Free Malware Removal Forum

[edttodd]

Computer is running much better, no problems right now.

KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 21, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 21, 2010 11:32:30
Records in database: 4131719
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 95557
Threats found: 17
Infected objects found: 40
Suspicious objects found: 0
Scan duration: 03:49:46


File name / Threat / Threats count
C:\Documents and Settings\Compaq_Owner\Desktop\Tanya Music\Janis Joplin - Cry baby.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Compaq_Owner\Desktop\Tanya Music\just man faith no more.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Compaq_Owner\Desktop\Tanya Music\love song sara barelles.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Compaq_Owner\Desktop\Tanya Music\selling drama live.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Compaq_Owner\Desktop\TODD COMPUTER\PLP\1CLICK_DVD_Copy_Pro_v3[1].0.1.6.rar Infected: Worm.Win32.AutoRun.bjkk 1
C:\Documents and Settings\Compaq_Owner\My Documents\LimeWire\Saved\elmos world.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\MagicDVDRipper\MagicDVDRipper.exe Infected: Trojan.Win32.Cosmu.mjj 1
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\k.exe.vir Infected: Trojan-Downloader.Win32.Small.jeh 1
C:\Qoobox\Quarantine\C\Program Files\system\smss.exe.vir Infected: Trojan-Downloader.Win32.Agent.bgpn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\apxapfdw.dll.vir Infected: Trojan.Win32.Monder.avbn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\blqhhl.dll.vir Infected: Trojan.Win32.Monder.avba 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\cpuvwxrr.dll.vir Infected: Trojan.Win32.Monder.avbb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\gaopdxvjappumi.sys.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\nfr.sys.vir Infected: Trojan-Downloader.Win32.Agent.beqi 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\eijqfe.dll.vir Infected: Trojan.Win32.Monder.avbb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxydlrmmne.dll.vir Infected: Packed.Win32.TDSS.c 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gujtlyns.dll.vir Infected: Trojan.Win32.Monder.avas 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\inejkeyx.dll.vir Infected: Trojan.Win32.Monder.avba 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jlvaav.dll.vir Infected: Trojan.Win32.Monder.avau 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\uqupym.dll.vir Infected: Trojan.Win32.Monder.avbn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xjtwheko.dll.vir Infected: Trojan.Win32.Monder.avau 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP978\A0041403.exe Infected: Trojan-Downloader.Win32.Agent.bgpn 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP978\A0041408.sys Infected: Packed.Win32.TDSS.z 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP978\A0041409.sys Infected: Trojan-Downloader.Win32.Agent.beqi 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP978\A0041410.dll Infected: Packed.Win32.TDSS.c 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP978\A0041455.exe Infected: Trojan-Downloader.Win32.Injecter.btn 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP981\A0042689.dll Infected: Trojan.Win32.Monder.avbn 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP981\A0042690.dll Infected: Trojan.Win32.Monder.avba 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP981\A0042691.dll Infected: Trojan.Win32.Monder.avbb 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP981\A0042692.dll Infected: Trojan.Win32.Monder.avbb 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP981\A0042694.dll Infected: Trojan.Win32.Monder.avas 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP981\A0042695.dll Infected: Trojan.Win32.Monder.avba 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP981\A0042696.dll Infected: Trojan.Win32.Monder.avau 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP981\A0042697.dll Infected: Trojan.Win32.Monder.avbn 1
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP981\A0042698.dll Infected: Trojan.Win32.Monder.avau 1
C:\WINDOWS\system32\nfr.dll Infected: Trojan-Proxy.Win32.Small.zi 1
D:\I386\Apps\APP19302\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1
D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP978\A0041397.com Infected: Packed.Win32.TDSS.f 1
D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP978\A0041398.com Infected: Packed.Win32.TDSS.f 1
D:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP978\A0041399.com Infected: Packed.Win32.TDSS.f 1

