Blue Screen Issues - Infection Suspected

I am running Windows XP, SP3 and I noticed several issues:
  1) The system was getting slower and slower
  2) I run Computer Associates AntiVirus & AntiSpyware and the realtime protection was stopping on a regular basis
  3) Started getting blue screens with the following message:
      STOP: c000021a {Fatal System Error}
      The Windows Logon Process system process terminated unexpectedly with a status of
      0x80000007 (0x00000000 0x00000000)
      The system has been shut down

I followed the steps as requested; however, there was an issue with SUPERAntiSpyware - I ran it several times but it was never able to successfully remove the issues because the system blue screened.  The logs are attached.

Also - thanks in advance for your help!



[Saving space, attachment deleted by admin]

I've worked on the system over the past week or so and now know that I have some issues that I cannot resolve.  Whenever I run through the suggested process, SuperAntiSpyware ends up not being able to rid the system of three pests: Adware.Vundo/Variant_MSFake, Adware.Vundo/Variant_BigCatch, and Trojan.Downloader-CREW.  The program consistently identifies these three issues and then it has problems removing them.  Whenever it tries to remove these issues, it states it is cleaning them and then, after about 30-seconds or so, the system blue screens with the message shown in the original post.

Also, MBAM finds multiple instances of Trojan.Vundo.H.  It tries to remove them all but, even after requested reboots, there are infected DLLs.  I suspect this is because SuperAntiSpyware cannot clean Vundo from the system.

I've tried cleaning the system in Safe Mode, but the results are the same.

Is it going to be possible to remove Vundo and CREW from the system?

Thanks.

[Saving space, attachment deleted by admin]

[Malware Removal Specialist]

Hello oldschoolcoder. Sorry for the delay.

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Thanks for the response.

Removed Viewpoint Manager and Viewpoint Media Player.

The logs are below:

DDS Log:

DDS (Ver_09-10-26.01) - NTFSx86 
Run by Richard at 16:56:01.51 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.346 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)   {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\1137856837\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1137856837\ee\AOLServiceHost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Richard\Local Settings\Temporary Internet

Files\Content.IE5\GALAQ0YA\dds[1].pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = about:blank
uDefault_Page_URL = hxxp://business.dellnet.com/
uSearch Bar = about:blank
mSearch Bar =
uSearchURL,(Default) = about:blank
mSearchAssistant = about:blank
mCustomizeSearch = hxxp://ie.search.msn.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

5.0\reader\activex\AcroIEHelper.ocx
BHO: Yahoo! Companion BHO: {13f537f0-af09-11d6-9029-0002b31f9e59} - c:\program

files\yahoo!\common\ycomp5,0,2,0.dll
BHO: : {2a7edee4-0a75-473e-bb5c-1689fcc69bfe} - c:\windows\system32\pjdfmqz.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar

2.0\aoltb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson

web-to-page\EPSON Web-To-Page.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\common\ycomp5,0,2,0.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson

web-to-page\EPSON Web-To-Page.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program

files\yahoo!\messenger\yhexbmes0819.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo 1400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibua.exe /fu

"c:\docume~1\richard\locals~1\temp\E_S1C0.tmp" /EF "HKCU"
mRun: [Auto EPSON Stylus CX4800 Series on XPS] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe

/p38 "auto epson stylus cx4800 series on xps" /o13 "\\xps\Printer" /M "Stylus CX4800"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\ca\etrust ez armor\etrust ez anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iRiver Updater] c:\program files\iriver\iriver manager\updater\Updater.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HostManager] c:\program files\common files\aol\1137856837\ee\AOLHostManager.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DellTouch] c:\windows\DELLMMKB.EXE
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\progra~1\ca\etrust~1\etrust~2\CAVRID.exe"
mRun: [AHQInit] c:\program files\creative\sblive\program\AHQInit.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe"

/runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america

online 7.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital

imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office10\OSA.EXE
uPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program

files\aol\aol toolbar 2.0\aoltb.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program

files\yahoo!\messenger\yhexbmes0819.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} -

c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program

files\microsoft money\system\mnyviewer.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221779908000
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -

hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -

hxxp://install.wildtangent.com/bgn/partners/shockwave/virtualwarfare/install.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program

files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: bnwpnphf - pjdfmqz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} -

c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli orecac.dll

============= SERVICES / DRIVERS ===============

R1 Ndcprtns;Ndcprtns;c:\windows\system32\drivers\NDCPRTNS.sys [2001-1-1 9328]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements

3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 guzykphi;Microsoft USB Generic Parent Helper;c:\windows\system32\svchost.exe -k netsvcs [2001-8-18

14336]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [1980-1-1 28672]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop

elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2002-4-24 6942]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe

[2007-5-24 189704]
S2 MSSQL$VPINSTANCE;SQL Server (VPINSTANCE);c:\program files\microsoft sql

server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 CW10;Belkin 11Mbps Wireless Win2K Driver;c:\windows\system32\drivers\CW10.sys [2001-6-3 46036]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6

Driver;c:\windows\system32\drivers\netusbxp.sys [2006-11-24 72576]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql

server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql

server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2009-11-11 22:24:03   0   d-----w-   c:\docume~1\richard\applic~1\jkaildqf
2009-11-11 20:59:18   54156   ---ha-w-   c:\windows\QTFont.qfn
2009-11-11 20:59:18   1409   ----a-w-   c:\windows\QTFont.for
2009-10-27 20:44:26   0   d-----w-   c:\program files\Trend Micro
2009-10-27 20:34:17   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2009-10-27 20:34:17   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-10-27 19:44:21   0   d-----w-   c:\docume~1\richard\applic~1\Malwarebytes
2009-10-27 19:44:08   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-27 19:44:06   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-27 19:44:06   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-27 19:44:05   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-15 21:55:42   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-15 21:55:24   0   d-----w-   c:\program files\SUPERAntiSpyware
2009-10-15 21:55:23   0   d-----w-   c:\docume~1\richard\applic~1\SUPERAntiSpyware.com
2009-10-15 21:54:30   0   d-----w-   c:\program files\common files\Wise Installation Wizard
2009-10-15 21:48:46   0   d-----w-   c:\program files\CCleaner
2009-10-14 13:29:00   0   d-----w-   c:\windows\SQLTools9_KB970892_ENU
2009-10-14 13:21:23   0   d-----w-   c:\windows\SQL9_KB970892_ENU

==================== Find3M  ====================

2009-11-03 01:42:06   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-22 09:19:04   5939712   ----a-w-   c:\windows\system32\dllcache\mshtml.dll
2009-10-13 17:29:19   739752   ----a-w-   c:\windows\system32\drivers\vetefile.sys
2009-10-13 17:29:19   133576   ----a-w-   c:\windows\system32\drivers\veteboot.sys
2009-09-11 14:18:39   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39   136192   ------w-   c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-09-04 21:03:36   58880   ------w-   c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52   173056   ----a-w-   c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21   247326   ----a-w-   c:\windows\system32\strmdll.dll
2009-08-26 08:00:21   247326   ------w-   c:\windows\system32\dllcache\strmdll.dll
2009-08-20 19:09:06   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2003-08-27 19:19:18   36963   ----a-r-   c:\program files\common files\SM1updtr.dll
2008-09-18 23:11:55   32768   --sha-w-   c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 16:58:31.15 ===============


Attach Log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/27/2002 4:52:13 PM
System Uptime: 11/12/2009 2:23:34 PM (2 hours ago)

Motherboard: Intel Corporation               |  | D845PT     

                   
Processor:               Intel(R) Pentium(R) 4 CPU 1.70GHz |

J1E1 | 1694/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 9.399 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 112 GiB total, 20.68 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&268D196D&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&268D196D&0
Service: i8042prt

