At first, I noticed that IE no longer worked, although it did work in safe mode. So I updated it to the latest version, yet it still didn't work, now not in safe mode either, reverted it back to the previous version, once more, works in safe mode. Also programs that use IE were affected, such as Steam, the browser it has no longer worked, coming up with the same error page as IE. I scanned using numerous programs, including MBAM, but still had the same problem. Which lead me to install AVG, and after doing that, no browsers worked, Firefox and Opera having worked earlier that day. Though I am unsure as to whether the installation of AVG had anything to do with the other browsers suddenly stopping working. In firefox, the error I got was something along the lines of "Page loaded, but there is no information to display". Also, at one point, my IP address got into a DNSbl, when I wasn't running Tor, two things seeming to think that I was behind a Tor proxy. Now my internet has stopped working completely, even in safe mode. I can see that it is connected, but even programs which need the internet do not work any more, but they did before this. I think it is something to do with the tor proxy, as once I saw "Loading proxy settings", in the bottom left hand corner of IE, as I opened it. As well many programs thinking that I'm behind a firewall, when I have portforwarded and turned off all firewalls. I also tried pinging a domain, on two computers, the inaffected one had 0% packet loss, the one with the virus had 100% packet loss. Now for the logs, obviously, I couldn't do the ESET scan. I also ran the Windows virus scanner, and AFT cleaner.


Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

03/02/2009 10:13:26
mbam-log-2009-02-03 (10-13-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 526334
Time elapsed: 3 hour(s), 11 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kia\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:30 AM, on 03/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vphc700.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Kia\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 38.25.63.10 x.acme.com # x client host
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: (no name) - {8DB6E968-648D-4528-A4C7-54FFDDFF532E} - C:\WINDOWS\system32\atmf.dll (file missing)
O2 - BHO: (no name) - {c5bf49a2-94f3-42bd-f434-3604812c8955} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD08] "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1174511940\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SkypeMate] C:\Program Files\SkypeMate\SkypeMate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: TrayMin.lnk = ?
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pareesa\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CDE58F4-0934-421D-86CB-BE37A5147D5A}: NameServer = 194.168.4.100,194.168.8.100
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ljJDTMfc - ljJDTMfc.dll (file missing)
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartFoxServer PRO 1.6 (SmartFoxServerPRO__1.6) - Unknown owner - C:\Program Files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe
O23 - Service: SmartFoxServer BASIC 1.5 (SmartFoxServer_BASIC_1.5) - Unknown owner - C:\Program Files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Wampp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 9146 bytes


Oh, and I know Tor is on the startup run list, but I just close it when it opens.

Recommended Answers

All 19 Replies

MBA-M is seriously out of date. Update it, run a full scan and remove all that it finds. Post the log it produces in your next reply.

The latest version database can be downloaded from http://www.gt500.org/malwarebytes/database.jsp and saved to a flash drive or something, then installed on the infected pc.

==

You say you have AVG, but I do not see it running? You cannot go around without an AV. A 3rd party firewall is to be seriously considered also.

==

Can you please do the following.

===============

Programs like SUPERAntiSpyware, may interfere with the following fix, so we need to temporarily disable it.

  • Right-click on the SUPERAntiSpyware icon in the system tray.
  • Choose View Control Center... "Preferences/options" button/tab.
  • On the General and Startup...tab, uncheck, "Start SUPERAntiSpyware when Windows starts"
  • click Close to exit.

Don't forget to enable your SUPERAntiSpyware protection, when your computer is clean.


===============

Scan with HijackThis and then place a check next to all the following, if present:


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 38.25.63.10 x.acme.com # x client host

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {8DB6E968-648D-4528-A4C7-54FFDDFF532E} - C:\WINDOWS\system32\atmf.dll (file missing)
O2 - BHO: (no name) - {c5bf49a2-94f3-42bd-f434-3604812c8955} - (no file)

O4 - Global Startup: TrayMin.lnk = ?

O20 - Winlogon Notify: ljJDTMfc - ljJDTMfc.dll (file missing)

O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Don't forget the MBA-M log.

Ah, yeah, I haven't been able to update the database for quite some time, and I uninstalled AVG to see if it would make a difference, didn't change anything. I did have Norton Antivirus, but somehow the virus killed it. I had something like 100 days left of the subscription. It was running at one time, then it started spamming me with its 'help' window, and my computer crashed. After that Norton no longer started up when I turned my computer on, nor could I start it manually.

Oh, and I really appreciate your fast response, I wasn't expecting one so soon, thank you very much for the help. :)

Note: I'll edit this post and update it with the new logs after MBAM has finished scanning.

Ok, all scanned, the problem is exactly the same. I tried to open a webpage while using a manual proxy in firefox, it worked fine then. So there is no problem with my internet connection. Now for the logs.

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

03/02/2009 10:13:26
mbam-log-2009-02-03 (10-13-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 526334
Time elapsed: 3 hour(s), 11 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kia\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.