Selected area has been scanned.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Compaq_Owner at 2010-08-21 19:47:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 107 GB (73%) free of 146 GB
Total RAM: 446 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:47:23 PM, on 8/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\jkos-Compaq_Owner\binaries\ScanningProcess.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB004" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9618 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-25 245760]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-10 253952]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-09-02 180269]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-01 196608]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE [2001-09-24 98304]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"EPSON Stylus CX4600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE [2004-03-04 98304]
"Broadcom Wireless Manager"=C:\WINDOWS\system32\wltray.exe [2007-06-14 1282048]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe
Autodetect.lnk - C:\Program Files\Photolightning\autodetect.exe
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
Dynex Wireless Networking Utility.lnk - C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-07 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-08-20 12:29:44 ----SHD---- C:\RECYCLER
2010-08-20 12:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-08-20 12:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-08-20 11:57:23 ----SHD---- C:\Config.Msi
2010-08-20 11:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-08-20 09:20:43 ----A---- C:\ComboFix.txt
2010-08-20 08:51:20 ----RASHD---- C:\cmdcons
2010-08-19 22:20:07 ----D---- C:\WINDOWS\system32\XPSViewer
2010-08-19 22:20:01 ----D---- C:\Program Files\MSBuild
2010-08-19 22:19:48 ----D---- C:\Program Files\Reference Assemblies
2010-08-19 22:18:54 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-08-19 22:18:53 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-08-19 22:18:53 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-08-19 22:18:52 ----D---- C:\f76702bc99ada63cdedad511cb9d78f3
2010-08-19 21:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-08-19 21:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-08-19 21:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-08-19 21:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-19 21:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-08-19 21:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-08-19 21:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-08-19 21:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-19 21:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-08-19 21:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-08-19 21:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-08-19 21:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-08-19 21:29:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-19 21:28:07 ----D---- C:\WINDOWS\ie8updates
2010-08-19 21:25:54 ----HDC---- C:\WINDOWS\ie8
2010-08-19 21:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-08-19 21:21:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-08-19 21:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-08-19 21:21:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-08-19 21:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-08-19 21:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-08-19 21:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-08-19 21:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-08-19 21:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-08-19 21:20:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-08-19 21:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-19 21:19:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-08-19 21:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-19 21:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-08-19 21:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-08-19 21:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-08-19 21:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-08-19 21:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-08-19 21:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-08-19 21:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-19 21:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-08-19 21:16:34 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-08-19 21:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-08-19 21:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-19 21:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-08-19 21:13:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-08-19 21:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-08-19 21:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-08-19 21:13:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-08-19 21:12:36 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-08-19 21:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-08-19 21:11:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-19 21:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-08-19 21:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-08-19 21:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-08-19 21:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-08-19 21:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-19 21:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-08-19 21:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-08-19 21:09:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-08-19 21:08:43 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-19 21:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-08-19 21:08:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-08-19 21:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-08-19 21:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-08-19 15:04:43 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2010-08-19 11:44:39 ----A---- C:\WINDOWS\zip.exe
2010-08-19 11:44:39 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-19 11:44:39 ----A---- C:\WINDOWS\SWSC.exe
2010-08-19 11:44:39 ----A---- C:\WINDOWS\SWREG.exe
2010-08-19 11:44:39 ----A---- C:\WINDOWS\sed.exe
2010-08-19 11:44:39 ----A---- C:\WINDOWS\PEV.exe
2010-08-19 11:44:39 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-19 11:44:39 ----A---- C:\WINDOWS\MBR.exe
2010-08-19 11:44:39 ----A---- C:\WINDOWS\grep.exe
2010-08-19 11:44:30 ----D---- C:\WINDOWS\ERDNT
2010-08-19 11:44:09 ----AD---- C:\Qoobox
2010-08-19 07:37:14 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Avira
2010-08-19 07:32:53 ----D---- C:\WINDOWS\system32\NtmsData
