009-03-07 11:35 410,984 ac------ c:\windows\system32\deploytk.dll
2009-03-06 15:55 11,070 ac------ c:\windows\system32\ealregsnapshot1.reg
2008-12-20 16:15 826,368 ac------ c:\windows\system32\wininet.dll
2004-09-30 18:56 56 -c-shr-- c:\windows\system32\0084730666.sys
2008-11-07 14:34 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110720081108\index.dat

============= FINISH: 14:19:10.56 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2003 9:35:10 PM
System Uptime: 3/8/2009 3:14:26 AM (11 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S533VX
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | PGA 478 | 2656/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 16 GiB total, 2.997 GiB free.
D: is FIXED (NTFS) - 96 GiB total, 77.717 GiB free.
E: is Removable
F: is CDROM ()
G: is CDROM (CDFS)
H: is FIXED (NTFS) - 466 GiB total, 215.427 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1664: 3/8/2009 2:42:37 AM - Installed Windows NLSDownlevelMapping.
RP1665: 3/8/2009 2:43:32 AM - Installed Windows IDNMitigationAPIs.
RP1666: 3/8/2009 2:44:02 AM - Installed Windows Internet Explorer 7.
RP1667: 3/8/2009 2:51:17 AM - Installed Windows NLSDownlevelMapping.
RP1668: 3/8/2009 2:52:10 AM - Installed Windows IDNMitigationAPIs.
RP1669: 3/8/2009 2:52:37 AM - Installed Windows Internet Explorer 7.
RP1670: 3/8/2009 3:03:01 AM - Installed Windows NLSDownlevelMapping.
RP1671: 3/8/2009 3:03:56 AM - Installed Windows IDNMitigationAPIs.
RP1672: 3/8/2009 3:04:24 AM - Installed Windows Internet Explorer 7.
RP1673: 3/8/2009 3:11:12 AM - Installed Windows NLSDownlevelMapping.
RP1674: 3/8/2009 3:12:06 AM - Installed Windows IDNMitigationAPIs.
RP1675: 3/8/2009 3:12:33 AM - Installed Windows Internet Explorer 7.

==== Installed Programs ======================

AC3Filter (remove only)
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Reader 8.1.3
Adobe Shockwave Player 11
Age of Mythology
Agere Systems AC'97 Modem
Antares Autotune VST RTAS TDM v5.08
Antares Autotune VST v5.09
Apple Mobile Device Support
Apple Software Update
Art Explosion Scrapbook Factory Deluxe
ASIO4ALL
AutoUpdate
BitPim 1.0.0
Bonjour
CiD Help
Click to DVD 1.0
Collab
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Deckadance
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVgate
Easy CD-DA Extractor 10
Experience Vaio
FL Studio 8
GPL MPEG-1/2 DirectShow Decoder Filter
Hauppauge English Help Files and Resources
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV Soft PVR
Hauppauge WinTV Source Selector
Hauppauge WinTV2000
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Product Detection
IL Download Manager
Insaniquarium Deluxe 1.0
InterActual Player
iPod for Windows 2005-02-07
iPod Updater 2004-07-15
iTunes
Java(TM) 6 Update 12
Java(TM) 6 Update 7
LG USB Drivers
LG USB Modem driver

