Author Topic: Virus won't allow me to do anything! (Read 3446 times)

cbfr · « **on:** November 12, 2008, 01:23:13 AM »

Hello

A few months ago, I did a search in google and when I clicked on the link, it popped up in a new window. The new window wasn't the actual site I wanted, it was an advertising site. I noticed my computer to be really slow and noticed that my AVG wouldn't update. When I tried to go onto Anti Virus websites, my internet wouldn't allow me on those pages. If I was able to download a virus checker, it won't allow me to install it. I also noticed that I cannot do a system restore. It has become really frustrating because I have been trying to fix this myself since August! Any help would be greatly appreciated as I do not want to reformat my computer. Thanks!

Corrine · « **Reply #1 on:** November 12, 2008, 02:13:17 AM »

Hi, cbfr. Welcome to LandzDown Forum.

It is a shame that you have waited so long for help. I am going to provide a couple of links. See if you are able to download them from your computer or if you can download them to a family member or friend/neighbor's computer and then transport them to your computer. If not, please let us know and we will work something out.

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please download ATF Cleaner by Atribune from http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25 . Save it to your Desktop.

Run ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Shutdown/restart the computer.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply and a fresh HijackThis log.

cbfr · « **Reply #2 on:** November 13, 2008, 11:11:13 PM »

Hi Corrine

Thanks for taking the time to help me! I couldn't download any of the items from the websites you provided but I was able to use another computer and save it.

Here is the log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Christina at 2008-11-12 17:47:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 51 GB (44%) free of 114 GB
Total RAM: 510 MB (19% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-21 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-21 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-21 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-03-10 35328]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-05-06 185784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-11 1234712]
"SSA.exe"=C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe [2007-03-27 2061816]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-04 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\Christina\Start Menu\Programs\Startup
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-11-12 17:47:46 ----D---- C:\rsit
2008-11-12 17:47:46 ----D---- C:\Program Files\trend micro
2008-11-11 20:01:48 ----A---- C:\ComboFix.txt
2008-11-11 19:40:33 ----D---- C:\Documents and Settings\Christina\Application Data\WinRAR
2008-11-11 19:25:47 ----A---- C:\WINDOWS\system32\vfind.exe
2008-11-11 19:25:47 ----A---- C:\WINDOWS\system32\moveex.exe
2008-11-11 19:25:47 ----A---- C:\WINDOWS\nircmd.exe
2008-11-11 19:25:47 ----A---- C:\WINDOWS\catchme.exe
2008-11-11 19:25:21 ----A---- C:\ComboFix-quarantined-files.txt
2008-11-11 19:22:45 ----D---- C:\QooBox
2008-11-11 19:17:26 ----A---- C:\ComboFix2.txt
2008-11-10 21:31:49 ----D---- C:\Documents and Settings\Christina\Application Data\Malwarebytes
2008-11-10 21:31:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-10 21:31:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-26 17:13:03 ----D---- C:\WINDOWS\system32\Adobe
2008-10-26 09:20:59 ----D---- C:\Program Files\iPod
2008-10-26 09:20:58 ----D---- C:\Program Files\iTunes
2008-10-26 09:20:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 09:19:55 ----D---- C:\Program Files\Bonjour
2008-10-26 09:18:57 ----D---- C:\Program Files\QuickTime
2008-10-25 02:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 02:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:06:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 02:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$

======List of files/folders modified in the last 1 months======

2008-11-12 17:47:46 ----D---- C:\Program Files
2008-11-12 15:32:27 ----D---- C:\WINDOWS\Prefetch
2008-11-12 04:49:39 ----D---- C:\Program Files\Mozilla Firefox
2008-11-12 04:49:14 ----D---- C:\WINDOWS\Temp
2008-11-12 04:47:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-11 20:07:54 ----D---- C:\WINDOWS\system32
2008-11-11 20:01:54 ----D---- C:\WINDOWS\system32\drivers
2008-11-11 19:41:46 ----D---- C:\Program Files\Java
2008-11-11 19:25:47 ----D---- C:\WINDOWS
2008-11-11 06:42:29 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-10 21:26:25 ----D---- C:\WINDOWS\Minidump
2008-11-10 21:25:06 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-10 21:18:41 ----SHD---- C:\WINDOWS\Installer
2008-11-10 21:18:41 ----HD---- C:\Config.Msi
2008-11-10 21:18:41 ----D---- C:\Program Files\Common Files
2008-11-09 18:55:35 ----D---- C:\Program Files\WinRAR
2008-11-09 16:29:34 ----A---- C:\WINDOWS\DUMP2376.tmp
2008-11-07 06:23:59 ----HD---- C:\$AVG8.VAULT$
2008-11-02 04:49:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-27 16:02:52 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-26 09:29:11 ----D---- C:\Documents and Settings\Christina\Application Data\Apple Computer
2008-10-26 09:21:25 ----HD---- C:\WINDOWS\inf
2008-10-26 09:21:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-26 09:19:04 ----D---- C:\Program Files\Common Files\Apple
2008-10-26 09:17:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-25 02:00:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 02:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-16 02:06:25 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 02:05:40 ----A---- C:\WINDOWS\win.ini
2008-10-16 02:01:10 ----D---- C:\Program Files\Internet Explorer
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-21 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-21 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-21 76040]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-04-04 839880]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-07-16 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-07-16 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 OVT511Plus;Dual Mode USB Camera Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2006-05-01 36480]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2006-12-02 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys []
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys []
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys []
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys []
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-21 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-21 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-04-04 177672]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2006-03-03 69632]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-05-22 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-03 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Radialpoint Security Services;Radialpoint Security Services; C:\WINDOWS\system32\dllhost.exe [2004-08-04 5120]
S3 RPSUpdaterR;Radialpoint Unicorn Update Service; C:\Program Files\Bell\Scan and Clean utility\rpsupdaterR.exe [2007-05-04 99320]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Here is the info.txt