2010-08-19 07:25:39 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2010-08-19 07:25:39 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2010-08-19 07:25:39 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-08-19 07:25:39 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-08-19 07:25:39 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-08-19 07:25:36 ----D---- C:\Program Files\Avira
2010-08-19 07:25:36 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2010-08-18 21:56:04 ----D---- C:\rsit
2010-08-16 15:38:17 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-08-16 15:38:12 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-08-16 15:38:09 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-08-16 15:38:01 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-12 20:03:03 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-12 20:01:49 ----D---- C:\Program Files\QuickTime
2010-08-12 20:00:49 ----D---- C:\Program Files\Apple Software Update
2010-08-12 19:59:31 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-08-12 19:58:50 ----D---- C:\Program Files\Bonjour
2010-08-12 19:16:46 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-08-12 19:16:41 ----D---- C:\Program Files\Common Files\Java
2010-08-12 19:16:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-12 19:16:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-12 19:16:27 ----A---- C:\WINDOWS\system32\java.exe
2010-08-12 19:16:27 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-08-10 21:23:55 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2010-08-10 21:23:43 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2010-08-21 19:47:10 ----D---- C:\Program Files\Trend Micro
2010-08-21 19:47:09 ----D---- C:\WINDOWS\Prefetch
2010-08-21 11:55:06 ----D---- C:\WINDOWS
2010-08-21 11:55:04 ----D---- C:\WINDOWS\Temp
2010-08-21 11:54:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-21 11:52:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-20 14:35:39 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-20 14:35:29 ----RSD---- C:\WINDOWS\assembly
2010-08-20 12:29:42 ----D---- C:\WINDOWS\system32
2010-08-20 12:20:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-20 12:05:18 ----D---- C:\WINDOWS\inf
2010-08-20 12:05:17 ----D---- C:\WINDOWS\system32\dllcache
2010-08-20 12:05:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-20 12:05:07 ----A---- C:\WINDOWS\imsins.BAK
2010-08-20 12:05:04 ----D---- C:\WINDOWS\system32\drivers
2010-08-20 12:04:43 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-20 12:03:53 ----SHD---- C:\WINDOWS\Installer
2010-08-20 12:02:12 ----D---- C:\WINDOWS\WinSxS
2010-08-20 09:01:56 ----A---- C:\WINDOWS\system.ini
2010-08-20 09:01:28 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-20 08:56:44 ----D---- C:\WINDOWS\AppPatch
2010-08-20 08:56:40 ----D---- C:\Program Files\Common Files
2010-08-20 08:51:26 ----RASH---- C:\boot.ini
2010-08-19 22:20:01 ----D---- C:\Program Files
2010-08-19 22:19:59 ----D---- C:\WINDOWS\system32\en-US
2010-08-19 22:19:57 ----D---- C:\WINDOWS\Fonts
2010-08-19 22:19:22 ----D---- C:\WINDOWS\system32\spool
2010-08-19 22:16:14 ----D---- C:\Program Files\Internet Explorer
2010-08-19 22:03:54 ----D---- C:\WINDOWS\Media
2010-08-19 22:03:54 ----D---- C:\WINDOWS\Help
2010-08-19 22:03:53 ----D---- C:\WINDOWS\system32\wbem
2010-08-19 22:03:53 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-19 21:33:48 ----D---- C:\WINDOWS\ie7updates
2010-08-19 21:14:10 ----D---- C:\WINDOWS\Debug
2010-08-19 21:11:57 ----D---- C:\Program Files\Outlook Express
2010-08-19 21:10:48 ----D---- C:\Program Files\Movie Maker
2010-08-19 14:18:39 ----D---- C:\Program Files\Safari
2010-08-19 12:23:28 ----D---- C:\Program Files\BlueRaTech
2010-08-19 12:15:02 ----D---- C:\WINDOWS\Tasks
2010-08-19 12:03:11 ----D---- C:\WINDOWS\system32\config
2010-08-19 12:01:48 ----D---- C:\WINDOWS\Downloaded Program Files
2010-08-19 12:00:32 ----D---- C:\Program Files\system
2010-08-19 07:33:16 ----SHD---- C:\System Volume Information
2010-08-19 07:32:39 ----D---- C:\WINDOWS\Registration
2010-08-19 07:24:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-18 13:10:53 ----A---- C:\WINDOWS\win.ini
2010-08-16 10:27:53 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2010-08-15 15:05:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-08-15 13:37:32 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2010-08-13 15:18:32 ----D---- C:\Program Files\Common Files\Adobe
2010-08-13 08:42:10 ----AD---- C:\hp
2010-08-13 08:40:03 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2010-08-13 08:19:13 ----D---- C:\Program Files\Common Files\Apple
2010-08-12 20:06:20 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2010-08-12 20:05:23 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-08-12 20:03:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-12 19:16:07 ----D---- C:\Program Files\Java
2010-08-11 21:39:09 ----D---- C:\Program Files\Yahoo!
2010-08-11 21:38:44 ----A---- C:\YServer.txt
2010-08-11 21:31:30 ----D---- C:\Program Files\Google
2010-08-11 21:31:30 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-08-11 21:31:17 ----D---- C:\Program Files\DVDFab Platinum 4
2010-08-11 21:31:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Vso
2010-08-11 21:30:59 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-03 11:09:32 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-27 01:30:35 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 bb-run;Promise driver accelerator; C:\WINDOWS\system32\DRIVERS\bb-run.sys [2003-11-05 17408]
R0 ftsata2;ftsata2; C:\WINDOWS\system32\DRIVERS\ftsata2.sys [2005-04-14 175616]
R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-03-09 870912]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-04-25 20640]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-07 1235968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-23 33280]
S3 BCMWLNPF;Broadcom Netgroup Packet Filter; C:\WINDOWS\system32\drivers\bcmwlnpf.sys [2007-04-26 33664]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LVBulk;LVBulk Service; C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2001-09-23 10261]
S3 LVVI500A;LVVI500A Service; C:\WINDOWS\system32\DRIVERS\lvvi500a.sys [2001-09-20 193574]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ndiswdm.sys [2007-10-09 198144]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-01 47360]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WlanUIG;2Wire 802.11g USB Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-05-16 347648]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2007-06-14 20480]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-07 376832]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-06-08 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[DFW]