Lucent Technologies Soft Modem AMR
McAfee SecurityCenter
Media Library Management Wizard
Metal Gear Solid
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Windows Media Video 9 VCM
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft XML Parser and SDK
Motion JPEG Software Decoder
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
MovieShaker 3.3
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Music Visualizer Library 1.4.00
Network Play System (Patching)
Network Smart Capture
No.1 Video Convertor 1.2
NVIDIA Drivers
Online Manuals for WinTV (English)
Personal License Update Wizard for Windows Media Player
PicoPlayer
PicoPlayer Demo
PicoPlayerSplashScreen
Pinnacle Hollywood FX 4.6
Plus! MP3 Audio Converter LE
PoiZone
PowerDVD
Punch! 5 in 1 Home Design
QuickTime
RollerCoaster Tycoon 2
RollerCoaster Tycoon Deluxe
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shockwave
SimCity 3000
Sims2Pack Clean Installer
SonicStage 1.5.00
Sony Certificate PCH
Sony DV Shared Library
Sony Sound Forge Audio Studio 9.0
Sony USB Driver
Studio 8
Support Actions WinXP
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 Seasons
The Sims 2 University
The Sims File Cop
The Sims Superstar
The Simsâ„¢ 2 Apartment Life
The Simsâ„¢ 2 Bon Voyage
The Simsâ„¢ 2 Celebration! Stuff
The Simsâ„¢ 2 FreeTime
The Simsâ„¢ 2 H&M® Fashion Stuff
The Simsâ„¢ 2 IKEA® Home Stuff
The Simsâ„¢ 2 Kitchen & Bath Interior Design Stuff
The Simsâ„¢ 2 Teen Style Stuff
Toxic Biohazard
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
V CAST Music
V CAST Music Manager
VAIO Action Setup
VAIO Brezza Wallpaper
VAIO Edit Components LE
VAIO Grid Wallpaper
VAIO Help & Support
VAIO Media 2.0
VAIO Media Installer 2.0
VAIO Media Music Server 2.0
VAIO Media Photo Server 2.0
VAIO Media Platform 2.0
VAIO Registration
VAIO Serenus Wallpaper
VAIO Support
VERITAS RecordNow DX
VERITAS StorageGuard
Virtual DJ - Atomix Productions
WD Diagnostics
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 2002 OEM
Zoo Tycoon: Complete Collection

==== Event Viewer Messages From Past Week ========

3/5/2009 8:58:23 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/5/2009 8:50:40 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/5/2009 8:49:17 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/5/2009 8:49:17 AM, error: Service Control Manager [7000] - The UDNT service failed to start due to the following error: The system cannot find the device specified.
3/5/2009 12:51:39 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
3/4/2009 4:11:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'gaopdxmdeueolr.dll' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/6/2009 1:35:15 AM, error: MSFWHLPR [4] -
3/6/2009 1:59:23 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/6/2009 2:00:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
3/6/2009 2:00:13 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/6/2009 2:51:09 PM, error: UPS [2481] - The UPS service is not configured correctly.
3/6/2009 2:51:37 PM, error: Service Control Manager [7023] - The Uninterruptible Power Supply service terminated with the following error: %%2481
3/6/2009 2:51:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the VAIO Media Music Server (Application) service to connect.
3/6/2009 2:51:37 PM, error: Service Control Manager [7000] - The VAIO Media Music Server (Application) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/6/2009 2:51:37 PM, error: Service Control Manager [7001] - The VAIO Media Music Server (HTTP) service depends on the VAIO Media Music Server (Application) service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/6/2009 2:51:37 PM, error: Service Control Manager [7001] - The VAIO Media Music Server (UPnP) service depends on the VAIO Media Music Server (HTTP) service which failed to start because of the following error: The dependency service or group failed to start.
3/6/2009 2:51:37 PM, error: Service Control Manager [7023] - The VAIO Media Photo Server (HTTP) service terminated with the following error: An attempt was made to access a socket in a way forbidden by its access permissions.
3/6/2009 2:51:37 PM, error: Service Control Manager [7001] - The VAIO Media Photo Server (UPnP) service depends on the VAIO Media Photo Server (HTTP) service which failed to start because of the following error: An attempt was made to access a socket in a way forbidden by its access permissions.
3/6/2009 3:33:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'NEWFOL~1.SH!' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
3/6/2009 3:35:41 PM, error: Service Control Manager [7016] - The VAIO Media Photo Server (Application) service has reported an invalid current state 272.
3/8/2009 2:04:25 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

 

Welcome back


Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

Please go to: VirusTotal

• 
  
  
  
  
  
• Click the Browse button and search for the following file: c:\windows\system32\TmpA282920500
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now "

Also please have the next files scanned.
c:\windows\system32\0084730666.sys




Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

Reglock::
[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000000000000000}\User Settings\¸*
*0 ]
[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\Æ
*0 ]

File:: 
C:\bpc_bundleware.exe
C:\Documents and Settings\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{2B3CB516-B1BD-422E-9B5F-4EB9A05A0E49}

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "WebSavingsfromEbates "=-

DDS::
BHO: SOFTWARE - No File
BHO: Microsoft - No File
BHO: Windows - No File
BHO: CurrentVersion - No File
BHO: Explorer - No File
BHO: Browser Helper Objects - No File
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [WebSavingsfromEbates] wjview /cp  "c:\program files\websavingsfromebates\system\code" main lp: 
mPolicies-explorer: <NO NAME> = 

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


In your next reply post:
Files requested scanned
Combofix.txt


How's your computer now?

