Help! Can not get rid of WINTEMS.EXE!

[BurntOfferings]

Hi all, my first posting here, so I'll do my best to fill you in on the details of my problem.

I have acquired a Trojan that goes by the name wintems.exe that (from what I've read) plants itself in the System32 folder and spawns several different files to assist it in blocking out virtually all anti-virus, spyware, adware and security features in Windows XP.

So far the trojan has killed Norton 360, CCleaner, Spybot S&D, Spyware Doctor, AVG Anti-virus (won't let me install), AVG Anti-spyware (won't let me install).

I have run Trend Micro HouseCall 6.6 several times and it keeps finding the infected files, and deleting them, however they do not stay deleted. I can not kill the Wintems.exe process in the task manager. I can not reboot into safe mode (computer reboots into normal mode). Windows is taking a long time to load, which on my machine shouldnt be happening. I have also run system restore, which did not solve the problem. I have also killed the entry in the Windows Startup using the Startup Manager feature in Registry Repair.

I have downloaded, installed and ran Uniblue SpyEraser (which detected and deleted the infected files, yet they respawned upon reboot), I have installed and ran Uniblue Registry Booster 2, which detected and cleaned the infected registry entries.

I can not find the wintems.exe root anywhere on my hard-drive including hidden folders and files. I reached my limit of knowledge and patience with trying to fix this and I need to resolve the issue ASAP as I have several papers that I need to get back to work on for my degree program. I would really appreciate assistance in fixing this problem (hopefully without having to do a destructive restore/reformat of my hd).

Here is the log file from HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:58 PM, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A04EE79B-B894-4CE9-AD27-CAEBA40709A4} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: (no name) - {33421C60-E929-428C-8848-7D66E6056A3A} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Norton 360] C:\Program Files\Norton 360\MainStub.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192763908828
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10734 bytes

Thanks for any help you can offer!

I've run Trend Micro Housecall 6.6 once more since posting above, now it doesn't detect anything, but the wintems.exe is still on my PC and still appears in the task manager processes.

I have attempted to install Trend Micro Anti-Spyware 3.11 and Trend Micro PC-Cillin, both of which failed to install (presumably by the wintems.exe trojan).

I have also run Gmer and located the file c:\windows\system32\drivers\srosa.sys which I have read on several sites is related to the Wintems trojan. I still can not locate the Wintems.exe file anywhere on the hard drive. It appeared briefly in Gmer but vanished. I was also able to kill the wintems.exe process via Gmer.

[Blade81]

Hi

1. Download this file -
combofix.exe to your desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall

[BurntOfferings]

Quote:

Originally Posted by Blade81

Hi

1. Download this file -
combofix.exe to your desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall

Will do! Thanks for the help. BTW here is my Kaspersky report too:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 14, 2008 11:55:44 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/01/2008
Kaspersky Anti-Virus database records: 510271
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 91924
Number of viruses found: 6
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 10:05:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\2D1E23D7.TMP Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Desktop\PC Security\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker)\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker).zip/Kaspersky keys.rar/KAVblackList.exe Infected: HackTool.Win32.Agent.cx skipped
C:\Documents and Settings\Compaq_Administrator\Desktop\PC Security\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker)\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker).zip/Kaspersky keys.rar/KeyMon.exe Infected: HackTool.Win32.Agent.cx skipped
C:\Documents and Settings\Compaq_Administrator\Desktop\PC Security\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker)\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker).zip/Kaspersky keys.rar/KeyMon_nonUPX.exe Infected: HackTool.Win32.Agent.cx skipped
C:\Documents and Settings\Compaq_Administrator\Desktop\PC Security\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker)\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker).zip/Kaspersky keys.rar Infected: HackTool.Win32.Agent.cx skipped
C:\Documents and Settings\Compaq_Administrator\Desktop\PC Security\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker)\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker).zip ZIP: infected - 4 skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscStreamHub.exe.fddeaf63.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\ApplicationHistory\DiscUpdMgr.exe.f0c5ac89.ini.inuse Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\LightScribe\log\logCoverDes.exe_620.xml Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\History\History.IE5\MSHist012008011420080115\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\BCG28.tmp Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_280.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_548.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\Perflib_Perfdata_554.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Compaq_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
C:\hp\bin\wbug\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\L0000005.FCS Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Raven\Star Trek Voyager Elite Force\register.exe Object is locked skipped
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide Infected: Trojan-Downloader.Win32.Bagle.ht skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0001034.sys Infected: Trojan-Downloader.Win32.Bagle.hw skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002034.sys Infected: Trojan-Downloader.Win32.Bagle.hw skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0002057.sys Infected: Trojan-Downloader.Win32.Bagle.hw skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\A0003057.sys Infected: Trojan-Downloader.Win32.Bagle.hw skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{7C6B5E5F-42F9-4EBD-8A6C-03B95DE3C120}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\down\116794984.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\down\116800562.exe Infected: Trojan.Win32.Pakes.bwy skipped
C:\WINDOWS\system32\drivers\down\116810781.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\I386\APPS\APP04077\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP04077\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP04077\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP04077\src\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
D:\I386\APPS\APP04077\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP04077\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\I386\APPS\APP04077\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
D:\I386\APPS\APP04077\src\HPPavillion_Spring06.exe WiseSFXDropper: infected - 2 skipped
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1\change.log Object is locked skipped