And the hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:59 PM, on 03/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Kia\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: (no name) - {8DB6E968-648D-4528-A4C7-54FFDDFF532E} - (no file)
O2 - BHO: (no name) - {c5bf49a2-94f3-42bd-f434-3604812c8955} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD08] "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1174511940\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SkypeMate] C:\Program Files\SkypeMate\SkypeMate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pareesa\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CDE58F4-0934-421D-86CB-BE37A5147D5A}: NameServer = 194.168.4.100,194.168.8.100
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartFoxServer PRO 1.6 (SmartFoxServerPRO__1.6) - Unknown owner - C:\Program Files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe
O23 - Service: SmartFoxServer BASIC 1.5 (SmartFoxServer_BASIC_1.5) - Unknown owner - C:\Program Files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Wampp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 8582 bytes

It could not remove O2 - BHO: (no name) - {8DB6E968-648D-4528-A4C7-54FFDDFF532E} - (no file)
O2 - BHO: (no name) - {c5bf49a2-94f3-42bd-f434-3604812c8955} - (no file)
Yes, I did have all other windows closed, only Hijackthis was open, and I tried to remove them multiple times.

The link I provided for MBA-M's updated definitions has version 1714 up. Yours is 1654


Did you close superantispyware? I asked that it be disabled until your pc is clean, but it is still running.

Yes I did close Superantispyware, but the hijackthis log was taken after I had reenabled it. And as for the database version, well I downloaded the update to a USB and installed it on the infected computer, which tells me that the version is 1714.

Edit: Ah, I copied the wrong log, sorry. The right one is

03/02/2009 19:08:25
mbam-log-2009-02-03 (19-08-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 499617
Time elapsed: 5 hour(s), 59 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0001233.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0001282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\uvvlc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\xltp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\vgxgu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\bdxpho.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Are you still having problems?

Well I turned off my router, and modem for 5 minutes, and now I'm back where I was before, everything working except IE, and programs that need it.

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Ok, here are the log files. First the Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:16 PM, on 05/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SmartFoxServerPRO_1.6.2\jre\bin\java.exe
c:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
C:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1174511940\ee\AOLSoftware.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kia\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 133.1.16.172:3128
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD08] "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1174511940\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SkypeMate] C:\Program Files\SkypeMate\SkypeMate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pareesa\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartFoxServer PRO 1.6 (SmartFoxServerPRO__1.6) - Unknown owner - C:\Program Files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe
O23 - Service: SmartFoxServer BASIC 1.5 (SmartFoxServer_BASIC_1.5) - Unknown owner - C:\Program Files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Wampp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 9877 bytes