 

Well my computer is running better than it has in a looooong time.


File TmpA282920500 received on 03.09.2009 06:39:38 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.09 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.105 2009.03.08 -
Authentium 5.1.0.4 2009.03.08 -
Avast 4.8.1335.0 2009.03.09 -
AVG 8.0.0.237 2009.03.08 -
BitDefender 7.2 2009.03.09 -
CAT-QuickHeal 10.00 2009.03.07 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1037 2009.03.08 -
DrWeb 4.44.0.09170 2009.03.09 -
eSafe 7.0.17.0 2009.03.08 -
eTrust-Vet 31.6.6386 2009.03.06 -
F-Prot 4.4.4.56 2009.03.08 -
F-Secure 8.0.14470.0 2009.03.09 -
Fortinet 3.117.0.0 2009.03.09 -
GData 19 2009.03.09 -
Ikarus T3.1.1.45.0 2009.03.09 -
K7AntiVirus 7.10.663 2009.03.07 -
Kaspersky 7.0.0.125 2009.03.09 -
McAfee 5547 2009.03.08 -
McAfee+Artemis 5547 2009.03.08 -
Microsoft 1.4405 2009.03.08 -
NOD32 3918 2009.03.09 -
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.09 -
Panda 10.0.0.10 2009.03.08 -
PCTools 4.4.2.0 2009.03.08 -
Prevx1 V2 2009.03.09 -
Rising 21.19.62.00 2009.03.09 -
SecureWeb-Gateway 6.7.6 2009.03.08 -
Sophos 4.39.0 2009.03.09 -
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.09 -
TheHacker 6.3.2.7.277 2009.03.09 -
TrendMicro 8.700.0.1004 2009.03.09 -
VBA32 3.12.10.1 2009.03.09 -
ViRobot 2009.3.9.1640 2009.03.09 -
VirusBuster 4.5.11.0 2009.03.08 -
Additional information
File size: 1181022 bytes
MD5...: 93b030a1743408ff30b2409feecaec27
SHA1..: 2cb915c3760504cacfc51e95c72a8b360eceaeec
SHA256: eb93eb855c0a57042d7f396832e3db47f23f6ac4496e2355685203ff98806882
SHA512: f4b5495666233afbecf7ec12399a2cc04103ff35147b8a8b070221275dcebbe9
8399ddddad762c313f03d35c8b554bf9dfa4bd701cd764055c019968961cb0f3
ssdeep: 24576:tBDYS/jxtlHTuP+9bR+uk+WMzueGEjWfl0wV0mWdK7jSm97QHinZx:tBtx
nTg+9V+uOMafEjm0GKd+pQH8Zx
PEiD..: -
TrID..: File type identification
OGG Vorbis Audio (77.7%)
OGG stream (generic) (22.2%)
PEInfo: -