info.txt logfile of random's system information tool 1.04 2008-11-12 17:47:54

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Media Player-->MsiExec.exe /I{5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FrostWire 4.13.5-->C:\Program Files\FrostWire\Uninstall.exe
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{3A316611-45D1-429C-AA26-B71259C44689}\setup\hpzscr01.exe -datfile hposcr11.dat
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access 2003 Developer Extensions-->MsiExec.exe /I{90D00409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PPSDKRedistributables-->MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
Prism-->C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Radialpoint Security Services-->MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Sympatico Security Advisor 1.5.11-->"C:\Program Files\Bell\Sympatico Security Advisor\unins000.exe"
Sympatico(TM) Scan and Clean utility-->C:\Program Files\InstallShield Installation Information\{C13EF4AA-1CBC-4300-8D11-B5F9E6AB1323}\setup.exe -runfromtemp -l0x0409
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Here is the Malaware log

Malwarebytes' Anti-Malware 1.30
Database version: 1381
Windows 5.1.2600 Service Pack 2

11/11/2008 6:42:30 AM
mbam-log-2008-11-11 (06-42-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 182225
Time elapsed: 40 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 57
Files Infected: 128

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Dating (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Free_Credit_Score (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Games (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Movies (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\RecipeSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Recipe_RSS (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Ringtones (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Search_Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Christina\Application Data\Starware337\Weather (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\Dating (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\Free_Credit_Score (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\Recipe_RSS (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\Reference (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\Ringtones (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\Search_Recipes (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anita\Application Data\Starware337\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\Tem202.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\Tem6D.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\U0DD7AB13.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\723_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\723_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\726_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\Dating0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\epiRSS.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\epiRSS.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\epiSearch.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\epiSearch.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\Free_Credit_Score0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\Ringtones0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware337\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Setting

Corrine · « **Reply #3 on:** November 13, 2008, 11:46:20 PM »

Hi, cbfr.

I didn't ask you to download and run ComboFix (twice). Are you receiving assistance at an other site?

cbfr · « **Reply #4 on:** November 14, 2008, 12:00:51 AM »

Hi Corrine

I'm not receiving help from other sites. I've been trying to fix this issue for a while so it could have been something that I was trying before? Is this a problem?

Corrine · « **Reply #5 on:** November 14, 2008, 12:22:47 AM »

Yes, ComboFix should only be used under the direction of a trained expert. The instructions we provide are based on analysis and research of the logs provided and only for the person we are helping. Malware changes as do the tools we use. There are situations where the specific order of steps is critical to the successful outcome of the process.

We have access to the developers of these specialized tools so are made aware of issues and can seek additional help or advice. At just one location, the primary discussion topic is over 300 pages.

Please post C:\ComboFix.txt and C:\ComboFix2.txt

cbfr · « **Reply #6 on:** November 14, 2008, 12:40:17 AM »

Hi Corrine

Here are the two logs. My brother has also been working on this so it could have been something that he did?

Here is ComboFix.txt

"Christina" - 2008-11-11 20:01:48 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Christina\"
Command switches used :: ""C:\Documents and Settings\Christina\Desktop\CFScript.txt""

((((((((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 ))))))))))))))))))))))))))))))))))

