PC Logs off instantly on Log on

M

Modman_4

New member
Hi. I am typing from my work about my home computer. A few weeks ago I let my daughter do some online job-hunting on my home computer and ever since then it has been acting generally slow. In Window Explorer it would take a very long time to display files, let alone act upon them. The first thing I did was to try Housecall but it would hang on me -- it would say my Java environment wasn't enabled or installed, or to try the browser option would pop up an error message that wouldn't go away (eventually locking up the IE window).
So I downloaded HJT and ran a log, but I wouldn't know how to interpret it anyway. However I noticed several items with no company name, and I did notice an extra button listed for "party poker" which I know I don't play. At this point I am thinking my daughter did something involving AIM or Limewire, which I had previously forbidden. I was at work so I wouldn't know...
Anyway, since my Spybot wasn't finding anything, and my CA wasn't finding anything (that is what comes with my Brighthouse account), I decided to try RUBotted, which did nothing except telling me I had a bot, but of course all it did otherwise was want me to download Housecall, which still wasn't working. I had tried version 7 beta but it wasn't finding anything, and so I have been trying to download the previous version, which is the one that refuses to work.
SO. Then I tried AVG and it told me I was infected with trojan.generic13.bxzc or something like that. RUBotted was telling me my userinit.exe was the culprit so then I uploaded it to that site that scans it 7 ways from Sunday and it came back with multiple confirmations. One scanner was recognizing it as that Antispy 2009 thing, so I wouldn't be surprised if something had popped up while my daughter was on, and she just clicked on it. :confused:

So 2 nights ago I downloaded Dr Web and ran it overnight (it must have finished sometime during the day), and erased everything it found. I was able to shut down and restart okay, but RUBotted still was saying I was infected. So I tried Comodo, the security suite. During its startup phase it told me updated virus definitions had been installed but I had to restart the computer for them to take effect. When I clicked okay it did so, but at the same time I had one Windows update that the PC was performing. After that point, I was able to log on and the desktop background came up, but before any icons could appear suddenly I was being logged off without any input from me. I tried this several times, even with the general account I had set up for my daughter, all to no avail. I was effectively locked out of my own computer!

Now, I was able to restart in Safe Mode, and it loaded my desktop icons okay. And I was able to start in safe mode with network so I could go online to search for help. That's how I ended up here, but after reading the pinned do's and don'ts I was afraid to do anything other than to write this intro to my problem(s) here from work, and see if anyone can assist me. I don't think I caused the initial problem, but I am sure I added to it. Any help would be greatly appreciated. Thanks in advance!

By the way, going into safe mode tells me I can't use system restore from there. Is this normal?
 
Hi,

If you select last known good configuration option in boot menu are you able to login successfully in normal mode?
 
Thank you for your assistance, Blade81. Yes that's about the first thing I did when I tried going into Safe Mode was to choose that option, but it still logged me right out on login. So I am in safe-mode land for now lol.

Yesterday just for giggles I tried to see if I could do Housecall in safe mode and it let me do that. It did find CRYP_FAKEAV-17 and removed that, whatever that is, but I get the sense that wasn't what was going on in the first place. That also means I was able to launch the Java version in safe mode, whereas before it wouldn't let me do that in normal mode.

I am wondering if loading and updating the Comodo Internet Security thing didn't somehow clash with the Windows update to bring about my current situation. All I had before was the CA software, remnants of the Norton that I had long ago, and Spybot. Is it wise for me to even have AVG, Comodo and Process Guard running? Perhaps they are clashing with each other and/or the CA stuff...
 
Hi,

You should have one antivirus installed and running only.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
 
Well I did the first part and removed just about everything I could find, except for my CA Security and Spybot, of course. I even went into Windows Explorer and deleted the related folders, and did a reboot. Just for fun I tried coming up into my normal mode and that works now (no surprise lol). The only things were that I had to reinstate my desktop background, and every time the PC starts now it says it can't find C:\Program

Now I was able to download DDS.scr, but when I double-click it, it just brings up the code in notepad. As far as I know, I did disable teatimer and the real-time CA scanner, but I still can't get the script file to run. It just comes up with the box asking if I really want to run it, and when I click yes it opens up notepad. There aren't any 2 text files produced, and it looks like the program code.

By the way, I also meant to mention before, that whenever I start up, there are several temporary files in my temp folder that I can't get rid of because they are "in use". That was another sign to me that something seems off with my PC.

Anyway, I'll try again with the 3rd link but I don't think I'll be able to get this dds.scr to run...
 
Well I'll be. The 3rd one worked! Here are the two logs, starting with the DDS.txt:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Andrew Deacon at 21:18:03.56 on Fri 10/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.443 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\CA\CA Internet Security Suite\casecuritycenter.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caav.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {67AAA2B4-6820-58C1-5533-3D3650EEF493} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {EECAFD3F-D032-40C9-BD1D-1C99763BA000} - No File
TB: {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - No File
TB: {03E8C439-48ED-42B5-9168-762A390FFA85} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
uRun: [!1_ProcessGuard_Startup] "c:\program files\processguard\procguard.exe" -minimize
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [77703731] c:\docume~1\alluse~1.win\applic~1\77703731\77703731.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: buzzen.com
Trusted Zone: buzzen.net
Trusted Zone: live.com\login
Trusted Zone: msn.com\www
Trusted Zone: oasiz.net\www
DPF: ChatSpace Full Java Client 4.0.0.320
DPF: Microsoft XML Parser for Java
DPF: Yahoo! Chat
DPF: {0000000A-9980-0010-8000-00AA00389B71}
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02}
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441}
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71}
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4C226336-4032-489F-9674-67E74225979B}
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {50F65670-1729-11D2-A51F-0020AFE5D502}
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://gis.pinellascounty.org/ActiveX/ver6.5/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {737D14F8-4090-11D4-AE0E-0010830243BD}
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\autodesk architectural desktop 3\AcDcToday.ocx
DPF: {7A32634B-029C-4836-A023-528983982A49}
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\autodesk architectural desktop 3\InstBanr.ocx
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\InstFred.ocx
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E87A6788-1D0F-4444-8898-1D25829B6755}
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\AcPreview.ocx
DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746}
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.scn-chat.com/includes/MSNChat45.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/netscape/TrueInstallNetscape.exe
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