File 0084730666.sys received on 03.09.2009 06:39:02 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.09 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.105 2009.03.08 -
Authentium 5.1.0.4 2009.03.08 -
Avast 4.8.1335.0 2009.03.09 -
AVG 8.0.0.237 2009.03.08 -
BitDefender 7.2 2009.03.09 -
CAT-QuickHeal 10.00 2009.03.07 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1037 2009.03.08 -
DrWeb 4.44.0.09170 2009.03.09 -
eSafe 7.0.17.0 2009.03.08 -
eTrust-Vet 31.6.6386 2009.03.06 -
F-Prot 4.4.4.56 2009.03.08 -
F-Secure 8.0.14470.0 2009.03.09 -
Fortinet 3.117.0.0 2009.03.09 -
GData 19 2009.03.09 -
Ikarus T3.1.1.45.0 2009.03.09 -
K7AntiVirus 7.10.663 2009.03.07 -
Kaspersky 7.0.0.125 2009.03.09 -
McAfee 5547 2009.03.08 -
McAfee+Artemis 5547 2009.03.08 -
Microsoft 1.4405 2009.03.08 -
NOD32 3918 2009.03.09 -
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.09 -
Panda 10.0.0.10 2009.03.08 -
PCTools 4.4.2.0 2009.03.08 -
Prevx1 V2 2009.03.09 -
Rising 21.19.62.00 2009.03.09 -
SecureWeb-Gateway 6.7.6 2009.03.08 -
Sophos 4.39.0 2009.03.09 -
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.09 -
TheHacker 6.3.2.7.277 2009.03.09 -
TrendMicro 8.700.0.1004 2009.03.09 -
VBA32 3.12.10.1 2009.03.09 -
ViRobot 2009.3.9.1640 2009.03.09 -
VirusBuster 4.5.11.0 2009.03.08 -
Additional information
File size: 56 bytes
MD5...: 9b6613b364a6b4f544e00d5b56fdcc85
SHA1..: 23e1473dea05b08894bc3c2983dbbf16abbb4ac3
SHA256: 655b6812053158104b3569e2b360043fd9e65d4836e9f05abecc730aac507048
SHA512: ab765abe7af18557cdb37f7b97a6dc38095594ef15a50035d03658930db82ba1
2d1992585c49b8463a89d41d2ddb6000270329bdc369a005fabb8be0b5ec8d24
ssdeep: 3:/ldEVg2:z2
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -


ComboFix 09-03-04.01 - 2009-03-08 22:48:20.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.668 [GMT -7:00]
Running from: c:\documents and settings\Desktop\Fixit.exe
Command switches used :: c:\documents and settings\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

FILE ::
C:\bpc_bundleware.exe
c:\documents and settings\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{2B3CB516-B1BD-422E-9B5F-4EB9A05A0E49}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bpc_bundleware.exe
c:\windows\Downloaded Program Files\ODCTOOLS

