Solved Spyware and Adware Trouble

[Resolved] Spyware and Adware Trouble

I read the "Read this Topic Before Posting ",and tried to run DDS and all I get is a notepad file with a lot of characters and the very top it says
"This program must be run under Win32 ". Do I need to run it in safemode?
Thanks for any help.

-Frank

 

your system is affected by virus t
1)take a note pad and type this "
]

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile]
@= "Application "
"EditFlags "=hex:38,07,00,00
"TileInfo "= "prop:FileDescription;Company;FileVersion "
"InfoTip "= "prop:FileDescription;Company;FileVersion;Create;Size "

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@= "%1 "

[HKEY_CLASSES_ROOT\exefile\shell]

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags "=hex:00,00,00,00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@= "\ "%1\" %* "

[HKEY_CLASSES_ROOT\exefile\shell\runas]

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@= "\ "%1\" %* "

[HKEY_CLASSES_ROOT\exefile\shellex]

and save as "*.reg "
and click that add to regstry or not open with %systemroot%\regedit.exe

 

Ok, I was able to get DDS to run after I downloaded it in IE instead of Firefox. So here's the file.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Frank at 1:56:44.64 on Sat 03/14/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.403 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Frank\Desktop\dds.exe

============== Pseudo HJT Report ===============

uStart Page = file:///F:/Misc%20Documents/HebrewTranslator.htm
uDefault_Page_URL = hxxp://www.dell.com
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {77741673-5239-9f4b-7d34-bc80d0fedc53}: {35cdef0d-08cb-43d7-b4f9-932537614777} - c:\windows\system32\vdnndu.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {efa49602-4700-42db-9e63-7f097d716f1f} - c:\windows\system32\ludotake.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Aim6]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [IPInSightLAN 01] "c:\program files\visual networks\visual ip insight\sbc\IPClient.exe" -l
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [vehehukana] Rundll32.exe "c:\windows\system32\riketuti.dll ",s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [e0173919] rundll32.exe "c:\windows\system32\lehetojo.dll ",b
mRun: [CPMe3240a85] Rundll32.exe "c:\windows\system32\zafomotu.dll ",a
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
mPolicies-explorer: <NO NAME> =
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm021YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trendmicro.com\housecall65
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - hxxp://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} - hxxp://www.makeoversolutions.com/save/makeover.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://zone.msn.com/bingame/rock/default/popcaploader1.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.pcpitstop.com/pestscan/pestscan.cab
DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093566153781
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182403856453
DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} - hxxp://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX28.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37520.cab
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://images.myfamily.net/isfiles/downloads/MrSIDI.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - hxxp://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38065.4216087963
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.verizon.net/checkmypc/includes/MotivePreQual.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CB497DA0-F0CF-4420-A255-A908803B04B9} - hxxp://apps.eyewonderlabs.com/sp/OCXG3.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://ccon.futuremark.com/global/msc34.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {D44C75D8-C827-473E-8F68-A77E42500782} - hxxp://photo.walmart.com/photo/uploads/WebUploadClient.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab30149.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} - hxxp://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4699/mcfscan.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX/kdx.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/bin/msnchat45.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
TCP: {3AA61844-E619-4008-8A12-66C442EF7B66} = 67.36.13.26,206.141.192.60
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - f:\misc programs2\ebible\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - f:\misc programs2\ebible\system\ResProt.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: mljjj - mljjj.dll
AppInit_DLLs: c:\windows\system32\vawilodu.dll vdnndu.dll c:\windows\system32\daregihe.dll c:\windows\system32\zafomotu.dll c:\windows\system32\givapunu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\daregihe.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\givapunu.dll
SEH: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli c:\windows\system32\vawilodu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\frank\applic~1\mozilla\firefox\profiles\lc55z7fd.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npq3px.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: f:\misc programs2\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: f:\misc programs2\divx\divx web player\npdivx32.dll
FF - plugin: f:\misc programs2\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\misc programs2\quicktime\plugins\npqtplugin2.dll
FF - plugin: f:\misc programs2\quicktime\plugins\npqtplugin3.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-10 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-16 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-16 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-16 107272]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2006-8-4 590190]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-9-24 353680]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-21 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 903960]
S2 NNServ;NNServ; "c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" servicestart --> c:\program files\newdotnet\nnrun.exe [?]
S2 VETMSGNT;VET Message Service;c:\program files\yahoo!\antivirus\vetmsg.exe --> c:\program files\yahoo!\antivirus\VetMsg.exe [?]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2004-4-16 95232]
S3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2006-8-4 102398]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-03-13 23:11 <DIR> --d----- c:\program files\trend micro
2009-03-13 21:03 2,098 ---sh--- c:\windows\system32\mihayara.exe
2009-03-13 03:02 2,098 ---sh--- c:\windows\system32\yunogisa.exe
2009-03-12 09:00 2,098 ---sh--- c:\windows\system32\torelire.exe
2009-03-10 16:56 121 ---sh--- c:\windows\system32\ojotehel.ini
2009-03-10 16:55 123,392 a--sh--- c:\windows\system32\vdnndu.dll
2009-03-10 14:43 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-03-10 14:42 <DIR> --d----- c:\program files\Panda Security
2009-03-10 04:56 121 ---sh--- c:\windows\system32\itihazon.ini
2009-03-10 04:55 123,392 a--sh--- c:\windows\system32\zdurvp.dll
2009-03-10 02:59 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-10 02:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-09 20:10 121 ---sh--- c:\windows\system32\ugabulok.ini
2009-03-09 16:55 123,392 a--sh--- c:\windows\system32\hnnpyl.dll
2009-03-09 05:00 123,392 a------- c:\windows\system32\gnljxy.dll
2009-03-09 05:00 121 ---sh--- c:\windows\system32\akilajuj.ini
2009-03-09 04:50 81,408 a------- c:\windows\system32\jujalika.dll
2009-03-09 04:50 123,392 a------- c:\windows\system32\segahomu.dll
2009-03-09 04:50 86,016 a------- c:\windows\system32\zafomotu.dll
2009-03-09 02:45 <DIR> --d----- c:\documents and settings\frank\.housecall6.6
2009-03-08 16:58 123,392 a--sh--- c:\windows\system32\ohzwtc.dll
2009-03-08 16:58 121 ---sh--- c:\windows\system32\ovedebig.ini
2009-03-08 16:58 123,392 a--sh--- c:\windows\system32\lahejapi.dll
2009-03-08 16:58 86,016 a--sh--- c:\windows\system32\givapunu.dll
2009-03-08 16:58 80,896 -------- c:\windows\system32\gibedevo.dll
2009-03-08 04:55 121 ---sh--- c:\windows\system32\ogelepuw.ini
2009-03-08 04:54 123,392 a--sh--- c:\windows\system32\igpbsj.dll
2009-03-08 04:54 123,392 a--sh--- c:\windows\system32\hoyoleko.dll
2009-03-08 04:54 86,016 a--sh--- c:\windows\system32\zayewota.dll
2009-03-08 04:54 80,896 -------- c:\windows\system32\wupelego.dll
2009-02-12 05:20 <DIR> --d----- c:\program files\Super Free Youtube Video Downloader
2009-02-12 05:19 487,479 a------- c:\windows\system32\SkinMagic.dll
2009-02-12 05:19 <DIR> --d----- c:\program files\Free Flash Flv MP3 Converter

