Solved Trojan from Kazaa or worm? How to remove them..?

[Resolved] Trojan from Kazaa or worm? How to remove them..?

Out of curiosity, I did a scan on Zone Alarm Pro and they found this on my computer:

-Kazaa Lite goop 28 - Adware

-P2P-Worm.Win32 - Trojan

I did an Antivir, A squared and Malwarebyte scan but they found nothing. I will be most grateful if someone can tell me how to remove these. Can I just delete them in the registry key? Do I need to post a HJT? Any help would be much appreciated...Really...

 

DDS (Ver_09-01-19.01) - NTFSx86
Run by Administrator at 20:22:18.70 on Wed 01/28/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1369 [GMT 7:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: ZoneAlarm Pro Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
S:\Program Files\Nortek\Egos 8 Wireless and wired mouse\KMWDSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
S:\Program Files\iTunes\iTunesHelper.exe
S:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
S:\Program Files\PowerISO\PWRISOVM.EXE
S:\Program Files\Nortek\Egos 8 Wireless and wired mouse\StartAutorun.exe
C:\WINDOWS\CameraFixer.exe
S:\Program Files\Nortek\Egos 8 Wireless and wired mouse\KMConfig.exe
C:\WINDOWS\tsnpstd3.exe
S:\Program Files\Nortek\Egos 8 Wireless and wired mouse\KMProcess.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
S:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
S:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Anti-Malware\a2start.exe
S:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - s:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [IDMan] s:\program files\internet download manager\IDMan.exe /onboot
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe "
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "s:\program files\itunes\iTunesHelper.exe "
mRun: [UnlockerAssistant] "s:\program files\unlocker\UnlockerAssistant.exe "
mRun: [Adobe Reader Speed Launcher] "s:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [PWRISOVM.EXE] s:\program files\poweriso\PWRISOVM.EXE
mRun: [WireLessMouse] s:\program files\nortek\egos 8 wireless and wired mouse\StartAutorun.exe KMConfig.exe
mRun: [CameraFixer] c:\windows\CameraFixer.exe
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [ZoneAlarm Client] "s:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
mRun: [avgnt] "c:\program files\avira\antivir personaledition premium\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: StartMenulogoff = 1 (0x1)
IE: Download all links with IDM - s:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - s:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - s:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: avsda.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\muihypw4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\administrator\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - plugin: s:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: s:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: s:\program files\opera\program\plugins\npdsplay.dll
FF - plugin: s:\program files\opera\program\plugins\npwmsdrm.dll