Scan process completed.

[BurntOfferings]

Quote:

Originally Posted by Blade81

Hi

1. Download this file -
combofix.exe to your desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall

Here is the ComboFix log:

ComboFix 08-01-14.4 - Compaq_Administrator 2008-01-14 12:18:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.234 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 12:12 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-13 14:16 . 2008-01-13 14:16 250 --a--c--- C:\WINDOWS\gmer.ini
2008-01-13 14:10 . 2008-01-13 14:10 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
2008-01-13 14:10 . 2008-01-13 14:10 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-12 15:25 . 2008-01-12 19:44 <DIR> d----c--- C:\Program Files\Trend Micro
2008-01-12 15:25 . 2008-01-13 15:53 50 --a--c--- C:\WINDOWS\system32\tmmute.ini
2008-01-12 15:22 . 2008-01-12 20:29 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\HouseCall 6.6
2008-01-12 13:48 . 2008-01-12 13:48 <DIR> d----c--- C:\WINDOWS\RegistryBooster 2
2008-01-12 13:48 . 2008-01-12 13:48 <DIR> d----c--- C:\Program Files\RegistryBooster 2
2008-01-12 12:31 . 2008-01-12 21:38 <DIR> d----c--- C:\Program Files\Uniblue
2008-01-12 12:31 . 2008-01-12 21:38 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
2008-01-12 12:31 . 2008-01-12 12:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-11 17:03 . 2008-01-11 17:03 268 --ah-c--- C:\sqmdata06.sqm
2008-01-11 17:03 . 2008-01-11 17:03 244 --ah-c--- C:\sqmnoopt06.sqm
2008-01-10 20:40 . 2008-01-10 20:43 <DIR> d----c--- C:\WINDOWS\system32\drivers\down
2008-01-10 20:40 . 2004-08-20 04:09 702,706 -----c--- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-10 12:23 . 2008-01-10 17:01 512 --a--c--- C:\drmHeader.bin
2008-01-09 12:18 . 2008-01-09 12:18 268 --ah-c--- C:\sqmdata05.sqm
2008-01-09 12:18 . 2008-01-09 12:18 244 --ah-c--- C:\sqmnoopt05.sqm
2008-01-09 12:02 . 2008-01-09 12:02 1,355 --a--c--- C:\WINDOWS\imsins.BAK
2008-01-09 08:59 . 2008-01-09 08:59 268 --ah-c--- C:\sqmdata04.sqm
2008-01-09 08:59 . 2008-01-09 08:59 244 --ah-c--- C:\sqmnoopt04.sqm
2008-01-07 00:17 . 2008-01-07 00:17 268 --ah-c--- C:\sqmdata03.sqm
2008-01-07 00:17 . 2008-01-07 00:17 244 --ah-c--- C:\sqmnoopt03.sqm
2008-01-07 00:13 . 2008-01-07 00:13 268 --ah-c--- C:\sqmdata02.sqm
2008-01-07 00:13 . 2008-01-07 00:13 244 --ah-c--- C:\sqmnoopt02.sqm
2008-01-06 22:42 . 2008-01-06 22:42 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\???????sAppData
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d----c--- C:\Program Files\Common Files\EasyInfo
2008-01-06 11:12 . 2008-01-06 11:12 <DIR> d----c--- C:\Program Files\Electronic Arts
2007-12-22 12:04 . 2007-12-22 12:04 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\Sony Corporation
2007-12-20 14:53 . 2007-12-20 14:57 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\DAEMON Tools
2007-12-20 14:52 . 2007-12-20 14:53 <DIR> d----c--- C:\Program Files\DAEMON Tools Lite
2007-12-19 22:27 . 2007-12-19 22:27 715,248 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
2007-12-19 11:27 . 2007-12-19 11:27 <DIR> d----c--- C:\My Recorder
2007-12-19 11:27 . 2007-12-19 11:27 194 --a--c--- C:\WINDOWS\WAVrj.ini
2007-12-19 11:26 . 2007-12-19 11:26 <DIR> d----c--- C:\Program Files\HiFisoftware
2007-12-14 19:49 . 2007-12-14 19:49 <DIR> d----c--- C:\Program Files\DVD Shrink
2007-12-14 19:49 . 2008-01-07 17:38 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 16:20 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-01-14 13:54 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\MegauploadToolbar
2008-01-14 02:30 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-13 18:26 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2008-01-13 17:39 --------- dc----w C:\Program Files\Return to Castle Wolfenstein
2008-01-13 01:45 --------- dc----w C:\Program Files\eMule
2008-01-12 20:01 --------- dc----w C:\Program Files\Call of Duty
2008-01-12 18:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 00:18 --------- dc----w C:\Program Files\Registry Repair
2008-01-12 00:11 --------- dc----w C:\Program Files\Norton 360
2008-01-11 22:17 --------- dc----w C:\Program Files\Spyware Doctor
2008-01-09 12:45 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\Ahead
2008-01-09 12:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-09 12:00 --------- dc----w C:\Program Files\Total Video Converter
2008-01-09 00:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-07 02:42 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\???????sAppData