==================== Find3M ====================

2009-03-10 16:55 86,016 a--sh--- c:\windows\system32\daregihe.dll
2009-03-10 16:55 123,392 a--sh--- c:\windows\system32\sesanujo.dll
2009-03-10 04:55 80,896 -------- c:\windows\system32\nozahiti.dll
2009-03-10 04:55 86,016 a--sh--- c:\windows\system32\nowuvaku.dll
2009-03-10 04:55 123,392 a--sh--- c:\windows\system32\mapatawa.dll
2009-03-09 16:55 86,016 a--sh--- c:\windows\system32\vapuhonu.dll
2009-03-09 16:55 123,392 a--sh--- c:\windows\system32\deyagehu.dll
2009-03-09 16:55 80,896 -------- c:\windows\system32\kolubagu.dll
2009-02-04 03:52 82,604 a------- c:\windows\Victory At Hebron Service Pack Uninstaller.exe
2009-02-04 03:48 92,581 a------- c:\windows\Victory At Hebron Uninstaller.exe
2009-01-31 10:38 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-31 10:38 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-31 10:38 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-14 03:34 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2006-10-14 00:13 82,000 a------- c:\docume~1\frank\applic~1\GDIPFONTCACHEV1.DAT
2005-05-13 17:12 217,073 a--shr-- c:\windows\meta4.exe
2005-10-24 11:13 66,560 a--shr-- c:\windows\MOTA113.exe
2005-10-13 21:27 422,400 a--shr-- c:\windows\x2.64.exe
2005-10-07 19:14 308,224 a--shr-- c:\windows\system32\avisynth.dll
2005-07-14 12:31 27,648 a--shr-- c:\windows\system32\AVSredirect.dll
2005-06-26 15:32 616,448 a--shr-- c:\windows\system32\cygwin1.dll
2005-06-21 22:37 45,568 a--shr-- c:\windows\system32\cygz.dll
2004-01-25 00:00 70,656 a--shr-- c:\windows\system32\i420vfw.dll
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\ludotake.dll
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\riketuti.dll
2006-04-27 10:24 2,945,024 a--shr-- c:\windows\system32\Smab.dll
0000-00-00 00:00 49,152 a--sh--- c:\windows\system32\vawilodu.dll
2005-02-28 13:16 240,128 a--shr-- c:\windows\system32\x.264.exe
2004-01-25 00:00 70,656 a--shr-- c:\windows\system32\yv12vfw.dll

============= FINISH: 1:57:57.14 ===============

 

Hi and welcome


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Thanks for the welcome.
I tried to run Combo-fix and I get a warning that says "SBC Yahoo Online protection" is running, I'd un-install it since I use AVG but it's not in the add/remove list, and I ran a few searches on my pc and can't find the folder either. I tried searching online about it too but didn't find much help.

 

Welcome back

Open Task manager and see if yop.exe is running
If it is end task


Open Add/Remove Programs and uninstall anything named Yahoo
CA Yahoo! Anti-Spy (remove only)
AT&T Yahoo group
SBC group
SBC Online Protection
AT&T Yahoo Browser
AT&T Self Support Tool
Y.O.P.=Yahoo Online Protection


Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
  
• Select - Show hidden files and folders.
  
• Uncheck- Hide protected operating system files (recommended) option.
  
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
  
• Click OK. (Remember to Hide files and folders once done)

Using Windows Explorer (right-click your "Start" button and select "Explore "), please navigate to and delete the following files/folders in bold

C:\Program Files\Yahoo\Antivirus <--delete this folder if found
C:\PROGRA~1\Yahoo!\YOP<--delete this folder if found
C:\Program Files\SBC Self Support Tool\bin\matcli.exe<--delete this file if found
c:\program files\yahoo!\antivirus\vetmsg.exe<--delete this file if found


You'll need to reboot the computer to complete the process.


Now please try to run ComboFix again.

 

Ok I tried to find those 2 files and 2 folders but no luck. When I was looking online this morning I found the a thread on the bleeping computers forum http://www.bleepingcomputer.com/forums/lofiversion/index.php/t180537.html
and got that Autoruns for Windows program, It showed vetmsg.exe but said it could not find the folder, so i deleted it from that list. Long story short I was able to run combofix. So heres the ComboFix log

ComboFix 09-03-15.01 - Frank 2009-03-17 15:22:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.305 [GMT -4:00]
Running from: c:\documents and settings\Frank\Desktop\Combo-Fix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\Quarantine
c:\windows\patch.exe
c:\windows\system32\gnljxy.dll
c:\windows\system32\hnnpyl.dll
c:\windows\system32\hoyoleko.dll
c:\windows\system32\igpbsj.dll
c:\windows\system32\lahejapi.dll
c:\windows\system32\mapatawa.dll
c:\windows\system32\nowuvaku.dll
c:\windows\system32\ohzwtc.dll
c:\windows\system32\ojotehel.ini
c:\windows\system32\segahomu.dll
c:\windows\system32\vapuhonu.dll
c:\windows\system32\zayewota.dll
c:\windows\system32\zdurvp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNSERV
-------\Service_NNServ


((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.

