Threaded Mode | Linear Mode

poncho · 03-03-2010, 08:19 PM

I'm getting massive system lag re: web browsing. Frames don't always line up, mail accounts I can access and other times I click on "mail" or "inbox."

This has happened in the past, and it could have been some sort of polymorphic bug. combofix did reseolve the problem for a few days. This is the worst I've seen things. I'm barely able to communicate online. It's mostly my mail sites. Albeit, all browsing is significantly slower.

I was confused about which log to send. Apologies in advance if the Attach log was not required.

PS. Even when trying to submit this post it took nearly 30 seconds. should take 5 topps.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Administrator at 13:14:47.12 on 03/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2591 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\DeltTray.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\Compaq_Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=presario&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DeltTray] DeltTray.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [RECGUARD] c:\windows\sminst\RECGUARD.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260838022265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259084460234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\on1mdoh4.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2006-9-5 217600]

=============== Created Last 30 ================

2010-02-06 19:28:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 19:28:42 0 d-----w- c:\program files\DAEMON Tools Pro
2010-02-06 19:28:18 0 d-----w- c:\docume~1\compaq~1\applic~1\DAEMON Tools Pro
2010-02-06 19:28:18 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2010-02-05 01:13:27 0 d-----w- c:\docume~1\compaq~1\applic~1\uTorrent
2010-02-04 23:48:57 0 d-----w- c:\docume~1\alluse~1\applic~1\PIXELA
2010-02-04 23:39:25 0 d-----w- c:\program files\PIXELA
2010-02-03 23:37:59 0 d-----w- c:\program files\VideoLAN

==================== Find3M ====================

2010-01-30 07:25:19 54016 ----a-w- c:\windows\system32\drivers\gyiehw.sys
2010-01-10 14:05:09 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-10 14:05:06 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-10 03:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2006-07-01 02:10:10 32 --sha-w- c:\windows\sminst\HPCD.SYS
2009-08-05 23:28:49 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-08-05 23:28:49 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080520090806\index.dat

============= FINISH: 13:15:17.01 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 05/08/2009 1:11:35 AM
System Uptime: 03/03/2010 10:47:30 AM (3 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon™ 64 Processor 3500+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 179 GiB total, 26.438 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.476 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: DISPLAY\NTATIVRV01\5&5B26BB&0&80000008&01&00
Manufacturer:
Name:
PNP Device ID: DISPLAY\NTATIVRV01\5&5B26BB&0&80000008&01&00
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&1C88B56&0&18A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A26103C&REV_10\4&1C88B56&0&18A4
Service: RTL8023xp

