malware infection

S

sdxn2400134

New member
For a couple of weeks, I have had a bad computer problem. I used Spybot for a week. It would detect and remove various Virtumonde strains, but Virtumonde would always come back. Most often I see virtumonde.prx.

I also paid about $40 for Ad-Aware Pro. It does not detect virtumonde...however, it did detect and clean TR/crypt.xpack.gen and TR/dropper.gen which it listed as trojans.

I have made numerous changes to startup using spybot and msconfig. For the last week, I have had problems lauching programs, especially spybot and ad-aware. They will usually appear, then I get a system message which states that a problem has been encountered and the program must close. I can launch these programs in safe mode. Please help me! Thanks. Steve

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:03 PM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {75a7e2c9-dbbd-4d37-8c0c-86052d585529} - (disabled by BHODemon)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {97f40295-734e-479f-9efb-6a7e8d9e93b7} - C:\WINDOWS\system32\masutora.dll (disabled by BHODemon)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [CPMaf5133a0] Rundll32.exe "c:\windows\system32\zezojare.dll",a
O4 - HKLM\..\RunOnce: [C:\Program Files\Common Files\AOL\1118558958\ee\services\safetyCore\ver210_5_4_1\SSCEvtHdlrPS.dll] regsvr32.exe /s "C:\Program Files\Common Files\AOL\1118558958\ee\services\safetyCore\ver210_5_4_1\SSCEvtHdlrPS.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121835894750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208355050890
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wonufeji.dll c:\windows\system32\negoyuhe.dll c:\windows\system32\wupobolo.dll khfduy.dll c:\windows\system32\zezojare.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zezojare.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zezojare.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Update Service (gupdate1c99af84045d9ba) (gupdate1c99af84045d9ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 10251 bytes
 
Hi sdxn2400134

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

We need first to disable TeaTimer that it doesn''t interfere with fixes. You can re-enable it when you''re clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
 
Ran combofix 4-3-09

I had two problems when I ran combofix: Since I cannot launch McAfee Security Center in normal mode, I launched it in safe mode and disabled all the components I could find. However, when I ran combofix, it complained twice that "virusscan" was running. Each time, I opened taskmanager and shut down every service that began with "mc". Combofix stated that virusscan was still running, but that is would continue anyway.

The other problem was when combofix tried to connect with the Internet. The "ping" program (I think) encountered a problem and had to close. As a result, I didnt get the windows recovery console.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:43 PM, on 4/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121835894750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208355050890
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Update Service (gupdate1c99af84045d9ba) (gupdate1c99af84045d9ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8172 bytes
 
combofix.txt 4-3-09

Here is the combofix log. Would you like me to run combofix again? Steve

ComboFix 09-04-01.01 - Steve 2009-04-03 13:28:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.583 [GMT -7:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090222175236703.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090223144719640.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090223161435484.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090223195039531.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224160626250.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090224201311781.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090225152655796.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090225202748140.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226165159875.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226193642546.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227161134781.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227180605031.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227193952109.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228151845250.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228194957171.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090303150337828.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090304141335953.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090304202403187.log
c:\windows\ekekotad.dll
c:\windows\system32\bszip.dll
c:\windows\system32\Cache
c:\windows\system32\dumphive.exe
c:\windows\system32\mufovedi.dll
c:\windows\system32\pattwk.dll
c:\windows\system32\selulisa.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP


((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.