And the ComboFix log

ComboFix 09-02-04.04 - Kia 2009-02-05 15:11:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.611 [GMT 0:00]
Running from: c:\documents and settings\Kia\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\Kia\Application Data\urlredir.cfg
c:\documents and settings\Kia\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Pareesa\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\winupdates
c:\program files\winupdates\a.zip
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\isgTi19
c:\temp\sanR24
c:\windows\system32\abeeg.ini
c:\windows\system32\agherpus.ini
c:\windows\system32\ahhaiyhw.ini
c:\windows\system32\amqxtpsp.ini
c:\windows\system32\ap
c:\windows\system32\BIhgPXyb.ini
c:\windows\system32\BIhgPXyb.ini2
c:\windows\system32\bkeypadw.ini
c:\windows\system32\bkppcayp.ini
c:\windows\system32\blwvuaoe.ini
c:\windows\system32\bszip.dll
c:\windows\system32\bwkoyxsx.ini
c:\windows\system32\dggPoUvw.ini
c:\windows\system32\dggPoUvw.ini2
c:\windows\system32\dwejrows.ini
c:\windows\system32\efiqkhbu.ini
c:\windows\system32\ejegjnnx.ini
c:\windows\system32\elpmxunn.ini
c:\windows\system32\evgdmrsd.ini
c:\windows\system32\fojrrbwe.ini
c:\windows\system32\fvpcemsa.ini
c:\windows\system32\gjujyafx.ini
c:\windows\system32\hgwwvibw.ini
c:\windows\system32\hnlmqvye.ini
c:\windows\system32\iebhsplh.ini
c:\windows\system32\igcvhyqu.ini
c:\windows\system32\imxxqufx.ini
c:\windows\system32\jipkglws.ini
c:\windows\system32\jybwxufm.ini
c:\windows\system32\kidbijgd.ini
c:\windows\system32\kjkkj.ini2
c:\windows\system32\kpwkaxrq.ini
c:\windows\system32\kqvonuby.ini
c:\windows\system32\lsvpntgx.ini
c:\windows\system32\mbdureod.ini
c:\windows\system32\mdm.exe
c:\windows\system32\mduokfkh.ini
c:\windows\system32\mtifmsps.ini
c:\windows\system32\nfarmypw.ini
c:\windows\system32\nGpxx18
c:\windows\system32\nkspswgq.ini
c:\windows\system32\nmyohash.ini
c:\windows\system32\nnemypjj.ini
c:\windows\system32\nqtss.ini
c:\windows\system32\nqtss.ini2
c:\windows\system32\nvkeqhpt.ini
c:\windows\system32\olttwygc.ini
c:\windows\system32\ooxllcmp.ini
c:\windows\system32\oqxhwoao.ini
c:\windows\system32\oxfkbdje.ini
c:\windows\system32\pmrgdker.ini
c:\windows\system32\prohlksx.ini
c:\windows\system32\pwgbiuer.ini
c:\windows\system32\rphbuhpx.ini
c:\windows\system32\rqaxgtfv.ini
c:\windows\system32\rwywascf.ini
c:\windows\system32\secjdqyf.ini
c:\windows\system32\seerfcid.ini
c:\windows\system32\slhlaqdb.ini
c:\windows\system32\slsjtixl.ini
c:\windows\system32\tgfbjqbi.ini
c:\windows\system32\thrfuvhk.ini
c:\windows\system32\tryswhhi.ini
c:\windows\system32\uttss.ini2
c:\windows\system32\vplremke.ini
c:\windows\system32\weqycior.ini
c:\windows\system32\wermsbsm.ini
c:\windows\system32\wgstrrqg.ini
c:\windows\system32\whthclfg.ini
c:\windows\system32\winlogo.exe
c:\windows\system32\wjkectsc.ini
c:\windows\system32\xfaajayp.ini
c:\windows\system32\ydtqgxtv.ini
c:\windows\system32\ykcjshuq.ini
c:\windows\system32\yodiliys.ini
c:\windows\system32\ystpihji.ini
c:\windows\system32\ytlyumaw.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-04 17:45 . 2009-02-04 17:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-02-02 16:01 . 2009-02-02 16:01 <DIR> d-------- c:\documents and settings\Administrator\Contacts
2009-02-02 15:43 . 2009-02-02 15:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Xfire
2009-02-01 18:05 . 2009-02-05 16:10 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-25 04:21 . 2009-01-25 04:23 <DIR> d-------- c:\documents and settings\Kia\Application Data\GarageGames
2009-01-23 17:31 . 2009-02-05 14:56 <DIR> d-------- c:\documents and settings\Kia\Application Data\tor
2009-01-23 17:28 . 2009-01-23 17:28 <DIR> d-------- c:\program files\Vidalia Bundle
2009-01-23 17:28 . 2009-02-03 19:15 <DIR> d-------- c:\documents and settings\Kia\Application Data\Vidalia
2009-01-23 01:18 . 2009-01-23 01:18 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-01-20 19:06 . 2009-01-20 19:07 <DIR> d-------- c:\documents and settings\Kia\AdobeLicensingFilesBackup
2009-01-16 21:48 . 2009-01-20 21:19 <DIR> d-------- c:\windows\system32\m3V15
2009-01-16 21:48 . 2009-01-16 21:48 <DIR> d-------- c:\temp\tmp90
2009-01-13 17:02 . 2009-01-13 17:05 <DIR> d-------- c:\documents and settings\Kia\Application Data\MozillaControl
2009-01-13 17:01 . 2009-01-13 17:02 <DIR> d-------- c:\program files\Mozilla ActiveX Control v1.7.12
2009-01-13 16:22 . 2009-01-13 16:22 63,488 --a------ c:\windows\system32\shdocvw.oca
2009-01-12 17:51 . 2009-01-31 19:14 <DIR> d-------- c:\program files\VB Decompiler Lite
2009-01-10 19:40 . 2009-01-10 19:40 <DIR> d-------- c:\documents and settings\Kia\Contacts
2009-01-10 18:25 . 2009-01-10 18:25 <DIR> d-------- c:\windows\system32\scripting
2009-01-10 18:25 . 2009-01-10 18:25 <DIR> d-------- c:\windows\system32\en
2009-01-10 18:25 . 2009-01-10 18:25 <DIR> d-------- c:\windows\system32\bits
2009-01-10 18:25 . 2009-01-10 18:25 <DIR> d-------- c:\windows\l2schemas
2009-01-10 18:21 . 2009-01-10 18:25 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-09 20:04 . 2009-01-09 20:04 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-09 06:24 . 2008-04-14 00:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-08 18:32 . 2009-02-05 10:42 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-07 21:07 . 2009-01-07 21:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-07 21:06 . 2009-01-11 17:00 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-07 21:06 . 2009-01-07 21:06 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-07 21:06 . 2009-01-07 21:06 <DIR> d-------- c:\documents and settings\Kia\Application Data\SUPERAntiSpyware.com
2009-01-07 20:47 . 2009-01-07 20:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-06 17:55 . 2009-01-06 18:05 0 --a------ c:\windows\system32\drivers\155fddc6.sys
2009-01-06 17:54 . 2009-01-06 17:54 <DIR> d-------- c:\temp\REX81
2009-01-06 17:54 . 2009-02-01 18:04 <DIR> d-------- c:\program files\Steam
2009-01-06 17:54 . 2009-01-06 17:54 85 --a------ C:\104.bat
2009-01-06 17:54 . 2009-01-16 21:53 2 --a------ C:\-1064231355
2009-01-05 10:02 . 2008-06-10 01:32 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 16:11 --------- d-----w c:\program files\DNA
2009-02-05 16:11 --------- d-----w c:\documents and settings\Kia\Application Data\DNA
2009-02-05 14:52 --------- d-----w c:\program files\mIRC
2009-02-04 21:58 --------- d-----w c:\documents and settings\Kia\Application Data\BitTorrent
2009-02-04 17:56 --------- d-----w c:\program files\Google
2009-02-04 17:31 --------- d-----w c:\documents and settings\Kia\Application Data\Xfire
2009-02-04 17:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-02 15:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-02 15:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-31 16:30 --------- d-----w c:\program files\DIGStream
2009-01-31 08:53 --------- d--h--w c:\documents and settings\Kia\Application Data\ijjigame
2009-01-30 21:05 --------- d-----w c:\documents and settings\Kia\Application Data\Download Manager
2009-01-25 15:45 --------- d-s---w c:\program files\Xfire
2009-01-22 20:55 --------- d-----w c:\program files\Common Files\Adobe
2009-01-20 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-20 19:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-17 20:41 34 ----a-w c:\documents and settings\Kia\jagex_runescape_preferences.dat
2009-01-14 16:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 08:54 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-11 08:54 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-11 08:54 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-11 08:54 --------- d-----w c:\program files\Symantec
2009-01-10 19:39 --------- d-----w c:\program files\MSN Messenger
2009-01-09 17:21 --------- d-----w c:\program files\Common Files\Apple
2009-01-09 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-09 17:08 --------- d-----w c:\program files\SwiftKit
2009-01-02 19:52 --------- d-----w c:\documents and settings\Kia\Application Data\Turbine
2009-01-02 18:25 --------- d-----w c:\program files\Cheat Engine
2009-01-01 08:51 --------- d-----w c:\program files\AdgarTheBarbarian
2009-01-01 04:46 --------- d-----w c:\program files\Java
2009-01-01 03:05 --------- d-----w c:\program files\MSXML 6.0
2008-12-31 05:33 --------- d-----w c:\program files\Windows Resource Kits
2008-12-29 22:19 --------- d-----w c:\program files\MSBuild
2008-12-28 17:00 --------- d-----w c:\program files\Adobe Media Player
2008-12-28 16:53 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-23 21:06 --------- d-----w c:\program files\Web Publish
2008-12-21 18:47 --------- d-----w c:\program files\Opera
2008-12-17 19:15 --------- d-----w c:\documents and settings\Kia\Application Data\Publish Providers
2008-12-15 16:09 --------- d-----w c:\documents and settings\Kia\Application Data\Apple Computer
2008-12-15 16:08 --------- d-----w c:\program files\QuickTime
2008-12-14 13:56 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-13 18:27 --------- d-----w c:\documents and settings\Kia\Application Data\teamspeak2
2008-12-13 17:56 --------- d-----w c:\program files\America's Army Deploy Client
2008-12-13 17:04 --------- d-----w c:\program files\America's Army
2008-12-12 14:58 --------- d-----w c:\program files\DivX
2008-12-12 12:30 --------- d-----w c:\documents and settings\Kia\Application Data\ArcSoft
2008-12-07 15:02 --------- d-----w c:\program files\Crash Overide Trainer
2008-12-07 04:11 --------- d-----w c:\program files\Reference Assemblies
2008-12-06 15:56 --------- d-----w c:\documents and settings\Kia\Application Data\NetMedia Providers
2008-12-06 15:55 --------- d-----w c:\documents and settings\Kia\Application Data\Sony
2008-12-06 15:38 --------- d-----w c:\program files\Vstplugins
2008-12-06 15:38 --------- d-----w c:\program files\Sony
2008-12-06 15:36 --------- d-----w c:\program files\Sony Setup
2008-12-06 15:07 286,720 ----a-w c:\windows\iun506.exe
2008-12-06 15:07 --------- d-----w c:\program files\Mp3 File Editor
2008-11-18 09:19 30 ----a-w c:\documents and settings\Karena\jagex_runescape_preferences.dat
2008-03-21 21:38 22,328 ----a-w c:\documents and settings\Karena\Application Data\PnkBstrK.sys
2008-03-18 15:13 127 ----a-w c:\documents and settings\Karena\3333.bat
2008-03-18 15:12 22,328 ----a-w c:\documents and settings\Pareesa\Application Data\PnkBstrK.sys
2007-01-22 16:55 106 ----a-w c:\program files\piconfig.lx
2006-02-21 16:15 32 ----a-w c:\documents and settings\All Users\hash.dat
2008-06-30 12:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-01-18 10:06 278,528 ----a-w c:\program files\mozilla firefox\components\nsBrowserCmp.dll
2008-05-04 00:00 104 --sha-r c:\windows\system32\AD0E102659.sys
2008-05-04 00:00 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2009-01-21 4033618]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]
"SkypeMate"="c:\program files\SkypeMate\SkypeMate.exe" [2005-05-02 839680]
"msnmsgr"="c:\progra~1\MSNMES~1\msnmsgr.exe" [2007-01-19 5674352]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-09 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"phc700"="c:\windows\vphc700.exe" [2005-02-14 339968]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"HostManager"="c:\program files\Common Files\AOL\1174511940\ee\AOLSoftware.exe" [2006-11-17 50736]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