.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-08 22:46 . 2009-03-08 22:47 <DIR> d-------- C:\32788R22FWJFW
2009-03-07 11:36 . 2009-03-07 11:35 73,728 --a--c--- c:\windows\system32\javacpl.cpl
2009-03-07 11:35 . 2009-03-07 11:35 0 --a--c--- c:\windows\system32\REN10A.tmp
2009-03-07 11:35 . 2009-03-07 11:35 0 --a--c--- c:\windows\system32\REN109.tmp
2009-03-07 11:35 . 2009-03-07 11:35 0 --a--c--- c:\windows\system32\REN108.tmp
2009-03-06 02:28 . 2009-03-06 15:50 <DIR> d----c--- c:\program files\Microsoft Windows OneCare Live
2009-03-06 00:20 . 2001-08-18 05:00 18,944 --a--c--- c:\windows\system32\simptcp.dll
2009-03-06 00:20 . 2001-08-18 05:00 18,944 --a--c--- c:\windows\system32\dllcache\simptcp.dll
2009-03-05 02:22 . 2009-03-05 13:15 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-05 02:09 . 2009-03-05 02:09 <DIR> d----c--- c:\windows\system32\drivers\Avg
2009-03-05 02:09 . 2009-03-05 14:18 <DIR> d----c--- c:\documents and settings\Application Data\AVGTOOLBAR
2009-03-05 02:09 . 2009-03-05 02:09 325,640 --a--c--- c:\windows\system32\drivers\avgldx86.sys
2009-03-05 02:09 . 2009-03-05 02:09 107,912 --a--c--- c:\windows\system32\drivers\avgtdix.sys
2009-03-05 02:09 . 2009-03-05 02:09 10,520 --a--c--- c:\windows\system32\avgrsstx.dll
2009-03-05 02:08 . 2009-03-05 02:08 <DIR> d----c--- c:\program files\AVG
2009-03-05 02:08 . 2009-03-08 15:03 <DIR> d----c--- c:\documents and settings\All Users\Application Data\avg8
2009-03-05 01:32 . 2009-03-06 15:23 <DIR> d----c--- c:\documents and settings\Application Data\IObit
2009-02-22 13:08 . 2007-07-03 16:58 106,792 -ra--c--- c:\windows\system32\drivers\sscdmdm.sys
2009-02-22 13:08 . 2007-07-03 16:59 86,824 -ra--c--- c:\windows\system32\drivers\sscdserd.sys
2009-02-22 13:08 . 2007-07-03 16:54 80,552 -ra--c--- c:\windows\system32\drivers\sscdbus.sys
2009-02-22 13:08 . 2007-07-03 16:57 11,944 -ra--c--- c:\windows\system32\drivers\sscdmdfl.sys
2009-02-22 13:08 . 2007-07-03 17:00 9,256 -ra--c--- c:\windows\system32\drivers\sscdwhnt.sys
2009-02-22 13:08 . 2007-07-03 17:00 9,256 -ra--c--- c:\windows\system32\drivers\sscdwh.sys
2009-02-22 13:08 . 2007-07-03 16:56 9,256 -ra--c--- c:\windows\system32\drivers\sscdcmnt.sys
2009-02-22 13:08 . 2007-07-03 16:56 9,256 -ra--c--- c:\windows\system32\drivers\sscdcm.sys
2009-02-22 12:36 . 2009-02-22 12:36 <DIR> d----c--- c:\program files\Samsung
2009-02-17 19:21 . 2009-02-17 19:21 1,181,022 --a--c--- c:\windows\system32\TmpA282920500
2009-02-17 19:21 . 2009-02-17 19:21 1,181,022 --a--c--- c:\windows\system32\TmpA282904640
2009-02-17 19:21 . 2009-02-17 19:21 900,015 --a--c--- c:\windows\system32\TmpA282932343
2009-02-17 19:17 . 2009-02-17 19:17 <DIR> d----c--- c:\documents and settings\Application Data\Antares
2009-02-15 23:31 . 2009-02-15 23:31 <DIR> d----c--- c:\documents and settings\Application Data\Deckadance
2009-02-15 15:45 . 2009-02-15 15:45 <DIR> d----c--- c:\program files\Common Files\Digidesign
2009-02-15 15:45 . 2009-02-17 19:17 <DIR> d----c--- c:\program files\Antares Audio Technologies
2009-02-15 15:24 . 2002-07-07 15:14 1,294,336 --a--c--- c:\windows\system32\vorbis.acm
2009-02-15 15:22 . 2009-02-15 15:22 <DIR> d----c--- c:\program files\Outsim
2009-02-15 15:22 . 2009-02-15 15:40 <DIR> d----c--- c:\program files\Image-Line