2009-04-02 13:39 . 2009-04-02 13:39 <DIR> d-------- c:\program files\Trend Micro
2009-04-02 13:29 . 2009-04-02 13:29 <DIR> d-------- c:\program files\ERUNT
2009-03-30 23:45 . 2009-03-30 23:45 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
2009-03-30 23:42 . 2009-03-30 23:42 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Symantec
2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Logitech
2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Jasc Software Inc
2009-03-30 00:38 . 2009-03-30 00:38 <DIR> d--h----- c:\documents and settings\jasmine\Application Data\GTek
2009-03-30 00:38 . 2009-03-30 00:38 <DIR> d-------- c:\documents and settings\jasmine\Application Data\5400 Series
2009-03-30 00:34 . 2009-03-30 00:34 <DIR> d--hs---- c:\documents and settings\jasmine\IETldCache
2009-03-30 00:31 . 2005-06-06 07:04 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Creative
2009-03-30 00:31 . 2009-03-30 23:03 <DIR> d-------- c:\documents and settings\jasmine
2009-03-29 21:13 . 2009-03-29 21:13 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-29 17:52 . 2009-03-29 17:52 <DIR> d--hs---- c:\documents and settings\Patty\PrivacIE
2009-03-29 17:52 . 2009-03-29 17:52 <DIR> d--hs---- c:\documents and settings\Patty\IECompatCache
2009-03-29 12:32 . 2009-03-29 12:32 <DIR> d--hs---- c:\documents and settings\Patty\IETldCache
2009-03-29 11:38 . 2009-03-28 23:58 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-29 02:16 . 2009-03-29 02:16 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-28 23:52 . 2009-03-28 23:52 <DIR> d--hs---- c:\documents and settings\Steve\IECompatCache
2009-03-28 23:49 . 2009-03-30 02:46 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-28 22:31 . 2009-03-28 22:31 <DIR> d--hs---- c:\documents and settings\Steve\PrivacIE
2009-03-28 21:25 . 2009-03-28 21:25 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-03-28 17:18 . 2009-03-28 17:18 <DIR> d--hs---- c:\documents and settings\Steve\IETldCache
2009-03-28 16:36 . 2009-03-30 01:44 <DIR> d--h-c--- c:\windows\ie8
2009-03-26 14:39 . 2009-03-26 14:39 40,448 --a------ C:\dmsiacq.exe
2009-03-26 14:39 . 2009-03-26 14:39 31,744 --a------ C:\rojpcck.exe
2009-03-25 13:20 . 2009-03-25 13:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-25 13:09 . 2009-03-25 13:09 <DIR> d-------- c:\documents and settings\Steve\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-24 01:28 . 2009-03-29 23:59 <DIR> d-------- c:\program files\Lavasoft
2009-03-24 01:28 . 2009-03-29 23:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-22 03:29 . 2009-03-24 01:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-22 03:29 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-21 15:02 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\Patty\Application Data\Winamp
2009-03-21 13:31 . 2009-03-24 01:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 00:47 --------- d-----w c:\program files\Lx_cats
2009-03-24 04:22 --------- d-----w c:\documents and settings\Mikey\Application Data\LimeWire
2009-03-02 05:36 --------- d-----w c:\program files\Google
2009-02-23 01:59 --------- d-----w c:\documents and settings\Patty\Application Data\AOL
2009-02-14 05:30 --------- d-----w c:\documents and settings\Patty\Application Data\Viewpoint
2009-02-11 21:01 --------- d--h--w c:\documents and settings\Patty\Application Data\GTek
2009-02-11 20:58 --------- d-----w c:\documents and settings\Patty\Application Data\Logitech
2009-02-11 20:58 --------- d-----w c:\documents and settings\Patty\Application Data\5400 Series
2009-02-10 23:16 --------- d-----w c:\documents and settings\Mikey\Application Data\5400 Series
2008-09-13 13:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1118558958\ee\AOLSoftware.exe" [2008-06-24 41824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 53248]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-28 515416]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

c:\documents and settings\Mikey\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [2008-11-29 1587]

c:\documents and settings\Patty\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [2009-02-23 1587]

c:\documents and settings\Steve\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.lsvx"= c:\windows\system32\lsvxdec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup=c:\windows\pss\dlbcserv.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Steve^Start Menu^Programs^Startup^BOINC Manager.lnk]
path=c:\documents and settings\Steve\Start Menu\Programs\Startup\BOINC Manager.lnk
backup=c:\windows\pss\BOINC Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 05:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2005-05-31 05:33 122941 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2007-03-19 05:58 82864 c:\program files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 14:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
--a------ 2006-07-12 22:22 57344 c:\program files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-12 07:25 11776 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-10 20:58 7286784 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-01-10 20:58 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 03:52 36975 c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-10 23:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-10 20:58 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2004-06-10 14:51 60928 c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"lxct_device"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"DSBrokerService"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CTSysVol"=c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" /s
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe"
"LXCTCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"Wladasudevibebax"=rundll32.exe "c:\windows\ekekotad.dll",e
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe"
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe"
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1118558958\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1118558958\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 gupdate1c99af84045d9ba;Google Update Service (gupdate1c99af84045d9ba);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S2 PDRJNDL;PDRJNDL;\??\g:\data\WORK\VitaGen\Vgen Docs\Dek\PDL\PDRJNDL.SYS --> g:\data\WORK\VitaGen\Vgen Docs\Dek\PDL\PDRJNDL.SYS [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - sfc