==== System Restore Points ===================

RP7: 11/12/2009 4:11:24 PM - System Checkpoint

==== Installed Programs ======================

7300
7300_Help
7300Trb
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Acrobat Reader 3.01
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 3.0
Adobe Shockwave Player
AiO_Scan
AiOSoftware
AOL Coach Version 1.0(Build:20011028.1)
AOL Explorer
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
AutoCAD 2008 - English
Autodesk DWF Viewer 7
BufferChm
CA Anti-Spam
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Copy
CRB PowerSystem for VantagePoint 8.0
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CyberX 2.0
Cypress USB Mass Storage Driver Installation
D-Link DFE-530TX+
D-Link PCI Fast Ethernet Adapter
Dell Picture Studio - Image Expert 2000
Dell ResourceCD
Dell Solution Center
DellTouch
Destinations
Diamond Mine 1.5y
Director
DocProc
DocumentViewer
Edmark Zap! (Remove only)
EPSON Print CD
EPSON Printer Software
EPSON SP1400 Reference Guide
EPSON Web-To-Page
eSignal
Fax
FXCM Trading Station II
GdiplusUpgrade
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005

ENU (KB970892)
H4 Trading Charts 1.0
Help and Support Customization
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1

- ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1

- ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1

- ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1

- ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1

- ENU (KB947789)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP Diagnostic Assistant
HP Image Zone 4.2
HP Photosmart Essential
HP PSC & OfficeJet 4.2
HP Software Update
HPSystemDiagnostics
IE2K
Instant Wireless USB Adapter
InstantShare
Intel Application Accelerator
InterActual Player
Interbank FX Trader 4.00
iRiver Manager
iRiver Updater
iTunes
Java(TM) 6 Update 16
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VPINSTANCE)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 ATL Update kb973924 - x86

9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express

Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express

Tools for Win32
Modem Helper
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MusicMatch Jukebox
Network Play System (Patching)
NVIDIA Windows 2000/XP Display Drivers
Overland
PCFriendly
PhoneTools
PhotoGallery
PowerDVD 5.1
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
QuickTime 3.0
Readme
RealPlayer Basic
RockSim 8.0.1 Demo
RTC Client API v1.2
Scan
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training

(KB898458)
Security Update for Step By Step Interactive Training

(KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave Player
SkinsHP1
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Sound Blaster Live! Value
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SUPERAntiSpyware Free Edition
TAL Trading Tools
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB Storage Adapter FX (SM1)
VantagePoint Intermarket Analysis Software
VBA (2627.01)
Wealth Charts
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinMX
Yahoo! Companion
Yahoo! Internet Mail
Yahoo! Messenger Explorer Bar

==== Event Viewer Messages From Past Week ========

11/9/2009 4:14:55 PM, error: Print [19]  - Sharing printer

failed + 1722, Printer HP DeskJet 660Cse share name Printer.
11/7/2009 1:06:43 PM, error: DCOM [10005]  - DCOM got error

"%1084" attempting to start the service netman with arguments

"" in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/7/2009 1:06:38 PM, error: DCOM [10005]  - DCOM got error

"%1084" attempting to start the service EventSystem with

arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
11/11/2009 5:15:20 PM, error: DCOM [10009]  - DCOM was unable

to communicate with the computer CJR using any of the

configured protocols.
11/10/2009 1:53:51 PM, error: DCOM [10005]  - DCOM got error

"%1053" attempting to start the service PPCtlPriv with

arguments "" in order to run the server:

{F974178A-A284-440A-BEFC-5B0D11BCDB68}
11/10/2009 1:53:18 PM, error: DCOM [10005]  - DCOM got error

"%1053" attempting to start the service iPod Service with

arguments "" in order to run the server:

{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

==== End Of File ===========================

[Malware Removal Specialist]

Open Notepad. Start > type in notepad.exe then click OK.

In Notepad go to Format > then click Word Wrap. Close Notepad.

Now run DDS again and post the log. The last one is messed up so is hard to read and setting Word Wrap will fix it.

Here are the logs:

