Virus is not letting execute any program

[ksree]

My system is attacked by some malware. its automatically opening all porn websites and not letting me to run any virus program. i have followed the thread on the cool website and run as you guys said. i am pasting the logs below. please advise me what should i do next.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2009 at 03:07 PM

Application Version : 4.26.1006

Core Rules Database Version : 3969
Trace Rules Database Version: 1909

Scan type       : Complete Scan
Total Scan Time : 03:47:20

Memory items scanned      : 609
Memory threats detected   : 3
Registry items scanned    : 6318
Registry threats detected : 97
File items scanned        : 119848
File threats detected     : 75

Trojan.Agent/Gen-6TO4
   C:\WINDOWS\SYSTEM32\6TO4V32.DLL
   C:\WINDOWS\SYSTEM32\6TO4V32.DLL

Trojan.Agent/Gen-RogueDropper
   C:\WINDOWS\SYSTEM32\IEHELPER.DLL
   C:\WINDOWS\SYSTEM32\IEHELPER.DLL
   HKU\s-1-5-21-796845957-515967899-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003}

Adware.SysGuard/FakeAlert
   C:\WINDOWS\SYSGUARD.EXE
   C:\WINDOWS\SYSGUARD.EXE
   HKU\s-1-5-21-796845957-515967899-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run#system tool [ C:\WINDOWS\sysguard.exe ]
   C:\WINDOWS\Prefetch\SYSGUARD.EXE-39D8A190.pf

Adware.Vundo Variant
   HKLM\Software\Classes\CLSID\{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63}
   HKCR\CLSID\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63}
   HKCR\CLSID\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63}
   HKCR\CLSID\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63}\InProcServer32
   HKCR\CLSID\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63}\InProcServer32#ThreadingModel
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBD4551A-9B23-41cd-9BCD-818AA2DA7B63}
   HKU\s-1-5-21-796845957-515967899-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBD4551A-9B23-41CD-9BCD-818AA2DA7B63}

Trojan.Vundo-Variant/NextGen
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8567edfa-408c-43e9-b929-4c25c04f5003}
   HKCR\CLSID\{8567EDFA-408C-43E9-B929-4C25C04F5003}
   HKCR\CLSID\{8567EDFA-408C-43E9-B929-4C25C04F5003}
   HKCR\CLSID\{8567EDFA-408C-43E9-B929-4C25C04F5003}\inprocserver32
   HKCR\CLSID\{8567EDFA-408C-43E9-B929-4C25C04F5003}\inprocserver32#ThreadingModel

Adware.Tracking Cookie
   C:\Documents and Settings\OM\Cookies\[email protected][2].txt
   C:\Documents and Settings\OM\Cookies\system@atdmt[2].txt
   C:\Documents and Settings\OM\Cookies\system@serving-sys[2].txt
   C:\Documents and Settings\OM\Cookies\[email protected][1].txt
   C:\Documents and Settings\OM\Cookies\system@tribalfusion[2].txt
   C:\Documents and Settings\OM\Cookies\om@clicktorrent[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@adecn[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@chitika[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@clicksense[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@collective-media[1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@imediablast[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@interclick[3].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@media6degrees[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@myroitracking[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@nextag[1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@specificmedia[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@specificmedia[3].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\Guest\Cookies\guest@windowsmedia[1].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@traveladvertising[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt

Trojan.Unknown Origin
   HKLM\Software\xpre
   HKLM\Software\xpre#execount

Rootkit.Unclassified/KR_Done
   C:\WINDOWS\system32\kr_done1

Rogue.SysCleaner
   HKU\s-1-5-21-796845957-515967899-839522115-1003\Software\xInsiDERexe

Trojan.Unclassified/NVCOI
   C:\Program Files\Temporary

Trojan.Hugipon
   HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters
   HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll

Rogue.Agent/Gen
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#aazalirt
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#skaaanret
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#jungertab
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#zibaglertz
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#iddqdops
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#ronitfst
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#tobmygers
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#jikglond
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#tobykke
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#klopnidret
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#jiklagka
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#salrtybek
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#seeukluba
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#jrjakdsd
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#krkdkdkee
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#dkewiizkjdks
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#dkekkrkska
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#rkaskssd
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#kuruhccdsdd
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#krujmmwlrra
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#kkwknrbsggeg
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#ktknamwerr
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#iqmcnoeqz
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#ienotas
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#krkmahejdk
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#otpeppggq
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#krtawefg
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#oranerkka
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#kitiiwhaas
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#otowjdseww
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#otnnbektre
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#oropbbsee
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#irprokwks
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#ooorjaas
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#id
   HKU\s-1-5-21-796845957-515967899-839522115-1003\SOFTWARE\AVSCAN#ready

Trojan.Agent/Gen
   C:\WINDOWS\system32\lowsec\local.ds
   C:\WINDOWS\system32\lowsec\user.ds
   C:\WINDOWS\system32\lowsec
   C:\Program Files\DRV

Trojan.Backdoor[DRV]
   HKLM\System\CONTROLSET001\SERVICES\DRV
   HKLM\System\CONTROLSET001\SERVICES\DRV#Type
   HKLM\System\CONTROLSET001\SERVICES\DRV#Start
   HKLM\System\CONTROLSET001\SERVICES\DRV#ErrorControl
   HKLM\System\CONTROLSET001\SERVICES\DRV#ImagePath
   HKLM\System\CONTROLSET001\SERVICES\DRV#ObjectName
   HKLM\System\CONTROLSET001\SERVICES\DRV#FailureActions
   HKLM\System\CONTROLSET001\SERVICES\DRV\parameters
   HKLM\System\CONTROLSET001\SERVICES\DRV\parameters#ServiceDll
   HKLM\System\CONTROLSET001\SERVICES\DRV\security
   HKLM\System\CONTROLSET001\SERVICES\DRV\security#Security
   HKLM\System\CONTROLSET001\SERVICES\DRV\Enum
   HKLM\System\CONTROLSET001\SERVICES\DRV\Enum#0
   HKLM\System\CONTROLSET001\SERVICES\DRV\Enum#Count
   HKLM\System\CONTROLSET001\SERVICES\DRV\Enum#NextInstance
   HKLM\System\CONTROLSET003\SERVICES\DRV
   HKLM\System\CONTROLSET003\SERVICES\DRV#Type
   HKLM\System\CONTROLSET003\SERVICES\DRV#Start
   HKLM\System\CONTROLSET003\SERVICES\DRV#ErrorControl
   HKLM\System\CONTROLSET003\SERVICES\DRV#ImagePath
   HKLM\System\CONTROLSET003\SERVICES\DRV#ObjectName
   HKLM\System\CONTROLSET003\SERVICES\DRV#FailureActions
   HKLM\System\CONTROLSET003\SERVICES\DRV\parameters
   HKLM\System\CONTROLSET003\SERVICES\DRV\parameters#ServiceDll
   HKLM\System\CONTROLSET003\SERVICES\DRV\security
   HKLM\System\CONTROLSET003\SERVICES\DRV\security#Security
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#Type
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#Start
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#ErrorControl
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#ImagePath
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#ObjectName
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV#FailureActions
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\parameters
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\parameters#ServiceDll
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\security
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\security#Security
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\Enum
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\Enum#0
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\Enum#Count
   HKLM\System\CURRENTCONTROLSET\SERVICES\DRV\Enum#NextInstance