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\start.exe welcome.dbd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-29 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-28 23:56]

2009-04-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 22:31]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-04-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-04-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{75a7e2c9-dbbd-4d37-8c0c-86052d585529} - __BHODemonDisabled
BHO-{97f40295-734e-479f-9efb-6a7e8d9e93b7} - c:\windows\system32\masutora.dll__BHODemonDisabled
MSConfigStartUp-AIM - c:\program files\AIM\aim.exe
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
MSConfigStartUp-Cfawakenupiyep - c:\windows\Xwedupujaxakuqe.dll
MSConfigStartUp-CPMaf5133a0 - c:\windows\system32\zezojare.dll
MSConfigStartUp-DellSupport - c:\program files\Dell Support\DSAgnt.exe
MSConfigStartUp-Diagnostic Manager - c:\docume~1\Steve\LOCALS~1\Temp\1067090350.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-LWBMOUSE - c:\program files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-Pure Networks Port Magic - c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-WhenUSave - c:\program files\Save\Save.exe
MSConfigStartUp-Windows Resurections - c:\windows\TEMP\fvia1.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\wkhqaxag.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 13:55:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\imapi.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
c:\windows\system32\locator.exe
c:\windows\system32\snmp.exe
c:\windows\system32\tlntsvr.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-04-03 14:02:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-03 21:02:08

Pre-Run: 36,419,039,232 bytes free
Post-Run: 37,943,160,832 bytes free

372 --- E O F --- 2009-04-03 03:32:19
 
Before that we continue with this:

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
uninstall list 4-5-09

Since the one time I ran combofix, I am no longer having problems with opening programs :bigthumb: and I no longer see system messages saying that some program has encountered a problem and has to close. :bigthumb:

Here is the list you asked for:

ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
AVG Anti-Rootkit Free
Broadband Internet Router
BroadJump Client Foundation
CA Pest Patrol Realtime Protection
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
DellSupport
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DTCLookup
ERUNT 1.1j
eViewStream
FaxTools
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Image Analyzer
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod Updater 2004-08-06
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_03
Java Web Start
KhalInstallWrapper
Learn2 Player (Uninstall Only)
Lexmark 5400 Series
Lexmark Toolbar
LimeWire 4.18.8
Logitech SetPoint
Macromedia Flash Player
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.8)
MP3 CD Converter 4.02
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
NVIDIA Drivers
oggcodecs 0.69.8924
PearsonVUE Tutorial and Practice Exam
PowerDVD 5.6
QuickBooks Simple Start Special Edition
QuickTime
RCA Memory Manager™ 2.1.0.210
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Live! 24-bit
Spybot - Search & Destroy
System Requirements Lab
TeamSpeak 2 RC2
Time Zone Data Update Tool for Microsoft Office Outlook
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Xvid Codec 1.1.3
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.18.8

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.
 
new uninstall list 4-5-09

ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
AVG Anti-Rootkit Free
Broadband Internet Router
BroadJump Client Foundation
CA Pest Patrol Realtime Protection
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
DellSupport
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DTCLookup
ERUNT 1.1j
eViewStream
FaxTools
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Image Analyzer
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod Updater 2004-08-06
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_03
Java Web Start
KhalInstallWrapper
Learn2 Player (Uninstall Only)
Lexmark 5400 Series
Lexmark Toolbar
Logitech SetPoint
Macromedia Flash Player
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.8)
MP3 CD Converter 4.02
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
NVIDIA Drivers
oggcodecs 0.69.8924
PearsonVUE Tutorial and Practice Exam
PowerDVD 5.6
QuickBooks Simple Start Special Edition
QuickTime
RCA Memory Manager™ 2.1.0.210
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Live! 24-bit
Spybot - Search & Destroy
System Requirements Lab
TeamSpeak 2 RC2
Time Zone Data Update Tool for Microsoft Office Outlook
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Ventrilo Client
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Xvid Codec 1.1.3
 
Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\dmsiacq.exe
C:\rojpcck.exe
c:\StubInstaller.exe

Folder::
c:\documents and settings\Mikey\Application Data\LimeWire
c:\Program Files\LimeWire
c:\Program Files\eMule

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Wladasudevibebax"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\eMule\\emule.exe"=-
"c:\\StubInstaller.exe"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
 
combofix.txt 4-5-09

Greetings! ComboFix updated to a newer version, then restarted.