2009-03-17 15:16 . 2009-03-17 15:16 <DIR> d-------- C:\32788R22FWJFW
2009-03-17 13:53 . 2009-03-17 13:59 1,374 --a------ c:\windows\imsins.BAK
2009-03-15 22:33 . 2009-03-15 23:19 <DIR> d-------- c:\windows\SYSTEM32\CatRoot_bak
2009-03-15 22:31 . 2008-06-13 09:10 272,128 --------- c:\windows\SYSTEM32\DLLCACHE\bthport.sys
2009-03-15 22:28 . 2008-05-01 10:30 331,776 --------- c:\windows\SYSTEM32\DLLCACHE\msadce.dll
2009-03-15 18:56 . 2009-03-15 18:58 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-15 18:56 . 2009-03-15 18:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 17:22 . 2009-03-15 17:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 17:22 . 2009-03-15 17:22 <DIR> d-------- c:\documents and settings\Frank\Application Data\Malwarebytes
2009-03-15 17:22 . 2009-03-15 17:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-15 17:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-15 17:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-15 09:06 . 2009-03-15 09:06 2,098 ---hs---- c:\windows\SYSTEM32\kuzazigo.exe
2009-03-13 23:11 . 2009-03-13 23:12 <DIR> d-------- C:\rsit
2009-03-13 23:11 . 2009-03-13 23:11 <DIR> d-------- c:\program files\trend micro
2009-03-13 21:03 . 2009-03-13 21:03 2,098 ---hs---- c:\windows\SYSTEM32\mihayara.exe
2009-03-13 03:02 . 2009-03-13 03:02 2,098 ---hs---- c:\windows\SYSTEM32\yunogisa.exe
2009-03-12 09:00 . 2009-03-12 09:00 2,098 ---hs---- c:\windows\SYSTEM32\torelire.exe
2009-03-10 14:43 . 2008-06-19 16:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys
2009-03-10 14:42 . 2009-03-10 14:42 <DIR> d-------- c:\program files\Panda Security
2009-03-10 02:59 . 2009-03-10 02:59 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-03-10 02:59 . 2009-03-10 02:59 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-03-09 02:45 . 2009-03-09 02:45 <DIR> d-------- c:\documents and settings\Frank\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 18:49 --------- d-----w c:\program files\Yahoo!
2009-03-17 18:15 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-17 17:41 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2009-03-17 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Visual Networks
2009-03-17 06:21 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-12 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-10 06:58 --------- d-----w c:\program files\Java
2009-03-08 08:20 --------- d-----w c:\documents and settings\Frank\Application Data\Skype
2009-03-08 08:19 --------- d-----w c:\documents and settings\Frank\Application Data\skypePM
2009-02-26 08:36 --------- d-----w c:\program files\CCleaner
2009-02-12 09:31 --------- d-----w c:\program files\Free Flash Flv MP3 Converter
2009-02-12 09:20 --------- d-----w c:\program files\Super Free Youtube Video Downloader
2009-02-12 09:13 --------- d-----w c:\program files\Total Video Converter
2009-02-06 08:16 --------- d-----w c:\program files\DivX
2009-02-06 08:10 --------- d-----w c:\documents and settings\Frank\Application Data\LimeWire
2009-02-05 05:46 --------- d-----w c:\program files\Google
2009-02-04 07:52 82,604 ----a-w c:\windows\Victory At Hebron Service Pack Uninstaller.exe
2009-02-04 07:48 92,581 ----a-w c:\windows\Victory At Hebron Uninstaller.exe
2009-02-02 06:23 --------- d-----w c:\documents and settings\Frank\Application Data\ArcSoft
2009-02-01 08:32 --------- d-s---w c:\documents and settings\All Users\Application Data\Memeo
2009-02-01 08:32 --------- d-----w c:\documents and settings\Frank\Application Data\InstallShield Installation Information
2009-02-01 08:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-01 08:15 --------- d-----w c:\program files\Western Digital
2009-02-01 05:44 --------- d-----w c:\program files\ArcSoft
2009-02-01 05:43 --------- d-----w c:\program files\Common Files\ArcSoft
2009-02-01 05:29 --------- d-----w c:\program files\USB_video_device
2009-02-01 05:28 --------- d-----w c:\documents and settings\Frank\Application Data\InstallShield
2009-02-01 05:10 --------- d-----w c:\program files\Western Digital Technologies
2009-01-31 14:38 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-31 14:38 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-24 08:37 --------- d-----w c:\program files\Skype
2009-01-24 08:37 --------- d-----w c:\program files\Common Files\Skype
2009-01-24 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2006-10-14 04:13 82,000 ----a-w c:\documents and settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
2006-01-05 03:59 74,568 ----a-w c:\documents and settings\John and Mom\Application Data\GDIPFONTCACHEV1.DAT
2005-02-05 05:51 68,720 ----a-w c:\documents and settings\Leah\Application Data\GDIPFONTCACHEV1.DAT
2005-05-13 21:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 15:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-14 01:27 422,400 --sha-r c:\windows\x2.64.exe
2005-10-07 23:14 308,224 --sha-r c:\windows\SYSTEM32\avisynth.dll
2005-07-14 16:31 27,648 --sha-r c:\windows\SYSTEM32\AVSredirect.dll
2005-06-26 19:32 616,448 --sha-r c:\windows\SYSTEM32\cygwin1.dll
2005-06-22 02:37 45,568 --sha-r c:\windows\SYSTEM32\cygz.dll
2004-01-25 04:00 70,656 --sha-r c:\windows\SYSTEM32\i420vfw.dll
2006-04-27 14:24 2,945,024 --sha-r c:\windows\SYSTEM32\Smab.dll
2005-02-28 17:16 240,128 --sha-r c:\windows\SYSTEM32\x.264.exe
2004-01-25 04:00 70,656 --sha-r c:\windows\SYSTEM32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"igndlm.exe "= "c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Microsoft Works Update Detection "= "c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"ViewMgr "= "c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-11 111816]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"BCMSMMSG "= "BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
"nwiz "= "nwiz.exe" [2003-10-06 c:\windows\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 10:38 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3 "= c:\windows\System32\ctmp3.acm
"vidc.ffds "= ffdshow.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
--a------ 2003-09-23 02:01 57344 c:\program files\Lexmark X6100 Series\lxbfbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 f:\misc programs2\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-10 02:39 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe "=

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2009-03-10 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2008-05-16 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2008-05-16 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-21 24652]
R3 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 903960]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\SYSTEM32\DRIVERS\ubVeo532.sys [2004-04-16 95232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da3342dd-eeab-11dd-baad-0007e9d4b9f1}]
\Shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 20:37]

2003-09-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-08-04 03:56]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
Notify-mljjj - mljjj.dll
MSConfigStartUp-boltzap - c:\program files\bolt\boltzap\BoltZap.exe
MSConfigStartUp-CaAvTray - c:\program files\Yahoo!\Antivirus\CAVTray.exe
MSConfigStartUp-CAVRID - c:\program files\Yahoo!\Antivirus\CAVRID.exe
MSConfigStartUp-PCPitStopEraser - c:\program files\PCPitstop\Erase\PCPitStopErase.exe
MSConfigStartUp-WinampAgent - f:\misc programs2\WinAmp\winampa.exe


.
------- Supplementary Scan -------
.
uStart Page = file:///F:/Misc%20Documents/HebrewTranslator.htm
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trendmicro.com\housecall65
TCP: {3AA61844-E619-4008-8A12-66C442EF7B66} = 67.36.13.26,206.141.192.60
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37520.cab
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://images.myfamily.net/isfiles/downloads/MrSIDI.cab
DPF: {CB497DA0-F0CF-4420-A255-A908803B04B9} - hxxp://apps.eyewonderlabs.com/sp/OCXG3.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\lc55z7fd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.windowsbbs.com/malware-virus-removal/82319-active-spyware-adware-trouble.html
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npq3px.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: f:\misc programs2\QuickTime\Plugins\npqtplugin.dll
FF - plugin: f:\misc programs2\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: f:\misc programs2\QuickTime\Plugins\npqtplugin3.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 15:28:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ZoneLabs\vsmon.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-03-17 15:35:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-17 19:35:24

Pre-Run: 8,663,998,464 bytes free
Post-Run: 8,640,344,064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

278 --- E O F --- 2009-03-17 18:00:09

 

DDS log part 1


DDS (Ver_09-02-01.01) - NTFSx86
Run by Frank at 15:39:28.21 on Tue 03/17/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.398 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Frank\Desktop\dds.exe