Trojan.Agent/Gen-Backdoor[WinRes]
   C:\WINDOWS\FONTS\COOECP.TLB
   C:\WINDOWS\FONTS\LOGCDE.DLL
   C:\WINDOWS\FONTS\WINDEF.DLL
   C:\WINDOWS\FONTS\WINDEF.LOG
   C:\WINDOWS\FONTS\WINPAGED.OCX
   C:\WINDOWS\SYSTEM32\MSBKTI.EXE
   C:\WINDOWS\SYSTEM32\MSEQDW.EXE
   C:\WINDOWS\SYSTEM32\MSHHISS.EXE
   C:\WINDOWS\SYSTEM32\MSJXG.EXE
   C:\WINDOWS\SYSTEM32\MSMAMJ.EXE
   C:\WINDOWS\SYSTEM32\MSSBXGJ.EXE
   C:\WINDOWS\SYSTEM32\MSUIV.EXE
   C:\WINDOWS\SYSTEM32\MSVDAZP.EXE
   C:\WINDOWS\SYSTEM32\MSWHC.EXE
   C:\WINDOWS\SYSTEM32\MSXXGSVF.EXE
   C:\WINDOWS\SYSTEM32\MSYJV.EXE
   C:\WINDOWS\SYSTEM32\MSYNKM.EXE

Trojan.Agent/Gen-UPX
   C:\WINDOWS\FONTS\SERVICES.EXE

Trojan.Dropper/Win-NV
   C:\WINDOWS\LD12.EXE

Adware.Vundo/Variant-MSFake
   C:\WINDOWS\SYSTEM32\MSWINSCK.OCX

Rootkit.Agent/Gen-FraudLoad-F
   C:\WINDOWS\SYSTEM32\TPSAXYD.EXE

Trojan.Agent/Gen-Dropper[Temp]
   C:\WINDOWS\TWAIN_32\HPQGNDS2.TMP




Malwarebytes' Anti-Malware 1.38
Database version: 2369
Windows 5.1.2600 Service Pack 3

7/3/2009 3:45:02 PM
mbam-log-2009-07-03 (15-45-02).txt

Scan type: Quick Scan
Objects scanned: 100383
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pcmstub (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\drvdrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVDRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRV (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf7husjnfg98gi498aejhiugjkdg4 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LowRiskFileTypes (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\iDlo01 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\OM\Start Menu\Programs\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
c:\fdvjfx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\OM\start menu\Programs\system security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\9129837.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\OM\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\OM\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:58 PM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MediaMelon\bin\wrapper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\SmartVoip.com\SmartVoip\SmartVoip.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\OM\Desktop\JavaRa\JavaRa.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 antispy.microsoft.com
O1 - Hosts: 209.44.111.62 antiaware-pro.com
O1 - Hosts: 209.44.111.62 www.antiaware-pro.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmartVoip] "C:\Program Files\SmartVoip.com\SmartVoip\SmartVoip.exe" -nosplash -minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/45.11/uploader2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c98fbdcfb083d4) (gupdate1c98fbdcfb083d4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lich - Unknown owner - C:\WINDOWS\system32\lich.exe (file missing)
O23 - Service: MediaMelon Client 1.0 (MediaMelon Client) - Unknown owner - C:\Program Files\MediaMelon\bin\wrapper.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 11611 bytes

Edit to remove malicious link in HJT log.

[evilfantasy]

Welcome to CH.

There are multiple entries that lead me to believe this is a Virut infection but we will have a closer look to make sure.

Open HijackThis and select Do a system scan only

Vista users right click on HijackThis and select Run as Administrator. (you will receive a UAC prompt, please allow it)

Place a check mark next to the following entries: (if there)

• O1 - Hosts: ::1 localhost
• O1 - Hosts: 209.44.111.62 antispy.microsoft.com
• O1 - Hosts: 209.44.111.62 antiaware-pro.com
• O1 - Hosts: 209.44.111.62 www.antiaware- pro.com
  
• O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Driver::
lich

File::
C:\WINDOWS\system32\lich.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[ksree]

I have runned the combofix. here is the log. THanks a bunch.