2008-11-11 19:46   <DIR>   d--------   C:\Documents and Settings\CHRIST~1\.SunDownloadManager
2008-11-11 19:46   <DIR>   d--------   C:\DOCUME~1\CHRIST~1\.SunDownloadManager
2008-11-11 19:40   <DIR>   d--------   C:\DOCUME~1\CHRIST~1\APPLIC~1\WinRAR
2008-11-11 19:25   49,152   --a------   C:\WINDOWS\nircmd.exe
2008-11-10 21:31   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-11-10 21:31   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-11-10 21:31   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-11-10 21:31   <DIR>   d--------   C:\DOCUME~1\CHRIST~1\APPLIC~1\Malwarebytes
2008-11-10 21:31   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
2008-10-26 09:20   <DIR>   d--------   C:\Program Files\iTunes
2008-10-26 09:20   <DIR>   d--------   C:\Program Files\iPod
2008-10-26 09:20   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 09:19   <DIR>   d--------   C:\Program Files\Bonjour
2008-10-26 09:18   <DIR>   d--------   C:\Program Files\QuickTime
2008-10-12 19:31   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2008-10-12 19:31   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-10-26 14:29:11   --------   d-----w   C:\DOCUME~1\CHRIST~1\APPLIC~1\Apple Computer
2008-10-26 14:19:04   --------   d-----w   C:\Program Files\Common Files\Apple
2008-10-07 07:00:34   --------   d-----w   C:\Program Files\Messenger
2008-10-06 00:58:02   --------   d-----w   C:\Program Files\Windows NT
2008-10-06 00:58:01   --------   d-----w   C:\Program Files\Movie Maker
2008-10-01 17:01:28   32,000   ----a-w   C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-30 23:48:35   --------   d-----w   C:\DOCUME~1\CHRIST~1\APPLIC~1\Image Zone Express
2008-09-27 00:59:01   --------   d-----w   C:\Program Files\Apple Software Update
2008-09-24 23:36:20   --------   d-----w   C:\Program Files\Adobe Media Player
2008-09-24 23:36:16   --------   d-----w   C:\Program Files\Common Files\Adobe AIR
2008-09-24 07:00:17   --------   d-----w   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-23 01:33:08   --------   d-----w   C:\Program Files\Bell
2008-09-23 00:48:00   --------   d-----w   C:\Program Files\Common Files\Scanner
2008-09-23 00:47:33   --------   d-----w   C:\Program Files\Common Files\Authentium
2008-09-23 00:47:19   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-23 00:45:42   --------   d-----w   C:\DOCUME~1\CHRIST~1\APPLIC~1\Bell
2008-09-22 23:57:02   2,536   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-09-22 01:10:38   10,520   ----a-w   C:\WINDOWS\system32\avgrsstx.dll
2008-09-22 01:10:37   76,040   ----a-w   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-22 01:10:32   97,928   ----a-w   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-22 01:10:26   --------   d-----w   C:\DOCUME~1\CHRIST~1\APPLIC~1\AVGTOOLBAR
2008-09-21 23:18:27   --------   d-----w   C:\Program Files\Lavasoft
2008-09-19 16:26:48   82,944   ----a-w   C:\WINDOWS\system32\o4Patch.exe
2008-09-19 16:26:48   82,944   ----a-w   C:\WINDOWS\system32\IEDFix.C.exe
2008-09-17 16:48:14   --------   d-----w   C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-17 15:05:53   --------   d-----w   C:\Program Files\Common Files\Teleca Shared
2008-09-16 02:21:52   108,032   ----a-w   C:\WINDOWS\system32\services.exe
2008-09-16 02:21:52   108,032   ------w   C:\WINDOWS\system32\_006940_.tmp.dll
2008-09-16 02:21:52   108,032   ------w   C:\WINDOWS\system32\_003767_.tmp.dll
2008-09-16 02:21:52   108,032   ------w   C:\WINDOWS\system32\_003742_.tmp.dll
2008-09-16 02:21:52   108,032   ------w   C:\WINDOWS\system32\_003711_.tmp.dll
2008-09-15 11:57:41   1,846,016   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-09-12 01:05:27   --------   d-----w   C:\Program Files\GMATPrep
2008-09-09 03:38:55   88,576   ----a-w   C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-02 20:51:48   86,528   ----a-w   C:\WINDOWS\system32\VACFix.exe
2008-08-30 10:28:52   3,883,008   ----a-w   C:\WINDOWS\system32\Tropix2.scr
2008-08-30 10:28:11   258,352   ----a-w   C:\WINDOWS\system32\unicows.dll
2008-08-29 14:18:58   87,336   ----a-w   C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53:50   61,440   ----a-w   C:\WINDOWS\system32\dnssd.dll
2008-08-18 16:19:03   82,432   ----a-w   C:\WINDOWS\system32\404Fix.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}=C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-21 20:10]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 03:27]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 10:30]
{A057A204-BACC-4D26-9990-79A187E2698E}=C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-21 20:10]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 12:45]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-06 06:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27]
"BCMSMMSG"="BCMSMMSG.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-11-11 09:52]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 09:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 14:09]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 17:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 17:47]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs   eaphost
dot3svc   dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2008-11-09 02:29:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-11-11 05:00:00 C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
2006-04-10 23:49:25 C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 20:10:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet007\Services\tdssserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv.sys"

Completion time: 2008-11-11 20:12:53
C:\ComboFix-quarantined-files.txt ... 2008-11-11 20:12
C:\ComboFix2.txt ... 2008-11-11 19:25

   --- E O F ---

Here is ComboFix2.txt

"Christina" - 2008-11-11 19:17:26 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Christina\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\WINDOWS\system32\windows_update.exe"

((((((((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 ))))))))))))))))))))))))))))))))))