============== Pseudo HJT Report ===============

uStart Page = file:///F:/Misc%20Documents/HebrewTranslator.htm
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
mPolicies-explorer: <NO NAME> =
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: trendmicro.com\housecall65
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - hxxp://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} - hxxp://www.makeoversolutions.com/save/makeover.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://zone.msn.com/bingame/rock/default/popcaploader1.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.pcpitstop.com/pestscan/pestscan.cab
DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093566153781
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182403856453
DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} - hxxp://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX28.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37520.cab
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://images.myfamily.net/isfiles/downloads/MrSIDI.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - hxxp://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38065.4216087963
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.verizon.net/checkmypc/includes/MotivePreQual.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CB497DA0-F0CF-4420-A255-A908803B04B9} - hxxp://apps.eyewonderlabs.com/sp/OCXG3.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://ccon.futuremark.com/global/msc34.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {D44C75D8-C827-473E-8F68-A77E42500782} - hxxp://photo.walmart.com/photo/uploads/WebUploadClient.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab30149.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} - hxxp://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4699/mcfscan.cab
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX/kdx.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/bin/msnchat45.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
TCP: {3AA61844-E619-4008-8A12-66C442EF7B66} = 67.36.13.26,206.141.192.60
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - f:\misc programs2\ebible\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - f:\misc programs2\ebible\system\ResProt.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\frank\applic~1\mozilla\firefox\profiles\lc55z7fd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.windowsbbs.com/malware-virus-removal/82319-active-spyware-adware-trouble.html
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-10 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-16 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-16 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-16 107272]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2006-8-4 590190]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-9-24 353680]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-21 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 903960]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2004-4-16 95232]
S3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2006-8-4 102398]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-03-17 15:19 <DIR> a-dshr-- C:\cmdcons
2009-03-17 15:17 161,792 a------- c:\windows\SWREG.exe
2009-03-17 15:17 98,816 a------- c:\windows\sed.exe
2009-03-15 22:33 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-03-15 22:31 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-03-15 22:28 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-03-15 18:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-15 18:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-15 17:22 <DIR> --d----- c:\docume~1\frank\applic~1\Malwarebytes
2009-03-15 17:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-15 17:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-15 17:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 09:06 2,098 ---sh--- c:\windows\system32\kuzazigo.exe
2009-03-13 23:11 <DIR> --d----- c:\program files\trend micro
2009-03-13 21:03 2,098 ---sh--- c:\windows\system32\mihayara.exe
2009-03-13 03:02 2,098 ---sh--- c:\windows\system32\yunogisa.exe
2009-03-12 09:00 2,098 ---sh--- c:\windows\system32\torelire.exe
2009-03-10 14:43 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-03-10 14:42 <DIR> --d----- c:\program files\Panda Security
2009-03-10 02:59 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-10 02:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-09 02:45 <DIR> --d----- c:\documents and settings\frank\.housecall6.6

==================== Find3M ====================

2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-04 03:52 82,604 a------- c:\windows\Victory At Hebron Service Pack Uninstaller.exe
2009-02-04 03:48 92,581 a------- c:\windows\Victory At Hebron Uninstaller.exe
2009-01-31 10:38 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-31 10:38 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-31 10:38 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2006-10-14 00:13 82,000 a------- c:\docume~1\frank\applic~1\GDIPFONTCACHEV1.DAT
2005-05-13 17:12 217,073 a--shr-- c:\windows\meta4.exe
2005-10-24 11:13 66,560 a--shr-- c:\windows\MOTA113.exe
2005-10-13 21:27 422,400 a--shr-- c:\windows\x2.64.exe
2005-10-07 19:14 308,224 a--shr-- c:\windows\system32\avisynth.dll
2005-07-14 12:31 27,648 a--shr-- c:\windows\system32\AVSredirect.dll
2005-06-26 15:32 616,448 a--shr-- c:\windows\system32\cygwin1.dll
2005-06-21 22:37 45,568 a--shr-- c:\windows\system32\cygz.dll
2004-01-25 00:00 70,656 a--shr-- c:\windows\system32\i420vfw.dll
2006-04-27 10:24 2,945,024 a--shr-- c:\windows\system32\Smab.dll
2005-02-28 13:16 240,128 a--shr-- c:\windows\system32\x.264.exe
2004-01-25 00:00 70,656 a--shr-- c:\windows\system32\yv12vfw.dll

============= FINISH: 15:40:01.39 ===============

 

DDS log part 2


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/23/2003 2:11:35 AM
System Uptime: 3/17/2009 3:26:42 PM (0 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1993/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 29 GiB total, 8.196 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (FAT32) - 31 GiB total, 3.947 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1932: 2/16/2009 10:14:01 AM - System Checkpoint
RP1933: 2/17/2009 11:14:01 AM - System Checkpoint
RP1934: 2/18/2009 12:14:01 PM - System Checkpoint
RP1935: 2/19/2009 12:55:17 PM - System Checkpoint
RP1936: 2/20/2009 2:01:06 PM - System Checkpoint
RP1937: 2/21/2009 2:55:16 PM - System Checkpoint
RP1938: 2/23/2009 4:40:47 AM - System Checkpoint
RP1939: 2/24/2009 5:06:31 AM - System Checkpoint
RP1940: 2/25/2009 6:06:31 AM - System Checkpoint
RP1941: 2/26/2009 7:20:30 AM - System Checkpoint
RP1942: 2/27/2009 8:06:32 AM - System Checkpoint
RP1943: 2/28/2009 9:06:31 AM - System Checkpoint
RP1944: 3/1/2009 9:18:31 AM - System Checkpoint
RP1945: 3/2/2009 9:31:49 AM - System Checkpoint
RP1946: 3/3/2009 9:48:02 AM - System Checkpoint
RP1947: 3/4/2009 9:42:25 AM - Avg8 Update
RP1948: 3/5/2009 9:48:01 AM - System Checkpoint
RP1949: 3/6/2009 9:50:14 AM - System Checkpoint
RP1950: 3/7/2009 10:31:43 AM - System Checkpoint
RP1951: 3/8/2009 11:31:46 AM - System Checkpoint
RP1952: 3/9/2009 2:03:12 PM - System Checkpoint
RP1953: 3/10/2009 1:58:39 AM - Installed Java(TM) 6 Update 12
RP1954: 3/11/2009 2:16:50 AM - System Checkpoint
RP1955: 3/12/2009 2:17:11 AM - System Checkpoint
RP1956: 3/13/2009 2:18:17 AM - System Checkpoint
RP1957: 3/14/2009 2:57:55 AM - System Checkpoint
RP1958: 3/15/2009 4:05:14 AM - System Checkpoint
RP1959: 3/16/2009 6:26:10 AM - System Checkpoint
RP1960: 3/17/2009 6:38:16 AM - System Checkpoint
RP1961: 3/17/2009 1:38:06 PM - Removed Visual IP InSight
RP1962: 3/17/2009 1:52:33 PM - Software Distribution Service 3.0
RP1963: 3/17/2009 2:17:01 PM - Removed Visual IP InSight
RP1964: 3/17/2009 3:15:27 PM - Avg8 Update
RP1965: 3/17/2009 3:17:44 PM - ComboFix created restore point