Hi edttodd

First you need to uninstall MagicDVDRipper, it is infected, it's more than likely you obtained this with limewire when you had it installed, there are also some infected music
files that also need to go.

Click Start > Control Panel > Add/Remove Programs

MagicDVDRipper

Then delete it's folder in C: Drive, Program Files, MagicDVDRipper<<<this one.





Run Combofix Script
Stop all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

For instructions on how to disable your security programs, please see this topic below
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

• Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  Code: Select all

  File::
  C:\Documents and Settings\Compaq_Owner\Desktop\Tanya Music\Janis Joplin - Cry baby.mp3
  C:\Documents and Settings\Compaq_Owner\Desktop\Tanya Music\just man faith no more.mp3
  C:\Documents and Settings\Compaq_Owner\Desktop\Tanya Music\love song sara barelles.mp3
  C:\Documents and Settings\Compaq_Owner\Desktop\Tanya Music\selling drama live.mp3
  C:\Documents and Settings\Compaq_Owner\Desktop\TODD COMPUTER\PLP\1CLICK_DVD_Copy_Pro_v3[1].0.1.6.rar
  C:\WINDOWS\system32\nfr.dll"
  
  Folder::
  C:\Documents and Settings\Compaq_Owner\My Documents\LimeWire
  
  

  
  
• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.





Run a FULL scan with Malwarebytes' Anti-Malware

• Double-click desktop icon or start Malwarebytes' Anti-Malware from the start menu
  Click on the update tab and Update Malwarebytes' Anti-Malware
• If an update is found, it will download and install the latest update
• Once the update has finished click the scan tab and select Perform full scan, then click Scan
• When the scan is complete, click OK, then Show Results to view the results
• Check all items except items in the C:\System Volume Information folder... then click on Remove Selected
• When completed, a log will open in Notepad. Please copy & paste the log back into your next reply
  Note:
• The log is automatically saved by Malwarebytes' Anti-Malware & can be viewed by clicking the Logs tab

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either & let Malwarebytes' Anti-Malware proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.





Next Check for additional security risks

• Please download CKScanner© by askey127 and save to your desktop. Click here.
• Double click on CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
• Post the contents of ckfiles.txt in your reply, it is located on your desktop.

