WoW Woes

[FastAK]

Hi, My kid responded to an in-game "tell" from someone posing as a GM on World of Warcraft. He was directed to a fake, malicious W.o.W. site and since then my comp has been acting funny and experiencing slow preformance, etc.
Here is logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:05 AM, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=DTP&M=GT5228
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {32E0F146-5B22-4C3C-8F67-C23680DE9BEC} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A3ABBADA-C468-4704-9766-47D7C20F768B} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {C8A58F0A-B761-4D1E-B4BA-FFEA1F210DDA} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FE31DB81-4A39-442C-A289-3762286CE1D3} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Do&wnload by ReGet Pro - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Pro - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.readyforcrysis.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: khfGabBt - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL4 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TSI Remote Control Service (TSIRCSRV) - Laplink Software, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 9923 bytes

Thank You very much...

[Blade81]

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log in your reply.

[FastAK]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2006 11:59:07 AM
System Uptime: 8/10/2009 6:48:51 PM (1 hours ago)

Motherboard: First International Computer, Inc. | | K2BC51G/PV
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2210/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 147.465 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 3.398 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP160: 5/12/2009 3:36:02 PM - System Checkpoint
RP161: 5/13/2009 4:03:11 PM - System Checkpoint
RP162: 5/14/2009 3:36:22 AM - Software Distribution Service 3.0
RP163: 5/15/2009 7:23:09 AM - System Checkpoint
RP164: 5/16/2009 8:56:01 AM - System Checkpoint
RP165: 5/16/2009 7:08:10 PM - Installed DirectX
RP166: 5/17/2009 8:45:13 PM - System Checkpoint
RP167: 5/18/2009 9:50:45 PM - System Checkpoint
RP168: 5/19/2009 10:56:21 PM - System Checkpoint
RP169: 5/20/2009 11:40:37 PM - System Checkpoint
RP170: 5/22/2009 7:12:20 AM - System Checkpoint
RP171: 5/23/2009 7:52:03 AM - System Checkpoint
RP172: 5/24/2009 12:17:51 PM - System Checkpoint
RP173: 5/25/2009 2:40:05 PM - System Checkpoint
RP174: 5/26/2009 2:56:27 PM - System Checkpoint
RP175: 5/27/2009 3:43:29 PM - System Checkpoint
RP176: 5/28/2009 3:58:03 PM - System Checkpoint
RP177: 5/29/2009 4:58:55 PM - System Checkpoint
RP178: 5/30/2009 5:16:23 PM - System Checkpoint
RP179: 5/31/2009 6:12:39 PM - System Checkpoint
RP180: 6/1/2009 7:45:05 PM - System Checkpoint
RP181: 6/2/2009 11:47:23 PM - System Checkpoint
RP182: 6/4/2009 2:27:05 PM - System Checkpoint
RP183: 6/5/2009 4:45:58 PM - System Checkpoint