The Windows Recovery Console was also downloaded and installed.

Here is the new ComboFix file:


ComboFix 09-04-04.01 - Steve 2009-04-05 13:18:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.600 [GMT -7:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*

FILE ::
C:\dmsiacq.exe
C:\rojpcck.exe
c:\StubInstaller.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mikey\Application Data\LimeWire
c:\documents and settings\Mikey\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Mikey\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Mikey\Application Data\LimeWire\downloads.dat
c:\documents and settings\Mikey\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Mikey\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Mikey\Application Data\LimeWire\filters.props
c:\documents and settings\Mikey\Application Data\LimeWire\gnutella.net
c:\documents and settings\Mikey\Application Data\LimeWire\installation.props
c:\documents and settings\Mikey\Application Data\LimeWire\library.dat
c:\documents and settings\Mikey\Application Data\LimeWire\limewire.props
c:\documents and settings\Mikey\Application Data\LimeWire\mojito.props
c:\documents and settings\Mikey\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Mikey\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Mikey\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Mikey\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Mikey\Application Data\LimeWire\questions.props
c:\documents and settings\Mikey\Application Data\LimeWire\responses.cache
c:\documents and settings\Mikey\Application Data\LimeWire\simpp.xml
c:\documents and settings\Mikey\Application Data\LimeWire\spam.dat
c:\documents and settings\Mikey\Application Data\LimeWire\tables.props
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Mikey\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Mikey\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Mikey\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Mikey\Application Data\LimeWire\version.xml
c:\documents and settings\Mikey\Application Data\LimeWire\versions.props
c:\documents and settings\Mikey\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Mikey\Application Data\LimeWire\xml\data\video.sxml2
c:\program files\eMule
c:\program files\eMule\config\cancelled.met
c:\program files\eMule\config\clients.met
c:\program files\eMule\config\emfriends.met
c:\program files\eMule\config\known.met
c:\program files\eMule\config\known2.met
c:\program files\eMule\config\known2_64.met
c:\program files\eMule\config\preferences.ini
c:\program files\eMule\config\server_met.old
c:\program files\eMule\config\statistics.ini
c:\program files\eMule\EMULE.EXE
c:\program files\eMule\eMule.tmpl
c:\program files\eMule\eMule_Chicane.tmpl
c:\program files\eMule\Incoming\The Beatles - Let It Be.mp3
c:\program files\eMule\Temp\001.part
c:\program files\eMule\Temp\001.part.met
c:\program files\eMule\Temp\001.part.met.bak
c:\program files\eMule\Temp\002.part
c:\program files\eMule\Temp\002.part.met
c:\program files\eMule\Temp\002.part.met.bak
c:\program files\eMule\Temp\003.part
c:\program files\eMule\Temp\003.part.met
c:\program files\eMule\Temp\003.part.met.bak
c:\program files\eMule\Temp\004.part.met
c:\program files\eMule\Temp\004.part.met.bak
c:\program files\eMule\Temp\005.part
c:\program files\eMule\Temp\005.part.met
c:\program files\eMule\Temp\005.part.met.bak
c:\program files\eMule\Temp\006.part.met
c:\program files\eMule\Temp\006.part.met.bak
c:\program files\eMule\Temp\007.part
c:\program files\eMule\Temp\007.part.met
c:\program files\eMule\Temp\007.part.met.bak