DDS (Ver_09-10-26.01) - NTFSx86 
Run by Richard at 17:25:19.54 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.339 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)   {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\1137856837\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1137856837\ee\AOLServiceHost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\GALAQ0YA\dds[1].pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = about:blank
uDefault_Page_URL = hxxp://business.dellnet.com/
uSearch Bar = about:blank
mSearch Bar =
uSearchURL,(Default) = about:blank
mSearchAssistant = about:blank
mCustomizeSearch = hxxp://ie.search.msn.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Yahoo! Companion BHO: {13f537f0-af09-11d6-9029-0002b31f9e59} - c:\program files\yahoo!\common\ycomp5,0,2,0.dll
BHO: : {2a7edee4-0a75-473e-bb5c-1689fcc69bfe} - c:\windows\system32\pjdfmqz.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,0,2,0.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0819.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo 1400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibua.exe /fu "c:\docume~1\richard\locals~1\temp\E_S1C0.tmp" /EF "HKCU"
mRun: [Auto EPSON Stylus CX4800 Series on XPS] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /p38 "auto epson stylus cx4800 series on xps" /o13 "\\xps\Printer" /M "Stylus CX4800"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\ca\etrust ez armor\etrust ez anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iRiver Updater] c:\program files\iriver\iriver manager\updater\Updater.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HostManager] c:\program files\common files\aol\1137856837\ee\AOLHostManager.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DellTouch] c:\windows\DELLMMKB.EXE
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\progra~1\ca\etrust~1\etrust~2\CAVRID.exe"
mRun: [AHQInit] c:\program files\creative\sblive\program\AHQInit.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 7.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0819.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221779908000
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - hxxp://install.wildtangent.com/bgn/partners/shockwave/virtualwarfare/install.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: bnwpnphf - pjdfmqz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli orecac.dll

============= SERVICES / DRIVERS ===============

R1 Ndcprtns;Ndcprtns;c:\windows\system32\drivers\NDCPRTNS.sys [2001-1-1 9328]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 guzykphi;Microsoft USB Generic Parent Helper;c:\windows\system32\svchost.exe -k netsvcs [2001-8-18 14336]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [1980-1-1 28672]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2002-4-24 6942]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-5-24 189704]
S2 MSSQL$VPINSTANCE;SQL Server (VPINSTANCE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 CW10;Belkin 11Mbps Wireless Win2K Driver;c:\windows\system32\drivers\CW10.sys [2001-6-3 46036]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2006-11-24 72576]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2009-11-11 22:24:03   0   d-----w-   c:\docume~1\richard\applic~1\jkaildqf
2009-11-11 20:59:18   54156   ---ha-w-   c:\windows\QTFont.qfn
2009-11-11 20:59:18   1409   ----a-w-   c:\windows\QTFont.for
2009-10-27 20:44:26   0   d-----w-   c:\program files\Trend Micro
2009-10-27 20:34:17   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2009-10-27 20:34:17   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-10-27 19:44:21   0   d-----w-   c:\docume~1\richard\applic~1\Malwarebytes
2009-10-27 19:44:08   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-27 19:44:06   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-27 19:44:06   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-27 19:44:05   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-15 21:55:42   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-15 21:55:24   0   d-----w-   c:\program files\SUPERAntiSpyware
2009-10-15 21:55:23   0   d-----w-   c:\docume~1\richard\applic~1\SUPERAntiSpyware.com
2009-10-15 21:54:30   0   d-----w-   c:\program files\common files\Wise Installation Wizard
2009-10-15 21:48:46   0   d-----w-   c:\program files\CCleaner
2009-10-14 13:29:00   0   d-----w-   c:\windows\SQLTools9_KB970892_ENU
2009-10-14 13:21:23   0   d-----w-   c:\windows\SQL9_KB970892_ENU

==================== Find3M  ====================

2009-11-03 01:42:06   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-22 09:19:04   5939712   ----a-w-   c:\windows\system32\dllcache\mshtml.dll
2009-10-13 17:29:19   739752   ----a-w-   c:\windows\system32\drivers\vetefile.sys
2009-10-13 17:29:19   133576   ----a-w-   c:\windows\system32\drivers\veteboot.sys
2009-09-11 14:18:39   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39   136192   ------w-   c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-09-04 21:03:36   58880   ------w-   c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52   173056   ----a-w-   c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21   247326   ----a-w-   c:\windows\system32\strmdll.dll
2009-08-26 08:00:21   247326   ------w-   c:\windows\system32\dllcache\strmdll.dll
2009-08-20 19:09:06   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2003-08-27 19:19:18   36963   ----a-r-   c:\program files\common files\SM1updtr.dll
2008-09-18 23:11:55   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 17:26:59.29 ===============