RP184: 6/6/2009 5:43:15 PM - System Checkpoint
RP185: 6/8/2009 12:04:30 PM - System Checkpoint
RP186: 6/9/2009 1:15:20 PM - System Checkpoint
RP187: 6/10/2009 1:46:05 PM - System Checkpoint
RP188: 6/10/2009 8:17:49 PM - Software Distribution Service 3.0
RP189: 6/11/2009 9:12:28 PM - System Checkpoint
RP190: 6/12/2009 11:12:55 PM - System Checkpoint
RP191: 6/14/2009 4:48:33 PM - System Checkpoint
RP192: 6/15/2009 5:14:37 PM - System Checkpoint
RP193: 6/16/2009 11:01:16 PM - System Checkpoint
RP194: 6/18/2009 12:04:58 AM - System Checkpoint
RP195: 6/19/2009 12:18:46 AM - System Checkpoint
RP196: 6/20/2009 1:47:54 AM - System Checkpoint
RP197: 6/21/2009 7:52:19 PM - System Checkpoint
RP198: 6/22/2009 11:53:00 PM - System Checkpoint
RP199: 6/24/2009 12:30:39 AM - System Checkpoint
RP200: 6/25/2009 10:24:53 AM - System Checkpoint
RP201: 6/26/2009 12:29:08 AM - Installed Microsoft XNA Framework Redistributable 3.0
RP202: 6/26/2009 12:41:27 AM - Installed uTanks
RP203: 6/27/2009 1:26:37 AM - System Checkpoint
RP204: 6/28/2009 4:43:32 PM - System Checkpoint
RP205: 6/29/2009 6:52:13 PM - System Checkpoint
RP206: 6/30/2009 7:43:04 PM - System Checkpoint
RP207: 7/1/2009 8:25:57 PM - System Checkpoint
RP208: 7/2/2009 8:28:26 PM - System Checkpoint
RP209: 7/3/2009 8:37:12 PM - System Checkpoint
RP210: 7/5/2009 3:03:41 PM - System Checkpoint
RP211: 7/6/2009 5:07:08 PM - System Checkpoint
RP212: 7/7/2009 10:38:49 PM - System Checkpoint
RP213: 7/8/2009 11:03:28 PM - System Checkpoint
RP214: 7/9/2009 11:10:26 PM - System Checkpoint
RP215: 7/10/2009 11:17:55 PM - System Checkpoint
RP216: 7/12/2009 3:58:08 PM - System Checkpoint
RP217: 7/13/2009 4:59:23 PM - System Checkpoint
RP218: 7/14/2009 5:24:13 PM - System Checkpoint
RP219: 7/15/2009 12:17:38 AM - Software Distribution Service 3.0
RP220: 7/16/2009 12:27:17 AM - System Checkpoint
RP221: 7/17/2009 11:24:52 AM - System Checkpoint
RP222: 7/18/2009 11:47:50 AM - System Checkpoint
RP223: 7/19/2009 4:31:58 PM - System Checkpoint
RP224: 7/20/2009 5:05:19 PM - System Checkpoint
RP225: 7/21/2009 6:39:54 PM - System Checkpoint
RP226: 7/22/2009 6:44:14 PM - System Checkpoint
RP227: 7/23/2009 7:33:36 PM - System Checkpoint
RP228: 7/24/2009 10:52:13 PM - System Checkpoint
RP229: 7/25/2009 11:46:30 PM - System Checkpoint
RP230: 7/27/2009 7:27:33 AM - System Checkpoint
RP231: 7/28/2009 7:31:45 AM - System Checkpoint
RP232: 7/29/2009 10:07:45 AM - Software Distribution Service 3.0
RP233: 7/31/2009 4:57:27 PM - System Checkpoint
RP234: 8/1/2009 10:14:21 PM - System Checkpoint
RP235: 8/3/2009 8:35:18 AM - System Checkpoint
RP236: 8/3/2009 7:13:19 PM - Installed Java(TM) 6 Update 14
RP237: 8/4/2009 8:59:32 PM - System Checkpoint
RP238: 8/5/2009 10:26:18 PM - System Checkpoint
RP239: 8/7/2009 7:20:01 AM - System Checkpoint
RP240: 8/8/2009 12:06:39 PM - Software Distribution Service 3.0
RP241: 8/8/2009 7:07:25 PM - Printer Driver Microsoft XPS Document Writer Installed
RP242: 8/9/2009 7:28:51 PM - System Checkpoint