c:\program files\eMule\Temp\008.part
c:\program files\eMule\Temp\008.part.met
c:\program files\eMule\Temp\008.part.met.bak
c:\program files\eMule\Temp\009.part
c:\program files\eMule\Temp\009.part.met
c:\program files\eMule\Temp\009.part.met.bak
c:\program files\eMule\Temp\010.part
c:\program files\eMule\Temp\010.part.met
c:\program files\eMule\Temp\010.part.met.bak
c:\program files\eMule\Temp\011.part.met
c:\program files\eMule\Temp\011.part.met.bak
c:\program files\eMule\Temp\012.part.met
c:\program files\eMule\Temp\012.part.met.bak
c:\program files\eMule\Temp\013.part
c:\program files\eMule\Temp\013.part.met
c:\program files\eMule\Temp\013.part.met.bak
c:\program files\eMule\Temp\014.part
c:\program files\eMule\Temp\014.part.met
c:\program files\eMule\Temp\014.part.met.bak
c:\program files\eMule\Temp\015.part.met
c:\program files\eMule\Temp\015.part.met.bak
c:\program files\eMule\Temp\016.part
c:\program files\eMule\Temp\016.part.met
c:\program files\eMule\Temp\016.part.met.bak
c:\program files\eMule\Temp\018.part.met
c:\program files\eMule\Temp\018.part.met.bak
c:\program files\eMule\Temp\019.part
c:\program files\eMule\Temp\019.part.met
c:\program files\eMule\Temp\019.part.met.bak
c:\program files\eMule\Temp\020.part
c:\program files\eMule\Temp\020.part.met
c:\program files\eMule\Temp\020.part.met.bak
c:\program files\eMule\Temp\021.part
c:\program files\eMule\Temp\021.part.met
c:\program files\eMule\Temp\021.part.met.bak
c:\program files\eMule\Temp\022.part.met
c:\program files\eMule\Temp\022.part.met.bak
c:\program files\eMule\Temp\023.part
c:\program files\eMule\Temp\023.part.met
c:\program files\eMule\Temp\023.part.met.bak
c:\program files\eMule\Temp\024.part.met
c:\program files\eMule\Temp\024.part.met.bak
c:\program files\eMule\Temp\025.part
c:\program files\eMule\Temp\025.part.met
c:\program files\eMule\Temp\025.part.met.bak
c:\program files\eMule\Temp\026.part.met
c:\program files\eMule\Temp\026.part.met.bak
c:\program files\eMule\Temp\027.part.met
c:\program files\eMule\Temp\027.part.met.bak
c:\program files\eMule\Temp\028.part.met
c:\program files\eMule\Temp\028.part.met.bak
c:\program files\eMule\Temp\029.part
c:\program files\eMule\Temp\029.part.met
c:\program files\eMule\Temp\029.part.met.bak
c:\program files\eMule\Temp\030.part.met
c:\program files\eMule\Temp\030.part.met.bak
c:\program files\eMule\Temp\031.part
c:\program files\eMule\Temp\031.part.met
c:\program files\eMule\Temp\031.part.met.bak
c:\program files\eMule\Temp\032.part
c:\program files\eMule\Temp\032.part.met
c:\program files\eMule\Temp\032.part.met.bak
c:\program files\eMule\Temp\033.part
c:\program files\eMule\Temp\033.part.met
c:\program files\eMule\Temp\033.part.met.bak
c:\program files\eMule\Temp\034.part
c:\program files\eMule\Temp\034.part.met
c:\program files\eMule\Temp\034.part.met.bak
c:\program files\eMule\Temp\035.part
c:\program files\eMule\Temp\035.part.met
c:\program files\eMule\Temp\035.part.met.bak
c:\program files\eMule\Temp\036.part
c:\program files\eMule\Temp\036.part.met
c:\program files\eMule\Temp\036.part.met.bak
c:\program files\eMule\Temp\037.part
c:\program files\eMule\Temp\037.part.met
c:\program files\eMule\Temp\037.part.met.bak
c:\program files\eMule\Temp\038.part
c:\program files\eMule\Temp\038.part.met
c:\program files\eMule\Temp\038.part.met.bak
c:\program files\eMule\Temp\039.part.met
c:\program files\eMule\Temp\039.part.met.bak
c:\program files\eMule\Temp\040.part
c:\program files\eMule\Temp\040.part.met
c:\program files\eMule\Temp\040.part.met.bak
c:\program files\eMule\Temp\041.part
c:\program files\eMule\Temp\041.part.met