Please post back

Combofix Log
Malwarebytes' Anti-Malware log
Additional security risks log

[edttodd]

ComboFix 10-08-18.05 - Compaq_Owner 08/22/2010 22:11:21.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.115 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Compaq_Owner\Desktop\Tanya Music\Janis Joplin - Cry baby.mp3"
"c:\documents and settings\Compaq_Owner\Desktop\Tanya Music\just man faith no more.mp3"
"c:\documents and settings\Compaq_Owner\Desktop\Tanya Music\love song sara barelles.mp3"
"c:\documents and settings\Compaq_Owner\Desktop\Tanya Music\selling drama live.mp3"
"c:\documents and settings\Compaq_Owner\Desktop\TODD COMPUTER\PLP\1CLICK_DVD_Copy_Pro_v3[1].0.1.6.rar"
"c:\windows\system32\nfr.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Desktop\Tanya Music\Janis Joplin - Cry baby.mp3
c:\documents and settings\Compaq_Owner\Desktop\Tanya Music\just man faith no more.mp3
c:\documents and settings\Compaq_Owner\Desktop\Tanya Music\love song sara barelles.mp3
c:\documents and settings\Compaq_Owner\Desktop\Tanya Music\selling drama live.mp3
c:\documents and settings\Compaq_Owner\Desktop\TODD COMPUTER\PLP\1CLICK_DVD_Copy_Pro_v3[1].0.1.6.rar
c:\documents and settings\Compaq_Owner\Local Settings\temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\My Documents\LimeWire
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Incomplete\downloads.bak
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Incomplete\downloads.dat
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Incomplete\T-314449511-Evan Almighty (psp.mp4).mp4
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Incomplete\X2U2RAVKVNBNELN6BRS6ZB5SYHN4A7HI\.datTech N9ne - Everready The Religion (C.E. 2006) - Rap By FEFE2003.rar
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Incomplete\X2U2RAVKVNBNELN6BRS6ZB5SYHN4A7HI\Tech N9ne - Everready The Religion (C.E. 2006) - Rap By FEFE2003.rar
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\AlbumArt_{23D8F433-E0CE-4EC1-8D7A-9AFA80E6AADE}_Large.jpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\AlbumArt_{23D8F433-E0CE-4EC1-8D7A-9AFA80E6AADE}_Small.jpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\AlbumArt_{E625017A-208F-4792-86AB-EC038861BA4B}_Large.jpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\AlbumArt_{E625017A-208F-4792-86AB-EC038861BA4B}_Small.jpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\AlbumArtSmall.jpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\desktop.ini
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\Disney - Kids songs - Elmo's rap alphabet (Sesame Street)-1.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\Dora The Explorer - Swiper, No Swiping!.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\elmos world.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\Folder.jpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\Guns N' Roses - Chinese Democracy.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\Katy_Perry_-_Hot_&_Cold_(2nafish).mpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\Lil Wayne ft. T-Pain - Got Money.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\AlbumArt_{D6118561-88C2-45E1-9E67-06D7AD766B18}_Large.jpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\AlbumArt_{D6118561-88C2-45E1-9E67-06D7AD766B18}_Small.jpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\AlbumArtSmall.jpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\Baha Men - Who Let The Dogs Out.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\desktop.ini
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\disney - Happy Birthday Song.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\Dora The Explorer - Theme Song.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\Folder.jpg
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\High School Musical- We're All In This Together.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\Miley Cyrus - Hannah Montana - Best of Both Worlds.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\Sesame Street - Elmo's World.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\maddie\Souljah Boi-Crank Dat Soulja Boy(Supaman) Clean.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\Pink - So What.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\Savage feat Akon - Let me see your hips swing.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\T-Pain Ft. Lil' Wayne - Can't Believe It.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\T.I. - Whatever You Like.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\The Click Five-Happy Birthday.mp3
c:\documents and settings\Compaq_Owner\My Documents\LimeWire\Saved\TI ft Rihanna - Live Your Life.mp3
c:\windows\system32\nfr.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-20 15:43 . 2010-08-20 15:43 -------- d-sh--w- c:\documents and settings\Compaq_Owner\PrivacIE
2010-08-20 03:20 . 2010-08-20 03:20 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-20 03:20 . 2010-08-20 03:20 -------- d-----w- c:\program files\MSBuild
2010-08-20 03:19 . 2010-08-20 03:19 -------- d-----w- c:\program files\Reference Assemblies
2010-08-20 03:19 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-20 03:18 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-20 03:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-20 03:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-08-20 03:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-20 03:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-20 03:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-20 03:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-20 03:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-20 03:18 . 2010-08-20 03:19 -------- d-----w- C:\f76702bc99ada63cdedad511cb9d78f3
2010-08-20 03:04 . 2010-08-20 03:04 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
2010-08-20 02:28 . 2010-06-24 12:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-08-20 02:28 . 2010-06-24 12:21 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-20 02:28 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-20 02:28 . 2010-08-20 17:05 -------- d-----w- c:\windows\ie8updates
2010-08-20 02:27 . 2010-06-18 11:39 16896 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-08-20 02:25 . 2010-08-20 02:27 -------- dc-h--w- c:\windows\ie8