2008-11-10 21:31   38,496   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-11-10 21:31   15,504   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-11-10 21:31   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-11-10 21:31   <DIR>   d--------   C:\DOCUME~1\CHRIST~1\APPLIC~1\Malwarebytes
2008-11-10 21:31   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
2008-10-26 09:20   <DIR>   d--------   C:\Program Files\iTunes
2008-10-26 09:20   <DIR>   d--------   C:\Program Files\iPod
2008-10-26 09:20   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 09:19   <DIR>   d--------   C:\Program Files\Bonjour
2008-10-26 09:18   <DIR>   d--------   C:\Program Files\QuickTime
2008-10-12 19:31   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2008-10-12 19:31   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-10-26 14:29:11   --------   d-----w   C:\DOCUME~1\CHRIST~1\APPLIC~1\Apple Computer
2008-10-26 14:19:04   --------   d-----w   C:\Program Files\Common Files\Apple
2008-10-07 07:00:34   --------   d-----w   C:\Program Files\Messenger
2008-10-06 00:58:02   --------   d-----w   C:\Program Files\Windows NT
2008-10-06 00:58:01   --------   d-----w   C:\Program Files\Movie Maker
2008-10-01 17:01:28   32,000   ----a-w   C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-30 23:48:35   --------   d-----w   C:\DOCUME~1\CHRIST~1\APPLIC~1\Image Zone Express
2008-09-27 00:59:01   --------   d-----w   C:\Program Files\Apple Software Update
2008-09-24 23:36:20   --------   d-----w   C:\Program Files\Adobe Media Player
2008-09-24 23:36:16   --------   d-----w   C:\Program Files\Common Files\Adobe AIR
2008-09-24 07:00:17   --------   d-----w   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-23 01:33:08   --------   d-----w   C:\Program Files\Bell
2008-09-23 00:48:00   --------   d-----w   C:\Program Files\Common Files\Scanner
2008-09-23 00:47:33   --------   d-----w   C:\Program Files\Common Files\Authentium
2008-09-23 00:47:19   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-09-23 00:45:42   --------   d-----w   C:\DOCUME~1\CHRIST~1\APPLIC~1\Bell
2008-09-22 23:57:02   2,536   ----a-w   C:\WINDOWS\system32\tmp.reg
2008-09-22 01:10:38   10,520   ----a-w   C:\WINDOWS\system32\avgrsstx.dll
2008-09-22 01:10:37   76,040   ----a-w   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-22 01:10:32   97,928   ----a-w   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-22 01:10:26   --------   d-----w   C:\DOCUME~1\CHRIST~1\APPLIC~1\AVGTOOLBAR
2008-09-21 23:18:27   --------   d-----w   C:\Program Files\Lavasoft
2008-09-19 16:26:48   82,944   ----a-w   C:\WINDOWS\system32\o4Patch.exe
2008-09-19 16:26:48   82,944   ----a-w   C:\WINDOWS\system32\IEDFix.C.exe
2008-09-17 16:48:14   --------   d-----w   C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-17 15:05:53   --------   d-----w   C:\Program Files\Common Files\Teleca Shared
2008-09-16 02:21:52   108,032   ----a-w   C:\WINDOWS\system32\services.exe
2008-09-16 02:21:52   108,032   ------w   C:\WINDOWS\system32\_006940_.tmp.dll
2008-09-16 02:21:52   108,032   ------w   C:\WINDOWS\system32\_003767_.tmp.dll
2008-09-16 02:21:52   108,032   ------w   C:\WINDOWS\system32\_003742_.tmp.dll
2008-09-16 02:21:52   108,032   ------w   C:\WINDOWS\system32\_003711_.tmp.dll
2008-09-15 11:57:41   1,846,016   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-09-12 01:05:27   --------   d-----w   C:\Program Files\GMATPrep
2008-09-09 03:38:55   88,576   ----a-w   C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-02 20:51:48   86,528   ----a-w   C:\WINDOWS\system32\VACFix.exe
2008-08-30 10:28:52   3,883,008   ----a-w   C:\WINDOWS\system32\Tropix2.scr
2008-08-30 10:28:11   258,352   ----a-w   C:\WINDOWS\system32\unicows.dll
2008-08-29 14:18:58   87,336   ----a-w   C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53:50   61,440   ----a-w   C:\WINDOWS\system32\dnssd.dll
2008-08-18 16:19:03   82,432   ----a-w   C:\WINDOWS\system32\404Fix.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}=C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-21 20:10]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 03:27]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 10:30]
{A057A204-BACC-4D26-9990-79A187E2698E}=C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-21 20:10]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 12:45]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-06 06:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27]
"BCMSMMSG"="BCMSMMSG.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-11-11 09:52]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 09:33]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 14:09]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 17:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 17:47]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs   eaphost
dot3svc   dot3svc

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* - MBAMSWISSARMY

Contents of the 'Scheduled Tasks' folder
2008-11-09 02:29:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2008-11-11 05:00:00 C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
2006-04-10 23:49:25 C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 19:24:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet007\Services\tdssserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv.sys"

Completion time: 2008-11-11 19:25:47
C:\ComboFix-quarantined-files.txt ... 2008-11-11 19:25

   --- E O F ---

Thanks for your help.

Corrine · « **Reply #7 on:** November 14, 2008, 12:51:40 AM »

Who has access to the Administrator account for this computer?

Quote

please note that you need administrator rights to perform deep scan

cbfr · « **Reply #8 on:** November 14, 2008, 12:54:00 AM »

Hi Corrine

My brother has access to the Administrator account. Thanks.

Corrine · « **Reply #9 on:** November 14, 2008, 01:25:37 AM »

Hi, cbfr.