DDS (Ver_09-10-26.01) - NTFSx86 
Run by Richard at 17:25:19.54 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.339 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)   {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\1137856837\ee\AOLHostManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1137856837\ee\AOLServiceHost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\GALAQ0YA\dds[1].pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = about:blank
uDefault_Page_URL = hxxp://business.dellnet.com/
uSearch Bar = about:blank
mSearch Bar =
uSearchURL,(Default) = about:blank
mSearchAssistant = about:blank
mCustomizeSearch = hxxp://ie.search.msn.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Yahoo! Companion BHO: {13f537f0-af09-11d6-9029-0002b31f9e59} - c:\program files\yahoo!\common\ycomp5,0,2,0.dll
BHO: : {2a7edee4-0a75-473e-bb5c-1689fcc69bfe} - c:\windows\system32\pjdfmqz.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,0,2,0.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0819.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo 1400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibua.exe /fu "c:\docume~1\richard\locals~1\temp\E_S1C0.tmp" /EF "HKCU"
mRun: [Auto EPSON Stylus CX4800 Series on XPS] c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe /p38 "auto epson stylus cx4800 series on xps" /o13 "\\xps\Printer" /M "Stylus CX4800"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UpdReg] c:\windows\Updreg.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [QOELOADER] "c:\program files\ca\etrust ez armor\etrust ez anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iRiver Updater] c:\program files\iriver\iriver manager\updater\Updater.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HostManager] c:\program files\common files\aol\1137856837\ee\AOLHostManager.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DellTouch] c:\windows\DELLMMKB.EXE
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\progra~1\ca\etrust~1\etrust~2\CAVRID.exe"
mRun: [AHQInit] c:\program files\creative\sblive\program\AHQInit.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 7.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0819.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221779908000
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - hxxp://install.wildtangent.com/bgn/partners/shockwave/virtualwarfare/install.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: bnwpnphf - pjdfmqz.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli orecac.dll

============= SERVICES / DRIVERS ===============

R1 Ndcprtns;Ndcprtns;c:\windows\system32\drivers\NDCPRTNS.sys [2001-1-1 9328]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 guzykphi;Microsoft USB Generic Parent Helper;c:\windows\system32\svchost.exe -k netsvcs [2001-8-18 14336]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [1980-1-1 28672]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [2002-4-24 6942]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-5-24 189704]
S2 MSSQL$VPINSTANCE;SQL Server (VPINSTANCE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
S3 CW10;Belkin 11Mbps Wireless Win2K Driver;c:\windows\system32\drivers\CW10.sys [2001-6-3 46036]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2006-11-24 72576]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2009-11-11 22:24:03   0   d-----w-   c:\docume~1\richard\applic~1\jkaildqf
2009-11-11 20:59:18   54156   ---ha-w-   c:\windows\QTFont.qfn
2009-11-11 20:59:18   1409   ----a-w-   c:\windows\QTFont.for
2009-10-27 20:44:26   0   d-----w-   c:\program files\Trend Micro
2009-10-27 20:34:17   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2009-10-27 20:34:17   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-10-27 19:44:21   0   d-----w-   c:\docume~1\richard\applic~1\Malwarebytes
2009-10-27 19:44:08   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-27 19:44:06   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-27 19:44:06   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-27 19:44:05   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-15 21:55:42   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-15 21:55:24   0   d-----w-   c:\program files\SUPERAntiSpyware
2009-10-15 21:55:23   0   d-----w-   c:\docume~1\richard\applic~1\SUPERAntiSpyware.com
2009-10-15 21:54:30   0   d-----w-   c:\program files\common files\Wise Installation Wizard
2009-10-15 21:48:46   0   d-----w-   c:\program files\CCleaner
2009-10-14 13:29:00   0   d-----w-   c:\windows\SQLTools9_KB970892_ENU
2009-10-14 13:21:23   0   d-----w-   c:\windows\SQL9_KB970892_ENU