==== Installed Programs ======================


3D Groove Playback Engine
3DVIA player 4.1
ABBYY FineReader 5.0 Sprint Plus
AC3Filter (remove only)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
AOL Coach Version 1.0(Build:20020929.1)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 2.5
ArcSoft ShowBiz DVD 2
Audacity 1.2.6
AutoUpdate
AVG Free 8.0
Banctec Service Agreement
Batch Update
BCM V.92 56K Modem
Belarc Advisor 6.1
Bible Data Type System Files
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Classic PhoneTools
Command & Conquer Tiberian Sun
Common System Files
Cool MP3 Splitter
Critical Update for Windows Media Player 11 (KB959772)
Curious George Learns Phonics
DAO
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DivX Codec
DivX Player
DivX Version Checker
DivX Web Player
Download Manager 2.3.6
Draw & Paint Plus
Easy CD Creator 5 Basic
Easy Video Splitter 1.28
Family Tree Maker
FileZilla (remove only)
Free Flash Flv MP3 Converter v3.0
Free RM to MP3 Converter 1.12
FreeZip
FTP Commander
Futuremark Measurement Services Client
Garfield G1 Math
Garfield K Numbers
Garfield K Thinking Skills
Google Earth
Google Updater
Graphical Query Editor
Help and Support Customization
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Imaginext(TM) Pirate Raider
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Explorer Q903235
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 12
JLC's Internet TV
LADSPA_plugins-win-0.4.15
Learn2 Player (Uninstall Only)
LEGOLAND
Lexmark X6100 Series
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
Libronix Update
LiveReg (Symantec Corporation)
LLS Resource Driver
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Interactive Training
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Picture It! Express 7.0
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Minnesota Cuke
Modem Helper
Mozilla Firefox (3.0.7)
Mp3 Tag Tools v1.2
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Multi-Soundboard Player 1.5.0
MySpaceIM
Nero 7 Demo
Netflix Movie Viewer
NVIDIA Display Driver
NVIDIA Drivers
OEB Resource Driver
Paint.NET v3.30
Panda ActiveScan 2.0
PDF Resource Driver
PhotoParade Player
Print to Fax
QuickTime
QuickTime for Windows (32-bit)
Real Alternative 1.60 Lite
RealPlayer
Red Alert Windows 95
Rhapsody Player Engine
Search and Play Flash Files 1.5.0
Secure Delivery
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sentence Diagramming
Shockwave
Skypeâ„¢ 3.8
Sound Blaster Live!
SpeechRedist
SpongeBob SquarePants® Operation Krabby Patty
Spybot - Search & Destroy
Stuart Little - His Adventures in Numberland
Stuart Little - His Adventures in Wordland
Super Free Youtube Video Downloader version 3.0
Tumble Bees To Go
Tweak UI
Unreal Tournament 2003
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Update for Windows XP (KB938828)
Update for Windows XP (KB942840)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Audio/Video Driver
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Veo Connect
Victory At Hebron
Victory At Hebron Service Pack
Video Resource Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WD Diagnostics
WebFldrs XP
Westwood Shared Internet Components
WildTangent Web Driver
WinAce Archiver
Winamp
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v3
ZoneAlarm

==== Event Viewer Messages From Past Week ========

3/10/2009 12:31:21 AM, error: Service Control Manager [7003] - The VET Message Service service depends on the following nonexistent service: CAISafe
3/10/2009 7:09:17 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/12/2009 12:58:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/12/2009 12:59:11 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2009 12:59:11 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2009 12:59:11 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2009 12:59:11 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2009 12:59:11 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2009 12:59:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX BANTExt cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip VETEFILE vsdatant WS2IFSL
3/12/2009 12:59:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================

 

OK good job.


Still shows SBC Yahoo! Online Protection *On-access scanning enabled* (Updated)

I'll set the script to delete out all Yahoo security related folders


From your add/remove programs list, uninstall these older versions of Java
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2





Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
c:\windows\SYSTEM32\kuzazigo.exe
c:\windows\SYSTEM32\mihayara.exe
c:\windows\SYSTEM32\yunogisa.exe
c:\windows\SYSTEM32\torelire.exe
c:\windows\MOTA113.exe
c:\windows\x2.64.exe
c:\windows\SYSTEM32\avisynth.dll
c:\windows\SYSTEM32\AVSredirect.dll
c:\windows\SYSTEM32\cygwin1.dll
c:\windows\SYSTEM32\cygz.dll
c:\windows\SYSTEM32\i420vfw.dll
c:\windows\SYSTEM32\Smab.dll
c:\windows\SYSTEM32\x.264.exe
D:\autorun.exe
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
c:\windows\system32\drivers\VetEBoot.sys

Driver::
VETEBOOT

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

DDS::
LSP: c:\windows\system32\VetRedir.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} -
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mPolicies-explorer: <NO NAME> 
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} 
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} 
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} 
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.




Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================





NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
ComboFix.txt
Kaspersky log
New HJT log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.



How's the computer now?

 

It will be about 4 hours till the Kaspersky scan is done. Seems like I just can't shake the SBC Yahoo! Online Protection thing. here is the CombFix log


ComboFix 09-03-15.01 - Frank 2009-03-17 17:31:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.319 [GMT -4:00]
Running from: c:\documents and settings\Frank\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Frank\Desktop\CFScript.txt
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\MOTA113.exe
c:\windows\SYSTEM32\avisynth.dll
c:\windows\SYSTEM32\AVSredirect.dll
c:\windows\SYSTEM32\cygwin1.dll
c:\windows\SYSTEM32\cygz.dll
c:\windows\system32\drivers\VetEBoot.sys
c:\windows\SYSTEM32\i420vfw.dll
c:\windows\system32\ISafeIf.dll
c:\windows\SYSTEM32\kuzazigo.exe
c:\windows\SYSTEM32\mihayara.exe
c:\windows\SYSTEM32\Smab.dll
c:\windows\SYSTEM32\torelire.exe
c:\windows\system32\VetRedir.dll
c:\windows\SYSTEM32\x.264.exe
c:\windows\SYSTEM32\yunogisa.exe
c:\windows\x2.64.exe
D:\autorun.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\MOTA113.exe
c:\windows\SYSTEM32\avisynth.dll
c:\windows\SYSTEM32\AVSredirect.dll
c:\windows\SYSTEM32\cygwin1.dll
c:\windows\SYSTEM32\cygz.dll
c:\windows\system32\drivers\VetEBoot.sys
c:\windows\SYSTEM32\i420vfw.dll
c:\windows\system32\ISafeIf.dll
c:\windows\SYSTEM32\kuzazigo.exe
c:\windows\SYSTEM32\mihayara.exe
c:\windows\SYSTEM32\Smab.dll
c:\windows\SYSTEM32\torelire.exe
c:\windows\system32\VetRedir.dll
c:\windows\SYSTEM32\x.264.exe
c:\windows\SYSTEM32\yunogisa.exe
c:\windows\x2.64.exe
D:\autorun.exe . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VETEBOOT
-------\Service_VETEBOOT


((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 )))))))))))))))))))))))))))))))
.