==== System Restore Points ===================

RP117: 02/12/2009 1:10:44 PM - Software Distribution Service 3.0
RP118: 02/12/2009 1:28:16 PM - Removed AVG Free 9.0
RP119: 02/12/2009 1:30:39 PM - Installed AVG Free 9.0
RP120: 03/12/2009 7:48:54 PM - System Checkpoint
RP121: 04/12/2009 9:32:32 PM - System Checkpoint
RP122: 06/12/2009 12:00:56 AM - System Checkpoint
RP123: 07/12/2009 7:27:43 AM - System Checkpoint
RP124: 08/12/2009 6:11:11 PM - System Checkpoint
RP125: 09/12/2009 7:23:39 PM - System Checkpoint
RP126: 09/12/2009 9:37:48 PM - Software Distribution Service 3.0
RP127: 11/12/2009 5:58:27 PM - System Checkpoint
RP128: 14/12/2009 5:50:51 PM - System Checkpoint
RP129: 15/12/2009 7:25:28 PM - System Checkpoint
RP130: 17/12/2009 6:38:29 PM - System Checkpoint
RP131: 20/12/2009 11:49:52 AM - System Checkpoint
RP132: 23/12/2009 9:00:19 PM - System Checkpoint
RP133: 24/12/2009 11:24:58 PM - System Checkpoint
RP134: 27/12/2009 9:40:00 AM - System Checkpoint
RP135: 28/12/2009 3:08:07 PM - System Checkpoint
RP136: 30/12/2009 5:27:25 PM - System Checkpoint
RP137: 31/12/2009 9:58:12 PM - System Checkpoint
RP138: 01/01/2010 11:53:18 AM - Installed KORG microSAMPLER Editor/Librarian.
RP139: 02/01/2010 2:54:44 PM - System Checkpoint
RP140: 04/01/2010 12:16:59 AM - System Checkpoint
RP141: 08/01/2010 8:28:40 PM - System Checkpoint
RP142: 10/01/2010 6:03:35 PM - System Checkpoint
RP143: 12/01/2010 6:46:37 PM - System Checkpoint
RP144: 13/01/2010 7:26:07 PM - System Checkpoint
RP145: 15/01/2010 9:01:41 PM - Software Distribution Service 3.0
RP146: 17/01/2010 6:22:22 PM - System Checkpoint
RP147: 18/01/2010 9:37:10 PM - System Checkpoint
RP148: 19/01/2010 10:50:36 PM - System Checkpoint
RP149: 21/01/2010 10:39:23 PM - System Checkpoint
RP150: 24/01/2010 1:23:00 AM - System Checkpoint
RP151: 24/01/2010 1:40:13 AM - Software Distribution Service 3.0
RP152: 26/01/2010 8:38:57 PM - Installed Java™ 6 Update 18
RP153: 28/01/2010 8:37:21 AM - System Checkpoint
RP154: 29/01/2010 12:00:16 AM - Removed Camtasia Studio 6
RP155: 29/01/2010 12:01:39 AM - Removed Skypeâ¢ 4.1
RP156: 29/01/2010 12:02:06 AM - Removed Skype web features
RP157: 30/01/2010 1:39:25 AM - System Checkpoint
RP158: 31/01/2010 1:18:48 PM - System Checkpoint
RP159: 02/02/2010 1:08:07 PM - System Checkpoint
RP160: 03/02/2010 7:35:12 PM - Installed MediaShow
RP161: 04/02/2010 6:39:24 PM - Installed ImageMixer 3 SE Ver.4 Transfer Utility
RP162: 04/02/2010 6:46:26 PM - Installed ImageMixer 3 SE Ver.4 Video Tools
RP163: 04/02/2010 7:34:39 PM - Software Distribution Service 3.0
RP164: 04/02/2010 9:30:32 PM - Installed Vegas Movie Studio Platinum 9.0
RP165: 04/02/2010 9:36:38 PM - Removed Vegas Movie Studio Platinum 9.0b
RP166: 04/02/2010 9:37:32 PM - Installed Vegas Movie Studio Platinum 9.0
RP167: 05/02/2010 10:18:53 PM - System Checkpoint
RP168: 06/02/2010 2:28:55 PM - SPTD setup V1.62
RP169: 07/02/2010 3:32:37 PM - System Checkpoint
RP170: 08/02/2010 8:25:14 PM - System Checkpoint
RP171: 11/02/2010 10:39:51 PM - System Checkpoint
RP172: 13/02/2010 11:02:22 PM - System Checkpoint
RP173: 14/02/2010 1:19:14 AM - Software Distribution Service 3.0
RP174: 15/02/2010 10:18:41 PM - System Checkpoint
RP175: 16/02/2010 11:10:21 PM - System Checkpoint
RP176: 18/02/2010 10:34:18 PM - System Checkpoint
RP177: 20/02/2010 2:05:32 AM - System Checkpoint
RP178: 20/02/2010 4:23:39 PM - Configured MediaShow
RP179: 20/02/2010 4:26:23 PM - Removed Vegas Movie Studio Platinum 9.0b
RP180: 21/02/2010 7:28:39 PM - System Checkpoint
RP181: 22/02/2010 10:54:32 PM - System Checkpoint
RP182: 24/02/2010 11:04:43 PM - System Checkpoint
RP183: 25/02/2010 8:05:32 PM - Software Distribution Service 3.0
RP184: 26/02/2010 11:08:19 PM - System Checkpoint
RP185: 28/02/2010 3:08:34 PM - System Checkpoint
RP186: 02/03/2010 8:37:36 AM - System Checkpoint
RP187: 03/03/2010 9:48:06 AM - System Checkpoint

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
ATI Display Driver
barbanimals
Compaq Multimedia Keyboard Software
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
DivX Web Player
Free RAR Extract Frog 1.00
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HpSdpAppCoreApp
ImageMixer 3 SE Ver.4 Transfer Utility
ImageMixer 3 SE Ver.4 Video Tools
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java™ 6 Update 18
KORG microSAMPLER Editor/Librarian
LightScribe 1.4.52.1
Logitech High Quality Video
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6)
MSVCRT
Nero 6 Ultra Edition
OpenOffice.org 3.1
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.5
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

25/02/2010 10:28:44 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

==== End Of File ===========================

**Kenny94** · 03-03-2010, 11:54 PM

Hi and Welcome!