2010-08-19 20:16 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-08-19 20:15 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-19 20:15 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-08-19 20:15 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-08-19 20:12 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-08-19 20:09 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-08-19 20:09 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-08-19 20:09 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-08-19 20:09 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-08-19 20:09 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-08-19 20:09 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-08-19 20:09 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-08-19 20:09 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-08-19 20:06 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-19 20:04 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-08-19 20:04 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-08-19 12:37 . 2010-08-19 12:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Avira
2010-08-19 12:32 . 2010-08-19 12:32 -------- d-----w- c:\windows\system32\NtmsData
2010-08-19 12:25 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-19 12:25 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-19 12:25 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-19 12:25 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-19 12:25 . 2010-08-19 12:25 -------- d-----w- c:\program files\Avira
2010-08-19 12:25 . 2010-08-19 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-19 02:56 . 2010-08-19 02:56 -------- d-----w- C:\rsit
2010-08-16 20:38 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-16 20:38 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-16 20:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-16 20:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-16 20:38 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-08-16 20:38 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-08-16 20:38 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-16 20:38 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-13 01:03 . 2010-08-13 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-13 01:01 . 2010-08-13 01:02 -------- d-----w- c:\program files\QuickTime
2010-08-13 01:00 . 2010-08-13 01:00 -------- d-----w- c:\program files\Apple Software Update
2010-08-13 00:59 . 2010-04-20 01:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-08-13 00:58 . 2010-08-13 00:58 -------- d-----w- c:\program files\Bonjour
2010-08-13 00:16 . 2010-08-13 00:16 -------- d-----w- c:\program files\Common Files\Java
2010-08-13 00:16 . 2010-08-13 00:16 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-11 02:24 . 2010-08-11 02:24 0 ----a-w- c:\windows\nsreg.dat
2010-08-11 02:23 . 2010-08-11 02:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Mozilla
2010-07-27 06:30 . 2010-07-27 06:30 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 21:03 . 2008-11-22 20:13 38396 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-22 00:47 . 2009-02-06 23:28 -------- d-----w- c:\program files\Trend Micro
2010-08-20 13:47 . 2006-05-05 01:51 43992 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-20 03:03 . 2008-12-14 02:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-19 19:18 . 2008-10-20 16:57 -------- d-----w- c:\program files\Safari
2010-08-19 17:23 . 2009-02-22 16:32 -------- d-----w- c:\program files\BlueRaTech
2010-08-19 17:00 . 2009-02-04 16:54 -------- d-----w- c:\program files\system
2010-08-16 15:27 . 2010-08-16 15:27 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-15 18:37 . 2005-12-25 01:31 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AdobeUM
2010-08-13 20:18 . 2005-09-03 00:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-13 13:19 . 2007-07-16 03:07 -------- d-----w- c:\program files\Common Files\Apple
2010-08-13 01:06 . 2005-12-24 04:52 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2010-08-13 01:05 . 2007-07-16 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-13 00:47 . 2008-07-06 22:55 46 ----a-w- c:\documents and settings\Compaq_Owner\jagex_runescape_preferences.dat
2010-08-13 00:32 . 2010-04-25 13:51 99 ----a-w- c:\documents and settings\Compaq_Owner\jagex_runescape_preferences2.dat
2010-08-13 00:16 . 2010-08-13 00:16 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5403e732-n\msvcp71.dll
2010-08-13 00:16 . 2010-08-13 00:16 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5403e732-n\jmc.dll
2010-08-13 00:16 . 2010-08-13 00:16 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5403e732-n\msvcr71.dll
2010-08-13 00:16 . 2010-08-13 00:16 61440 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-14f2343c-n\decora-sse.dll
2010-08-13 00:16 . 2010-08-13 00:16 12800 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-14f2343c-n\decora-d3d.dll
2010-08-13 00:16 . 2005-09-03 00:22 -------- d-----w- c:\program files\Java
2010-08-12 02:39 . 2006-05-13 02:53 -------- d-----w- c:\program files\Yahoo!
2010-08-12 02:31 . 2005-09-03 01:02 -------- d-----w- c:\program files\Google
2010-08-12 02:31 . 2008-04-02 01:44 -------- d-----w- c:\program files\DVDFab Platinum 4
2010-08-12 02:31 . 2008-04-02 01:44 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Vso
2010-08-12 02:31 . 2008-04-02 01:44 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2010-08-12 02:31 . 2008-04-02 01:44 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2010-08-12 02:30 . 2005-09-03 00:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-30 12:31 . 2004-08-04 05:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2010-06-24 12:15 78336 ------w- c:\windows\system32\ieencode.dll
2010-06-23 13:44 . 2004-08-04 05:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 05:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 05:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2004-08-04 05:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-03 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-6-8 25214]
Autodetect.lnk - c:\program files\Photolightning\autodetect.exe [2006-3-23 28672]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-9-2 36903]
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G USB Network Adapter\DynexWCUI.exe [2009-2-23 1462272]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-2-12 1073152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [2/23/2009 5:17 PM 198144]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [5/8/2007 11:56 AM 347648]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o77z4xn1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 22:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\ALCXMNTR.EXE
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
**************************************************************************
.
Completion time: 2010-08-22 22:40:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-23 03:40
ComboFix2.txt 2010-08-20 14:20
ComboFix3.txt 2010-08-19 17:21