2009-03-17 13:53 . 2009-03-17 13:59 1,374 --a------ c:\windows\imsins.BAK
2009-03-15 22:33 . 2009-03-15 23:19 <DIR> d-------- c:\windows\SYSTEM32\CatRoot_bak
2009-03-15 22:31 . 2008-06-13 09:10 272,128 --------- c:\windows\SYSTEM32\DLLCACHE\bthport.sys
2009-03-15 22:28 . 2008-05-01 10:30 331,776 --------- c:\windows\SYSTEM32\DLLCACHE\msadce.dll
2009-03-15 18:56 . 2009-03-15 18:58 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-15 18:56 . 2009-03-15 18:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 17:22 . 2009-03-15 17:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 17:22 . 2009-03-15 17:22 <DIR> d-------- c:\documents and settings\Frank\Application Data\Malwarebytes
2009-03-15 17:22 . 2009-03-15 17:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-15 17:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-15 17:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-13 23:11 . 2009-03-13 23:12 <DIR> d-------- C:\rsit
2009-03-13 23:11 . 2009-03-13 23:11 <DIR> d-------- c:\program files\trend micro
2009-03-10 14:43 . 2008-06-19 16:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys
2009-03-10 14:42 . 2009-03-10 14:42 <DIR> d-------- c:\program files\Panda Security
2009-03-10 02:59 . 2009-03-10 02:59 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2009-03-10 02:59 . 2009-03-10 02:59 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2009-03-09 02:45 . 2009-03-09 02:45 <DIR> d-------- c:\documents and settings\Frank\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 21:22 --------- d-----w c:\program files\Java
2009-03-17 18:49 --------- d-----w c:\program files\Yahoo!
2009-03-17 18:15 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-17 17:41 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2009-03-17 17:37 --------- d-----w c:\documents and settings\All Users\Application Data\Visual Networks
2009-03-17 06:21 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-12 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-08 08:20 --------- d-----w c:\documents and settings\Frank\Application Data\Skype
2009-03-08 08:19 --------- d-----w c:\documents and settings\Frank\Application Data\skypePM
2009-02-26 08:36 --------- d-----w c:\program files\CCleaner
2009-02-12 09:31 --------- d-----w c:\program files\Free Flash Flv MP3 Converter
2009-02-12 09:20 --------- d-----w c:\program files\Super Free Youtube Video Downloader
2009-02-12 09:13 --------- d-----w c:\program files\Total Video Converter
2009-02-06 08:16 --------- d-----w c:\program files\DivX
2009-02-06 08:10 --------- d-----w c:\documents and settings\Frank\Application Data\LimeWire
2009-02-05 05:46 --------- d-----w c:\program files\Google
2009-02-04 07:52 82,604 ----a-w c:\windows\Victory At Hebron Service Pack Uninstaller.exe
2009-02-04 07:48 92,581 ----a-w c:\windows\Victory At Hebron Uninstaller.exe
2009-02-02 06:23 --------- d-----w c:\documents and settings\Frank\Application Data\ArcSoft
2009-02-01 08:32 --------- d-s---w c:\documents and settings\All Users\Application Data\Memeo
2009-02-01 08:32 --------- d-----w c:\documents and settings\Frank\Application Data\InstallShield Installation Information
2009-02-01 08:28 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-01 08:15 --------- d-----w c:\program files\Western Digital
2009-02-01 05:44 --------- d-----w c:\program files\ArcSoft
2009-02-01 05:43 --------- d-----w c:\program files\Common Files\ArcSoft
2009-02-01 05:29 --------- d-----w c:\program files\USB_video_device
2009-02-01 05:28 --------- d-----w c:\documents and settings\Frank\Application Data\InstallShield
2009-02-01 05:10 --------- d-----w c:\program files\Western Digital Technologies
2009-01-31 14:38 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-31 14:38 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-24 08:37 --------- d-----w c:\program files\Skype
2009-01-24 08:37 --------- d-----w c:\program files\Common Files\Skype
2009-01-24 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2006-10-14 04:13 82,000 ----a-w c:\documents and settings\Frank\Application Data\GDIPFONTCACHEV1.DAT
2006-01-05 03:59 74,568 ----a-w c:\documents and settings\John and Mom\Application Data\GDIPFONTCACHEV1.DAT
2005-02-05 05:51 68,720 ----a-w c:\documents and settings\Leah\Application Data\GDIPFONTCACHEV1.DAT
2005-05-13 21:12 217,073 --sha-r c:\windows\meta4.exe
2004-01-25 04:00 70,656 --sha-r c:\windows\SYSTEM32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"igndlm.exe "= "c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"Microsoft Works Update Detection "= "c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"ViewMgr "= "c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-11 111816]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2003-10-06 49152]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"BCMSMMSG "= "BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
"nwiz "= "nwiz.exe" [2003-10-06 c:\windows\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-31 10:38 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3 "= c:\windows\System32\ctmp3.acm
"vidc.ffds "= ffdshow.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic Professional 6\

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
--a------ 2003-09-23 02:01 57344 c:\program files\Lexmark X6100 Series\lxbfbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 f:\misc programs2\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-10 02:39 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe "=

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2009-03-10 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2008-05-16 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2008-05-16 107272]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-04-21 24652]
R3 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 903960]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\SYSTEM32\DRIVERS\ubVeo532.sys [2004-04-16 95232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da3342dd-eeab-11dd-baad-0007e9d4b9f1}]
\Shell\AutoRun\command - g:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2009-03-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 20:37]

2003-09-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-08-04 03:56]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///F:/Misc%20Documents/HebrewTranslator.htm
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: trendmicro.com\housecall65
TCP: {3AA61844-E619-4008-8A12-66C442EF7B66} = 67.36.13.26,206.141.192.60
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37520.cab
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://images.myfamily.net/isfiles/downloads/MrSIDI.cab
DPF: {CB497DA0-F0CF-4420-A255-A908803B04B9} - hxxp://apps.eyewonderlabs.com/sp/OCXG3.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
FF - ProfilePath - c:\documents and settings\Frank\Application Data\Mozilla\Firefox\Profiles\lc55z7fd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.windowsbbs.com/malware-virus-removal/82319-active-spyware-adware-trouble.html
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npq3px.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: f:\misc programs2\QuickTime\Plugins\npqtplugin.dll
FF - plugin: f:\misc programs2\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: f:\misc programs2\QuickTime\Plugins\npqtplugin3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 17:39:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ZoneLabs\vsmon.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\SYSTEM32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-03-17 17:48:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-17 21:47:47
ComboFix2.txt 2009-03-17 19:35:53

Pre-Run: 9,220,194,304 bytes free
Post-Run: 9,196,208,128 bytes free

251 --- E O F --- 2009-03-17 18:00:09

 

I think it's provided by your ISP?
I think everything Yahoo will have to come off, but it did allow the scan to run so I don't hate it as much.

ComboFix logs looks oK

Post the Kaspersky log when you can.