c:\documents and settings\Pareesa\Start Menu\Programs\Startup\
IMVU.lnk - c:\program files\IMVU\IMVUClient.exe [10/11/2007 6:15:02 PM 40192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VTAgentReboot.exe [10/7/2001 7:11:30 PM 143360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 11:06:00 AM 8944]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05:58 AM 55024]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/10/2007 11:45:04 PM 124832]
R2 SmartFoxServerPRO__1.6;SmartFoxServer PRO 1.6;c:\program files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe [10/17/2006 10:22:50 PM 204800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/31/2008 11:40:21 PM 99376]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06:02 AM 7408]
S0 rtvb;rtvb;c:\windows\system32\drivers\rypna.sys --> c:\windows\system32\drivers\rypna.sys [?]
S1 155fddc6;155fddc6;c:\windows\system32\drivers\155fddc6.sys [1/6/2009 5:55:20 PM 0]
S2 SmartFoxServer_BASIC_1.5;SmartFoxServer BASIC 1.5;c:\program files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe [10/17/2006 10:22:50 PM 204800]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 5:32:00 PM 23888]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [6/30/2007 9:13:29 PM 541696]
S3 XDva012;XDva012;\??\c:\windows\system32\XDva012.sys --> c:\windows\system32\XDva012.sys [?]
S3 XDva013;XDva013;\??\c:\windows\system32\XDva013.sys --> c:\windows\system32\XDva013.sys [?]
S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys --> c:\windows\system32\XDva014.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 4:47:02 PM 149352]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\umenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5106858c-4f1a-11db-b1e2-001150c42d97}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{518be049-505f-11dd-b4f8-001372c3627f}]
\Shell\AutoRun\command - e:\wd_windows_tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 17:45]