==================== Find3M  ====================

2009-11-03 01:42:06   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-22 09:19:04   5939712   ----a-w-   c:\windows\system32\dllcache\mshtml.dll
2009-10-13 17:29:19   739752   ----a-w-   c:\windows\system32\drivers\vetefile.sys
2009-10-13 17:29:19   133576   ----a-w-   c:\windows\system32\drivers\veteboot.sys
2009-09-11 14:18:39   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39   136192   ------w-   c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-09-04 21:03:36   58880   ------w-   c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52   173056   ----a-w-   c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21   247326   ----a-w-   c:\windows\system32\strmdll.dll
2009-08-26 08:00:21   247326   ------w-   c:\windows\system32\dllcache\strmdll.dll
2009-08-20 19:09:06   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2003-08-27 19:19:18   36963   ----a-r-   c:\program files\common files\SM1updtr.dll
2008-09-18 23:11:55   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat

============= FINISH: 17:26:59.29 ===============

[Malware Removal Specialist]

Much better.

Go to Add or Remove Programs and uninstall:

-LiveReg (Symantec Corporation)
-LiveUpdate 1.80 (Symantec Corporation)

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Driver::
guzykphi

DDS::
uSearch Page = about:blank
uSearch Bar = about:blank
mSearch Bar =
uSearchURL,(Default) = about:blank
mSearchAssistant = about:blank
BHO: : {2a7edee4-0a75-473e-bb5c-1689fcc69bfe} - c:\windows\system32\pjdfmqz.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
uPolicies-explorer: <NO NAME> =
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: bnwpnphf - pjdfmqz.dll

Folder::
c:\docume~1\richard\applic~1\jkaildqf


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Here is the ComboFix log:

ComboFix 09-11-13.04 - Richard 11/12/2009 19:31.1.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.395 [GMT -5:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Richard\Desktop\CFScript.txt
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\richard\applic~1\jkaildqf
c:\docume~1\richard\applic~1\jkaildqf\profiles.ini
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\cert8.db
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\compatibility.ini
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\compreg.dat
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\cookies.sqlite
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\formhistory.sqlite
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\key3.db
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\localstore.rdf
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\permissions.sqlite
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\places.sqlite-journal
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\places.sqlite
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\pluginreg.dat
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\prefs.js
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\secmod.db
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\webappsstore.sqlite
c:\docume~1\richard\applic~1\jkaildqf\Profiles\i5x1ghrd.default\xpti.dat
c:\documents and settings\Richard\Local Settings\Application Data\{858063C5-0C44-460C-8CA1-E35399E01831}
c:\documents and settings\Richard\Local Settings\Application Data\{858063C5-0C44-460C-8CA1-E35399E01831}\chrome.manifest
c:\documents and settings\Richard\Local Settings\Application Data\{858063C5-0C44-460C-8CA1-E35399E01831}\chrome\content\_cfg.js
c:\documents and settings\Richard\Local Settings\Application Data\{858063C5-0C44-460C-8CA1-E35399E01831}\chrome\content\c.js
c:\documents and settings\Richard\Local Settings\Application Data\{858063C5-0C44-460C-8CA1-E35399E01831}\chrome\content\overlay.xul
c:\documents and settings\Richard\Local Settings\Application Data\{858063C5-0C44-460C-8CA1-E35399E01831}\install.rdf
c:\documents and settings\Richard\My Documents\ZbThumbnail.info
c:\program files\malwarebytes' anti-malware\mbam.exe
c:\program files\messenger\msmsgs.exe
c:\windows\Downloaded Program Files\Install.inf
c:\windows\system32\pjdfmqz.dll
c:\windows\system32\pwxzqcpz.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GUZYKPHI
-------\Legacy_ZESOFT
-------\Service_guzykphi


(((((((((((((((((((((((((   Files Created from 2009-10-13 to 2009-11-13  )))))))))))))))))))))))))))))))
.