Pre-Run: 112,128,442,368 bytes free
Post-Run: 112,233,734,144 bytes free

- - End Of File - - 6CA100268D585050FBA514DFA6589918


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4465

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/23/2010 6:47:28 AM
mbam-log-2010-08-23 (06-47-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 217344
Time elapsed: 1 hour(s), 31 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\coolplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BlueRaTech (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Compaq_Owner\Application Data\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\BlueRaTech (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\BlueRaTech (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\k.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\grsbhjlr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\apxapfdw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\blqhhl.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cpuvwxrr.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\eijqfe.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxydlrmmne.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gujtlyns.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\inejkeyx.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jlvaav.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nfr.dll.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uqupym.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xjtwheko.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\gaopdxvjappumi.sys.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\nfr.sys.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP984\A0043319.dll (Backdoor.Bot) -> Not selected for removal.
C:\WINDOWS\system32\wvUkKecd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\BlueRaTech\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.


CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\compaq_owner\desktop\todd computer\documents\end users\anheuser-busch\a - busch cracked module.htm
c:\program files\wildtangent\apps\gamechannel\games\2fc85ae2-a516-46dc-9622-bee432d2276b\audio\st_win3_crackle.ogg
c:\program files\wildtangent\apps\gamechannel\games\422c7575-c10d-4795-87fa-9972765379e6\images\tile_firecracker-1.pnge
c:\program files\wildtangent\apps\gamechannel\games\422c7575-c10d-4795-87fa-9972765379e6\images\tile_firecracker-2.pnge
c:\program files\wildtangent\apps\gamechannel\games\422c7575-c10d-4795-87fa-9972765379e6\images\tile_firecracker-3.pnge
c:\program files\wildtangent\apps\gamechannel\games\422c7575-c10d-4795-87fa-9972765379e6\images\tile_firecracker1.pnge
c:\program files\wildtangent\apps\gamechannel\games\422c7575-c10d-4795-87fa-9972765379e6\images\kwazi3\level5-1cracktop.jpge
c:\program files\wildtangent\apps\gamechannel\games\422c7575-c10d-4795-87fa-9972765379e6\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\program files\wildtangent\apps\gamechannel\games\422c7575-c10d-4795-87fa-9972765379e6\images\kwazi5\5_lvl_5a_postcrack2.jpge
scanner sequence 3.ED.11
----- EOF -----

[DFW]

Hi edttodd


Most of the items found by Malwarebytes' Anti-Malware were items deleted by the tools we have used, but it did find a few items that had not shown up on logs
or scans we have had so far.