c:\program files\eMule\Temp\041.part.met.bak
c:\program files\eMule\Temp\042.part
c:\program files\eMule\Temp\042.part.met
c:\program files\eMule\Temp\042.part.met.bak
c:\program files\eMule\Temp\043.part
c:\program files\eMule\Temp\043.part.met
c:\program files\eMule\Temp\043.part.met.bak
c:\program files\eMule\Temp\044.part.met
c:\program files\eMule\Temp\044.part.met.bak
c:\program files\eMule\Temp\045.part.met
c:\program files\eMule\Temp\045.part.met.bak
c:\program files\eMule\Temp\046.part.met
c:\program files\eMule\Temp\046.part.met.bak
c:\program files\eMule\Temp\047.part
c:\program files\eMule\Temp\047.part.met
c:\program files\eMule\Temp\047.part.met.bak
c:\program files\eMule\Temp\048.part.met
c:\program files\eMule\Temp\048.part.met.bak
c:\program files\eMule\Temp\049.part
c:\program files\eMule\Temp\049.part.met
c:\program files\eMule\Temp\049.part.met.bak
c:\program files\eMule\Temp\050.part
c:\program files\eMule\Temp\050.part.met
c:\program files\eMule\Temp\050.part.met.bak
c:\program files\eMule\Temp\051.part.met
c:\program files\eMule\Temp\051.part.met.bak
c:\program files\eMule\Temp\052.part
c:\program files\eMule\Temp\052.part.met
c:\program files\eMule\Temp\052.part.met.bak
c:\program files\eMule\Temp\053.part.met
c:\program files\eMule\Temp\053.part.met.bak
c:\program files\eMule\Temp\054.part
c:\program files\eMule\Temp\054.part.met
c:\program files\eMule\Temp\054.part.met.bak
c:\program files\eMule\Temp\055.part
c:\program files\eMule\Temp\055.part.met
c:\program files\eMule\Temp\055.part.met.bak
c:\program files\eMule\Temp\056.part
c:\program files\eMule\Temp\056.part.met
c:\program files\eMule\Temp\056.part.met.bak
c:\program files\eMule\Temp\057.part
c:\program files\eMule\Temp\057.part.met
c:\program files\eMule\Temp\057.part.met.bak
c:\program files\eMule\Temp\058.part
c:\program files\eMule\Temp\058.part.met
c:\program files\eMule\Temp\058.part.met.bak
c:\program files\eMule\Temp\059.part.met
c:\program files\eMule\Temp\059.part.met.bak
c:\program files\eMule\Temp\060.part.met
c:\program files\eMule\Temp\060.part.met.bak
c:\program files\eMule\Temp\061.part
c:\program files\eMule\Temp\061.part.met
c:\program files\eMule\Temp\061.part.met.bak
c:\program files\eMule\Temp\063.part.met
c:\program files\eMule\Temp\063.part.met.bak
c:\program files\eMule\Temp\066.part.met
c:\program files\eMule\Temp\066.part.met.bak
c:\program files\eMule\Temp\067.part
c:\program files\eMule\Temp\067.part.met
c:\program files\eMule\Temp\067.part.met.bak
c:\program files\eMule\Temp\068.part.met
c:\program files\eMule\Temp\068.part.met.bak
c:\program files\eMule\Temp\070.part.met
c:\program files\eMule\Temp\070.part.met.bak
c:\program files\eMule\Temp\071.part
c:\program files\eMule\Temp\071.part.met
c:\program files\eMule\Temp\071.part.met.bak
c:\program files\eMule\Temp\074.part.met
c:\program files\eMule\Temp\074.part.met.bak
c:\program files\eMule\Temp\078.part
c:\program files\eMule\Temp\078.part.met
c:\program files\eMule\Temp\078.part.met.bak
c:\program files\eMule\Temp\080.part
c:\program files\eMule\Temp\080.part.met
c:\program files\eMule\Temp\080.part.met.bak
c:\program files\eMule\Temp\081.part.met
c:\program files\eMule\Temp\081.part.met.bak
c:\program files\eMule\Temp\082.part
c:\program files\eMule\Temp\082.part.met
c:\program files\eMule\Temp\082.part.met.bak
c:\program files\eMule\Temp\083.part.met
c:\program files\eMule\Temp\083.part.met.bak
c:\program files\eMule\Temp\084.part.met
c:\program files\eMule\Temp\084.part.met.bak
C:\rojpcck.exe
c:\StubInstaller.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
.