============= SERVICES / DRIVERS ===============

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2009-1-25 16640]
R1 avgio;avgio;c:\program files\avira\antivir personaledition premium\avgio.sys [2009-1-28 11840]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-1-25 394952]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition premium\avgntflt.sys [2009-1-28 52032]
R4 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2009-1-26 421496]
R4 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\avira\antivir personaledition premium\avmailc.exe [2009-1-28 164097]
R4 AntiVirScheduler;Planificateur Avira AntiVir Premium;c:\program files\avira\antivir personaledition premium\sched.exe [2009-1-28 68865]
R4 AntiVirService;Avira AntiVir Premium Guard;c:\program files\avira\antivir personaledition premium\avguard.exe [2009-1-28 151297]
R4 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\avira\antivir personaledition premium\avwebgrd.exe [2009-1-28 258305]
R4 AVEService;Service d'assistance Avira AntiVir Premium MailGuard;c:\program files\avira\antivir personaledition premium\avesvc.exe [2009-1-28 41217]
R4 KMWDSERVICE;Keyboard And Mouse Communication Service;s:\program files\nortek\egos 8 wireless and wired mouse\KMWDSrv.exe [2007-5-10 208896]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-25 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-25 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-25 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-25 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-25 1079176]
S4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-01-28 13:30 <DIR> --d----- c:\windows\vf_hip
2009-01-28 13:10 <DIR> --d----- c:\program files\uTorrent
2009-01-28 13:08 <DIR> --d----- c:\docume~1\admini~1\applic~1\uTorrent
2009-01-28 09:09 <DIR> --d----- c:\program files\Avira
2009-01-28 09:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-01-26 18:07 <DIR> --d----- c:\windows\ERUNT
2009-01-26 18:02 <DIR> --d----- C:\SDFix
2009-01-26 07:58 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-26 03:01 <DIR> --d----- c:\windows\ie8updates
2009-01-25 20:38 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-25 20:38 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-25 20:38 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-25 20:38 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-25 19:50 <DIR> --d----- C:\temp
2009-01-25 16:54 1,374 a------- c:\windows\imsins.BAK
2009-01-25 16:46 <DIR> --dsh--- c:\documents and settings\administrator\PrivacIE
2009-01-25 15:57 268,648 a------- c:\windows\system32\mucltui.dll
2009-01-25 15:57 208,744 a------- c:\windows\system32\muweb.dll
2009-01-25 15:57 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-01-25 14:23 69 a------- c:\windows\NeroDigital.ini
2009-01-25 14:08 <DIR> --d----- c:\program files\CleanUp!
2009-01-25 14:01 <DIR> --d----- c:\program files\Process Master
2009-01-25 12:58 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-25 12:58 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-25 12:58 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-25 12:58 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-25 12:57 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-25 12:57 <DIR> --d----- c:\docume~1\admini~1\applic~1\PC Tools
2009-01-25 12:51 23 a------- c:\windows\system32\dadcaaf8_z.ocx
2009-01-25 12:38 <DIR> --d----- c:\program files\Trend Micro
2009-01-25 12:31 <DIR> --d----- c:\docume~1\admini~1\applic~1\Delete Cookie
2009-01-25 11:27 161,792 a------- c:\windows\SWREG.exe
2009-01-25 11:27 98,816 a------- c:\windows\sed.exe
2009-01-25 10:51 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-01-25 10:43 <DIR> --d----- c:\program files\GameSpy Arcade
2009-01-25 10:24 266,088 a------- c:\windows\system32\xactengine2_8.dll
2009-01-25 10:24 18,280 a------- c:\windows\system32\x3daudio1_2.dll
2009-01-25 10:24 1,124,720 a------- c:\windows\system32\D3DCompiler_34.dll
2009-01-25 10:24 443,752 a------- c:\windows\system32\d3dx10_34.dll
2009-01-25 10:24 3,497,832 a------- c:\windows\system32\d3dx9_34.dll
2009-01-25 10:24 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-01-25 10:17 137,688 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-25 10:17 22,328 a------- c:\docume~1\admini~1\applic~1\PnkBstrK.sys
2009-01-25 10:17 202,040 a------- c:\windows\system32\PnkBstrB.exe
2009-01-25 10:17 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-01-25 10:17 319 a------- c:\windows\game.ini
2009-01-25 10:05 <DIR> --dsh--- c:\windows\ftpcache
2009-01-25 08:03 61,440 a------- c:\windows\system32\vsnpx32.dll
2009-01-25 07:31 94,208 a------- c:\windows\amcap.exe
2009-01-25 07:31 20,480 a------- c:\windows\CameraFixer.exe
2009-01-25 07:31 827,392 a------- c:\windows\vsnpstd3.exe
2009-01-25 07:31 270,336 a------- c:\windows\tsnpstd3.exe
2009-01-25 07:31 15,498 a------- c:\windows\snpstd3.ini
2009-01-25 07:31 13,023 a------- c:\windows\snpstd3.src
2009-01-25 07:31 10,218,624 a------- c:\windows\system32\drivers\snpstd3.sys
2009-01-25 07:31 147,456 a------- c:\windows\system32\rsnpstd3.dll
2009-01-25 07:31 61,440 a------- c:\windows\system32\vsnpstd3.dll
2009-01-25 07:31 53,248 a------- c:\windows\system32\csnpstd3.dll
2009-01-25 07:31 <DIR> --d----- c:\program files\common files\snpstd3
2009-01-25 07:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CanonIJPLM
2009-01-25 07:27 198,656 a------- c:\windows\system32\CNMLM8O.DLL
2009-01-25 07:26 <DIR> --d----- c:\program files\Canon
2009-01-25 00:20 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-01-25 00:18 4,444 a------- c:\windows\system32\pid.PNF
2009-01-25 00:18 <DIR> --d----- c:\program files\common files\ODBC
2009-01-25 00:18 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-25 00:17 57,398 ac------ c:\windows\system32\dllcache\imjpdadm.exe
2009-01-25 00:17 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-01-25 00:16 16,640 a------- c:\windows\system32\drivers\nvcchflt.sys
2009-01-25 00:16 295,424 a------- c:\windows\system32\idecoi.dll
2009-01-25 00:16 1,104,896 a------- c:\windows\system32\drivers\nvnrm.sys
2009-01-25 00:16 261,120 a------- c:\windows\system32\drivers\nvsnpu.sys
2009-01-25 00:16 52,736 a------- c:\windows\system32\drivers\NVENETFD.sys
2009-01-25 00:16 18,944 a------- c:\windows\system32\drivers\nvnetbus.sys
2009-01-25 00:16 35,840 a------- c:\windows\system32\nvconrm.dll
2009-01-25 00:16 202,240 a------- c:\windows\system32\fdco1.dll
2009-01-25 00:16 10,240 a------- c:\windows\system32\bdco1ins.dll
2009-01-25 00:16 10,240 a------- c:\windows\system32\bdco1.dll
2009-01-25 00:16 36,864 a------- c:\windows\system32\drivers\AmdK8.sys
2009-01-25 00:16 5,810 a------- c:\windows\system32\drivers\ASACPI.sys
2009-01-25 00:15 <DIR> --d----- C:\Documents and Settings
2009-01-25 00:14 1,144 a------- c:\windows\system32\$winnt$.inf
2009-01-24 22:09 <DIR> --d----- c:\docume~1\admini~1\applic~1\Hide IP NG
2009-01-24 21:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-01-24 21:00 <DIR> --d----- c:\documents and settings\administrator\Tracing
2009-01-24 20:53 <DIR> --d----- c:\program files\Microsoft
2009-01-24 20:53 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-24 20:48 <DIR> --d----- c:\docume~1\admini~1\applic~1\Desktopicon
2009-01-24 20:46 <DIR> --d----- c:\program files\common files\Windows Live
2009-01-24 20:46 <DIR> --d----- c:\program files\common files\Scanner
2009-01-24 20:19 <DIR> --d----- c:\program files\Yahoo!
2009-01-24 20:16 <DIR> --d----- c:\program files\iPod
2009-01-24 20:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-24 20:16 <DIR> --d----- c:\program files\Bonjour
2009-01-24 20:14 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-01-24 20:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-24 20:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\IDM
2009-01-24 20:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\DMCache
2009-01-24 20:09 <DIR> --d----- c:\program files\a-squared Anti-Malware
2009-01-24 18:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MotiveSysIDs
2009-01-24 17:55 <DIR> --d----- c:\program files\common files\Motive
2009-01-24 17:43 <DIR> --d----- c:\program files\Realtek AC97
2009-01-24 17:40 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-24 17:31 <DIR> --d----- c:\program files\MSXML 6.0
2009-01-24 17:25 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-24 17:25 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-24 17:24 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-24 17:23 <DIR> --d----- c:\program files\Online Services
2009-01-24 17:23 <DIR> --d----- c:\program files\Messenger
2009-01-24 17:23 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-24 17:23 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-01-25 07:37 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-24 17:55 155,995 a------- c:\windows\java\packages\X79Z7VTB.ZIP
2009-01-24 17:55 2,232 a------- c:\windows\java\packages\data\3X33JFR3.DAT
2009-01-24 17:55 2,678 a------- c:\windows\java\packages\data\NVHZXJ5B.DAT
2009-01-24 17:55 2,678 a------- c:\windows\java\packages\data\TV75V9FP.DAT
2009-01-24 17:55 2,678 a------- c:\windows\java\packages\data\RP71ZVP7.DAT
2009-01-24 17:55 2,678 a------- c:\windows\java\packages\data\MJJXJ1ZH.DAT
2009-01-24 17:55 2,678 a------- c:\windows\java\packages\data\FTNBPFRR.DAT
2009-01-24 17:45 60,416 a------- c:\windows\ALCFDRTM.EXE
2009-01-24 17:23 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-23 21:58 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-17 18:03 206,256 a------- c:\windows\system32\idmmbc.dll
2008-12-11 17:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll

============= FINISH: 20:23:07.93 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/24/2009 5:28:49 PM
System Uptime: 1/28/2009 7:33:18 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | K8N4-E
Processor: AMD Sempron(tm) Processor 2800+ | Socket 939 | 1608/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 13.523 GiB free.
D: is FIXED (NTFS) - 35 GiB total, 15.253 GiB free.
E: is FIXED (FAT32) - 20 GiB total, 3.994 GiB free.
F: is CDROM ()
G: is CDROM (UDF)
H: is Removable
S: is FIXED (NTFS) - 233 GiB total, 75.643 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&00
Service: NVENETFD

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
a-squared Anti-Malware 3.5
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Premium
Battlefield 2(TM)
Bonjour
CA Yahoo! Anti-Spy (remove only)
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner (remove only)
Choice Guard
CleanUp!
CodeStuff Starter
Delete Cookie 1.01
GOM Player
Hide IP Platinum 3.5
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Internet Download Manager
IsoBuster 2.5
iTunes
IZArc 3.81
jv16 PowerTools 2008
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox (3.0.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero 8 Essentials
neroxml
Nortek Egos 8 Wireless and wired mouse
NVIDIA Drivers
NVIDIA PhysX v8.10.13
Opera 9.63
PeerGuardian 2.0
PIXMA Extended Survey Program
PowerISO
Process Master 1.1
QuickTime
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
Spyware Doctor 6.0
Unlocker 1.8.7
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
USB PC Camera-168
VCRedistSetup
VLC media player 0.9.8a
VobSub v2.23 (Remove Only)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8 Beta 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
WinRAR archiver
Yahoo! Messenger
ZoneAlarm Pro