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 18:35 410,984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 23:01 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-03-06 23:00 --------- dc----w c:\program files\Sony
2009-03-06 22:56 --------- dc----w c:\program files\Electronic Arts
2009-03-06 22:55 11,070 -c--a-w c:\windows\system32\ealregsnapshot1.reg
2009-03-06 22:26 --------- dc-h--w c:\documents and settings\Application Data\GTek
2009-03-05 16:57 --------- dc----w c:\program files\VSTplugins
2009-03-05 16:57 --------- dc----w c:\documents and settings\Application Data\Sony
2009-03-05 16:49 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-22 20:11 --------- dc----w c:\documents and settings\Application Data\Smith Micro
2009-02-22 19:22 --------- dc----w c:\program files\Microsoft ActiveSync
2009-02-15 18:55 --------- dc----w c:\program files\VirtualDJ
2009-02-06 19:16 --------- dc----w c:\documents and settings\NetworkService\Application Data\SACore
2009-02-04 21:09 --------- dc----w c:\program files\McAfee
2009-01-20 22:51 --------- dc----w c:\program files\Western Digital Technologies
2009-01-20 22:38 --------- dc----w c:\program files\Canon
2009-01-20 22:27 --------- dc-ha-w c:\documents and settings\All Users\Application Data\GTek
2009-01-20 22:25 --------- dc----w c:\program files\Microsoft Picture It! 7
2009-01-20 22:21 --------- dc----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-01-20 22:20 --------- dc----w c:\program files\Common Files\Real
2009-01-20 22:16 --------- dc----w c:\program files\Zuma Deluxe
2009-01-20 22:15 --------- dc----w c:\program files\Screenblast
2009-01-15 09:23 --------- dc----w c:\documents and settings\Application Data\NetMedia Providers
2008-12-20 23:15 826,368 -c--a-w c:\windows\system32\wininet.dll
2004-10-01 01:56 56 -csh--r c:\windows\system32\0084730666.sys
2008-11-07 21:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110720081108\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-06_16.09.32.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-10 23:54:56 409,168 -c--a-w c:\windows\Downloaded Program Files\MSDcode.dll
- 2005-10-21 04:02:28 163,328 -c--a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 -c--a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2007-08-14 02:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2007-08-14 01:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
- 2000-08-31 16:00:00 29,696 -c--a-w c:\windows\NIRCMD.exe
+ 2000-08-31 15:00:00 29,696 -c--a-w c:\windows\NIRCMD.exe
- 2000-08-31 16:00:00 161,792 -c--a-w c:\windows\SWREG.exe
+ 2000-08-31 15:00:00 161,792 -c--a-w c:\windows\SWREG.exe
- 2009-03-06 22:54:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-09 05:31:48 32,768 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-06 22:54:29 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-09 05:31:48 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-19 09:10:15 13,824 -c--a-w c:\windows\system32\ieudinit.exe
+ 2007-08-14 01:39:10 13,312 -c--a-w c:\windows\system32\ieudinit.exe
- 2008-12-04 08:44:29 144,792 -c--a-w c:\windows\system32\java.exe
+ 2009-03-07 18:35:53 144,792 -c--a-w c:\windows\system32\java.exe
- 2008-12-04 08:44:30 144,792 -c--a-w c:\windows\system32\javaw.exe
+ 2009-03-07 18:35:53 144,792 -c--a-w c:\windows\system32\javaw.exe
- 2008-12-04 08:44:30 148,888 -c--a-w c:\windows\system32\javaws.exe
+ 2009-03-07 18:35:53 148,888 -c--a-w c:\windows\system32\javaws.exe
- 2009-03-06 07:21:16 65,888 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-08 11:06:50 65,888 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-06 07:21:16 412,180 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-08 11:06:50 412,180 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-09 05:23:24 16,384 -c--atw c:\windows\Temp\Perflib_Perfdata_690.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SmartRAM "= "d:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"DelayShred "= "c:\progra~1\mcafee\mshr\ShrCL.EXE" [2008-07-09 111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px "= "c:\windows\system32\ezSP_Px.exe" [2002-07-03 40960]
"SiSUSBRG "= "c:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"PrinTray "= "c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 36864]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper "= "d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"StorageGuard "= "c:\program files\VERITAS Software\StorageGuard\sgtray.exe" [2001-12-07 155648]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched "= "d:\program files\Java\jre6\bin\jusched.exe" [2009-03-07 148888]
"SmartDefrag "= "d:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-02-13 1986896]
"nwiz "= "nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"LTSMMSG "= "LTSMMSG.exe" [2002-07-20 c:\windows\LTSMMSG.exe]
"AGRSMMSG "= "AGRSMMSG.exe" [2003-02-14 c:\windows\AGRSMMSG.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons "= 0 (0x0)
"NoSimpleStartMenu "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG "= Pvmjpg21.dll
"VIDC.PIM1 "= pclepim1.dll
"msacm.ac3filter "= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 07:16 171464 h:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc "=3 (0x3)
"Creative Service for CDROM Access "=2 (0x2)
"sdCoreService "=3 (0x3)
"sdAuxService "=3 (0x3)
"VAIOMediaPlatform-PhotoServer-UPnP "=2 (0x2)
"VAIOMediaPlatform-PhotoServer-HTTP "=2 (0x2)
"VAIOMediaPlatform-PhotoServer-AppServer "=2 (0x2)
"VAIOMediaPlatform-MusicServer-UPnP "=2 (0x2)
"VAIOMediaPlatform-MusicServer-HTTP "=2 (0x2)
"VAIOMediaPlatform-MusicServer-AppServer "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\BitPim\\bitpim.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
"d:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-08-28 206096]
R2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [2004-03-30 85868]
S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2004-03-30 12128]
S1 DMX3191;DMX3191;c:\windows\system32\drivers\dmx3191.sys [2004-03-30 17700]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [2004-03-30 120544]
S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2004-03-30 76260]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-08-03 815819]
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-07 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 19:10]