2009-04-04 14:57 . 2009-04-04 14:57 <DIR> d--hs---- c:\documents and settings\Mikey\IETldCache
2009-04-02 13:39 . 2009-04-02 13:39 <DIR> d-------- c:\program files\Trend Micro
2009-04-02 13:29 . 2009-04-02 13:29 <DIR> d-------- c:\program files\ERUNT
2009-03-30 23:45 . 2009-03-30 23:45 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
2009-03-30 23:42 . 2009-03-30 23:42 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Symantec
2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Logitech
2009-03-30 02:46 . 2009-03-30 02:46 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Jasc Software Inc
2009-03-30 00:38 . 2009-03-30 00:38 <DIR> d--h----- c:\documents and settings\jasmine\Application Data\GTek
2009-03-30 00:38 . 2009-03-30 00:38 <DIR> d-------- c:\documents and settings\jasmine\Application Data\5400 Series
2009-03-30 00:34 . 2009-03-30 00:34 <DIR> d--hs---- c:\documents and settings\jasmine\IETldCache
2009-03-30 00:31 . 2005-06-06 07:04 <DIR> d-------- c:\documents and settings\jasmine\Application Data\Creative
2009-03-30 00:31 . 2009-03-30 23:03 <DIR> d-------- c:\documents and settings\jasmine
2009-03-29 21:13 . 2009-03-29 21:13 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-29 17:52 . 2009-03-29 17:52 <DIR> d--hs---- c:\documents and settings\Patty\PrivacIE
2009-03-29 17:52 . 2009-03-29 17:52 <DIR> d--hs---- c:\documents and settings\Patty\IECompatCache
2009-03-29 12:32 . 2009-03-29 12:32 <DIR> d--hs---- c:\documents and settings\Patty\IETldCache
2009-03-29 11:38 . 2009-03-28 23:58 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-29 02:16 . 2009-03-29 02:16 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-28 23:52 . 2009-03-28 23:52 <DIR> d--hs---- c:\documents and settings\Steve\IECompatCache
2009-03-28 23:49 . 2009-03-30 02:46 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-28 22:31 . 2009-03-28 22:31 <DIR> d--hs---- c:\documents and settings\Steve\PrivacIE
2009-03-28 21:25 . 2009-03-28 21:25 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-03-28 17:18 . 2009-03-28 17:18 <DIR> d--hs---- c:\documents and settings\Steve\IETldCache
2009-03-28 16:36 . 2009-03-30 01:44 <DIR> d--h-c--- c:\windows\ie8
2009-03-25 13:20 . 2009-03-25 13:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-25 13:09 . 2009-03-25 13:09 <DIR> d-------- c:\documents and settings\Steve\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-03-24 01:28 . 2009-03-29 23:59 <DIR> d-------- c:\program files\Lavasoft
2009-03-24 01:28 . 2009-03-29 23:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-22 03:29 . 2009-03-24 01:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-22 03:29 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-21 15:02 . 2009-03-24 01:25 <DIR> d-------- c:\documents and settings\Patty\Application Data\Winamp
2009-03-21 13:31 . 2009-03-24 01:29 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 00:47 --------- d-----w c:\program files\Lx_cats
2009-03-08 21:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 21:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 11:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 11:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 11:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 11:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 11:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 11:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 11:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 11:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 11:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 11:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 11:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 11:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 11:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 11:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 11:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 11:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 11:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 11:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 11:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 11:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 11:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 11:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-02 05:36 --------- d-----w c:\program files\Google
2009-02-23 01:59 --------- d-----w c:\documents and settings\Patty\Application Data\AOL
2009-02-14 05:30 --------- d-----w c:\documents and settings\Patty\Application Data\Viewpoint
2009-02-11 21:01 --------- d--h--w c:\documents and settings\Patty\Application Data\GTek
2009-02-11 20:58 --------- d-----w c:\documents and settings\Patty\Application Data\Logitech
2009-02-11 20:58 --------- d-----w c:\documents and settings\Patty\Application Data\5400 Series
2009-02-10 23:16 --------- d-----w c:\documents and settings\Mikey\Application Data\5400 Series
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-08 01:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-08 01:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
2009-01-08 01:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-08 01:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-08 01:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-08 01:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2009-01-08 01:20 23,552 ----a-w c:\windows\system32\normaliz(2)(2).dll
2009-01-08 01:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll
2009-01-08 01:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll
2009-01-08 01:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll
2008-09-13 13:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-03_13.59.20.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\4-4-2009\ERDNT.EXE
+ 2009-04-05 06:58:16 9,306,112 ----a-w c:\windows\ERDNT\AutoBackup\4-4-2009\Users\00000001\ntuser.dat
+ 2009-04-05 06:58:18 3,338,240 ----a-w c:\windows\ERDNT\AutoBackup\4-4-2009\Users\00000002\UsrClass.dat
- 2009-04-03 20:01:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-05 18:36:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-03 20:01:15 245,760 --sha-w c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-04-05 18:36:55 245,760 --sha-w c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-04-03 20:01:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-05 18:36:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-03 20:01:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-05 18:36:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-03 20:45:13 215,468 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-04-04 06:39:13 215,464 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-02-03 02:15:28 3,771,296 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:30 240,544 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-04-05 08:06:14 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-04-04 06:36:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_938.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1118558958\ee\AOLSoftware.exe" [2008-06-24 41824]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 53248]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-28 515416]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-07-15 34880]