2008-01-06 15:12 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-12-22 18:17 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\Skype
2007-12-19 15:19 --------- dc----w C:\Program Files\Mp3 My Mp3 2.0
2007-12-13 05:47 --------- dc----w C:\Program Files\MegauploadToolbar
2007-12-07 19:13 --------- dc----w C:\Program Files\Activision
2007-12-07 17:29 --------- dc----w C:\Program Files\Raven
2007-12-07 03:07 --------- dc----w C:\Program Files\DivX
2007-12-06 14:33 --------- dc----w C:\Program Files\GameShadow
2007-12-06 14:09 --------- dc----w C:\Program Files\Eidos
2007-12-05 11:10 --------- dc----w C:\Program Files\Symantec
2007-12-05 11:09 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 11:09 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 11:09 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-04 20:37 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\vlc
2007-12-04 20:36 --------- dc----w C:\Program Files\VideoLAN
2007-12-03 14:26 --------- dc----w C:\Program Files\Common Files\Ahead
2007-12-03 14:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-01 03:57 43,696 -c--a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 03:57 317,616 -c--a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 03:57 279,088 -c--a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 03:57 10,549 -c--a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 03:57 10,549 -c--a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 03:57 10,545 -c--a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 03:57 1,430 -c--a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 03:57 1,421 -c--a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 03:57 1,415 -c--a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-23 16:42 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
2007-11-23 03:45 --------- dc----w C:\Program Files\UnH Solutions
2007-10-31 17:17 54,824 -c--a-w C:\WINDOWS\agrsmdel.exe
2007-10-25 07:57 16,855,552 -c--a-w C:\WINDOWS\RTHDCPL.EXE
2007-10-19 01:51 163,206 -c--a-w C:\WINDOWS\Audio Converter Pro Uninstaller.exe
2007-10-19 00:43 315,392 -c--a-w C:\WINDOWS\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 09:15 1359872]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 09:14 1260296]
"Uniblue RegistryBooster 2"="C:\Program Files\RegistryBooster 2\RegistryBooster.exe" [2007-10-08 16:26 1863960]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-01-12 21:39 9495832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 00:01 67584]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-16 05:12 1077248]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 05:11 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 01:34 249856]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 02:50 221184]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 21:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 21:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 21:50 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 03:57 16855552 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-05-25 14:46:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-05-25 15:35:02]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2008-01-13 15:53 77824]

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 01:38:42 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-13 01:38:41 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-12 16:47:47 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-18 23:38:44 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job"
- c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 12:47:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 12:48:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 16:48:41
.
2008-01-09 16:04:10 --- E O F ---

[Blade81]

Hi

Generate an Uninstall List

* Open HijackThis
* Click on Open Misc Tools Section
* Click on Open Uninstall Manager
* Click on Save list
* Save it to your Desktop
* Post it on your next reply.


Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\tmmute.ini
C:\Documents and Settings\Compaq_Administrator\Desktop\PC Security\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker)\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker).zip

Folder::
C:\WINDOWS\system32\drivers\down

Save this as
CFScript




Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh hjt log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

[BurntOfferings]

Thanks for the next steps Blade. It'll be a few hours before I'm back at my PC, but I'll get on them as soon as I get in.