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
avast! 5 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

**Kenny94** · 04-03-2010, 12:27 AM

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

poncho · 04-03-2010, 01:59 AM

Alright, well I've taken the first step and d/l'd a anti-virus prog.

Here's the log:

Avira AntiVir Personal
Report file date: March 3, 2010 17:24

Scanning for 1814064 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-55E5F9E3D2

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 22:18:57
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:19:32
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:19:43
VBASE004.VDF : 7.10.3.76 2048 Bytes 1/26/2010 22:19:43
VBASE005.VDF : 7.10.3.77 2048 Bytes 1/26/2010 22:19:43
VBASE006.VDF : 7.10.3.78 2048 Bytes 1/26/2010 22:19:44
VBASE007.VDF : 7.10.3.79 2048 Bytes 1/26/2010 22:19:44
VBASE008.VDF : 7.10.3.80 2048 Bytes 1/26/2010 22:19:44
VBASE009.VDF : 7.10.3.81 2048 Bytes 1/26/2010 22:19:44
VBASE010.VDF : 7.10.3.82 2048 Bytes 1/26/2010 22:19:44
VBASE011.VDF : 7.10.3.83 2048 Bytes 1/26/2010 22:19:44
VBASE012.VDF : 7.10.3.84 2048 Bytes 1/26/2010 22:19:45
VBASE013.VDF : 7.10.3.85 2048 Bytes 1/26/2010 22:19:45
VBASE014.VDF : 7.10.3.122 172544 Bytes 1/29/2010 22:19:47
VBASE015.VDF : 7.10.3.149 79872 Bytes 2/1/2010 22:19:48
VBASE016.VDF : 7.10.3.174 68608 Bytes 2/3/2010 22:19:49
VBASE017.VDF : 7.10.3.199 76800 Bytes 2/4/2010 22:19:49
VBASE018.VDF : 7.10.3.222 64512 Bytes 2/5/2010 22:19:50
VBASE019.VDF : 7.10.3.243 75776 Bytes 2/8/2010 22:19:51
VBASE020.VDF : 7.10.4.6 81920 Bytes 2/9/2010 22:19:52
VBASE021.VDF : 7.10.4.30 78848 Bytes 2/11/2010 22:19:53
VBASE022.VDF : 7.10.4.50 107520 Bytes 2/15/2010 22:19:54
VBASE023.VDF : 7.10.4.62 105472 Bytes 2/15/2010 22:19:56
VBASE024.VDF : 7.10.4.85 111616 Bytes 2/17/2010 22:19:57
VBASE025.VDF : 7.10.4.109 122368 Bytes 2/21/2010 22:19:58
VBASE026.VDF : 7.10.4.128 109056 Bytes 2/23/2010 22:20:00
VBASE027.VDF : 7.10.4.151 111104 Bytes 2/26/2010 22:20:01
VBASE028.VDF : 7.10.4.170 132608 Bytes 3/1/2010 22:20:02
VBASE029.VDF : 7.10.4.184 100864 Bytes 3/2/2010 22:20:04
VBASE030.VDF : 7.10.4.185 2048 Bytes 3/2/2010 22:20:04
VBASE031.VDF : 7.10.4.192 80896 Bytes 3/3/2010 22:20:05
Engineversion : 8.2.1.180
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/3/2010 22:20:32
AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 3/3/2010 22:20:32
AESCN.DLL : 8.1.5.0 127347 Bytes 3/3/2010 22:20:28
AESBX.DLL : 8.1.2.0 254323 Bytes 3/3/2010 22:20:33
AERDL.DLL : 8.1.4.2 479602 Bytes 3/3/2010 22:20:27
AEPACK.DLL : 8.2.1.0 426356 Bytes 3/3/2010 22:20:25
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 3/3/2010 22:20:22
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 3/3/2010 22:20:21
AEHELP.DLL : 8.1.10.1 237942 Bytes 3/3/2010 22:20:10
AEGEN.DLL : 8.1.2.0 373107 Bytes 3/3/2010 22:20:08
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 12:38:26
AECORE.DLL : 8.1.12.2 188790 Bytes 3/3/2010 22:20:06
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 12:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 20:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/3/2010 22:20:35
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 17:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: March 3, 2010 17:24

Starting search for hidden objects.
'61422' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'delttray.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '66' files ).

Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\hp\bin\KillIt.exe
[DETECTION] Contains recognition pattern of the APPL/KillApp.A application
C:\hp\bin\KillWind.exe
[DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP157\A0072973.sys
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP157\A0072974.com
[DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <PRESARIO_RP>

Beginning disinfection:
C:\hp\bin\KillIt.exe
[DETECTION] Contains recognition pattern of the APPL/KillApp.A application
[NOTE] The file was moved to '4bfaf5b8.qua'!
C:\hp\bin\KillWind.exe
[DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application
[NOTE] The file was moved to '4a87db91.qua'!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP157\A0072973.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4bbef57f.qua'!
C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP157\A0072974.com
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4accc3f0.qua'!

End of the scan: March 3, 2010 18:48
Used time: 50:11 Minute(s)

The scan has been done completely.

7728 Scanned directories
398052 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
398046 Files not concerned
15625 Archives were scanned
2 Warnings
5 Notes
61422 Objects were scanned with rootkit scan
0 Hidden objects were found

I removed avg last time i had posted b/c i was having troubles using it, AND uninstalling it.

The other log you've requested is coming up shortly.

Thanks

poncho · 04-03-2010, 02:02 AM

Goordfix log:

GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:00 on 03/03/2010 (Compaq_Administrator)
Firefox version 3.6 (en-GB)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:35 06/08/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [01:15 10/08/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [20:20 05/09/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [12:33 05/11/2009]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [01:39 27/01/2010]

C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\on1mdoh4.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [22:13 02/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [17:52 24/11/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:14 10/08/2009]

-=E.O.F=-

**Kenny94** · 04-03-2010, 03:03 AM

Delete the copy of ComboFix you have & download it again from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! RENAME ComboFix.exe to Commy.exe BEFORE you save it to your Desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
A guide to do this can be found here
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
[Image: RC_successful.gif]