2009-11-12 23:22 . 2009-11-12 23:22   --------   d-----w-   c:\documents and settings\Richard\Local Settings\Application Data\jkaildqf
2009-11-06 19:36 . 2009-11-06 19:36   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\jkaildqf
2009-11-06 19:36 . 2009-11-06 19:36   --------   d-----w-   c:\documents and settings\NetworkService\Application Data\jkaildqf
2009-10-27 20:44 . 2009-10-27 20:44   --------   d-----w-   c:\program files\Trend Micro
2009-10-27 20:34 . 2009-10-27 20:33   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-10-27 20:33 . 2009-10-27 20:33   --------   d-----w-   c:\program files\Java
2009-10-27 20:32 . 2009-10-27 20:32   152576   ----a-w-   c:\documents and settings\Richard\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-27 19:44 . 2009-10-27 19:44   --------   d-----w-   c:\documents and settings\Richard\Application Data\Malwarebytes
2009-10-27 19:44 . 2009-09-10 18:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-27 19:44 . 2009-10-27 19:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-27 19:44 . 2009-09-10 18:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-27 19:44 . 2009-11-13 00:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-15 21:56 . 2009-11-11 22:22   117760   ----a-w-   c:\documents and settings\Richard\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-15 21:55 . 2009-10-15 21:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-15 21:55 . 2009-10-15 21:55   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-10-15 21:55 . 2009-10-15 21:55   --------   d-----w-   c:\documents and settings\Richard\Application Data\SUPERAntiSpyware.com
2009-10-15 21:54 . 2009-10-15 21:54   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-10-15 21:48 . 2009-10-15 21:48   --------   d-----w-   c:\program files\CCleaner
2009-10-14 13:29 . 2009-10-14 13:29   --------   d-----w-   c:\windows\SQLTools9_KB970892_ENU
2009-10-14 13:21 . 2009-10-14 13:21   --------   d-----w-   c:\windows\SQL9_KB970892_ENU

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 21:52 . 2005-03-19 15:38   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-12 21:52 . 2002-04-24 06:21   --------   d-----w-   c:\program files\Viewpoint
2009-11-03 01:42 . 2009-10-03 18:04   195456   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-15 21:51 . 2009-04-09 13:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-14 13:29 . 2008-09-19 17:43   --------   d-----w-   c:\program files\Microsoft SQL Server
2009-10-13 17:29 . 2009-10-13 17:29   739752   ----a-w-   c:\windows\system32\drivers\vetefile.sys
2009-10-13 17:29 . 2009-10-13 17:29   133576   ----a-w-   c:\windows\system32\drivers\veteboot.sys
2009-10-08 18:25 . 2009-07-05 22:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2009-10-08 12:28 . 2009-04-09 13:54   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-09-11 14:18 . 2001-08-18 12:00   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2001-08-18 12:00   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-06-23 16:33   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2003-08-12 17:55   247326   ----a-w-   c:\windows\system32\strmdll.dll
2009-08-20 19:09 . 2009-08-20 19:09   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2003-08-27 19:19 . 2004-11-25 01:23   36963   ----a-r-   c:\program files\Common Files\SM1updtr.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-04-24 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"MMTray"="c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe" [2001-06-13 102400]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"iRiver Updater"="c:\program files\iRiver\iRiver Manager\Updater\Updater.exe" [2004-03-10 204800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HostManager"="c:\program files\Common Files\AOL\1137856837\ee\AOLHostManager.exe" [2005-08-02 159832]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"DellTouch"="c:\windows\DELLMMKB.EXE" [2001-09-23 163840]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]
"CAVRID"="c:\progra~1\CA\ETRUST~1\ETRUST~2\CAVRID.exe" [2009-10-14 230664]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-27 149280]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2003-07-28 323584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
America Online 7.0 Tray Icon.lnk - c:\program files\America Online 7.0\aoltray.exe [2002-4-24 32839]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 Ndcprtns;Ndcprtns;c:\windows\SYSTEM32\DRIVERS\NDCPRTNS.sys [1/1/2001 7:52 PM 9328]
R3 Msikbd2k;DellTouch;c:\windows\SYSTEM32\DRIVERS\Msikbd2k.sys [4/24/2002 1:08 AM 6942]
S3 CW10;Belkin 11Mbps Wireless Win2K Driver;c:\windows\SYSTEM32\DRIVERS\CW10.sys [6/3/2001 9:50 PM 46036]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-10-04 c:\windows\Tasks\CAAntiSpywareScan_Daily as DANIEL Daniel C at 11 33 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-05-24 09:53]

2002-04-27 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2003-08-12 00:12]