[Blade81]

Okay. I'll be waiting

[BurntOfferings]

Here's the HijackThis Uninstall Manager report:

Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
Agere Systems PCI-SV92PP Soft Modem
AMD Processor Driver
AppCore
Audacity 1.2.6
AV
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2142
Call of Duty
Call of Duty - United Offensive
Call of Duty(R) 2
ccCommon
CCleaner (remove only)
Company of Heroes
Compaq Connections (remove only)
CoreFLAC Audio Decoder+Source Filter (remove only)
Customer Experience Enhancement
DISCover
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Doom 3
DOOM 3: Resurrection of Evil
DVD Decrypter (Remove Only)
DVD Shrink 3.2
eMule
Enhanced Multimedia Keyboard Solution
Flash Saving Plugin
GameShadow
GearDrvs
Guitar Pro 5.2
HiFi WAV Recorder Joiner 1.10
HijackThis 2.0.2
Hitman Blood Money
hitman_ss Screen Saver
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Support Overview
HP Update
HP Web Helper
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 3
Kaspersky Online Scanner
LimeWire PRO 4.12.3
LiveUpdate 3.2 (Symantec Corporation)
Macromedia Flash Player 8
MD Simple Burner 2.0.03
Medal of Honor Pacific Assault(tm)
Media Pirate - the video downloader 1.0.2
Megaupload Toolbar
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Money 2006
Microsoft Office Professional Edition 2003
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MySpaceIM
Nero 7 Ultra Edition
neroxml
Norton 360
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OpenMG Limited Patch 3.4-04-16-16-01
OpenMG Secure Module 3.4.01
Otto
PC-Doctor 5 for Windows
PunkBuster for Battlefield 1942
Quicken 2006
QuickTime Alternative 1.90
Real Alternative 1.60
Realtek High Definition Audio Driver
Registry Repair 1.7
RegistryBooster 2
Remove WeatherBug Installer
Return to Castle Wolfenstein
River Past Audio Converter Pro
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Skype™ 3.5
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SonicStage 2.0.06
SPBBC 32bit
Spyware Doctor 5.0
Star Trek Elite Force II
Star Trek Voyager Elite Force
Star Trek: Armada
StyleXP (remove only)
SuppSoft
Symantec Technical Support Controls
SymNet
Total Video Converter 3.10
Ultra QuickTime Converter 2.2.0723
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
Update for Windows XP (KB942763)
VideoLAN VLC media player 0.8.6d
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
WinPcap 4.0.1
WinZip 11.1
Wolfenstein - Enemy Territory
Yahoo! Install Manager
Yahoo! Toolbar

[BurntOfferings]

Here is the new ComboFix log:

ComboFix 08-01-14.4 - Compaq_Administrator 2008-01-14 14:34:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.548 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Compaq_Administrator\Desktop\PC Security\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker)\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker).zip
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\tmmute.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Administrator\Desktop\PC Security\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker)\KASPERSKY AntiVirus7.0.1.321FINAL(with keys pack-key checker).zip
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\116794984.exe
C:\WINDOWS\system32\drivers\down\116800562.exe
C:\WINDOWS\system32\drivers\down\116807343.exe
C:\WINDOWS\system32\drivers\down\116810781.exe
C:\WINDOWS\system32\drivers\down\116817203.exe
C:\WINDOWS\system32\drivers\down\116824109.exe
C:\WINDOWS\system32\drivers\down\116866265.exe
C:\WINDOWS\system32\drivers\down\116866718.exe
C:\WINDOWS\system32\drivers\down\116874718.exe
C:\WINDOWS\system32\drivers\down\116877562.exe
C:\WINDOWS\system32\drivers\down\116880734.exe
C:\WINDOWS\system32\drivers\down\116881562.exe
C:\WINDOWS\system32\drivers\down\116885453.exe
C:\WINDOWS\system32\drivers\down\116892125.exe
C:\WINDOWS\system32\drivers\down\116898484.exe
C:\WINDOWS\system32\drivers\down\116899359.exe
C:\WINDOWS\system32\drivers\down\116900031.exe
C:\WINDOWS\system32\drivers\down\116900937.exe
C:\WINDOWS\system32\drivers\down\116904031.exe
C:\WINDOWS\system32\drivers\down\116906203.exe
C:\WINDOWS\system32\drivers\down\116937796.exe
C:\WINDOWS\system32\drivers\down\116942156.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\tmmute.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 12:12 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-13 14:16 . 2008-01-13 14:16 250 --a--c--- C:\WINDOWS\gmer.ini
2008-01-13 14:10 . 2008-01-13 14:10 <DIR> d----c--- C:\WINDOWS\system32\Kaspersky Lab
2008-01-13 14:10 . 2008-01-13 14:10 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-12 15:25 . 2008-01-12 19:44 <DIR> d----c--- C:\Program Files\Trend Micro
2008-01-12 15:22 . 2008-01-12 20:29 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\HouseCall 6.6
2008-01-12 13:48 . 2008-01-12 13:48 <DIR> d----c--- C:\WINDOWS\RegistryBooster 2
2008-01-12 13:48 . 2008-01-12 13:48 <DIR> d----c--- C:\Program Files\RegistryBooster 2
2008-01-12 12:31 . 2008-01-12 21:38 <DIR> d----c--- C:\Program Files\Uniblue
2008-01-12 12:31 . 2008-01-12 21:38 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
2008-01-12 12:31 . 2008-01-12 12:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-01-11 17:03 . 2008-01-11 17:03 268 --ah-c--- C:\sqmdata06.sqm
2008-01-11 17:03 . 2008-01-11 17:03 244 --ah-c--- C:\sqmnoopt06.sqm
2008-01-10 12:23 . 2008-01-10 17:01 512 --a--c--- C:\drmHeader.bin
2008-01-09 12:18 . 2008-01-09 12:18 268 --ah-c--- C:\sqmdata05.sqm
2008-01-09 12:18 . 2008-01-09 12:18 244 --ah-c--- C:\sqmnoopt05.sqm
2008-01-09 12:02 . 2008-01-09 12:02 1,355 --a--c--- C:\WINDOWS\imsins.BAK
2008-01-09 08:59 . 2008-01-09 08:59 268 --ah-c--- C:\sqmdata04.sqm
2008-01-09 08:59 . 2008-01-09 08:59 244 --ah-c--- C:\sqmnoopt04.sqm
2008-01-07 00:17 . 2008-01-07 00:17 268 --ah-c--- C:\sqmdata03.sqm
2008-01-07 00:17 . 2008-01-07 00:17 244 --ah-c--- C:\sqmnoopt03.sqm
2008-01-07 00:13 . 2008-01-07 00:13 268 --ah-c--- C:\sqmdata02.sqm
2008-01-07 00:13 . 2008-01-07 00:13 244 --ah-c--- C:\sqmnoopt02.sqm
2008-01-06 22:42 . 2008-01-06 22:42 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\???????sAppData
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d----c--- C:\Program Files\Common Files\EasyInfo
2008-01-06 11:12 . 2008-01-06 11:12 <DIR> d----c--- C:\Program Files\Electronic Arts
2007-12-22 12:04 . 2007-12-22 12:04 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\Sony Corporation
2007-12-20 14:53 . 2007-12-20 14:57 <DIR> d----c--- C:\Documents and Settings\Compaq_Administrator\Application Data\DAEMON Tools
2007-12-20 14:52 . 2007-12-20 14:53 <DIR> d----c--- C:\Program Files\DAEMON Tools Lite
2007-12-19 22:27 . 2007-12-19 22:27 715,248 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
2007-12-19 11:27 . 2007-12-19 11:27 <DIR> d----c--- C:\My Recorder
2007-12-19 11:27 . 2007-12-19 11:27 194 --a--c--- C:\WINDOWS\WAVrj.ini
2007-12-19 11:26 . 2007-12-19 11:26 <DIR> d----c--- C:\Program Files\HiFisoftware
2007-12-14 19:49 . 2007-12-14 19:49 <DIR> d----c--- C:\Program Files\DVD Shrink
2007-12-14 19:49 . 2008-01-07 17:38 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 16:20 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-01-14 13:54 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\MegauploadToolbar
2008-01-14 02:30 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-14 02:30 107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-13 18:26 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2008-01-13 17:39 --------- dc----w C:\Program Files\Return to Castle Wolfenstein
2008-01-13 01:45 --------- dc----w C:\Program Files\eMule
2008-01-12 20:01 --------- dc----w C:\Program Files\Call of Duty
2008-01-12 18:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 00:18 --------- dc----w C:\Program Files\Registry Repair
2008-01-12 00:11 --------- dc----w C:\Program Files\Norton 360
2008-01-11 22:17 --------- dc----w C:\Program Files\Spyware Doctor
2008-01-09 12:45 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\Ahead
2008-01-09 12:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-09 12:00 --------- dc----w C:\Program Files\Total Video Converter
2008-01-09 00:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-07 02:42 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\???????sAppData
2008-01-06 15:12 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2007-12-22 18:17 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\Skype