=============== Created Last 30 ================

2009-10-16 18:30 739,752 a------- c:\windows\system32\drivers\vetefile.sys
2009-10-16 18:30 133,576 a------- c:\windows\system32\drivers\veteboot.sys
2009-10-12 20:18 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-12 19:42 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\77703731
2009-10-12 18:25 287,744 a------- c:\windows\system32\drivers\sfi.dat
2009-10-11 18:53 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\DoctorWeb
2009-10-11 13:38 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\lmms
2009-10-11 13:37 <DIR> --d----- c:\program files\LMMS 0.4.5
2009-10-10 15:08 <DIR> --d----- c:\docume~1\andrew~1.mai\applic~1\AVG8
2009-10-10 14:54 68,760 a------- c:\windows\system32\pghash.dat
2009-10-10 14:54 134,288 a------- c:\windows\system32\pguard.dat
2009-10-09 18:40 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-03 23:16 <DIR> --d----- c:\program files\CMS
2009-10-02 19:21 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-27 07:22 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-09-27 07:22 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\log
2009-09-26 10:55 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\Tracing
2009-09-26 10:52 <DIR> --dsh--- c:\documents and settings\andrew deacon.main-computer\PrivacIE

==================== Find3M ====================

2009-10-16 20:45 636,182 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-10-16 20:45 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-10-16 20:45 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-10-16 20:45 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-10-16 20:45 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-10-16 20:45 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-10-16 20:45 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-10-16 20:45 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
1997-06-23 13:06 287,504 a--sh--- c:\windows\system32\Msxbse35.dll
2008-08-19 07:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 21:19:09.32 ===============
 
...and the attach.txt...


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2005 10:28:36 PM
System Uptime: 10/16/2009 8:46:09 PM (1 hours ago)

Motherboard: Intel Corporation | | D945PSN
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | | 2933/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 48.005 GiB free.
D: is FIXED (FAT) - 0 GiB total, 0.178 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_0B0B8086&REV_01\3&61AAA01&0&D8
Manufacturer: Microsoft
Name: Microsoft UAA Bus Driver for High Definition Audio
PNP Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_0B0B8086&REV_01\3&61AAA01&0&D8
Service: HDAudBus

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_108B&SUBSYS_30918086&REV_03\4&6C79FC5&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_108B&SUBSYS_30918086&REV_03\4&6C79FC5&0&00E0
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


AAA Map'n'Go 2.0
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.1.0
Adobe Shockwave Player
AEC Details 3
American Greetings Print! Premium 1.00
American Greetings® Art & More Store
AnswerWorks Runtime
AOL Instant Messenger
AutoCAD 2000
AutoCAD 2004
AutoCAD Express Tools Volumes 1-9
Autodesk Architectural Desktop 3.3
Autodesk Express Viewer
Autodesk Learning Assistance
Buzzsaw.com Plans & Specs Publishing Tools
CA Anti-Spam
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Personal Firewall
ccCommon
CCHelp
CCScore
CMS XPandy
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Deadly Dozen 2: Pacific Theater
Deluxe Bible Collection
Dust: A Tale of the Wired West
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
ESSvpaht
ESSvpot
GCN
Greatest Inventions 2NI
Highlight Viewer (Windows Live Toolbar)
HLPIndex
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 16
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
kSolo Recorder
KSU
Languages of the World V4 Disk 1
LEGO Creator
LeoCAD
Linux MultiMedia Studio (LMMS)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
Map Button (Windows Live Toolbar)
MathPlayer
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chat 2.5
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft GIF Animator
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Picture It! Express 7.0
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
My Wal-Mart Digital Photo Center
MySpaceIM
netbrdg
Notifier
NVIDIA Drivers
OfotoXMI
OpenOffice.org 2.4
OTtBP
OTtBPSDK
PCDADDIN
PCDHELP
Precision Mapping Quick Finder 3.0
Precision Mapping Quick Finder 3.0
Punch! 5 in 1 Home Design
Return to Castle Wolfenstein
Rhapsody Player Engine
RollerCoaster Tycoon
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SFR
SFR2
SHASTA
Shockwave
SKIN0001
SKINXSDK
Smart Menus (Windows Live Toolbar)
Sound Blaster Live! 24-bit
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
staticcr
The Bible Collection Installer
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
Volo View Express
VPRINTOL
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {75443B88-BA06-4800-83FE-D52CD240E7AC}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {B8417502-7095-4D02-AF41-92134CEA5ED0}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {8449273F-059F-4B7C-BF37-2E3C028E93D2}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {5EBFD120-E4FE-46C5-8E21-05D903BAAEEC}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {F974178A-A284-440A-BEFC-5B0D11BCDB68}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
10/12/2009 7:41:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
10/12/2009 7:27:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cmdGuard Fips intelppm KmxAgent KmxFile KmxFw KmxStart VET-FILT VET-REC VETEFILE VETMONNT
10/12/2009 6:57:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cmdGuard Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip VET-FILT VET-REC VETEFILE VETMONNT
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/12/2009 6:57:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/12/2009 6:56:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

==== End Of File ===========================
 
Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Good morning. I have installed the recovery console and downloaded and run the ComboFix. The report is attached herewith. The new DDS log to follow...

ComboFix 09-10-16.09 - Andrew Deacon 10/17/2009 7:59.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.520 [GMT -4:00]
Running from: c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Desktop\Security Tool.lnk
c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\My Documents\OldReg.reg
c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Start Menu\Programs\Security Tool.lnk
c:\recycler\S-1-5-21-3683679437-4097411637-2529006832-1005
c:\windows\Installer\130727a.msi
c:\windows\MailSwitch.ocx
c:\windows\system32\Data
c:\windows\system32\Ijl11.dll
c:\windows\winhelp.ini

----- BITS: Possible infected sites -----

hxxp://banksguard com
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.