 

I had SBC a while ago, now Im on Insight roadrunner.
Here is the Kaspersky log


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 17, 2009 20:10:23
Records in database: 1923277
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 126500
Threat name: 6
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 02:49:35


File name / Threat name / Threats count
C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1965\A0421457.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1965\A0421457.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1965\A0421457.exe Infected: not-a-virus:AdWare.Win32.WebHancer 5
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1965\A0421457.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.h 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1965\A0421457.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1

The selected area was scanned.

 

DDS (Ver_09-02-01.01) - NTFSx86
Run by Frank at 21:37:40.28 on Tue 03/17/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.419 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Frank\Desktop\Unused Desktop Shortcuts\notepad.exe
C:\Documents and Settings\Frank\Desktop\dds.exe

============== Pseudo HJT Report ===============

uStart Page = file:///F:/Misc%20Documents/HebrewTranslator.htm
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [nwiz] nwiz.exe /install
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
mPolicies-explorer: <NO NAME> =
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trendmicro.com\housecall65
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - hxxp://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} - hxxp://www.makeoversolutions.com/save/makeover.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://zone.msn.com/bingame/rock/default/popcaploader1.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.pcpitstop.com/pestscan/pestscan.cab
DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093566153781
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182403856453
DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} - hxxp://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX28.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37520.cab
DPF: {861DB4B6-3838-11D2-8E50-002018200E57} - hxxp://images.myfamily.net/isfiles/downloads/MrSIDI.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://zone.msn.com/binGame/ZAxRcMgr.cab
DPF: {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - hxxp://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38065.4216087963
DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} - hxxp://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.verizon.net/checkmypc/includes/MotivePreQual.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CB497DA0-F0CF-4420-A255-A908803B04B9} - hxxp://apps.eyewonderlabs.com/sp/OCXG3.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://ccon.futuremark.com/global/msc34.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {D44C75D8-C827-473E-8F68-A77E42500782} - hxxp://photo.walmart.com/photo/uploads/WebUploadClient.cab
DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - hxxp://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} - hxxp://messenger.zone.msn.com/binary/WoF.cab30149.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} - hxxp://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4699/mcfscan.cab
DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX/kdx.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/bin/msnchat45.cab
DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
TCP: {3AA61844-E619-4008-8A12-66C442EF7B66} = 67.36.13.26,206.141.192.60
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - f:\misc programs2\ebible\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - f:\misc programs2\ebible\system\ResProt.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\frank\applic~1\mozilla\firefox\profiles\lc55z7fd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.windowsbbs.com/malware-virus-removal/82319-active-spyware-adware-trouble.html
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npq3px.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - plugin: f:\misc programs2\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\misc programs2\quicktime\plugins\npqtplugin2.dll
FF - plugin: f:\misc programs2\quicktime\plugins\npqtplugin3.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-10 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-16 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-16 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-16 107272]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2006-8-4 590190]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-9-24 353680]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-3 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-21 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 903960]
S3 DCamUSBVeo532;Veo Web Camera;c:\windows\system32\drivers\ubVeo532.sys [2004-4-16 95232]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-03-17 15:19 <DIR> a-dshr-- C:\cmdcons
2009-03-17 15:17 161,792 a------- c:\windows\SWREG.exe
2009-03-17 15:17 98,816 a------- c:\windows\sed.exe
2009-03-15 22:33 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-03-15 22:31 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-03-15 22:28 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-03-15 18:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-15 18:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-15 17:22 <DIR> --d----- c:\docume~1\frank\applic~1\Malwarebytes
2009-03-15 17:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-15 17:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-15 17:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 23:11 <DIR> --d----- c:\program files\trend micro
2009-03-10 14:43 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-03-10 14:42 <DIR> --d----- c:\program files\Panda Security
2009-03-10 02:59 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-10 02:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-09 02:45 <DIR> --d----- c:\documents and settings\frank\.housecall6.6

==================== Find3M ====================

2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-04 03:52 82,604 a------- c:\windows\Victory At Hebron Service Pack Uninstaller.exe
2009-02-04 03:48 92,581 a------- c:\windows\Victory At Hebron Uninstaller.exe
2009-01-31 10:38 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-31 10:38 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-31 10:38 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2006-10-14 00:13 82,000 a------- c:\docume~1\frank\applic~1\GDIPFONTCACHEV1.DAT
2005-05-13 17:12 217,073 a--shr-- c:\windows\meta4.exe
2004-01-25 00:00 70,656 a--shr-- c:\windows\system32\yv12vfw.dll

============= FINISH: 21:39:12.50 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/23/2003 2:11:35 AM
System Uptime: 3/17/2009 5:38:12 PM (4 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1993/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 29 GiB total, 8.549 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 31 GiB total, 3.947 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1939: 2/24/2009 5:06:31 AM - System Checkpoint
RP1940: 2/25/2009 6:06:31 AM - System Checkpoint
RP1941: 2/26/2009 7:20:30 AM - System Checkpoint
RP1942: 2/27/2009 8:06:32 AM - System Checkpoint
RP1943: 2/28/2009 9:06:31 AM - System Checkpoint
RP1944: 3/1/2009 9:18:31 AM - System Checkpoint
RP1945: 3/2/2009 9:31:49 AM - System Checkpoint
RP1946: 3/3/2009 9:48:02 AM - System Checkpoint
RP1947: 3/4/2009 9:42:25 AM - Avg8 Update
RP1948: 3/5/2009 9:48:01 AM - System Checkpoint
RP1949: 3/6/2009 9:50:14 AM - System Checkpoint
RP1950: 3/7/2009 10:31:43 AM - System Checkpoint
RP1951: 3/8/2009 11:31:46 AM - System Checkpoint
RP1952: 3/9/2009 2:03:12 PM - System Checkpoint
RP1953: 3/10/2009 1:58:39 AM - Installed Java(TM) 6 Update 12
RP1954: 3/11/2009 2:16:50 AM - System Checkpoint
RP1955: 3/12/2009 2:17:11 AM - System Checkpoint
RP1956: 3/13/2009 2:18:17 AM - System Checkpoint
RP1957: 3/14/2009 2:57:55 AM - System Checkpoint
RP1958: 3/15/2009 4:05:14 AM - System Checkpoint
RP1959: 3/16/2009 6:26:10 AM - System Checkpoint
RP1960: 3/17/2009 6:38:16 AM - System Checkpoint
RP1961: 3/17/2009 1:38:06 PM - Removed Visual IP InSight
RP1962: 3/17/2009 1:52:33 PM - Software Distribution Service 3.0
RP1963: 3/17/2009 2:17:01 PM - Removed Visual IP InSight
RP1964: 3/17/2009 3:15:27 PM - Avg8 Update
RP1965: 3/17/2009 3:17:44 PM - ComboFix created restore point
RP1966: 3/17/2009 5:22:05 PM - Removed J2SE Runtime Environment 5.0 Update 1
RP1967: 3/17/2009 5:24:36 PM - Removed J2SE Runtime Environment 5.0 Update 3
RP1968: 3/17/2009 5:26:02 PM - Removed Java 2 Runtime Environment, SE v1.4.2
RP1969: 3/17/2009 5:30:52 PM - ComboFix created restore point