c:\documents and settings\Mikey\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [2008-11-29 1587]

c:\documents and settings\Patty\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [2009-02-23 1587]

c:\documents and settings\Steve\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.lsvx"= c:\windows\system32\lsvxdec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup=c:\windows\pss\dlbcserv.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Steve^Start Menu^Programs^Startup^BOINC Manager.lnk]
path=c:\documents and settings\Steve\Start Menu\Programs\Startup\BOINC Manager.lnk
backup=c:\windows\pss\BOINC Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 05:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2005-05-31 05:33 122941 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2007-03-19 05:58 82864 c:\program files\Lexmark 5400 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 14:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
--a------ 2006-07-12 22:22 57344 c:\program files\Lexmark 1200 Series\lxczbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-12 07:25 11776 c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-10 20:58 7286784 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-01-10 20:58 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 03:52 36975 c:\program files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-10 23:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-10 20:58 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2004-06-10 14:51 60928 c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"lxct_device"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"DSBrokerService"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"=c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CTSysVol"=c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" /s
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe"
"LXCTCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe"
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe"
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1118558958\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1118558958\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 gupdate1c99af84045d9ba;Google Update Service (gupdate1c99af84045d9ba);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S2 PDRJNDL;PDRJNDL;\??\g:\data\WORK\VitaGen\Vgen Docs\Dek\PDL\PDRJNDL.SYS --> g:\data\WORK\VitaGen\Vgen Docs\Dek\PDL\PDRJNDL.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\start.exe welcome.dbd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-28 23:56]

2009-04-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 22:31]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-03-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-04-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-04-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\download.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\wkhqaxag.default\
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 13:22:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(280)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-04-05 13:27:04
ComboFix-quarantined-files.txt 2009-04-05 20:25:51
ComboFix2.txt 2009-04-03 21:02:43

Pre-Run: 37,769,293,824 bytes free
Post-Run: 37,743,800,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

638 --- E O F --- 2009-04-03 03:32:19
 
HijackThis Log 4-5-09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:18 PM, on 4/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118558958\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121835894750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208355050890
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Update Service (gupdate1c99af84045d9ba) (gupdate1c99af84045d9ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 7814 bytes
 
problem back

The problem is back where I can't launched programs. I get a system message saying the program has encountered a problem and must close. :sad:

This just started after following your last instructions.
 
Well it might not be malware related issue.

Which programs you are unable to launch?
 
launch problem

That has been a source of confusion: not knowing if the virus/malware is shutting programs down, or if there is something wrong with windows.

To answer your question, most all programs that I try to start will launch, then immediately close. One exception is Foxfire. However, many programs that wont launch in normal mode, will launch in safe mode.

However...:alien: I downloaded and installed that program windows said I needed.... .net framework 2.0 and also its latest patch #3. And now everything seems to be working okay again!

So hopefully, this was the problem.
 
Great :)

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
 
where we left off

Several posts back, you asked me to paste the code box text into ComboFix.

I did this and posted the new Combofix and HJT logs.
 
downloaded Kaspersky, about to scan

Shaba said:
Great :)


[*]It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
[*]When the downloads have finished, click on Settings.
[*]Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
[*]Click on My Computer under Scan.
[*]Once the scan is complete, it will display the results. Click on View Scan Report.
[*]You will see a list of infected items there. Click on Save Report As....
[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
[*]Please post this log in your next reply along with a fresh HijackThis log.[/list]

If you need a tutorial, see here
Click to expand...

I wasnt prompted to run/install a program.

Under settings, I see:
Detect malicious programs of the following categories:
Viruses, Worms, Trojan Horses, Rootkits
Spyware, Adware, Dialers, and other potentially dangerous programs
Scan compound files (doesn't apply to the File scan area):
Archives
Mail databases

All are ticked, except the first line (Viruses, ...) is gray ticked.

Should I scan "critical areas" or just "My Computer"?
 
scan is running

Ok, I have "my computer" scanning. Its at 8% after an hour and 20 min. Going to take a while.

Another problem: when i type, letters start reversing order. what is this?
 
You must log in or register to reply here.
Back
Top