2009-11-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\System32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{0663E32A-7AE7-4652-AEB7-3D86555DEB48} - c:\windows\system32\pwxzqcpz.dll
HKLM-Run-Auto EPSON Stylus CX4800 Series on XPS - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 19:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'explorer.exe'(2612)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\windows\system32\devldr32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\CA\ETRUST~1\ETRUST~2\ISafe.exe
c:\windows\System32\CTsvcCDA.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\HPZipm12.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\progra~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
c:\windows\wanmpsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\AOL\1137856837\ee\AOLServiceHost.exe
c:\program files\Netropa\OSD.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-11-12 20:00 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-13 00:59

Pre-Run: 10,042,122,240 bytes free
Post-Run: 13,049,155,584 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 92F30C5F4129A49FC7E953CA3C16AD1E

[Malware Removal Specialist]

Do you know what these are?

Code: [Select]

2009-11-12 23:22 . 2009-11-12 23:22   --------   d-----w-   c:\documents and settings\Richard\Local Settings\Application Data\jkaildqf
2009-11-06 19:36 . 2009-11-06 19:36   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\jkaildqf
2009-11-06 19:36 . 2009-11-06 19:36   --------   d-----w-   c:\documents and settings\NetworkService\Application Data\jkaildqf

No, I don't know what those are.

[Malware Removal Specialist]

Download OTM by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:files
c:\documents and settings\NetworkService\Application Data\jkaildqf
c:\documents and settings\NetworkService\Local Settings\Application Data\jkaildqf
c:\documents and settings\Richard\Local Settings\Application Data\jkaildqf

:Commands
[purity]
[emptytemp]
[start explorer]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

* Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

It did a reboot and here is the log that came up afterwards:

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
c:\documents and settings\NetworkService\Application Data\jkaildqf\Profiles\6l0od2lm.default\extensions folder moved successfully.
c:\documents and settings\NetworkService\Application Data\jkaildqf\Profiles\6l0od2lm.default folder moved successfully.
c:\documents and settings\NetworkService\Application Data\jkaildqf\Profiles folder moved successfully.
c:\documents and settings\NetworkService\Application Data\jkaildqf folder moved successfully.
c:\documents and settings\NetworkService\Local Settings\Application Data\jkaildqf\Profiles\6l0od2lm.default folder moved successfully.
c:\documents and settings\NetworkService\Local Settings\Application Data\jkaildqf\Profiles folder moved successfully.
c:\documents and settings\NetworkService\Local Settings\Application Data\jkaildqf folder moved successfully.
c:\documents and settings\Richard\Local Settings\Application Data\jkaildqf\Profiles\i5x1ghrd.default folder moved successfully.
c:\documents and settings\Richard\Local Settings\Application Data\jkaildqf\Profiles folder moved successfully.
c:\documents and settings\Richard\Local Settings\Application Data\jkaildqf folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Administrator.DANIEL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Daniel C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 85121 bytes
 
User: Default User
->Temp folder emptied: 2282767 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gramps
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Jill
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
 
User: NetworkService
->Temp folder emptied: 896 bytes
->Temporary Internet Files folder emptied: 262211 bytes
 
User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Rachel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Richard
->Temp folder emptied: 1136299 bytes
->Temporary Internet Files folder emptied: 2311194 bytes
->Java cache emptied: 13689500 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58371 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 808 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 10006167 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 28.52 mb
 
 
OTM by OldTimer - Version 3.1.1.0 log created on 11122009_203023

Files moved on Reboot...

Registry entries deleted on Reboot...

[Malware Removal Specialist]

Thank you.

Let's do some cleanup and then run a scan to make sure we didn't miss anything.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

1. Double click OTM to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. When finished exit out of OTM.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

First things first - Thank you for helping me with this issue.  I appreciate your time and patience.

Here is the ESET log:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
C:\Program Files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe   Win32/Adware.HiWire application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP2\A0000207.exe   Win32/Adware.HiWire application   cleaned by deleting - quarantined
C:\WINDOWS\SYSTEM32\hpqly.bak   a variant of Win32/Kryptik.NJ trojan   cleaned by deleting - quarantined

[Malware Removal Specialist]

Looks good. How is the computer running now?

If there are no malware issues remaining we can finish up.

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.