2009-01-30 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (DARIUS-Darius Keeley).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2009-01-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Karena.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 05:05]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8DB6E968-648D-4528-A4C7-54FFDDFF532E} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-kddad - c:\windows\SYSTEM32\kddad.exe
MSConfigStartUp-kdppg - c:\windows\SYSTEM32\kdppg.exe


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 133.1.16.172:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Pareesa\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\components\nsBrowserCmp.dll
FF - plugin: c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npssn.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SolidStateNetworks\SolidStateION\npssn.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 16:11:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C01348A-C400-4DE2-860C-63B6DE3992D5}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\geeda.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\SmartFoxServerPRO_1.6.2\jre\bin\java.exe
c:\wampp\bin\apache\apache2.2.8\bin\httpd.exe
c:\wampp\bin\apache\apache2.2.8\bin\httpd.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-02-05 16:23:38 - machine was rebooted [Kia]
ComboFix-quarantined-files.txt 2009-02-05 16:23:34

Pre-Run: 30,261,354,496 bytes free
Post-Run: 30,714,376,192 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
421 --- E O F --- 2009-01-20 19:17:17

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

c:\windows\system32\xfcodec.dll
c:\windows\system32\drivers\155fddc6.sys

==

How is your pc?

My computer seems to be okay on the the whole, except for the fact that IE, and some other programs don't work (Though IE works in safe mode). I scanned each file with both scanners.

File: xfcodec.dll
Status: OK
MD5: 7b1fa5b1f540e91da683e1e82769dccc
Packers detected: -

File xfcodec.dll received on 02.05.2009 21:52:46 (CET)
Current status: finished
Result: 0/39 (0%)

Been waiting for the other file to upload for about an hour, I'll come back later and edit this post.

11 Hours later and it still doesn't seem to want to upload.

1. Please open Notepad

  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FileLook::
c:\windows\system32\xfcodec.dll
c:\windows\system32\drivers\155fddc6.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

  • Combofix.txt
  • A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

ComboFix 09-02-05.02 - Kia 2009-02-06 12:53:14.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.672 [GMT 0:00]
Running from: c:\documents and settings\Kia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kia\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.