The computer has a nasty rootkit. From what is available in the log, this will get it started. Please have your brother log on to the computer and do the following:

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code: [Select]

File::
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\_006940_.tmp.dll
C:\WINDOWS\system32\_003767_.tmp.dll
C:\WINDOWS\system32\_003742_.tmp.dll
C:\WINDOWS\system32\_003711_.tmp.dll
C:\WINDOWS\system32\AntiXPVSTFix.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\drivers\TDSSserv.sys

Driver::
TDSSserv.sys

Extra::

Save this as CFScript.txt and place it on your desktop.
Close any open browsers
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

Please also include a fresh HijackThis log.

cbfr · « **Reply #10 on:** November 16, 2008, 10:51:41 PM »

Hi Corrine

Here is the ComboFix Log

ComboFix 08-11-16.01 - Owner 2008-11-16 17:04:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.234 [GMT -5:00]
Command switches used :: c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Desktop\CFScript.txt

FILE ::
c:\windows\system32\_003711_.tmp.dll
c:\windows\system32\_003742_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_006940_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\AntiXPVSTFix.exe
c:\windows\system32\drivers\TDSSserv.sys
c:\windows\system32\IEDFix.C.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Configurator\Configurator.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Configurator\Configurator.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Dating\DatingOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Dating\DatingOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Free_Credit_Score\Free_Credit_ScoreOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Games\GamesOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Games\GamesOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Games\images\active\Games0.bmp
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Layouts\ToolbarLayout.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Manager\ManagerOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Manager\ManagerOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Movies\images\active\Movies0.bmp
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Movies\MoviesOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Movies\MoviesOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Recipe_RSS\Recipe_RSSOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Recipe_RSS\Recipe_RSSOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Recipes\RecipesOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Recipes\RecipesOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\RecipeSearch\RecipeSearchOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Reference\ReferenceOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Ringtones\RingtonesOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Ringtones\RingtonesOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Search_Recipes\Search_RecipesOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Search_Recipes\Search_RecipesOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\SearchMatch\SearchMatchOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Toolbar\TBProductsOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Weather\AlertArchive.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Weather\WeatherOptions.xml
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Starware337\Weather\WeatherOptions.xml.backup
c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Favorites\Online Security Test.url
c:\windows\system32\_003697_.tmp.dll
c:\windows\system32\_003698_.tmp.dll
c:\windows\system32\_003699_.tmp.dll
c:\windows\system32\_003700_.tmp.dll
c:\windows\system32\_003707_.tmp.dll
c:\windows\system32\_003708_.tmp.dll
c:\windows\system32\_003709_.tmp.dll
c:\windows\system32\_003710_.tmp.dll
c:\windows\system32\_003711_.tmp.dll
c:\windows\system32\_003712_.tmp.dll
c:\windows\system32\_003713_.tmp.dll
c:\windows\system32\_003714_.tmp.dll
c:\windows\system32\_003715_.tmp.dll
c:\windows\system32\_003716_.tmp.dll
c:\windows\system32\_003717_.tmp.dll
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003719_.tmp.dll
c:\windows\system32\_003720_.tmp.dll
c:\windows\system32\_003722_.tmp.dll
c:\windows\system32\_003723_.tmp.dll
c:\windows\system32\_003724_.tmp.dll
c:\windows\system32\_003725_.tmp.dll
c:\windows\system32\_003726_.tmp.dll
c:\windows\system32\_003727_.tmp.dll
c:\windows\system32\_003728_.tmp.dll
c:\windows\system32\_003730_.tmp.dll
c:\windows\system32\_003731_.tmp.dll
c:\windows\system32\_003732_.tmp.dll
c:\windows\system32\_003733_.tmp.dll
c:\windows\system32\_003734_.tmp.dll
c:\windows\system32\_003735_.tmp.dll
c:\windows\system32\_003736_.tmp.dll
c:\windows\system32\_003738_.tmp.dll
c:\windows\system32\_003739_.tmp.dll
c:\windows\system32\_003740_.tmp.dll
c:\windows\system32\_003741_.tmp.dll