==== Installed Programs ======================


7 Wonders II
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Airstrike 2 - Gulf Thunder
AnswerWorks 5.0 English Runtime
Apple Software Update
Battlefield 2(TM)
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
CA Anti-Virus
Canon iP1700
Canon iP1700 User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
Command & Conquer 3
COMODO Internet Security
Creative Audio Console
Creative System Information
Crystal Maze
Diablo II
Digital Media Reader
Diner Dash
DivX Web Player
DVD Solution
Easy-WebPrint
ERUNT 1.1j
FATE
Final Drive Nitro
Gateway Game Console
Geneforge 2
Google Earth
Google Updater
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Java(TM) 6 Update 14
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Laplink Gold 12.0
LEGO Rock Raiders
LEGO® Batman™
Mad Magic
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Word 97
Microsoft Works
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox (3.0.12)
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
MSXML4 Parser
MTA v5.0.7
Multimedia Keyboard Driver
MySQL Server 4.1
Napster Burn Engine
Need for Speed Underground 2
NVIDIA Drivers
OBD-PC Link
Penguins!
PL-2303 USB-to-Serial
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
PremiumSoft Navicat MySQL 7.2
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
ReGet Pro 3.4
ROBLOX
Rosetta Stone 2.2.0.0A
SCRABBLE
Security Task Manager 1.7h
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Soft Data Fax Modem with SmartCP
Sonic Encoders
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.2
Station Launcher
Synthesia (remove only)
System Requirements Lab
The Hobbit(TM)
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
Tradewinds
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
uTanks
Ventrilo Client
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB914548
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

8/10/2009 6:49:28 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0040CA9AF830 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

[FastAK]

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 19:03:03.31 on Mon 08/10/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2733 [GMT -8:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Documents and Settings\Owner.DADUPSTAIRS\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
BHO: ClickCatcher MSIE handler: {16664845-0e00-11d2-8059-000000000000} - c:\program files\common files\reget shared\Catcher.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {32E0F146-5B22-4C3C-8F67-C23680DE9BEC} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {A3ABBADA-C468-4704-9766-47D7C20F768B} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {C8A58F0A-B761-4D1E-B4BA-FFEA1F210DDA} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FE31DB81-4A39-442C-A289-3762286CE1D3} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [CHotkey] zHotkey.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: Do&wnload by ReGet Pro - c:\program files\common files\reget shared\CC_Link.htm
IE: Download A&ll by ReGet Pro - c:\program files\common files\reget shared\CC_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: aol.com\free
Trusted Zone: thottbot.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.readyforcrysis.com/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
AppInit_DLLs: c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.dad\applic~1\mozilla\firefox\profiles\4hd548vv.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-11-18 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-11-18 25160]
R1 tsircmir;LapLink Mirror Driver Miniport;c:\windows\system32\drivers\tsircmir.sys [2006-12-25 2816]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-1-10 26640]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-1-10 21392]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-6-4 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-1-10 21648]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-1-10 32528]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-1-10 144960]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2008-11-18 707152]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MySQL4;MySQL4;"c:\program files\mysql\mysql server 4.1\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 4.1\my.ini" mysql4 --> c:\program files\mysql\mysql server 4.1\bin\mysqld-nt [?]
R2 TSISER;TSISER;c:\windows\system32\drivers\tsiser.sys [2006-12-25 43040]
R2 TSISTRMX;Traveling Software Stream Driver;c:\windows\system32\drivers\TSISTRMX.SYS [2006-12-25 5120]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-1-10 242952]
R3 TSIKBF5;Traveling Software Keyboard Filter Driver;c:\windows\system32\drivers\TSIKBF5.sys [2006-12-25 9728]
R3 TSIMSF5;Traveling Software Mouse Filter Driver;c:\windows\system32\drivers\TSIMSF5.sys [2006-12-25 5632]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-6-4 108368]
S1 TSIRCINK;Traveling Software Install Driver;c:\windows\system32\drivers\TSIRCINK.SYS [2006-12-25 9216]
S3 gtermddo;gtermddo;\??\c:\docume~1\owner~1.dad\locals~1\temp\gtermddo.sys --> c:\docume~1\owner~1.dad\locals~1\temp\gtermddo.sys [?]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-12-25 4736]
S3 PLUsbbc2;Laplink USB Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-12-25 8960]

=============== Created Last 30 ================

2009-08-09 11:12 <DIR> --d----- c:\program files\Trend Micro
2009-08-08 12:17 <DIR> --d----- C:\9d6aee20d045976aad2e1abcf4b6
2009-08-08 12:17 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-07 19:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-08-07 19:45 <DIR> --d----- c:\program files\Security Task Manager
2009-07-28 06:21 <DIR> --d----- c:\windows\system32\Adobe
2009-07-16 19:58 3,251 a------- c:\windows\system32\wbem\Outlook_01ca0692e9a5ebfc.mof