It also identified this file that was removed by combofix as a trojan horse with backdoor functionality.

C\WINDOWS\system32\nfr.dll.

Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more.


If you have done any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified has been killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I know we have come a long way cleaning your system but, the only responsible course of action I can advise is to reformat your computer and reinstall windows, but that is your call..

If you need any help with this please let me know and I will be glad to give you some assistance or if you have any other questions please feel free to ask.



Should you have any questions, please feel free to ask.

[edttodd]

Before I reformat I will need to get an external hard drive and transfer all of my pictures and documents. Is there anything else I should do before reformatting or are we done? If so, thanks for all your help!

[DFW]

Hi edttodd

If you are going to reformat which is the best choice then we are done.
Sorry it was not picked up before, here is some information and download links to some protection, so you hopefully don't end up like this again.


What ever you backup, once you have re-installed windows and added all security programs, just give the backups a scan with a Antivirus and Malwarebytes before you copy it back to your clean system

The re-format process will wipe the computer's hard drive clean, destroying all data and programs installed, so please make sure you back-up all data before re-formatting
the computer's hard drive. This includes address books, email accounts, documents, music, settings, saved games, and anything else not obsolete.
here is some information to help you
http://www.microsoft.com/protect/yourse ... ackup.mspx

Dont forget Items like Hardware Drivers, and the Key Codes and media so you can install any software that you may have installed now


Physically unplug the computer from the Internet before re-formatting.
Do not go back online untill you are protected by a hardware firewall, NAT router, or a software firewall, and have Installed a ANTIVIRUS, or you can be infected in a few seconds going back online,
Then visit the windows updates and download install all Critical updates, keep revisting untill all are downloaded and installed.





P2P programs are a security risk which can make your system susceptible to
malware infections: Remote attacks, exposure of personal information, identity theft, fraud, and phishing. Many malicious worms and Trojans target P2P files sharing networks.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections
I advise you not to reinstall them or you will become infected once again



Download these tools below before you reformatt so you can install them straight away



Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware



Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code.
They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

Free anti-virus software for Windows
1) Antivir PersonalEditionClassic
2) avast! 4 Home Edition
3)Microsoft Security Essentials



Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide

Malwarebytes' Anti-Malware Scanning Guide





Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.





Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update,
you can use the Secunia Software Inspector - I suggest that you run it at least once a month




Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from inadvertently connecting to malware, spyware and adware sites by redirecting the connection request back to your own machine address (127.0.0.1). It is a very effective defense system.
If you are part fo a business network, if you are on AOL, or if you use Norton to scan e-mail, be sure to read the special instructions in the tutorial below..

Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:

Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK

MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer





Read some information here how to prevent Malware.





DFW

[edttodd]

If I can not find my MS Office Disk, I may wait a few months until I can get my company to get me a copy to install on the computer before I reformat. Is there anything I should do to the computer to use it as is? Should I delete the programs that were used to clean in the last week?

[DFW]

Hi edttodd

OK, if you are going to wait to reformat, we are going to need to clean up the tools we have used, We have removed a lot of infection, but because of the nature of the backdoor infection
we cannot be sure that the system is still not compromised, and there is no way to be sure your computer can ever again be trusted.
so you need to keep this in mind when using the system.



To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled, then delete DeFogger from your desktop.




Uninstall ComboFix:

• Click on Start >> Run...
• Now type in ComboFix /Uninstall into the and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
• 

Please download OTC and save it to desktop.

This tool will remove all the tools(and logs created) we used to clean your pc. Any left over merely delete yourself and empty the Recycle Bin.

• Double-click OTC.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


Then install the extra protection from my previous post

Please post back and let me know the clean up went ok

[Dakeyras]

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.