c:\windows\system32\_003742_.tmp.dll
c:\windows\system32\_003743_.tmp.dll
c:\windows\system32\_003744_.tmp.dll
c:\windows\system32\_003745_.tmp.dll
c:\windows\system32\_003746_.tmp.dll
c:\windows\system32\_003747_.tmp.dll
c:\windows\system32\_003748_.tmp.dll
c:\windows\system32\_003751_.tmp.dll
c:\windows\system32\_003752_.tmp.dll
c:\windows\system32\_003753_.tmp.dll
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003756_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003758_.tmp.dll
c:\windows\system32\_003760_.tmp.dll
c:\windows\system32\_003761_.tmp.dll
c:\windows\system32\_003762_.tmp.dll
c:\windows\system32\_003763_.tmp.dll
c:\windows\system32\_003764_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_003768_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003770_.tmp.dll
c:\windows\system32\_003771_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003775_.tmp.dll
c:\windows\system32\_003776_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003778_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003780_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003783_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003788_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003791_.tmp.dll
c:\windows\system32\_003792_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003796_.tmp.dll
c:\windows\system32\_003797_.tmp.dll
c:\windows\system32\_003801_.tmp.dll
c:\windows\system32\_003802_.tmp.dll
c:\windows\system32\_003804_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003809_.tmp.dll
c:\windows\system32\_003810_.tmp.dll
c:\windows\system32\_003811_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003815_.tmp.dll
c:\windows\system32\_003816_.tmp.dll
c:\windows\system32\_003817_.tmp.dll
c:\windows\system32\_003818_.tmp.dll
c:\windows\system32\_003819_.tmp.dll
c:\windows\system32\_003824_.tmp.dll
c:\windows\system32\_003826_.tmp.dll
c:\windows\system32\_005828_.tmp.dll
c:\windows\system32\_005829_.tmp.dll
c:\windows\system32\_005830_.tmp.dll
c:\windows\system32\_005831_.tmp.dll
c:\windows\system32\_005838_.tmp.dll
c:\windows\system32\_005839_.tmp.dll
c:\windows\system32\_005840_.tmp.dll
c:\windows\system32\_005841_.tmp.dll
c:\windows\system32\_005843_.tmp.dll
c:\windows\system32\_005844_.tmp.dll
c:\windows\system32\_005847_.tmp.dll
c:\windows\system32\_005848_.tmp.dll
c:\windows\system32\_005850_.tmp.dll
c:\windows\system32\_005851_.tmp.dll
c:\windows\system32\_005852_.tmp.dll
c:\windows\system32\_005854_.tmp.dll
c:\windows\system32\_005857_.tmp.dll
c:\windows\system32\_005858_.tmp.dll
c:\windows\system32\_005862_.tmp.dll
c:\windows\system32\_005863_.tmp.dll
c:\windows\system32\_005865_.tmp.dll
c:\windows\system32\_005868_.tmp.dll
c:\windows\system32\_005870_.tmp.dll
c:\windows\system32\_005871_.tmp.dll
c:\windows\system32\_005872_.tmp.dll
c:\windows\system32\_005873_.tmp.dll
c:\windows\system32\_005874_.tmp.dll
c:\windows\system32\_005877_.tmp.dll
c:\windows\system32\_005878_.tmp.dll
c:\windows\system32\_005879_.tmp.dll
c:\windows\system32\_005880_.tmp.dll
c:\windows\system32\_005881_.tmp.dll
c:\windows\system32\_005886_.tmp.dll
c:\windows\system32\_005888_.tmp.dll
c:\windows\system32\_005889_.tmp.dll
c:\windows\system32\_006926_.tmp.dll
c:\windows\system32\_006927_.tmp.dll
c:\windows\system32\_006928_.tmp.dll
c:\windows\system32\_006929_.tmp.dll
c:\windows\system32\_006936_.tmp.dll
c:\windows\system32\_006937_.tmp.dll
c:\windows\system32\_006938_.tmp.dll
c:\windows\system32\_006940_.tmp.dll
c:\windows\system32\_006941_.tmp.dll
c:\windows\system32\_006944_.tmp.dll
c:\windows\system32\_006945_.tmp.dll
c:\windows\system32\_006947_.tmp.dll
c:\windows\system32\_006948_.tmp.dll
c:\windows\system32\_006949_.tmp.dll
c:\windows\system32\_006951_.tmp.dll
c:\windows\system32\_006954_.tmp.dll
c:\windows\system32\_006955_.tmp.dll
c:\windows\system32\_006959_.tmp.dll
c:\windows\system32\_006960_.tmp.dll
c:\windows\system32\_006962_.tmp.dll
c:\windows\system32\_006965_.tmp.dll
c:\windows\system32\_006967_.tmp.dll
c:\windows\system32\_006968_.tmp.dll
c:\windows\system32\_006969_.tmp.dll
c:\windows\system32\_006970_.tmp.dll
c:\windows\system32\_006973_.tmp.dll
c:\windows\system32\_006974_.tmp.dll
c:\windows\system32\_006975_.tmp.dll
c:\windows\system32\_006976_.tmp.dll
c:\windows\system32\_006977_.tmp.dll
c:\windows\system32\_006982_.tmp.dll
c:\windows\system32\_006984_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\AntiXPVSTFix.exe
c:\windows\system32\drivers\TDSSserv.sys
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\TDSSadw.dll
c:\windows\system32\TDSSerrors.log
c:\windows\system32\tdssinit.dll
c:\windows\system32\tdssl.dll
c:\windows\system32\tdsslog.dll
c:\windows\system32\TDSSmain.dll
c:\windows\system32\tdssserf.dll
c:\windows\system32\tdssserf1.dll
c:\windows\system32\TDSSservers.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV
-------\Legacy_TDSSSERV

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.