2007-12-19 15:19 --------- dc----w C:\Program Files\Mp3 My Mp3 2.0
2007-12-13 17:21 3,186 -c--a-w C:\WINDOWS\system32\tmp.reg
2007-12-13 05:47 --------- dc----w C:\Program Files\MegauploadToolbar
2007-12-07 19:13 --------- dc----w C:\Program Files\Activision
2007-12-07 17:29 --------- dc----w C:\Program Files\Raven
2007-12-07 03:07 --------- dc----w C:\Program Files\DivX
2007-12-06 14:33 --------- dc----w C:\Program Files\GameShadow
2007-12-06 14:23 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-06 14:09 --------- dc----w C:\Program Files\Eidos
2007-12-05 11:10 --------- dc----w C:\Program Files\Symantec
2007-12-05 11:09 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 11:09 60,800 -c--a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 11:09 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 11:09 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-04 20:37 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\vlc
2007-12-04 20:36 --------- dc----w C:\Program Files\VideoLAN
2007-12-04 01:33 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 -c--a-w C:\WINDOWS\system32\DivX.dll
2007-12-03 14:26 --------- dc----w C:\Program Files\Common Files\Ahead
2007-12-03 14:25 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-01 03:57 43,696 -c--a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 03:57 317,616 -c--a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 03:57 279,088 -c--a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 03:57 10,549 -c--a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 03:57 10,549 -c--a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 03:57 10,545 -c--a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 03:57 1,430 -c--a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 03:57 1,421 -c--a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 03:57 1,415 -c--a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-30 03:36 520,192 -c--a-w C:\WINDOWS\system32\hitman_ss.scr
2007-11-29 22:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-23 16:42 --------- dc----w C:\Documents and Settings\Compaq_Administrator\Application Data\Image Zone Express
2007-11-23 03:45 --------- dc----w C:\Program Files\UnH Solutions
2007-11-13 05:39 33,540 -c--a-w C:\WINDOWS\system32\CoreFLACDecoder-uninstall.exe
2007-11-07 09:26 721,920 -c----w C:\WINDOWS\system32\lsasrv.dll
2007-10-31 17:17 54,824 -c--a-w C:\WINDOWS\agrsmdel.exe
2007-10-29 22:35 1,287,680 -c--a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 21:40 222,720 -c--a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 07:57 16,855,552 -c--a-w C:\WINDOWS\RTHDCPL.EXE
2007-10-19 04:04 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-19 01:51 163,206 -c--a-w C:\WINDOWS\Audio Converter Pro Uninstaller.exe
2007-10-19 00:43 315,392 -c--a-w C:\WINDOWS\HideWin.exe
2007-10-18 15:31 51,224 -c--a-w C:\WINDOWS\system32\sirenacm.dll
2006-02-19 17:28 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-14_12.48.29.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-14 16:17:39 1,351,680 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 18:34:23 1,351,680 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-14 16:17:39 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 18:34:23 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-14 16:17:39 1,351,680 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 18:34:23 1,351,680 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-14 16:17:39 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 18:34:23 8,192 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-14 16:17:40 6,012,928 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 18:34:24 6,012,928 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-14 16:17:40 528,384 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 18:34:24 528,384 -c--a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 00:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 09:15 1359872]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 09:14 1260296]
"Uniblue RegistryBooster 2"="C:\Program Files\RegistryBooster 2\RegistryBooster.exe" [2007-10-08 16:26 1863960]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-01-12 21:39 9495832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 00:01 67584]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-16 05:12 1077248]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 05:11 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 01:34 249856]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 02:50 221184]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 21:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 21:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 21:50 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 03:57 16855552 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-05-25 14:46:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-05-25 15:35:02]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2008-01-13 15:53 77824]

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 03:15]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 20:01]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 01:38:42 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-13 01:38:41 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-12 16:47:47 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-18 23:38:44 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job"
- c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 14:35:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 14:36:09
ComboFix-quarantined-files.txt 2008-01-14 18:35:55
ComboFix2.txt 2008-01-14 16:48:50
.
2008-01-09 16:04:10 --- E O F ---

[BurntOfferings]

Here is the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:17 PM, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192763908828
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 10535 bytes