2009-10-16 22:30 . 2009-10-16 22:30 739752 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-16 22:30 . 2009-10-16 22:30 133576 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-16 22:11 . 2009-10-16 22:11 -------- d-----w- c:\documents and settings\Administrator.MAIN-COMPUTER\Application Data\Malwarebytes
2009-10-15 11:38 . 2009-10-15 22:49 -------- d-----w- c:\documents and settings\Administrator.MAIN-COMPUTER\.housecall6.6
2009-10-13 23:37 . 2009-10-13 23:37 -------- d-----w- c:\documents and settings\Administrator.MAIN-COMPUTER\Tracing
2009-10-13 00:18 . 2009-10-15 22:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-12 23:42 . 2009-10-15 13:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\77703731
2009-10-12 22:59 . 2009-10-12 22:59 -------- d-sh--w- c:\documents and settings\Administrator.MAIN-COMPUTER\IECompatCache
2009-10-12 22:59 . 2009-10-12 22:59 -------- d-sh--w- c:\documents and settings\Administrator.MAIN-COMPUTER\PrivacIE
2009-10-12 22:25 . 2009-10-15 22:20 287744 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-10-11 22:53 . 2009-10-11 23:09 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\DoctorWeb
2009-10-11 17:38 . 2009-10-11 17:38 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\lmms
2009-10-11 17:37 . 2009-10-11 17:37 -------- d-----w- c:\program files\LMMS 0.4.5
2009-10-10 19:08 . 2009-10-10 19:08 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Application Data\AVG8
2009-10-10 18:54 . 2009-10-15 22:16 68760 ----a-w- c:\windows\system32\pghash.dat
2009-10-10 18:54 . 2009-10-12 22:19 134288 ----a-w- c:\windows\system32\pguard.dat
2009-10-09 22:40 . 2009-10-09 22:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-04 03:16 . 2009-10-04 03:16 -------- d-----w- c:\program files\CMS
2009-10-02 23:21 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 21:16 . 2009-09-30 21:16 -------- d-sh--w- c:\documents and settings\Others\PrivacIE
2009-09-27 11:22 . 2009-10-15 11:38 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-27 11:22 . 2009-09-27 11:22 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\log
2009-09-26 15:32 . 2009-09-26 15:32 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Application Data\InstallShield
2009-09-26 14:55 . 2009-10-10 15:26 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Tracing
2009-09-26 14:52 . 2009-09-26 14:52 -------- d-sh--w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 12:09 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-10-17 12:09 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-10-17 12:09 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-10-17 12:09 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-10-17 12:09 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-10-17 12:09 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-10-17 12:09 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-10-17 12:09 . 2007-09-30 03:53 637702 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-10-13 07:55 . 2005-12-18 03:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-10 13:39 . 2008-02-29 00:59 -------- d-----w- c:\program files\Windows Live
2009-10-09 22:40 . 2006-01-31 23:11 -------- d-----w- c:\program files\Java
2009-10-04 16:52 . 2005-12-26 16:32 -------- d-----w- c:\program files\Autodesk Architectural Desktop 3
2009-10-04 03:17 . 2005-12-18 03:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 22:16 . 2009-03-18 00:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 14:31 . 2005-12-29 04:25 67888 ----a-w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 02:56 . 2009-08-22 02:56 -------- d-----w- c:\program files\MSBuild
2009-08-22 02:56 . 2009-08-22 02:56 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
1997-06-23 17:06 . 1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-01-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-08-01 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-09-30 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-10-16 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-09 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-01-10 1490944]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperBasic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Utility"=Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\CChat25.inf,PerUserAdd.NT
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\CAAntiSpywareScan_Daily as Andrew Deacon at 8 37 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]

2009-09-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 18:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: buzzen.com
Trusted Zone: buzzen.net
Trusted Zone: live.com\login
Trusted Zone: msn.com\www
Trusted Zone: oasiz.net\www
DPF: ChatSpace Full Java Client 4.0.0.320
DPF: Microsoft XML Parser for Java
DPF: Yahoo! Chat
DPF: {0000000A-9980-0010-8000-00AA00389B71}
DPF: {33564D57-9980-0010-8000-00AA00389B71}
DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746}
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{67AAA2B4-6820-58C1-5533-3D3650EEF493} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{EECAFD3F-D032-40C9-BD1D-1C99763BA000} - (no file)
Toolbar-{03E8C439-48ED-42B5-9168-762A390FFA85} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-!1_ProcessGuard_Startup - c:\program files\ProcessGuard\procguard.exe
HKLM-Run-77703731 - c:\docume~1\ALLUSE~1.WIN\APPLIC~1\77703731\77703731.exe
Notify-avgrsstarter - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 08:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-287218729-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
.
**************************************************************************
.
Completion time: 2009-10-17 8:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-17 12:28

Pre-Run: 51,182,559,232 bytes free
Post-Run: 51,185,872,896 bytes free

246 --- E O F --- 2009-10-17 01:41
 
The DDS.tx file:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Andrew Deacon at 8:41:44.04 on Sat 10/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.516 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\explorer.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: buzzen.com
Trusted Zone: buzzen.net
Trusted Zone: live.com\login
Trusted Zone: msn.com\www
Trusted Zone: oasiz.net\www
DPF: ChatSpace Full Java Client 4.0.0.320
DPF: Microsoft XML Parser for Java
DPF: Yahoo! Chat
DPF: {0000000A-9980-0010-8000-00AA00389B71}
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02}
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441}
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71}
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {50F65670-1729-11D2-A51F-0020AFE5D502}
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://gis.pinellascounty.org/ActiveX/ver6.5/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {737D14F8-4090-11D4-AE0E-0010830243BD}
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\autodesk architectural desktop 3\AcDcToday.ocx
DPF: {7A32634B-029C-4836-A023-528983982A49}
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\autodesk architectural desktop 3\InstBanr.ocx
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\InstFred.ocx
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E87A6788-1D0F-4444-8898-1D25829B6755}
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\AcPreview.ocx
DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746}
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.scn-chat.com/includes/MSNChat45.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/netscape/TrueInstallNetscape.exe
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