2009-02-05 16:40 . 2009-02-05 16:43 <DIR> d-------- c:\windows\LastGood
2009-02-04 17:45 . 2009-02-04 17:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-02-02 16:01 . 2009-02-02 16:01 <DIR> d-------- c:\documents and settings\Administrator\Contacts
2009-02-02 15:43 . 2009-02-02 15:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Xfire
2009-02-01 18:05 . 2009-02-06 12:50 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-25 04:21 . 2009-01-25 04:23 <DIR> d-------- c:\documents and settings\Kia\Application Data\GarageGames
2009-01-23 17:31 . 2009-02-05 14:56 <DIR> d-------- c:\documents and settings\Kia\Application Data\tor
2009-01-23 17:28 . 2009-01-23 17:28 <DIR> d-------- c:\program files\Vidalia Bundle
2009-01-23 17:28 . 2009-02-03 19:15 <DIR> d-------- c:\documents and settings\Kia\Application Data\Vidalia
2009-01-23 01:18 . 2009-01-23 01:18 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-01-20 19:06 . 2009-01-20 19:07 <DIR> d-------- c:\documents and settings\Kia\AdobeLicensingFilesBackup
2009-01-16 21:48 . 2009-01-20 21:19 <DIR> d-------- c:\windows\system32\m3V15
2009-01-16 21:48 . 2009-01-16 21:48 <DIR> d-------- c:\temp\tmp90
2009-01-13 17:02 . 2009-01-13 17:05 <DIR> d-------- c:\documents and settings\Kia\Application Data\MozillaControl
2009-01-13 17:01 . 2009-01-13 17:02 <DIR> d-------- c:\program files\Mozilla ActiveX Control v1.7.12
2009-01-13 16:22 . 2009-01-13 16:22 63,488 --a------ c:\windows\system32\shdocvw.oca
2009-01-12 17:51 . 2009-01-31 19:14 <DIR> d-------- c:\program files\VB Decompiler Lite
2009-01-10 19:40 . 2009-01-10 19:40 <DIR> d-------- c:\documents and settings\Kia\Contacts
2009-01-10 18:25 . 2009-01-10 18:25 <DIR> d-------- c:\windows\system32\scripting
2009-01-10 18:25 . 2009-01-10 18:25 <DIR> d-------- c:\windows\system32\en
2009-01-10 18:25 . 2009-01-10 18:25 <DIR> d-------- c:\windows\system32\bits
2009-01-10 18:25 . 2009-01-10 18:25 <DIR> d-------- c:\windows\l2schemas
2009-01-10 18:21 . 2009-01-10 18:25 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-09 20:04 . 2009-01-09 20:04 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-09 06:24 . 2008-04-14 00:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-08 18:32 . 2009-02-05 10:42 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-07 21:07 . 2009-01-07 21:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-07 21:06 . 2009-01-11 17:00 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-07 21:06 . 2009-01-07 21:06 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-07 21:06 . 2009-01-07 21:06 <DIR> d-------- c:\documents and settings\Kia\Application Data\SUPERAntiSpyware.com
2009-01-07 20:47 . 2009-01-07 20:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-06 17:55 . 2009-01-06 18:05 0 --a------ c:\windows\system32\drivers\155fddc6.sys
2009-01-06 17:54 . 2009-01-06 17:54 <DIR> d-------- c:\temp\REX81
2009-01-06 17:54 . 2009-02-01 18:04 <DIR> d-------- c:\program files\Steam
2009-01-06 17:54 . 2009-01-06 17:54 85 --a------ C:\104.bat
2009-01-06 17:54 . 2009-01-16 21:53 2 --a------ C:\-1064231355