==== Event Viewer Messages From Past Week ========

1/25/2009 3:39:41 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
1/25/2009 3:37:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/25/2009 3:36:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/25/2009 3:33:42 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
1/25/2009 3:33:41 PM, error: SRService [104] - The System Restore initialization process failed.
1/25/2009 3:27:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu ssmdrv Tcpip vsdatant
1/25/2009 3:27:03 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2009 3:27:03 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2009 3:27:03 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2009 3:27:03 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2009 3:27:03 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2009 3:27:03 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2009 3:27:03 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/25/2009 3:23:14 PM, error: PlugPlayManager [11] - The device Root\LEGACY_CATCHME\0000 disappeared from the system without first being prepared for removal.
1/25/2009 2:06:09 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/25/2009 2:06:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
1/25/2009 12:26:02 PM, error: Service Control Manager [7000] - The a-squared Anti-Malware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/25/2009 12:26:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the a-squared Anti-Malware Service service to connect.
1/25/2009 12:26:02 PM, error: Service Control Manager [7031] - The a-squared Anti-Malware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/25/2009 12:22:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'GameSpy Arcade' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/25/2009 11:29:50 AM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
1/25/2009 9:12:53 AM, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 001CF0BA0EA9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/25/2009 8:50:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu ssmdrv Tcpip
1/25/2009 8:26:36 AM, error: Print [6161] - The document Test Page owned by Administrator failed to print on printer Canon iP1800 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 630216. Number of bytes printed: 630216. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\HOME-B41A06DA59. Win32 error code returned by the print processor: 259 (0x103).
1/25/2009 8:13:24 AM, error: Print [6161] - The document Easy-PhotoPrint owned by Administrator failed to print on printer Canon iP1800 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 10747904. Number of bytes printed: 7373276. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\HOME-B41A06DA59. Win32 error code returned by the print processor: 6 (0x6).
1/25/2009 8:12:11 AM, error: Print [6161] - The document Easy-PhotoPrint owned by Administrator failed to print on printer Canon iP1800 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 10747904. Number of bytes printed: 7373308. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\HOME-B41A06DA59. Win32 error code returned by the print processor: 6 (0x6).
1/25/2009 8:08:20 AM, error: Print [6161] - The document Test Page owned by Administrator failed to print on printer Canon iP1800 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 630216. Number of bytes printed: 630156. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\HOME-B41A06DA59. Win32 error code returned by the print processor: 32 (0x20).
1/24/2009 5:30:46 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/26/2009 4:22:01 PM, error: Print [6161] - The document Facebook | Ban Esteban owned by Administrator failed to print on printer Canon iP1800 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 918460. Number of bytes printed: 564936. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\HOME-B41A06DA59. Win32 error code returned by the print processor: 13 (0xd).
1/26/2009 8:34:13 PM, error: Print [6161] - The document large-fivesenses-words.pdf owned by Administrator failed to print on printer Canon iP1800 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 4390912. Number of bytes printed: 764620. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\HOME-B41A06DA59. Win32 error code returned by the print processor: 6 (0x6).
1/27/2009 9:06:42 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the vsmon service.
1/28/2009 8:54:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip vsdatant
1/28/2009 12:24:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu ssmdrv Tcpip vsdatant WS2IFSL

==== End Of File ===========================

 

I suspect those detections are remnants of Kazaa in the registry. Your logs don't suggest any other infections present. Did you allow Zone Alarm to remove those detections?

 

Yes Sir,

Many times I let my Zone Alarm Pro cleaning those infections without any success...For about 1 months and half. My system was collapsing in few hours and I had to format each time...
Recently observing on the different processes used by experts on internet I searched on the registry about Kazaa. I found 2 keys and i deleted them.
So far since 2 days i did not get any infection any more...This worm is the real cancer of the computer.

Thank you for your help and comprehension,

Best regards,

ban777

 

Glad you got it sorted.

 

Yes the worst experience I got on a Pc...With Delf ain Trojan downloader as well. About the same difficulty to delete them for sure...

Extremely malicious worm: destroying the anti viruses able to reduce it...
Freezing the Pc, changing the image of the screen, changing the colors of the printing machine, blocking the internet line...
I had to format about every 4 or 5 hours. A real nightmare for more than one month.

I give you for information the programmes who helped me:

-F-secure no
-Avast no
-Antivir no
-Threatfire no

-Sdfix Yes
-Combofix Yes makes the virus less powerful and permit to get more time.

-malware antibyte the same very useful in safe mode
-Kaspersky pro Yes (the best)
-Trendmicro Yes
-Zone alarm pro Yes

-Nod32 unknown
-Lavasoft unknown

-Jv16 powerful tools for the registry yes
-Kill box yes
-Clean up excellent in safe mode

I hope ot will be able to help and inform windows bbc.com s experts but for normal users beware of the programs I mentionned above, only use them cautiously...

Best regards to all and special good luck to all users struggling against powerful malwares such as Worm p2p Kazaa,Delf ain trojan dowloader as well called "lolol "...

Ban777.