=============== Created Last 30 ================

2009-10-17 07:57 236,544 a------- c:\windows\PEV.exe
2009-10-17 07:57 161,792 a------- c:\windows\SWREG.exe
2009-10-17 07:57 98,816 a------- c:\windows\sed.exe
2009-10-17 07:40 <DIR> a-dshr-- C:\cmdcons
2009-10-17 07:40 <DIR> --d----- c:\windows\setup.pss
2009-10-17 07:38 <DIR> --d----- c:\windows\setupupd
2009-10-16 18:30 739,752 a------- c:\windows\system32\drivers\vetefile.sys
2009-10-16 18:30 133,576 a------- c:\windows\system32\drivers\veteboot.sys
2009-10-12 20:18 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-12 19:42 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\77703731
2009-10-12 18:25 287,744 a------- c:\windows\system32\drivers\sfi.dat
2009-10-11 18:53 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\DoctorWeb
2009-10-11 13:38 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\lmms
2009-10-11 13:37 <DIR> --d----- c:\program files\LMMS 0.4.5
2009-10-10 15:08 <DIR> --d----- c:\docume~1\andrew~1.mai\applic~1\AVG8
2009-10-10 14:54 68,760 a------- c:\windows\system32\pghash.dat
2009-10-10 14:54 134,288 a------- c:\windows\system32\pguard.dat
2009-10-09 18:40 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-03 23:16 <DIR> --d----- c:\program files\CMS
2009-10-02 19:21 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-27 07:22 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-09-27 07:22 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\log
2009-09-26 10:55 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\Tracing
2009-09-26 10:52 <DIR> --dsh--- c:\documents and settings\andrew deacon.main-computer\PrivacIE

==================== Find3M ====================

2009-10-17 08:09 637,702 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-10-17 08:09 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-10-17 08:09 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-10-17 08:09 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-10-17 08:09 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-10-17 08:09 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-10-17 08:09 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-10-17 08:09 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 04:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
1997-06-23 13:06 287,504 a--sh--- c:\windows\system32\Msxbse35.dll
2008-08-19 07:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 8:42:22.46 ===============
 
...and the attach.txt file in case you wanted that also:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2005 10:28:36 PM
System Uptime: 10/17/2009 8:10:51 AM (0 hours ago)

Motherboard: Intel Corporation | | D945PSN
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | | 2933/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 47.707 GiB free.
D: is FIXED (FAT) - 0 GiB total, 0.178 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_0B0B8086&REV_01\3&61AAA01&0&D8
Manufacturer: Microsoft
Name: Microsoft UAA Bus Driver for High Definition Audio
PNP Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_0B0B8086&REV_01\3&61AAA01&0&D8
Service: HDAudBus

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_108B&SUBSYS_30918086&REV_03\4&6C79FC5&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_108B&SUBSYS_30918086&REV_03\4&6C79FC5&0&00E0
Service:

==== System Restore Points ===================

RP1: 10/17/2009 7:57:50 AM - System Checkpoint

==== Installed Programs ======================


AAA Map'n'Go 2.0
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.1.0
Adobe Shockwave Player
AEC Details 3
American Greetings Print! Premium 1.00
American Greetings® Art & More Store
AnswerWorks Runtime
AOL Instant Messenger
AutoCAD 2000
AutoCAD 2004
AutoCAD Express Tools Volumes 1-9
Autodesk Architectural Desktop 3.3
Autodesk Express Viewer
Autodesk Learning Assistance
Buzzsaw.com Plans & Specs Publishing Tools
CA Anti-Spam
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Personal Firewall
ccCommon
CCHelp
CCScore
CMS XPandy
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Deadly Dozen 2: Pacific Theater
Deluxe Bible Collection
Dust: A Tale of the Wired West
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
ESSvpaht
ESSvpot
GCN
Greatest Inventions 2NI
Highlight Viewer (Windows Live Toolbar)
HLPIndex
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 16
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
kSolo Recorder
KSU
Languages of the World V4 Disk 1
LEGO Creator
LeoCAD
Linux MultiMedia Studio (LMMS)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
Map Button (Windows Live Toolbar)
MathPlayer
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chat 2.5
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft GIF Animator
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Picture It! Express 7.0
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
My Wal-Mart Digital Photo Center
MySpaceIM
netbrdg
Notifier
NVIDIA Drivers
OfotoXMI
OpenOffice.org 2.4
OTtBP
OTtBPSDK
PCDADDIN
PCDHELP
Precision Mapping Quick Finder 3.0
Precision Mapping Quick Finder 3.0
Punch! 5 in 1 Home Design
Return to Castle Wolfenstein
Rhapsody Player Engine
RollerCoaster Tycoon
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
SFR
SFR2
SHASTA
Shockwave
SKIN0001
SKINXSDK
Smart Menus (Windows Live Toolbar)
Sound Blaster Live! 24-bit
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
staticcr
The Bible Collection Installer
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
Volo View Express
VPRINTOL
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/17/2009 8:03:06 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 960000 milliseconds: Restart the service.
10/17/2009 7:58:54 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/17/2009 7:58:31 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/17/2009 7:58:31 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {75443B88-BA06-4800-83FE-D52CD240E7AC}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {B8417502-7095-4D02-AF41-92134CEA5ED0}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {8449273F-059F-4B7C-BF37-2E3C028E93D2}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {5EBFD120-E4FE-46C5-8E21-05D903BAAEEC}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {F974178A-A284-440A-BEFC-5B0D11BCDB68}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
10/12/2009 7:41:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
10/12/2009 7:27:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cmdGuard Fips intelppm KmxAgent KmxFile KmxFw KmxStart VET-FILT VET-REC VETEFILE VETMONNT
10/12/2009 6:57:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cmdGuard Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip VET-FILT VET-REC VETEFILE VETMONNT
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/12/2009 6:57:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/12/2009 6:56:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}

==== End Of File ===========================
 
Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Folder::
c:\docume~1\alluse~1.win\applic~1\77703731
DDS::
BHO: {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - No File
TB: {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000000


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Uninstall these outdated Javas:
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5




Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed enable the Java add-ons in IE7. Do that using manage add-ons from the IE7 toolbar.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
I made the text file and pulled it into the ComboFix. The results are here. The rest to follow:

ComboFix 09-10-16.09 - Andrew Deacon 10/17/2009 13:40.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.447 [GMT -4:00]
Running from: c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1.win\applic~1\77703731

.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.