==== Installed Programs ======================


3D Groove Playback Engine
3DVIA player 4.1
ABBYY FineReader 5.0 Sprint Plus
AC3Filter (remove only)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM 6
AOL Coach Version 1.0(Build:20020929.1)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 2.5
ArcSoft ShowBiz DVD 2
Audacity 1.2.6
AutoUpdate
AVG Free 8.0
Banctec Service Agreement
Batch Update
BCM V.92 56K Modem
Belarc Advisor 6.1
Bible Data Type System Files
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Classic PhoneTools
Command & Conquer Tiberian Sun
Common System Files
Cool MP3 Splitter
Critical Update for Windows Media Player 11 (KB959772)
Curious George Learns Phonics
DAO
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DivX Codec
DivX Player
DivX Version Checker
DivX Web Player
Download Manager 2.3.6
Draw & Paint Plus
Easy CD Creator 5 Basic
Easy Video Splitter 1.28
Family Tree Maker
FileZilla (remove only)
Free Flash Flv MP3 Converter v3.0
Free RM to MP3 Converter 1.12
FreeZip
FTP Commander
Futuremark Measurement Services Client
Garfield G1 Math
Garfield K Numbers
Garfield K Thinking Skills
Google Earth
Google Updater
Graphical Query Editor
Help and Support Customization
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Imaginext(TM) Pirate Raider
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Internet Explorer Q903235
Java(TM) 6 Update 12
JLC's Internet TV
LADSPA_plugins-win-0.4.15
Learn2 Player (Uninstall Only)
LEGOLAND
Lexmark X6100 Series
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
Libronix Update
LiveReg (Symantec Corporation)
LLS Resource Driver
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Interactive Training
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Picture It! Express 7.0
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Minnesota Cuke
Modem Helper
Mozilla Firefox (3.0.7)
Mp3 Tag Tools v1.2
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Multi-Soundboard Player 1.5.0
MySpaceIM
Nero 7 Demo
Netflix Movie Viewer
NVIDIA Display Driver
NVIDIA Drivers
OEB Resource Driver
Paint.NET v3.30
Panda ActiveScan 2.0
PDF Resource Driver
PhotoParade Player
Print to Fax
QuickTime
QuickTime for Windows (32-bit)
Real Alternative 1.60 Lite
RealPlayer
Red Alert Windows 95
Rhapsody Player Engine
Search and Play Flash Files 1.5.0
Secure Delivery
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sentence Diagramming
Shockwave
Skypeâ„¢ 3.8
Sound Blaster Live!
SpeechRedist
SpongeBob SquarePants® Operation Krabby Patty
Spybot - Search & Destroy
Stuart Little - His Adventures in Numberland
Stuart Little - His Adventures in Wordland
Super Free Youtube Video Downloader version 3.0
Tumble Bees To Go
Tweak UI
Unreal Tournament 2003
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
Update for Windows XP (KB938828)
Update for Windows XP (KB942840)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Audio/Video Driver
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Veo Connect
Victory At Hebron
Victory At Hebron Service Pack
Video Resource Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WD Diagnostics
WebFldrs XP
Westwood Shared Internet Components
WildTangent Web Driver
WinAce Archiver
Winamp
Windows Communication Foundation
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v3
ZoneAlarm

==== Event Viewer Messages From Past Week ========

3/10/2009 7:22:01 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/10/2009 12:31:21 AM, error: Service Control Manager [7003] - The VET Message Service service depends on the following nonexistent service: CAISafe
3/12/2009 12:58:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/12/2009 12:59:11 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2009 12:59:11 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2009 12:59:11 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2009 12:59:11 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2009 12:59:11 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2009 12:59:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX BANTExt cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip VETEFILE vsdatant WS2IFSL
3/12/2009 12:59:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/17/2009 5:39:13 PM, error: Print [19] - Sharing printer failed + 1722, Printer Lexmark X6100 Series share name Printer.

==== End Of File ===========================

 

Welcome back

What Kaspersky found we will take care of in final cleanup.


Download Trend Micro Hijack Thisâ„¢ and save to desktop.
It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.

It will look like this

Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on Edit-> Select All then click on "Edit -> Copy " to copy the entire contents of the log.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:35 PM, on 3/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///F:/Misc%20Documents/HebrewTranslator.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://housecall65.trendmicro.com
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {63FA0A10-5AA8-449F-9C5B-C8853F697405} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093566153781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182403856453
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://c.ancestry.com/cab/ImageViewer/MFImgVwr.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37520.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CB497DA0-F0CF-4420-A255-A908803B04B9} (EyeWonder EyeMax OcxG3 Control) - http://apps.eyewonderlabs.com/sp/OCXG3.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - http://download.newaol.com/bkpromo/download/PerformerSetup.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab30149.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4699/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AA61844-E619-4008-8A12-66C442EF7B66}: NameServer = 67.36.13.26,206.141.192.60
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AA61844-E619-4008-8A12-66C442EF7B66}: NameServer = 67.36.13.26,206.141.192.60
O17 - HKLM\System\CS2\Services\Tcpip\..\{3AA61844-E619-4008-8A12-66C442EF7B66}: NameServer = 67.36.13.26,206.141.192.60
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O24 - Desktop Component 1: (no name) - http://switch206-01.castup.net/cunet/gm.asp?ai=386&ar=live03

--
End of file - 16196 bytes

 

Welcome back


Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below







Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad ".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546
Additional info: http://vil.nai.com/vil/content/v_137262.htm
A side note about AIM Messenger, AOL user's and Viewpoint Manager. Viewpoint is one of the graphic engines that AOL uses and it is bundled with the application.
If you continue to use AIM Messenger, it would likely be reinstalled. Or if you recieve some of the AOL E-cards it may ask you to download and run this program to view and run the graphics in E-cards.
Your call
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the
following programs if present:

Viewpoint
Viewpoint Manager
Viewpoint Media Player






Update Adobe Acrobat Reader
Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

• Please go to this link Adobe Acrobat Reader Download Link
• Cllick Download
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

Adobe Flash Player v10.<--current version

# Please go to the below links to update Adobe Acrobat Reader and Adobe Flash Player.

http://get.adobe.com/flashplayer/
Adobe categorizes this as a critical update and recommends affected users upgrade to version 10.0.22.87..

* http://www.adobe.com/go/getflash -or- http://get.adobe.com/flashplayer/otherversions/
For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.159.0, which can be downloaded from the following link**...
** http://www.adobe.com/go/kb406791




NEXT**
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [ISUSScheduler] \ "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
(Description: InstallShield updater - not needed at startup. Removing this may free up system resources.)

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
(Description: Checks for updates to MS Works. Unnecessary. Removing this entry will free up some system resources. )

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
(Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

Now reboot your computer to set the registry.


Please post back and let me know how the computer is at the moment and if we are ready for preventive tips.

 

Well I did everything you said, took off the Viewpoint stuff and Adobe (always hated that program) and got Foxit. So far everything seems to be going good, my login to windows is a lot faster now. Is there a way to know when I got infected? Because I have an external HD and a usb thumb drive and I just didn't want to re-infect myself.