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log

poncho · 04-03-2010, 05:38 AM

ComboFix 10-03-03.04 - Compaq_Administrator 03/03/2010 22:31:08.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2682 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\Commy.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-03 22:15 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-03 22:15 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-03 22:15 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-03 22:15 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-03 22:15 . 2010-03-03 22:15 -------- d-----w- c:\program files\Avira
2010-03-03 22:15 . 2010-03-03 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-06 19:28 . 2010-02-06 19:28 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 19:28 . 2010-02-06 19:28 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-02-06 19:28 . 2010-02-06 20:23 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools Pro
2010-02-06 19:28 . 2010-02-06 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-02-05 02:38 . 2010-02-05 02:38 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Publish Providers
2010-02-05 02:38 . 2010-02-05 02:38 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Sony
2010-02-05 02:38 . 2010-02-05 02:38 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Sony
2010-02-05 01:13 . 2010-02-20 21:23 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2010-02-04 23:48 . 2010-02-04 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PIXELA
2010-02-04 23:39 . 2010-02-04 23:39 -------- d-----w- c:\program files\PIXELA
2010-02-04 23:10 . 2010-02-04 23:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-04 00:46 . 2010-02-04 00:46 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\MediaShow
2010-02-04 00:38 . 2010-02-04 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-02-04 00:38 . 2010-02-04 00:38 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\CyberLink
2010-02-04 00:38 . 2010-02-20 21:24 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Cyberlink
2010-02-04 00:35 . 2010-02-20 21:23 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2010-02-04 00:35 . 2010-02-04 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-02-03 23:39 . 2010-02-25 06:13 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\vlc
2010-02-03 23:37 . 2010-02-03 23:37 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 14:32 . 2009-08-05 23:36 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-02 13:19 . 2009-11-24 22:40 117760 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-01 15:36 . 2009-08-10 12:25 1 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-04 23:46 . 2005-11-11 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 00:40 . 2005-11-11 21:15 49816 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-30 07:25 . 2010-01-30 07:25 54016 ----a-w- c:\windows\system32\drivers\gyiehw.sys
2010-01-30 05:43 . 2009-11-24 22:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-27 01:40 . 2005-11-11 20:58 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 01:39 . 2010-01-27 01:39 503808 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-52b3eec2-n\msvcp71.dll
2010-01-27 01:39 . 2010-01-27 01:39 499712 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-52b3eec2-n\jmc.dll
2010-01-27 01:39 . 2010-01-27 01:39 348160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-52b3eec2-n\msvcr71.dll
2010-01-27 01:39 . 2010-01-27 01:39 61440 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5899e9ae-n\decora-sse.dll
2010-01-27 01:39 . 2010-01-27 01:39 12800 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5899e9ae-n\decora-d3d.dll
2010-01-27 01:39 . 2005-11-11 20:58 -------- d-----w- c:\program files\Java
2010-01-24 06:42 . 2009-08-23 21:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 00:08 . 2009-11-29 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 00:08 . 2009-12-10 00:46 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 00:08 . 2010-01-14 00:08 52224 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-10 14:05 . 2009-11-09 21:15 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-10 14:05 . 2009-11-09 21:14 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-07 21:07 . 2009-11-29 13:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-11-29 13:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 16:53 . 2010-01-01 16:53 327680 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{F0CC88EC-ECA4-496C-A7A8-E1AF5BEAB9BE}\NewShortcut1_857609AF4E1C4357A4724BB3C374FE41.exe
2010-01-01 16:53 . 2010-01-01 16:53 285478 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{F0CC88EC-ECA4-496C-A7A8-E1AF5BEAB9BE}\ARPPRODUCTICON.exe
2009-12-31 16:50 . 2004-08-10 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2009-08-10 01:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2004-08-10 12:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-10 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-11 02:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-10 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-07-01 02:10 . 2009-08-05 04:02 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-30 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"DeltTray"="DeltTray.exe" [2002-07-29 24576]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"RECGUARD"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.4.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.4.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 20:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2009-12-18 10:24 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"MDM"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"IDriverT"=3 (0x3)
"LightScribeService"=2 (0x2)
"idsvc"=3 (0x3)
"ARSVC"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8:43 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/03/2010 5:15 PM 108289]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [05/09/2006 1:16 AM 217600]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/02/2010 2:28 PM 691696]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8:43 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\on1mdoh4.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-lvdrivers_12.0 - c:\program files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.0.1278\LgDrvInst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 22:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-03 22:36:43
ComboFix-quarantined-files.txt 2010-03-04 03:36

Pre-Run: 28,458,663,936 bytes free
Post-Run: 28,422,848,512 bytes free

- - End Of File - - B8C9C002757F9889390C07521E8C9400

**Kenny94** · 04-03-2010, 02:57 PM

Lets Run a CFScript poncho

Close any open browsers.
Open Notepad by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad:

Code:

KILLALL::

File::

c:\windows\system32\drivers\logiflt.iad 

c:\windows\system32\drivers\gyiehw.sys 

c:\windows\system32\drivers\lvuvc.hs 

Driver::

logiflt.iad 

gyiehw.sys 

lvuvc.hs

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

[Image: CFScriptB-4.gif]

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply and let me know how your PC is doing?

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

**Kenny94** · 04-03-2010, 05:28 PM

Hi poncho

I edited the CFScript.txt. Left out a file. Thanks mjack547 for seeing this one.

Post the contents of Combofix.txt in your next reply and let me know how your PC is doing.... Smile

poncho · 04-03-2010, 08:31 PM

I dragged the script to combofix. I was prompted to update, then to reboot. When I rebooted I was promted again to update. Instead I cancelled the process and drag and dropped the file again to restart the process. No update was requested.

Here's the log:

ComboFix 10-03-03.09 - Compaq_Administrator 04/03/2010 13:19:08.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2631 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\Commy.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\drivers\gyiehw.sys"
"c:\windows\system32\drivers\logiflt.iad"
"c:\windows\system32\drivers\lvuvc.hs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gyiehw.sys
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 18:14 . 2010-03-04 18:17 -------- d-----w- C:\Commy
2010-03-03 22:15 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-03 22:15 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-03 22:15 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-03 22:15 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-03 22:15 . 2010-03-03 22:15 -------- d-----w- c:\program files\Avira
2010-03-03 22:15 . 2010-03-03 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-02-06 19:28 . 2010-02-06 19:28 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 19:28 . 2010-02-06 19:28 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-02-06 19:28 . 2010-02-06 20:23 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools Pro
2010-02-06 19:28 . 2010-02-06 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-02-05 02:38 . 2010-02-05 02:38 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Publish Providers
2010-02-05 02:38 . 2010-02-05 02:38 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Sony
2010-02-05 02:38 . 2010-02-05 02:38 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Sony
2010-02-05 01:13 . 2010-02-20 21:23 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2010-02-04 23:48 . 2010-02-04 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PIXELA
2010-02-04 23:39 . 2010-02-04 23:39 -------- d-----w- c:\program files\PIXELA
2010-02-04 23:10 . 2010-02-04 23:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-04 00:46 . 2010-02-04 00:46 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\MediaShow
2010-02-04 00:38 . 2010-02-04 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-02-04 00:38 . 2010-02-04 00:38 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\CyberLink
2010-02-04 00:38 . 2010-02-20 21:24 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Cyberlink
2010-02-04 00:35 . 2010-02-20 21:23 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{80E158EA-7181-40FE-A701-301CE6BE64AB}\PostBuild.exe
2010-02-04 00:35 . 2010-02-04 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2010-02-03 23:39 . 2010-02-25 06:13 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\vlc
2010-02-03 23:37 . 2010-02-03 23:37 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 14:32 . 2009-08-05 23:36 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-03-02 13:19 . 2009-11-24 22:40 117760 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-01 15:36 . 2009-08-10 12:25 1 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-04 23:46 . 2005-11-11 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 00:40 . 2005-11-11 21:15 49816 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-30 05:43 . 2009-11-24 22:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-27 01:40 . 2005-11-11 20:58 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 01:39 . 2010-01-27 01:39 503808 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-52b3eec2-n\msvcp71.dll
2010-01-27 01:39 . 2010-01-27 01:39 499712 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-52b3eec2-n\jmc.dll
2010-01-27 01:39 . 2010-01-27 01:39 348160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-52b3eec2-n\msvcr71.dll
2010-01-27 01:39 . 2010-01-27 01:39 61440 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5899e9ae-n\decora-sse.dll
2010-01-27 01:39 . 2010-01-27 01:39 12800 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5899e9ae-n\decora-d3d.dll
2010-01-27 01:39 . 2005-11-11 20:58 -------- d-----w- c:\program files\Java
2010-01-24 06:42 . 2009-08-23 21:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 00:08 . 2009-11-29 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 00:08 . 2009-12-10 00:46 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 00:08 . 2010-01-14 00:08 52224 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-07 21:07 . 2009-11-29 13:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-11-29 13:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 16:53 . 2010-01-01 16:53 327680 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{F0CC88EC-ECA4-496C-A7A8-E1AF5BEAB9BE}\NewShortcut1_857609AF4E1C4357A4724BB3C374FE41.exe
2010-01-01 16:53 . 2010-01-01 16:53 285478 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{F0CC88EC-ECA4-496C-A7A8-E1AF5BEAB9BE}\ARPPRODUCTICON.exe
2009-12-31 16:50 . 2004-08-10 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2009-08-10 01:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2004-08-10 12:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-10 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-11 02:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-07-01 02:10 . 2009-08-05 04:02 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-30 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"DeltTray"="DeltTray.exe" [2002-07-29 24576]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"RECGUARD"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.4.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.4.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 20:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2009-12-18 10:24 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"MDM"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"IDriverT"=3 (0x3)
"LightScribeService"=2 (0x2)
"idsvc"=3 (0x3)
"ARSVC"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/02/2010 2:28 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8:43 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/03/2010 5:15 PM 108289]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8:43 AM 7408]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [05/09/2006 1:16 AM 217600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\on1mdoh4.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 13:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spac.sys >>UNKNOWN [0x8ADC0938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e74cb8
\Driver\atapi -> atapi.sys @ 0xb9e09b40
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3016)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\DeltTray.exe
.
**************************************************************************
.
Completion time: 2010-03-04 13:28:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-04 18:28
ComboFix2.txt 2010-03-04 03:36

Pre-Run: 28,407,664,640 bytes free
Post-Run: 28,371,648,512 bytes free

- - End Of File - - 46BDC356CC2A6C6B8896E6E8469E3049