2009-10-16 22:30 . 2009-10-16 22:30 739752 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-16 22:30 . 2009-10-16 22:30 133576 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-16 22:11 . 2009-10-16 22:11 -------- d-----w- c:\documents and settings\Administrator.MAIN-COMPUTER\Application Data\Malwarebytes
2009-10-15 11:38 . 2009-10-15 22:49 -------- d-----w- c:\documents and settings\Administrator.MAIN-COMPUTER\.housecall6.6
2009-10-13 23:37 . 2009-10-13 23:37 -------- d-----w- c:\documents and settings\Administrator.MAIN-COMPUTER\Tracing
2009-10-13 00:18 . 2009-10-15 22:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-12 22:59 . 2009-10-12 22:59 -------- d-sh--w- c:\documents and settings\Administrator.MAIN-COMPUTER\IECompatCache
2009-10-12 22:59 . 2009-10-12 22:59 -------- d-sh--w- c:\documents and settings\Administrator.MAIN-COMPUTER\PrivacIE
2009-10-12 22:25 . 2009-10-15 22:20 287744 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-10-11 22:53 . 2009-10-11 23:09 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\DoctorWeb
2009-10-11 17:38 . 2009-10-11 17:38 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\lmms
2009-10-11 17:37 . 2009-10-11 17:37 -------- d-----w- c:\program files\LMMS 0.4.5
2009-10-10 19:08 . 2009-10-10 19:08 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Application Data\AVG8
2009-10-10 18:54 . 2009-10-15 22:16 68760 ----a-w- c:\windows\system32\pghash.dat
2009-10-10 18:54 . 2009-10-12 22:19 134288 ----a-w- c:\windows\system32\pguard.dat
2009-10-09 22:40 . 2009-10-09 22:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-04 03:16 . 2009-10-04 03:16 -------- d-----w- c:\program files\CMS
2009-10-02 23:21 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 21:16 . 2009-09-30 21:16 -------- d-sh--w- c:\documents and settings\Others\PrivacIE
2009-09-27 11:22 . 2009-10-15 11:38 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-27 11:22 . 2009-09-27 11:22 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\log
2009-09-26 15:32 . 2009-09-26 15:32 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Application Data\InstallShield
2009-09-26 14:55 . 2009-10-10 15:26 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Tracing
2009-09-26 14:52 . 2009-09-26 14:52 -------- d-sh--w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-17 13:30 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-10-17 13:30 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-10-17 13:30 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-10-17 13:30 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-10-17 13:30 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-10-17 13:30 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-10-17 13:30 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-10-17 13:30 . 2007-09-30 03:53 639222 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-10-13 07:55 . 2005-12-18 03:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-10 13:39 . 2008-02-29 00:59 -------- d-----w- c:\program files\Windows Live
2009-10-09 22:40 . 2006-01-31 23:11 -------- d-----w- c:\program files\Java
2009-10-04 16:52 . 2005-12-26 16:32 -------- d-----w- c:\program files\Autodesk Architectural Desktop 3
2009-10-04 03:17 . 2005-12-18 03:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 22:16 . 2009-03-18 00:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 14:31 . 2005-12-29 04:25 67888 ----a-w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 02:56 . 2009-08-22 02:56 -------- d-----w- c:\program files\MSBuild
2009-08-22 02:56 . 2009-08-22 02:56 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
1997-06-23 17:06 . 1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-01-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-08-01 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-09-30 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-10-16 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-09 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-01-10 1490944]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Utility"=Logi_MwX.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\CChat25.inf,PerUserAdd.NT
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\CAAntiSpywareScan_Daily as Andrew Deacon at 8 37 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]

2009-09-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 18:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: buzzen.com
Trusted Zone: buzzen.net
Trusted Zone: live.com\login
Trusted Zone: msn.com\www
Trusted Zone: oasiz.net\www
DPF: ChatSpace Full Java Client 4.0.0.320
DPF: Microsoft XML Parser for Java
DPF: Yahoo! Chat
DPF: {0000000A-9980-0010-8000-00AA00389B71}
DPF: {33564D57-9980-0010-8000-00AA00389B71}
DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 13:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-287218729-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1276)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(1512)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-17 13:52
ComboFix-quarantined-files.txt 2009-10-17 17:52
ComboFix2.txt 2009-10-17 12:28

Pre-Run: 51,197,136,896 bytes free
Post-Run: 51,160,567,808 bytes free

196 --- E O F --- 2009-10-17 01:41
 
Okay here's the Kap scan...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 17, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 17, 2009 18:20:56
Records in database: 3017191
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 159598
Threats found: 5
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 03:06:46


File name / Threat / Threats count
C:\Documents and Settings\Administrator.MAIN-COMPUTER\.housecall6.6\Quarantine\77703731.exe.bac_a00200 Infected: Trojan.Win32.FraudPack.vxk 1
C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-5fbe2cb0 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-24a45ae3.zip Infected: Exploit.Java.Gimsh.b 1
C:\Doors\Downloaded Program Files\naughtycams.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic 1
C:\Doors\Downloaded Program Files\uloader.dll Infected: Trojan-Downloader.Win32.Xatl.c 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir Infected: Trojan.Win32.Vilsel.yb 1
C:\System Volume Information\_restore{5FAE1C13-A8A7-43E3-BE9D-ED86F236AECB}\RP1\A0000446.exe Infected: Trojan.Win32.Vilsel.yb 1

Selected area has been scanned.
 
Here's the DDS file:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Andrew Deacon at 17:54:25.60 on Sat 10/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.567 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\DllHost.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: buzzen.com
Trusted Zone: buzzen.net
Trusted Zone: live.com\login
Trusted Zone: msn.com\www
Trusted Zone: oasiz.net\www
DPF: ChatSpace Full Java Client 4.0.0.320
DPF: Microsoft XML Parser for Java
DPF: Yahoo! Chat
DPF: {0000000A-9980-0010-8000-00AA00389B71}
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02}
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441}
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71}
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {50F65670-1729-11D2-A51F-0020AFE5D502}
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://gis.pinellascounty.org/ActiveX/ver6.5/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {737D14F8-4090-11D4-AE0E-0010830243BD}
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\autodesk architectural desktop 3\AcDcToday.ocx
DPF: {7A32634B-029C-4836-A023-528983982A49}
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\autodesk architectural desktop 3\InstBanr.ocx
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\InstFred.ocx
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E87A6788-1D0F-4444-8898-1D25829B6755}
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\AcPreview.ocx
DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746}
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.scn-chat.com/includes/MSNChat45.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/netscape/TrueInstallNetscape.exe
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