ComboFix 09-07-04.04 - OM 07/04/2009 23:48.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1169 [GMT -5:00]
Running from: c:\documents and settings\OM\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OM\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 * Created a new restore point

FILE ::
"c:\windows\system32\lich.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1124205267
c:\windows\Installer\105b0428.msp
c:\windows\Installer\105b0496.msp
c:\windows\Installer\3f1184.msi
c:\windows\Installer\55e09e.msp
c:\windows\Installer\acc93ef.msi
c:\windows\system32\drivers\4289843a.sys
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\wbem\proquota.exe
F:\AUTORUN.INF

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_lich
-------\Legacy_pcmstub
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_4289843a
-------\Service_6to4
-------\Service_lich


(((((((((((((((((((((((((   Files Created from 2009-06-05 to 2009-07-05  )))))))))))))))))))))))))))))))
.

2010-07-15 02:42 . 2009-06-04 22:31   --------   d-----w-   c:\documents and settings\OM\Application Data\dvdcss
2010-07-15 02:42 . 2010-07-15 02:42   --------   d-----w-   c:\documents and settings\OM\Application Data\vlc
2010-07-15 02:41 . 2010-07-15 02:41   --------   d-----w-   c:\program files\VideoLAN
2010-07-13 21:48 . 2009-04-05 00:33   73784   ----a-w-   c:\documents and settings\OM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 21:19 . 2009-07-03 21:19   --------   d-----w-   c:\program files\Trend Micro
2009-07-03 20:59 . 2009-07-03 20:59   152576   ----a-w-   c:\documents and settings\OM\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-03 20:34 . 2009-07-03 20:34   --------   d-----w-   c:\documents and settings\OM\Application Data\Malwarebytes
2009-07-03 20:34 . 2009-06-17 16:27   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 20:34 . 2009-07-03 20:34   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-07-03 20:34 . 2009-07-03 20:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-03 20:34 . 2009-06-17 16:27   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-07-03 16:14 . 2009-07-03 21:39   117760   ----a-w-   c:\documents and settings\OM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-03 16:14 . 2009-07-03 16:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-03 16:13 . 2009-07-03 16:13   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-07-03 16:13 . 2009-07-03 16:13   --------   d-----w-   c:\documents and settings\OM\Application Data\SUPERAntiSpyware.com
2009-07-03 16:13 . 2009-07-03 16:13   --------   d-----w-   C:\MSId8962.tmp
2009-07-03 16:13 . 2009-07-03 16:13   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-07-03 16:02 . 2009-07-03 16:02   --------   d-----w-   c:\program files\CCleaner
2009-07-03 04:12 . 2009-07-03 23:39   --------   d-----w-   c:\documents and settings\OM\Application Data\Lavasoft
2009-07-02 19:15 . 2009-07-02 19:15   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP7.sys
2009-07-02 19:12 . 2009-07-02 19:12   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.sys
2009-07-02 19:12 . 2009-07-02 19:12   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.sys
2009-07-02 19:11 . 2009-07-02 19:11   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP4.sys
2009-07-02 18:27 . 2009-07-02 18:27   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP3.sys
2009-07-02 18:27 . 2009-07-02 18:27   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP2.sys
2009-07-02 18:26 . 2009-07-02 18:26   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.sys
2009-07-02 18:26 . 2009-07-02 18:26   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.sys
2009-07-02 18:26 . 2009-07-03 03:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\12080624
2009-07-02 18:26 . 2009-07-02 18:26   --------   d-sh--w-   c:\windows\System Volume Information