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 12:47 --------- d-----w c:\program files\mIRC
2009-02-05 16:42 --------- d-----w c:\program files\EsetOnlineScanner
2009-02-05 16:37 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-05 16:36 --------- d-----w c:\documents and settings\Kia\Application Data\DNA
2009-02-05 16:11 --------- d-----w c:\program files\DNA
2009-02-04 21:58 --------- d-----w c:\documents and settings\Kia\Application Data\BitTorrent
2009-02-04 17:56 --------- d-----w c:\program files\Google
2009-02-04 17:31 --------- d-----w c:\documents and settings\Kia\Application Data\Xfire
2009-02-04 17:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-02 15:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-31 16:30 --------- d-----w c:\program files\DIGStream
2009-01-31 08:53 --------- d--h--w c:\documents and settings\Kia\Application Data\ijjigame
2009-01-30 21:05 --------- d-----w c:\documents and settings\Kia\Application Data\Download Manager
2009-01-25 15:45 --------- d-s---w c:\program files\Xfire
2009-01-22 20:55 --------- d-----w c:\program files\Common Files\Adobe
2009-01-20 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-20 19:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-17 20:41 34 ----a-w c:\documents and settings\Kia\jagex_runescape_preferences.dat
2009-01-14 16:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-11 08:54 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-11 08:54 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-11 08:54 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-11 08:54 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-11 08:54 --------- d-----w c:\program files\Symantec
2009-01-10 19:39 --------- d-----w c:\program files\MSN Messenger
2009-01-09 17:21 --------- d-----w c:\program files\Common Files\Apple
2009-01-09 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-09 17:08 --------- d-----w c:\program files\SwiftKit
2009-01-02 19:52 --------- d-----w c:\documents and settings\Kia\Application Data\Turbine
2009-01-02 18:25 --------- d-----w c:\program files\Cheat Engine
2009-01-01 08:51 --------- d-----w c:\program files\AdgarTheBarbarian
2009-01-01 04:46 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-01 04:46 --------- d-----w c:\program files\Java
2009-01-01 03:05 --------- d-----w c:\program files\MSXML 6.0
2008-12-31 05:33 --------- d-----w c:\program files\Windows Resource Kits
2008-12-29 22:19 --------- d-----w c:\program files\MSBuild
2008-12-28 17:00 --------- d-----w c:\program files\Adobe Media Player
2008-12-28 16:53 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-23 21:06 --------- d-----w c:\program files\Web Publish
2008-12-21 18:47 --------- d-----w c:\program files\Opera
2008-12-17 19:15 --------- d-----w c:\documents and settings\Kia\Application Data\Publish Providers
2008-12-15 16:09 --------- d-----w c:\documents and settings\Kia\Application Data\Apple Computer
2008-12-15 16:08 --------- d-----w c:\program files\QuickTime
2008-12-14 13:56 202,352 ----a-w c:\windows\system32\PnkBstrB.exe
2008-12-14 13:56 138,624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-13 18:27 --------- d-----w c:\documents and settings\Kia\Application Data\teamspeak2
2008-12-13 17:56 --------- d-----w c:\program files\America's Army Deploy Client
2008-12-13 17:04 --------- d-----w c:\program files\America's Army
2008-12-12 17:01 3,067,904 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 14:58 --------- d-----w c:\program files\DivX
2008-12-12 12:30 --------- d-----w c:\documents and settings\Kia\Application Data\ArcSoft
2008-12-07 15:02 --------- d-----w c:\program files\Crash Overide Trainer
2008-12-07 04:11 --------- d-----w c:\program files\Reference Assemblies
2008-12-06 15:56 --------- d-----w c:\documents and settings\Kia\Application Data\NetMedia Providers
2008-12-06 15:55 --------- d-----w c:\documents and settings\Kia\Application Data\Sony
2008-12-06 15:38 --------- d-----w c:\program files\Vstplugins
2008-12-06 15:38 --------- d-----w c:\program files\Sony
2008-12-06 15:36 --------- d-----w c:\program files\Sony Setup
2008-12-06 15:07 286,720 ----a-w c:\windows\iun506.exe
2008-12-06 15:07 --------- d-----w c:\program files\Mp3 File Editor
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-18 09:19 30 ----a-w c:\documents and settings\Karena\jagex_runescape_preferences.dat
2008-03-21 21:38 22,328 ----a-w c:\documents and settings\Karena\Application Data\PnkBstrK.sys
2008-03-18 15:13 127 ----a-w c:\documents and settings\Karena\3333.bat
2008-03-18 15:12 22,328 ----a-w c:\documents and settings\Pareesa\Application Data\PnkBstrK.sys
2007-01-22 16:55 106 ----a-w c:\program files\piconfig.lx
2006-02-21 16:15 32 ----a-w c:\documents and settings\All Users\hash.dat
2008-06-30 12:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-01-18 10:06 278,528 ----a-w c:\program files\mozilla firefox\components\nsBrowserCmp.dll
2008-05-04 00:00 104 --sha-r c:\windows\system32\AD0E102659.sys
2008-05-04 00:00 5,852 --sha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\155fddc6.sys -- Not a PE file.
MD5: d41d8cd98f00b204e9800998ecf8427e


---- c:\windows\system32\xfcodec.dll ----
Company:
File Description: Xfire Video Codec
File Version: 35551
Product Name: Xfire Video Codec
Copyright: Copyright (C) 2008
Original file name: xfcodec.dll
MD5: 7b1fa5b1f540e91da683e1e82769dccc


((((((((((((((((((((((((((((( SnapShot@2009-02-05_16.22.21.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-27 13:49:02 196,683 ----a-w c:\windows\LastGood\system32\lnod32apiA.dll
+ 2007-07-27 13:49:02 225,355 ----a-w c:\windows\LastGood\system32\lnod32apiW.dll
+ 2005-12-05 18:25:22 139,264 ----a-w c:\windows\LastGood\system32\lnod32umc.dll
+ 2005-12-05 11:37:10 106,496 ----a-w c:\windows\LastGood\system32\lnod32upd.dll
+ 2008-02-11 08:39:26 253,952 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLA.dll
+ 2008-02-11 08:39:18 237,568 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLW.dll
+ 2008-02-08 12:53:46 110,592 ----a-w c:\windows\LastGood\system32\OnlineScannerLang.dll
+ 2008-02-05 07:48:04 77,824 ----a-w c:\windows\LastGood\system32\OnlineScannerUninstaller.exe
- 2007-07-27 13:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 14:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
- 2007-07-27 13:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2007-07-27 14:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
- 2005-12-05 18:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 19:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
- 2005-12-05 11:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
+ 2005-12-05 12:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
- 2008-02-11 08:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 09:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
- 2008-02-11 08:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-11 09:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
- 2008-02-08 12:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-08 13:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll
- 2008-02-05 07:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
+ 2008-02-05 08:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2009-01-21 4033618]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]
"SkypeMate"="c:\program files\SkypeMate\SkypeMate.exe" [2005-05-02 839680]
"msnmsgr"="c:\progra~1\MSNMES~1\msnmsgr.exe" [2007-01-19 5674352]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-09 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"phc700"="c:\windows\vphc700.exe" [2005-02-14 339968]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"HostManager"="c:\program files\Common Files\AOL\1174511940\ee\AOLSoftware.exe" [2006-11-17 50736]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-01-10 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