==================== Find3M ====================

2009-07-07 21:49 179,792 a------- c:\windows\system32\guard32.dll
2009-07-07 21:49 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-07-04 12:59 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-06-26 08:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 08:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 06:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 06:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 11:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-08 05:15 31 a------- c:\documents and settings\owner.dadupstairs\jagex_runescape_preferences.dat

============= FINISH: 19:04:35.51 ===============

[FastAK]

Site says GMER report is to big... tried to cut into quarters and still to big... ran out of steam tonight will post Gmer tomorrow...
sorry, and thanks

[Blade81]

Hi,

Please archive GMER report into zip file and attach it to your reply

[FastAK]

OK Here it is.

[Blade81]

Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[FastAK]

ComboFix 09-08-10.06 - Owner 08/12/2009 19:32.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2728 [GMT -8:00]
Running from: c:\documents and settings\Owner.DADUPSTAIRS\Desktop\ComboFix.exe
AV: *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common
c:\windows\kb913800.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-12 02:57 . 2009-08-12 03:08 76732 ----a-w- C:\ZIP.zip
2009-08-09 19:15 . 2009-08-09 19:15 -------- d-----w- c:\program files\ERUNT
2009-08-09 19:12 . 2009-08-09 19:12 -------- d-----w- c:\program files\Trend Micro
2009-08-08 20:17 . 2009-08-08 20:25 -------- d-----w- C:\9d6aee20d045976aad2e1abcf4b6
2009-08-08 20:17 . 2009-08-09 03:04 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-08 03:45 . 2009-08-08 03:45 80 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_3E30A5E964260294690350725DADB970.dll
2009-08-04 03:10 . 2009-08-04 03:10 152576 ----a-w- c:\documents and settings\Owner.DADUPSTAIRS\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-28 14:21 . 2009-07-28 14:21 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 03:25 . 2007-12-15 19:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-08 20:48 . 2006-06-19 04:25 38000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-08 04:09 . 2009-08-08 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-08-08 03:45 . 2009-08-08 03:45 4852 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_29041288F63822E45ACA65A99CEEA6F0.dll
2009-08-05 14:43 . 2008-11-18 04:56 -------- d-----w- c:\program files\SpywareBlaster
2009-08-04 03:13 . 2007-06-18 06:58 -------- d-----w- c:\program files\Java
2009-07-10 04:04 . 2008-08-04 04:55 -------- d-----w- c:\program files\StarWarsGalaxies
2009-07-08 05:49 . 2008-11-19 04:44 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-08 05:49 . 2008-11-19 04:44 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-04 20:59 . 2008-11-19 04:44 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-04 20:59 . 2008-11-19 04:44 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-06-26 16:50 . 2006-06-17 09:23 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2006-06-17 09:23 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 08:57 . 2009-06-26 08:41 -------- d-----w- c:\program files\uTanks
2009-06-26 08:29 . 2009-06-26 08:29 -------- d-----w- c:\program files\Microsoft XNA
2009-06-16 14:36 . 2006-06-17 09:23 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-06-17 09:23 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2006-06-17 09:23 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 19:33 . 2008-12-04 03:23 410984 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-31 177392]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-07-31 230664]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-04 1793808]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-03-14 16010752]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-19 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\LapLink Gold\\laplink.exe"=
"c:\\Program Files\\world of warcraft\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\world of warcraft\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\world of warcraft\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"c:\\Program Files\\world of warcraft\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\world of warcraft\\World of Warcraft\\WoW-2.1.1.6739-to-2.1.2.6803-enUS-downloader.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\StarWarsGalaxies\\SwgClient_r.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\world of warcraft\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"=
"c:\\Program Files\\world of warcraft\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\world of warcraft\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\world of warcraft\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe"=
"c:\\Program Files\\world of warcraft\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\uTanks\\MicroTanksAlpha.exe"=
"c:\\Program Files\\StarWarsGalaxies\\SWGVoiceService.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"8086:TCP"= 8086:TCP:WoW
"8087:TCP"= 8087:TCP:WoW
"9081:TCP"= 9081:TCP:WoW
"9090:TCP"= 9090:TCP:WoW
"9097:TCP"= 9097:TCP:WoW
"9100:TCP"= 9100:TCP:WoW