=============== Created Last 30 ================

2009-10-17 14:13 <DIR> --d----- c:\windows\system32\Adobe
2009-10-17 07:57 236,544 a------- c:\windows\PEV.exe
2009-10-17 07:57 161,792 a------- c:\windows\SWREG.exe
2009-10-17 07:57 98,816 a------- c:\windows\sed.exe
2009-10-17 07:40 <DIR> a-dshr-- C:\cmdcons
2009-10-17 07:40 <DIR> --d----- c:\windows\setup.pss
2009-10-17 07:38 <DIR> --d----- c:\windows\setupupd
2009-10-16 18:30 739,752 a------- c:\windows\system32\drivers\vetefile.sys
2009-10-16 18:30 133,576 a------- c:\windows\system32\drivers\veteboot.sys
2009-10-12 20:18 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-12 18:25 287,744 a------- c:\windows\system32\drivers\sfi.dat
2009-10-11 18:53 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\DoctorWeb
2009-10-11 13:38 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\lmms
2009-10-11 13:37 <DIR> --d----- c:\program files\LMMS 0.4.5
2009-10-10 15:08 <DIR> --d----- c:\docume~1\andrew~1.mai\applic~1\AVG8
2009-10-10 14:54 68,760 a------- c:\windows\system32\pghash.dat
2009-10-10 14:54 134,288 a------- c:\windows\system32\pguard.dat
2009-10-09 18:40 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-03 23:16 <DIR> --d----- c:\program files\CMS
2009-10-02 19:21 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-27 07:22 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-09-27 07:22 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\log
2009-09-26 10:55 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\Tracing
2009-09-26 10:52 <DIR> --dsh--- c:\documents and settings\andrew deacon.main-computer\PrivacIE

==================== Find3M ====================

2009-10-17 09:30 639,222 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-10-17 09:30 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-10-17 09:30 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-10-17 09:30 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-10-17 09:30 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-10-17 09:30 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-10-17 09:30 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-10-17 09:30 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 04:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
1997-06-23 13:06 287,504 a--sh--- c:\windows\system32\Msxbse35.dll
2008-08-19 07:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 17:55:25.82 ===============
 
...and another attach.txt. I also did all that other stuff you said.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-13.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2005 10:28:36 PM
System Uptime: 10/17/2009 1:27:40 PM (4 hours ago)

Motherboard: Intel Corporation | | D945PSN
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | | 2933/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 47.436 GiB free.
D: is FIXED (FAT) - 0 GiB total, 0.178 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_0B0B8086&REV_01\3&61AAA01&0&D8
Manufacturer: Microsoft
Name: Microsoft UAA Bus Driver for High Definition Audio
PNP Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_0B0B8086&REV_01\3&61AAA01&0&D8
Service: HDAudBus

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_108B&SUBSYS_30918086&REV_03\4&6C79FC5&0&00E0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_108B&SUBSYS_30918086&REV_03\4&6C79FC5&0&00E0
Service:

==== System Restore Points ===================

RP1: 10/17/2009 7:57:50 AM - System Checkpoint
RP2: 10/17/2009 1:58:40 PM - Removed Adobe Reader 7.1.0
RP3: 10/17/2009 2:01:02 PM - Removed J2SE Runtime Environment 5.0 Update 3
RP4: 10/17/2009 2:01:55 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP5: 10/17/2009 2:02:57 PM - Removed Java(TM) 6 Update 5
RP6: 10/17/2009 2:03:49 PM - Removed Java(TM) 6 Update 4
RP7: 10/17/2009 2:04:44 PM - Removed Java(TM) 6 Update 3
RP8: 10/17/2009 2:11:44 PM - Installed Adobe Reader 9.2.

==== Installed Programs ======================


AAA Map'n'Go 2.0
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 9.2
Adobe Shockwave Player 11.5
AEC Details 3
American Greetings Print! Premium 1.00
American Greetings® Art & More Store
AnswerWorks Runtime
AOL Instant Messenger
AutoCAD 2000
AutoCAD 2004
AutoCAD Express Tools Volumes 1-9
Autodesk Architectural Desktop 3.3
Autodesk Express Viewer
Autodesk Learning Assistance
Buzzsaw.com Plans & Specs Publishing Tools
CA Anti-Spam
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Personal Firewall
ccCommon
CCHelp
CCScore
CMS XPandy
Creative MediaSource
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Deadly Dozen 2: Pacific Theater
Deluxe Bible Collection
Dust: A Tale of the Wired West
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
ESSvpaht
ESSvpot
GCN
Greatest Inventions 2NI
Highlight Viewer (Windows Live Toolbar)
HLPIndex
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Java(TM) 6 Update 16
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
kSolo Recorder
KSU
Languages of the World V4 Disk 1
LEGO Creator
LeoCAD
Linux MultiMedia Studio (LMMS)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
Map Button (Windows Live Toolbar)
MathPlayer
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chat 2.5
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft GIF Animator
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Picture It! Express 7.0
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
My Wal-Mart Digital Photo Center
MySpaceIM
netbrdg
Notifier
NVIDIA Drivers
OfotoXMI
OpenOffice.org 2.4
OTtBP
OTtBPSDK
PCDADDIN
PCDHELP
Precision Mapping Quick Finder 3.0
Precision Mapping Quick Finder 3.0
Punch! 5 in 1 Home Design
Return to Castle Wolfenstein
Rhapsody Player Engine
RollerCoaster Tycoon
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
SFR
SFR2
SHASTA
SKIN0001
SKINXSDK
Smart Menus (Windows Live Toolbar)
Sound Blaster Live! 24-bit
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
staticcr
The Bible Collection Installer
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
Volo View Express
VPRINTOL
WebFldrs XP
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/17/2009 8:03:06 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 960000 milliseconds: Restart the service.
10/17/2009 7:58:31 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/17/2009 2:01:40 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
10/17/2009 1:48:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/17/2009 1:39:51 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/16/2009 6:19:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
10/16/2009 6:19:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/16/2009 6:17:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {75443B88-BA06-4800-83FE-D52CD240E7AC}
10/16/2009 6:17:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {B8417502-7095-4D02-AF41-92134CEA5ED0}
10/16/2009 6:17:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {8449273F-059F-4B7C-BF37-2E3C028E93D2}
10/16/2009 6:17:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {5EBFD120-E4FE-46C5-8E21-05D903BAAEEC}
10/16/2009 6:17:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
10/16/2009 6:14:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service PPCtlPriv with arguments "" in order to run the server: {F974178A-A284-440A-BEFC-5B0D11BCDB68}
10/16/2009 6:13:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
10/16/2009 5:40:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cmdGuard Fips intelppm KmxAgent KmxFile KmxFw KmxStart VET-FILT VET-REC VETEFILE VETMONNT
10/12/2009 7:14:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/12/2009 6:57:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cmdGuard Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip VET-FILT VET-REC VETEFILE VETMONNT
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/12/2009 6:57:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================
 
Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\Documents and Settings\Administrator.MAIN-COMPUTER\.housecall6.6\Quarantine\77703731.exe.bac_a00200
C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-5fbe2cb0
C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-24a45ae3.zip
C:\Doors\Downloaded Program Files\naughtycams.exe
C:\Doors\Downloaded Program Files\uloader.dll


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds log.
 
Good morning :alien:
The ComboFix log:

ComboFix 09-10-16.09 - Andrew Deacon 10/18/2009 8:44.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.515 [GMT -4:00]
Running from: c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

FILE ::
"c:\documents and settings\Administrator.MAIN-COMPUTER\.housecall6.6\Quarantine\77703731.exe.bac_a00200"
"c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-5fbe2cb0"
"c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-24a45ae3.zip"
"c:\doors\Downloaded Program Files\naughtycams.exe"
"c:\doors\Downloaded Program Files\uloader.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-5fbe2cb0
c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-24a45ae3.zip
c:\doors\Downloaded Program Files\naughtycams.exe
c:\doors\Downloaded Program Files\uloader.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 )))))))))))))))))))))))))))))))
.

2009-10-17 18:13 . 2009-10-17 18:16 -------- d-----w- c:\windows\system32\Adobe
2009-10-17 18:11 . 2009-10-17 18:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-17 18:09 . 2009-10-17 23:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-10-16 22:30 . 2009-10-16 22:30 739752 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-16 22:30 . 2009-10-16 22:30 133576 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-16 22:11 . 2009-10-16 22:11 -------- d-----w- c:\documents and settings\Administrator.MAIN-COMPUTER\Application Data\Malwarebytes
2009-10-15 11:38 . 2009-10-15 22:49 -------- d-----w- c:\documents and settings\Administrator.MAIN-COMPUTER\.housecall6.6
2009-10-13 23:37 . 2009-10-13 23:37 -------- d-----w- c:\documents and settings\Administrator.MAIN-COMPUTER\Tracing
2009-10-13 00:18 . 2009-10-15 22:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-12 22:59 . 2009-10-12 22:59 -------- d-sh--w- c:\documents and settings\Administrator.MAIN-COMPUTER\IECompatCache
2009-10-12 22:59 . 2009-10-12 22:59 -------- d-sh--w- c:\documents and settings\Administrator.MAIN-COMPUTER\PrivacIE
2009-10-12 22:25 . 2009-10-15 22:20 287744 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-10-11 22:53 . 2009-10-11 23:09 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\DoctorWeb
2009-10-11 17:38 . 2009-10-11 17:38 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\lmms
2009-10-11 17:37 . 2009-10-11 17:37 -------- d-----w- c:\program files\LMMS 0.4.5
2009-10-10 19:08 . 2009-10-10 19:08 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Application Data\AVG8
2009-10-10 18:54 . 2009-10-15 22:16 68760 ----a-w- c:\windows\system32\pghash.dat
2009-10-10 18:54 . 2009-10-12 22:19 134288 ----a-w- c:\windows\system32\pguard.dat
2009-10-09 22:40 . 2009-10-09 22:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-04 03:16 . 2009-10-04 03:16 -------- d-----w- c:\program files\CMS
2009-10-02 23:21 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 21:16 . 2009-09-30 21:16 -------- d-sh--w- c:\documents and settings\Others\PrivacIE
2009-09-27 11:22 . 2009-10-15 11:38 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-27 11:22 . 2009-09-27 11:22 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\log
2009-09-26 15:32 . 2009-09-26 15:32 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Application Data\InstallShield
2009-09-26 14:55 . 2009-10-10 15:26 -------- d-----w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Tracing
2009-09-26 14:52 . 2009-09-26 14:52 -------- d-sh--w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 02:31 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-10-18 02:31 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-10-18 02:31 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-10-18 02:31 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-10-18 02:31 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-10-18 02:31 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-10-18 02:31 . 2007-09-30 03:53 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-10-18 02:31 . 2007-09-30 03:53 639222 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-10-17 18:12 . 2005-12-18 03:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-17 18:05 . 2006-01-31 23:11 -------- d-----w- c:\program files\Java
2009-10-13 07:55 . 2005-12-18 03:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-10 13:39 . 2008-02-29 00:59 -------- d-----w- c:\program files\Windows Live
2009-10-04 16:52 . 2005-12-26 16:32 -------- d-----w- c:\program files\Autodesk Architectural Desktop 3
2009-10-04 03:17 . 2005-12-18 03:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 22:16 . 2009-03-18 00:47 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-22 14:31 . 2005-12-29 04:25 67888 ----a-w- c:\documents and settings\Andrew Deacon.MAIN-COMPUTER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 02:56 . 2009-08-22 02:56 -------- d-----w- c:\program files\MSBuild
2009-08-22 02:56 . 2009-08-22 02:56 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-04 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
1997-06-23 17:06 . 1997-06-23 17:06 287504 --sha-w- c:\windows\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-17_12.23.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-17 18:13 . 2009-10-17 18:13 87618 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
+ 2009-07-31 13:26 . 2009-07-31 13:26 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-07-31 12:54 . 2009-07-31 12:54 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-07-31 13:42 . 2009-07-31 13:42 67000 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2009-10-17 18:12 . 2009-10-17 18:12 21504 c:\windows\Installer\1c3cd1.msi
+ 2009-10-17 18:11 . 2009-10-17 18:11 27648 c:\windows\Installer\1c3cc5.msi
+ 2009-07-31 13:28 . 2009-07-31 13:28 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-07-31 12:54 . 2009-07-31 12:54 132472 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-07-31 13:26 . 2009-07-31 13:26 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-07-31 13:40 . 2009-07-31 13:40 468408 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe
+ 2009-07-31 13:28 . 2009-07-31 13:28 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-07-31 13:26 . 2009-07-31 13:26 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-07-31 12:54 . 2009-07-31 12:54 714752 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-07-31 13:25 . 2009-07-31 13:25 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-07-31 13:41 . 2009-07-31 13:41 206264 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-07-31 13:27 . 2009-07-31 13:27 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-07-31 13:00 . 2009-07-31 13:00 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-07-31 12:54 . 2009-07-31 12:54 1886320 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-07-31 13:04 . 2009-07-31 13:04 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-10-17 18:12 . 2009-10-17 18:12 3940352 c:\windows\Installer\1c3ccb.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-01-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-08-01 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2007-09-30 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-10-16 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-07-31 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-07-31 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-07-31 259312]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-09 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-01-10 1490944]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Logitech Utility"=Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/4/2007 9:23 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:39 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\CChat25.inf,PerUserAdd.NT
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\CAAntiSpywareScan_Daily as Andrew Deacon at 8 37 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]