c:\documents and settings\Pareesa\Start Menu\Programs\Startup\
IMVU.lnk - c:\program files\IMVU\IMVUClient.exe [10/11/2007 6:15:02 PM 40192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VTAgentReboot.exe [10/7/2001 7:11:30 PM 143360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S0 rtvb;rtvb;c:\windows\system32\drivers\rypna.sys --> c:\windows\system32\drivers\rypna.sys [?]
S1 155fddc6;155fddc6;c:\windows\system32\drivers\155fddc6.sys [1/6/2009 5:55:20 PM 0]
S1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 11:06:00 AM 8944]
S1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05:58 AM 55024]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/10/2007 11:45:04 PM 124832]
S2 SmartFoxServer_BASIC_1.5;SmartFoxServer BASIC 1.5;c:\program files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe [10/17/2006 10:22:50 PM 204800]
S2 SmartFoxServerPRO__1.6;SmartFoxServer PRO 1.6;c:\program files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe [10/17/2006 10:22:50 PM 204800]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 5:32:00 PM 23888]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/31/2008 11:40:21 PM 99376]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [6/30/2007 9:13:29 PM 541696]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06:02 AM 7408]
S3 XDva012;XDva012;\??\c:\windows\system32\XDva012.sys --> c:\windows\system32\XDva012.sys [?]
S3 XDva013;XDva013;\??\c:\windows\system32\XDva013.sys --> c:\windows\system32\XDva013.sys [?]
S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys --> c:\windows\system32\XDva014.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]
S3 XDva039;XDva039;\??\c:\windows\system32\XDva039.sys --> c:\windows\system32\XDva039.sys [?]
S4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [1/25/2008 4:47:02 PM 149352]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\umenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5106858c-4f1a-11db-b1e2-001150c42d97}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{518be049-505f-11dd-b4f8-001372c3627f}]
\Shell\AutoRun\command - e:\wd_windows_tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 17:45]

2009-01-30 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (DARIUS-Darius Keeley).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2009-01-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Karena.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 05:05]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 133.1.16.172:3128
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Pareesa\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - component: c:\program files\Mozilla Firefox\components\nsBrowserCmp.dll
FF - plugin: c:\documents and settings\Kia\Application Data\Mozilla\Firefox\Profiles\fkgeol62.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npssn.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SolidStateNetworks\SolidStateION\npssn.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 12:58:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0C01348A-C400-4DE2-860C-63B6DE3992D5}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\geeda.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-02-06 13:20:35
ComboFix-quarantined-files.txt 2009-02-06 13:20:33
ComboFix2.txt 2009-02-05 16:23:39

Pre-Run: 33,206,562,816 bytes free
Post-Run: 33,181,171,712 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
342 --- E O F --- 2009-01-20 19:17:17


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:15 PM, on 06/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kia\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 133.1.16.172:3128
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD08] "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1174511940\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SkypeMate] C:\Program Files\SkypeMate\SkypeMate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Pareesa\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartFoxServer PRO 1.6 (SmartFoxServerPRO__1.6) - Unknown owner - C:\Program Files\SmartFoxServerPRO_1.6.2\Server\wrapper.exe
O23 - Service: SmartFoxServer BASIC 1.5 (SmartFoxServer_BASIC_1.5) - Unknown owner - C:\Program Files\SmartFoxServerBASIC_1.5.5\Server\wrapper.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Wampp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Wampp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 8705 bytes

Please download FileLook by jpshortstuff from one of these mirrors:
Link 1
Link 2

  • Double-click FileLook.exe to run it.
  • Ensure that the BBCode Ouput checkbox is checked.
  • Copy the content of the following codebox into the main textfield:
    c:\windows\system32\drivers\155fddc6.sys
  • Click the FileLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at C:\FileLook.txt

Sorry for the delay, I was quite busy.

The scan result

FileLook.exe v2.0 by jpshortstuff
Log created at 16:27 on 10/02/2009
==================================
FileLook - "155fddc6.sys"

Filename: 155fddc6.sys
Path: c:\windows\system32\drivers\
MD5: D41D8CD98F00B204E9800998ECF8427E
Created: 17:55:20 on 06/01/2009
Modified: 18:05:08 on 06/01/2009
Size: 0 bytes
Attributes: Archive
-------------------------

==============================

=EOF=


Also, I contacted my uncle, who by some chance has also had a problem, similar to mine, and says that it was caused by Norton Antivirus, which I have installed. As I said in my first post though, the virus seems to have killed it, as it doesn't auto run anymore, and if I try and manually run it, it won't open. I tried uninstalling it, but it stayed. My uncle sent me a program for removing all Symantect programs, which I am running now. I'll post again after it's finished

You can remove that file too as it appears to be of zero size.

Everything is working well again, thank you so much for your help. The uninstall for all Symantec products seems to have worked.

Let's get rid of Combofix now that we are finished with it.


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /, it needs to be there.
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.