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11/18/2008 8:44 PM 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/18/2008 8:44 PM 25160]
R1 tsircmir;LapLink Mirror Driver Miniport;c:\windows\system32\drivers\tsircmir.sys [12/25/2006 1:10 PM 2816]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 MySQL4;MySQL4;"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt" --defaults-file="c:\program files\MySQL\MySQL Server 4.1\my.ini" MySQL4 --> c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt [?]
R2 TSISER;TSISER;c:\windows\system32\drivers\tsiser.sys [12/25/2006 1:10 PM 43040]
R2 TSISTRMX;Traveling Software Stream Driver;c:\windows\system32\drivers\TSISTRMX.SYS [12/25/2006 1:10 PM 5120]
R3 TSIKBF5;Traveling Software Keyboard Filter Driver;c:\windows\system32\drivers\TSIKBF5.sys [12/25/2006 1:10 PM 9728]
R3 TSIMSF5;Traveling Software Mouse Filter Driver;c:\windows\system32\drivers\TSIMSF5.sys [12/25/2006 1:10 PM 5632]
S1 TSIRCINK;Traveling Software Install Driver;c:\windows\system32\drivers\TSIRCINK.SYS [12/25/2006 1:10 PM 9216]
S3 gtermddo;gtermddo;\??\c:\docume~1\OWNER~1.DAD\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\OWNER~1.DAD\LOCALS~1\Temp\gtermddo.sys [?]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [12/25/2006 1:10 PM 4736]
S3 PLUsbbc2;Laplink USB Cable Driver;c:\windows\system32\drivers\usbbc2.sys [12/25/2006 1:10 PM 8960]
.
- - - - ORPHANS REMOVED - - - -

BHO-{32E0F146-5B22-4C3C-8F67-C23680DE9BEC} - (no file)
BHO-{A3ABBADA-C468-4704-9766-47D7C20F768B} - (no file)
BHO-{C8A58F0A-B761-4D1E-B4BA-FFEA1F210DDA} - (no file)
BHO-{FE31DB81-4A39-442C-A289-3762286CE1D3} - (no file)
Notify-khfGabBt - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
IE: Do&wnload by ReGet Pro - c:\program files\Common Files\ReGet Shared\CC_Link.htm
IE: Download A&ll by ReGet Pro - c:\program files\Common Files\ReGet Shared\CC_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: aol.com\free
Trusted Zone: thottbot.com\www
FF - ProfilePath - c:\documents and settings\Owner.DADUPSTAIRS\Application Data\Mozilla\Firefox\Profiles\4hd548vv.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 19:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL4]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 4.1\my.ini\" MySQL4"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-518880295-3602600846-3527441970-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:01,a8,ac,1c,eb,5b,7c,07,14,b8,cf,a6,f2,e3,b3,5d,ae,c7,f8,18,ea,b4,1a,
75,ff,13,18,07,b6,9c,44,8c,02,8f,4c,30,a7,48,f7,78,c8,77,ab,4d,ff,4f,37,bb,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-518880295-3602600846-3527441970-1006\Software\SecuROM\License information*]
"datasecu"=hex:ed,9d,b6,63,3f,7d,3b,1f,20,88,bf,d6,39,31,0d,16,8d,8d,d5,ba,c3,
e6,c0,06,25,73,1a,d2,4b,82,e4,7c,f0,35,80,3c,a6,59,68,1c,b5,6d,e6,be,36,17,\
"rkeysecu"=hex:76,f0,e5,8a,f8,c9,76,bd,f1,6c,27,24,8e,61,27,c5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1536)
c:\windows\system32\guard32.dll
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-08-13 19:40
ComboFix-quarantined-files.txt 2009-08-13 03:40