2008-11-07 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 19:10]

2009-03-05 c:\windows\Tasks\SmartDefrag.job
- d:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 19:15]

2009-03-05 c:\windows\Tasks\SmartDefrag.job
- d:\program files\IObit\IObit SmartDefrag\ [2009-03-05 01:32]

2008-12-04 c:\windows\Tasks\{90B0D779-BA41-4ADA-AAB9-43229882F953}.job
- c:\windows\system32\mobsync.exe [2008-04-14 06:42]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ZTgServerSwitch - c:\program files\support.com\client\lserver\server.vbs


.
------- Supplementary Scan -------
.
uStart Page = hxxp://sandiego.cox.net/cci/home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE:
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Application Data\Mozilla\Firefox\Profiles\dcf2cr5a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/|http://www.google.com/ig?hl=en
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 22:51:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\¸*
*0 ]
"AlwaysCovertFormat "=dword:00000000
"Format "=dword:00000000
"Format_Channel "=dword:00000002
"Format_Value "=dword:00000000
"Format_Quality "=dword:0001f400
"Encoding Language "=dword:00000000

[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\Creative Tech\Component Installed\{B17F00C9-19EC-43A2-BD81-44D8E5D4D994}\Object\{00000000-0000-0000-0000-000000000000}\User Settings\Æ
*0 ]
"AlwaysCovertFormat "=dword:00000000
"Format "=dword:00000000
"Format_Channel "=dword:00000002
"Format_Value "=dword:00000000
"Format_Quality "=dword:0001f400
"Encoding Language "=dword:00000000

[HKEY_USERS\S-1-5-21-4087772427-914090876-3233042676-1005\Software\SecuROM\License information*]
"datasecu "=hex:01,05,ee,2e,93,c4,b6,fc,e3,be,12,29,0b,6c,b6,df,66,47,3e,5a,32,
85,b7,ec,9d,3e,1b,6e,4c,20,0b,e0,53,c7,96,3a,fe,92,4d,2b,80,29,c8,01,b9,86,\
"rkeysecu "=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Completion time: 2009-03-08 22:54:02
ComboFix-quarantined-files.txt 2009-03-09 05:53:29
ComboFix2.txt 2009-03-07 18:19:09
ComboFix3.txt 2009-03-07 00:10:53

Pre-Run: 3,351,101,440 bytes free
Post-Run: 3,400,003,584 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
272 --- E O F --- 2009-02-15 11:41:54

 

good deal!


Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
  
• Select - Show hidden files and folders.
  
• Uncheck- Hide protected operating system files (recommended) option.
  
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
  
• Click OK. (Remember to Hide files and folders once done)

Using Windows Explorer (right-click your "Start" button and select "Explore "), please navigate to and delete the following files/folders in bold

c:\program files\WebSavingsfromEbates<--delete this folder
c:\windows\system32\REN10A.tmp<--delete this file
c:\windows\system32\REN109.tmp<--this file
c:\windows\system32\REN108.tmp<--this file also


Next, launch Notepad, (Start > Run, type in: notepad) copy and paste the text in blue below in it, (don't forget to copy and paste REGEDIT4)
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebSavingsfromEbates "=-

Save this as fix.reg and change the "Save as type" to "All Files" and place it on your desktop. It should look like this:
Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK ". You should receive a message that it was successful. You may delete the file afterwards.

Now please reboot your computer to set the registry.


Please post back once more and let me know if we're ready for final clean up and preventive tips.

 

I was not able to find the folder

c:\program files\WebSavingsfromEbates<--delete this folder

I took all the other steps and am ready for the final clean up.

 

Welcome back


Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below





Your good to go, good job!


Please take the time to read over a few of my preventive tips.


Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software
Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/