2008-11-12 17:47 . 2008-11-12 17:47   <DIR>   d--------   C:\rsit
2008-11-12 17:47 . 2008-11-13 19:06   <DIR>   d--------   c:\program files\trend micro
2008-11-12 04:43 . 2008-11-12 04:43   <DIR>   d---s----   c:\windows\system32\config\systemprofile\UserData
2008-11-11 19:25 . 2005-11-09 00:26   38,400   --a------   c:\windows\system32\moveex.exe
2008-11-10 21:31 . 2008-11-10 21:31   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2008-11-10 21:31 . 2008-11-10 21:31   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-11-10 21:31 . 2008-10-22 16:10   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-10 21:31 . 2008-10-22 16:10   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2008-10-26 17:13 . 2008-10-26 17:13   <DIR>   d--------   c:\windows\system32\Adobe
2008-10-26 09:20 . 2008-10-26 09:21   <DIR>   d--------   c:\program files\iTunes
2008-10-26 09:20 . 2008-10-26 09:20   <DIR>   d--------   c:\program files\iPod
2008-10-26 09:20 . 2008-10-26 09:21   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-26 09:19 . 2008-10-26 09:19   <DIR>   d--------   c:\program files\Bonjour
2008-10-26 09:18 . 2008-10-26 09:19   <DIR>   d--------   c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 21:53   ---------   d-----w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\skypePM
2008-11-16 21:53   ---------   d-----w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Skype
2008-11-12 00:41   ---------   d-----w   c:\program files\Java
2008-11-09 21:29   90,112   ----a-w   c:\windows\DUMP2376.tmp
2008-10-26 14:19   ---------   d-----w   c:\program files\Common Files\Apple
2008-10-24 11:10   453,632   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-08 15:34   ---------   d-----w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Bell
2008-10-01 17:01   32,000   ----a-w   c:\windows\system32\drivers\usbaapl.sys
2008-09-27 21:00   ---------   d-----w   c:\documents and settings\Administrator\Application Data\Bell
2008-09-27 00:59   ---------   d-----w   c:\program files\Apple Software Update
2008-09-25 11:32   ---------   d-----w   c:\documents and settings\Anita\Application Data\AVGTOOLBAR
2008-09-24 23:36   ---------   d-----w   c:\program files\Common Files\Adobe AIR
2008-09-24 23:36   ---------   d-----w   c:\program files\Adobe Media Player
2008-09-24 07:00   ---------   d-----w   c:\program files\Microsoft CAPICOM 2.1.0.2
2008-09-23 08:54   ---------   d-----w   c:\documents and settings\Anita\Application Data\Bell
2008-09-23 01:33   ---------   d-----w   c:\program files\Bell
2008-09-23 00:48   ---------   d-----w   c:\program files\Common Files\Scanner
2008-09-23 00:47   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-09-23 00:47   ---------   d-----w   c:\program files\Common Files\Authentium
2008-09-23 00:47   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\Bell
2008-09-22 01:10   97,928   ----a-w   c:\windows\system32\drivers\avgldx86.sys
2008-09-22 01:10   76,040   ----a-w   c:\windows\system32\drivers\avgtdix.sys
2008-09-22 01:10   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2008-09-22 00:40   ---------   d-----w   c:\program files\Spybot - Search & Destroy
2008-09-21 23:27   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-09-21 23:19   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2008-09-21 23:18   ---------   d-----w   c:\program files\Lavasoft
2008-09-17 16:48   ---------   d-----w   c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-09-17 15:05   ---------   d-----w   c:\program files\Common Files\Teleca Shared
2008-09-16 03:18   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\MSN6
2008-09-16 03:18   ---------   d-----w   c:\documents and settings\Administrator\Application Data\MSN6
2008-02-29 20:46   0   -c--a-w   c:\program files\temp01
2008-02-25 22:26   32   ----a-w   c:\documents and settings\All Users.WINDOWS\Application Data\ezsid.dat
2007-03-12 00:10   28,952   ----a-w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\GDIPFONTCACHEV1.DAT
2007-01-30 15:16   28,952   ----a-w   c:\documents and settings\Anita\Application Data\GDIPFONTCACHEV1.DAT
2006-12-02 20:26   92,064   ----a-w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\mqdmmdm.sys
2006-12-02 20:26   9,232   ----a-w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\mqdmmdfl.sys
2006-12-02 20:26   79,328   ----a-w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\mqdmserd.sys
2006-12-02 20:26   66,656   ----a-w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\mqdmbus.sys
2006-12-02 20:26   6,208   ----a-w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\mqdmcmnt.sys
2006-12-02 20:26   5,936   ----a-w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\mqdmwhnt.sys
2006-12-02 20:26   4,048   ----a-w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\mqdmcr.sys
2006-12-02 20:26   25,600   ----a-w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\usbsermptxp.sys
2006-12-02 20:26   22,768   ----a-w   c:\documents and settings\Owner.BELLOTTI-VVVH8Z\usbsermpt.sys
2006-04-12 09:26   774,144   ----a-w   c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-03-10 35328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-06 185784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-11 1234712]
"SSA.exe"="c:\program files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 2061816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Anita\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users.WINDOWS\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2007-12-09 107520]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-02-24 344064]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-21 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-21 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-21 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-21 76040]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-10 38496]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} [2003-07-16 5120]
.
Contents of the 'Scheduled Tasks' folder

2008-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-16 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe []

2006-04-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 17:38]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner.BELLOTTI-VVVH8Z\Application Data\Mozilla\Firefox\Profiles\yduk8ddy.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.foodtv.ca/
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 17:17:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-16 17:23:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 22:23:42
ComboFix2.txt 2008-11-12 01:12:53