Pre-Run: 158,732,546,048 bytes free
Post-Run: 159,080,886,272 bytes free

216 --- E O F --- 2009-08-08 20:36

[FastAK]

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 19:41:27.21 on Wed 08/12/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2692 [GMT -8:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner.DADUPSTAIRS\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
BHO: ClickCatcher MSIE handler: {16664845-0e00-11d2-8059-000000000000} - c:\program files\common files\reget shared\Catcher.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [Power2GoExpress] NA
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [CHotkey] zHotkey.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: Do&wnload by ReGet Pro - c:\program files\common files\reget shared\CC_Link.htm
IE: Download A&ll by ReGet Pro - c:\program files\common files\reget shared\CC_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: aol.com\free
Trusted Zone: thottbot.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.readyforcrysis.com/sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
AppInit_DLLs: c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.dad\applic~1\mozilla\firefox\profiles\4hd548vv.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-11-18 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-11-18 25160]
R1 tsircmir;LapLink Mirror Driver Miniport;c:\windows\system32\drivers\tsircmir.sys [2006-12-25 2816]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-1-10 26640]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-1-10 21392]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-6-4 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-1-10 21648]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-1-10 32528]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-1-10 144960]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2008-11-18 707152]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MySQL4;MySQL4;"c:\program files\mysql\mysql server 4.1\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 4.1\my.ini" mysql4 --> c:\program files\mysql\mysql server 4.1\bin\mysqld-nt [?]
R2 TSISER;TSISER;c:\windows\system32\drivers\tsiser.sys [2006-12-25 43040]
R2 TSISTRMX;Traveling Software Stream Driver;c:\windows\system32\drivers\TSISTRMX.SYS [2006-12-25 5120]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-1-10 242952]
R3 TSIKBF5;Traveling Software Keyboard Filter Driver;c:\windows\system32\drivers\TSIKBF5.sys [2006-12-25 9728]
R3 TSIMSF5;Traveling Software Mouse Filter Driver;c:\windows\system32\drivers\TSIMSF5.sys [2006-12-25 5632]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-6-4 108368]
S1 TSIRCINK;Traveling Software Install Driver;c:\windows\system32\drivers\TSIRCINK.SYS [2006-12-25 9216]
S3 gtermddo;gtermddo;\??\c:\docume~1\owner~1.dad\locals~1\temp\gtermddo.sys --> c:\docume~1\owner~1.dad\locals~1\temp\gtermddo.sys [?]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-12-25 4736]
S3 PLUsbbc2;Laplink USB Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-12-25 8960]

=============== Created Last 30 ================

2009-08-12 19:39 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-12 19:31 216,064 a------- c:\windows\PEV.exe
2009-08-12 19:31 161,792 a------- c:\windows\SWREG.exe
2009-08-12 19:31 98,816 a------- c:\windows\sed.exe
2009-08-12 19:31 <DIR> --ds---- C:\ComboFix
2009-08-11 18:57 76,732 a------- C:\ZIP.zip
2009-08-09 11:12 <DIR> --d----- c:\program files\Trend Micro
2009-08-08 12:17 <DIR> --d----- C:\9d6aee20d045976aad2e1abcf4b6
2009-08-08 12:17 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-07 19:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-08-07 19:45 <DIR> --d----- c:\program files\Security Task Manager
2009-07-28 06:21 <DIR> --d----- c:\windows\system32\Adobe
2009-07-16 19:58 3,251 a------- c:\windows\system32\wbem\Outlook_01ca0692e9a5ebfc.mof

==================== Find3M ====================

2009-07-07 21:49 179,792 a------- c:\windows\system32\guard32.dll
2009-07-07 21:49 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-07-04 12:59 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-06-26 08:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 08:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-16 06:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 06:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 11:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-08 05:15 31 a------- c:\documents and settings\owner.dadupstairs\jagex_runescape_preferences.dat

============= FINISH: 19:41:53.33 ===============