2009-09-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 18:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: buzzen.com
Trusted Zone: buzzen.net
Trusted Zone: live.com\login
Trusted Zone: msn.com\www
Trusted Zone: oasiz.net\www
DPF: ChatSpace Full Java Client 4.0.0.320
DPF: Microsoft XML Parser for Java
DPF: Yahoo! Chat
DPF: {0000000A-9980-0010-8000-00AA00389B71}
DPF: {33564D57-9980-0010-8000-00AA00389B71}
DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 08:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-842925246-287218729-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1060)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1280)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll
.
Completion time: 2009-10-18 8:56
ComboFix-quarantined-files.txt 2009-10-18 12:56
ComboFix2.txt 2009-10-17 17:52
ComboFix3.txt 2009-10-17 12:28

Pre-Run: 50,893,787,136 bytes free
Post-Run: 50,957,139,968 bytes free

225 --- E O F --- 2009-10-17 01:41
 
The DDS log:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Andrew Deacon at 8:57:11.84 on Sun 10/18/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.461 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Andrew Deacon.MAIN-COMPUTER\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: buzzen.com
Trusted Zone: buzzen.net
Trusted Zone: live.com\login
Trusted Zone: msn.com\www
Trusted Zone: oasiz.net\www
DPF: ChatSpace Full Java Client 4.0.0.320
DPF: Microsoft XML Parser for Java
DPF: Yahoo! Chat
DPF: {0000000A-9980-0010-8000-00AA00389B71}
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02}
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441}
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71}
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {50F65670-1729-11D2-A51F-0020AFE5D502}
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://gis.pinellascounty.org/ActiveX/ver6.5/mgaxctrl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {737D14F8-4090-11D4-AE0E-0010830243BD}
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\autodesk architectural desktop 3\AcDcToday.ocx
DPF: {7A32634B-029C-4836-A023-528983982A49}
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\autodesk architectural desktop 3\InstBanr.ocx
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\InstFred.ocx
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E87A6788-1D0F-4444-8898-1D25829B6755}
DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88}
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\autodesk architectural desktop 3\AcPreview.ocx
DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746}
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://www.scn-chat.com/includes/MSNChat45.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/netscape/TrueInstallNetscape.exe
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-4 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]

=============== Created Last 30 ================

2009-10-17 14:13 <DIR> --d----- c:\windows\system32\Adobe
2009-10-17 07:57 236,544 a------- c:\windows\PEV.exe
2009-10-17 07:57 161,792 a------- c:\windows\SWREG.exe
2009-10-17 07:57 98,816 a------- c:\windows\sed.exe
2009-10-17 07:40 <DIR> a-dshr-- C:\cmdcons
2009-10-17 07:40 <DIR> --d----- c:\windows\setup.pss
2009-10-17 07:38 <DIR> --d----- c:\windows\setupupd
2009-10-16 18:30 739,752 a------- c:\windows\system32\drivers\vetefile.sys
2009-10-16 18:30 133,576 a------- c:\windows\system32\drivers\veteboot.sys
2009-10-12 20:18 664 a------- c:\windows\system32\d3d9caps.dat
2009-10-12 18:25 287,744 a------- c:\windows\system32\drivers\sfi.dat
2009-10-11 18:53 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\DoctorWeb
2009-10-11 13:38 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\lmms
2009-10-11 13:37 <DIR> --d----- c:\program files\LMMS 0.4.5
2009-10-10 15:08 <DIR> --d----- c:\docume~1\andrew~1.mai\applic~1\AVG8
2009-10-10 14:54 68,760 a------- c:\windows\system32\pghash.dat
2009-10-10 14:54 134,288 a------- c:\windows\system32\pguard.dat
2009-10-09 18:40 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-03 23:16 <DIR> --d----- c:\program files\CMS
2009-10-02 19:21 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-27 07:22 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-09-27 07:22 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\log
2009-09-26 10:55 <DIR> --d----- c:\documents and settings\andrew deacon.main-computer\Tracing
2009-09-26 10:52 <DIR> --dsh--- c:\documents and settings\andrew deacon.main-computer\PrivacIE

==================== Find3M ====================

2009-10-17 22:31 639,222 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-10-17 22:31 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-10-17 22:31 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-10-17 22:31 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-10-17 22:31 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-10-17 22:31 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-10-17 22:31 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-10-17 22:31 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 04:08 916,480 -------- c:\windows\system32\wininet.dll
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:20 2,066,048 -------- c:\windows\system32\ntkrnlpa.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
1997-06-23 13:06 287,504 a--sh--- c:\windows\system32\Msxbse35.dll
2008-08-19 07:35 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 8:57:49.96 ===============
 
Looks good :)

Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /u in the runbox and click OK


Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
You must log in or register to reply here.
Back
Top