Pre-Run: 53,209,153,536 bytes free
Post-Run: 56,223,055,872 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

404   --- E O F ---   2008-11-12 23:03:46

Here is the Eset Online Scanner Log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3615 (20081115)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=c5da79b0b1e8834484e07b74b8f8f4ef
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-11-16 11:41:09
# local_time=2008-11-16 06:41:09 (-0500, Eastern Standard Time)
# country="Canada"
# osver=5.1.2600 NT Service Pack 2
# scanned=316288
# found=7
# scan_time=4340
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssadw.dll.vir   Win32/Agent.ODG trojan   F464FE1A3CDE6B1D24EAA3A7C948088D
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssl.dll.vir   Win32/Agent.ODG trojan   7CB122B25F9206A73A99BD2BDD9E25CD
C:\QooBox\Quarantine\C\WINDOWS\system32\tdsslog.dll.vir   Win32/Agent.OBU trojan   AE7C5EDD787BCDD8ED5966BDF02F1B46
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssmain.dll.vir   Win32/Agent.OGC trojan   335915A73568AE9BF532C41DF91A3B31
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssserf.dll.vir   Win32/Agent.ODG trojan   67E17F3C7F3C0134CAC7374FD013D9F4
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssserf1.dll.vir   Win32/Agent.ODG trojan   69D78C4A5D8CC85A00344C37157B87A2
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\TDSSserv.sys.vir   Win32/Agent.ODG trojan   C9B36AE929D020240A91FF5200E8FE80

Here is a new Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 6:45:09 PM, on 16/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mystery Stories - Island of Hope\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144285784203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B12213CD-4189-415D-A054-7999528459F7} (pixelStormLauncher Class) - http://aolsvc.aol.com/onlinegames/tryrumblecube/pixelstormlauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://sympatico.zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Rainbow Web 2\Images\armhelper.ocx
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://sympatico.zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Scan and Clean utility\rpsupdaterR.exe

Thanks again for your help.

Corrine · « **Reply #11 on:** November 16, 2008, 11:24:41 PM »

Wow, cbfr -- over 3 GB of garbage removed!!!

First some cleanup and then, particularly as this appears to be a multiple user computer, you need to get the computer updated. Malware writers are getting more and more clever. Without the proper defenses, the next time it may not be possible to properly clean the machine.

Please do the following

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)

Click on Fix Checked when finished and exit HijackThis.

As to getting the computer in proper order, the first thing is a software firewall. The following firewall programs are free for personal use.

Agnitum Outpost Firewall
Kerio Personal Firewall
Online Armor Free

Having a firewall, anti-virus and anti-malware software are not enough. You also need to stay current with security updates. It appears you do not have your computer set to automatically install the Microsoft Security Updates as the computer is woefully behind. IE8 will be out soon and your computer still has IE6 installed. IE7 included many security fixes. In addition Service Pack 3 should also be installed. Please check for updates now. For additional information, see my blog post Understanding Microsoft Updates

An easy way to check if your system is missing security updates or has insecure applications installed, visit http://secunia.com/software_inspector/ . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:

Detects insecure versions of applications installed
Verifies that all Microsoft patches are applied
Assists you in updating your system and applications

I strongly suggest you install and keep updated SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html

Please confirm that you computer is back to "normal" and let me know if you have any questions.

cbfr · « **Reply #12 on:** November 16, 2008, 11:30:47 PM »

Hi Corrine

When I tried to run Combofix /u, an error came up saying This application has failed because the application configuration is incorrect. Reinstalling the application may fix the problem.

What should I do? Thanks.

Corrine · « **Reply #13 on:** November 16, 2008, 11:57:36 PM »

If your brother downloaded it, he may have done so via the admin account and will have to remove it. That would be the preferred way of removing it. Otherwise, delete ComboFix from the desktop and delete this folder: C:\QooBox

cbfr · « **Reply #14 on:** November 18, 2008, 12:41:08 AM »

Hi Corrine

Thanks so much for your help! My computer is back to normal! I can do google searches, the right website comes up, I can visit anti-virus websites, etc. The only problem I am having is that when I try to install Service Pack 3, it says "Access is Denied" Would you be able to assist with this? Thanks.

LandzDown Forum

News:

Author Topic: Virus won't allow me to do anything! (Read 3446 times)

cbfr

Virus won't allow me to do anything!

Corrine

Re: Virus won't allow me to do anything!

cbfr

Re: Virus won't allow me to do anything!

Corrine

Re: Virus won't allow me to do anything!

cbfr

Re: Virus won't allow me to do anything!

Corrine

Re: Virus won't allow me to do anything!

cbfr

Re: Virus won't allow me to do anything!

Corrine

Re: Virus won't allow me to do anything!

cbfr

Re: Virus won't allow me to do anything!

Corrine

Re: Virus won't allow me to do anything!

cbfr

Re: Virus won't allow me to do anything!

Corrine

Re: Virus won't allow me to do anything!

cbfr

Re: Virus won't allow me to do anything!

Corrine

Re: Virus won't allow me to do anything!

cbfr

Re: Virus won't allow me to do anything!