2009-06-29 03:13 . 2009-06-29 03:13   --------   d-----w-   c:\program files\MediaMelon
2009-06-22 02:45 . 2009-06-22 02:45   --------   d-----w-   c:\program files\Common Files\xing shared
2009-06-09 03:53 . 2009-06-09 03:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2009-06-05 13:30 . 2009-05-21 16:33   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-06-05 13:29 . 2009-06-05 13:29   152576   ----a-w-   c:\documents and settings\OM\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 03:11 . 2007-07-13 04:50   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-05 04:32 . 2008-06-17 01:01   --------   d-----w-   c:\documents and settings\OM\Application Data\HPAppData
2009-07-04 04:40 . 2009-04-03 14:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2009-07-03 21:03 . 2008-04-23 00:50   --------   d-----w-   c:\program files\Java
2009-07-03 16:07 . 2009-03-31 00:50   --------   d-----w-   c:\documents and settings\OM\Application Data\Azureus
2009-07-03 13:05 . 2008-06-19 03:45   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-07-03 13:05 . 2008-06-19 03:45   327688   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-07-03 13:05 . 2007-03-03 08:01   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-07-03 13:05 . 2008-06-19 03:45   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-07-03 02:52 . 2008-06-19 03:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2009-07-02 18:55 . 2009-04-11 11:22   --------   d-----w-   c:\documents and settings\OM\Application Data\Amazon
2009-07-02 18:55 . 2009-04-11 11:21   --------   d-----w-   c:\program files\Amazon
2009-07-02 18:27 . 2009-07-02 18:27   327   ---h--w-   c:\windows\Fonts\mlog
2009-07-02 18:25 . 2007-01-16 18:01   --------   d-----w-   c:\documents and settings\OM\Application Data\AdobeUM
2009-06-30 00:58 . 2009-04-17 16:59   --------   d-----w-   c:\documents and settings\OM\Application Data\U3
2009-06-22 02:45 . 2008-07-17 01:21   --------   d-----w-   c:\program files\Common Files\Real
2009-06-20 01:19 . 2009-02-03 04:21   --------   d-----w-   c:\program files\Google
2009-06-03 04:41 . 2009-06-03 04:41   --------   d-----w-   c:\documents and settings\OM\Application Data\ATI
2009-06-03 03:14 . 2009-06-03 03:14   708608   ----a-w-   c:\windows\system32\Resecure60.dll
2009-06-03 03:14 . 2009-06-03 03:14   6536   ----a-w-   c:\windows\system32\WinGPDrv.dat
2009-06-03 03:14 . 2009-06-03 03:14   6533   ----a-w-   c:\windows\system32\NGWinDrv.dat
2009-06-03 03:14 . 2009-06-03 03:14   458752   ----a-w-   c:\windows\system32\LiveUpdate.dll
2009-06-03 03:14 . 2009-06-03 03:14   1290240   ----a-w-   c:\windows\system32\NGWinSys.dll
2009-06-03 03:14 . 2004-08-04 12:00   1025   ----a-w-   c:\windows\system32\y1vz87p.dll
2009-06-03 03:14 . 2004-08-04 12:00   1024   ----a-w-   c:\windows\system32\grcauth2.dll
2009-06-03 03:14 . 2004-08-04 12:00   1024   ----a-w-   c:\windows\system32\grcauth1.dll
2009-06-03 03:14 . 2004-08-04 12:00   1024   ----a-w-   c:\windows\system32\clauth2.dll
2009-06-03 03:14 . 2004-08-04 12:00   1024   ----a-w-   c:\windows\system32\clauth1.dll
2009-06-03 03:12 . 2009-06-03 03:12   --------   d-----w-   c:\program files\Common Files\RAM Common
2009-06-03 03:11 . 2009-06-03 03:11   --------   d-----w-   c:\program files\VectorDraw
2009-06-03 03:11 . 2009-06-03 03:11   --------   d-----w-   c:\program files\Common Files\Bentley
2009-06-03 03:09 . 2009-06-03 03:09   10134   ----a-r-   c:\documents and settings\OM\Application Data\Microsoft\Installer\{D4A33E08-4FE7-40C4-BF5E-5853C56ADD7C}\ARPPRODUCTICON.exe
2009-06-03 03:09 . 2009-03-31 01:57   --------   d-----w-   c:\program files\Common Files\Bentley Shared
2009-06-01 15:56 . 2008-07-20 03:46   --------   d-----w-   c:\documents and settings\Guest\Application Data\HPAppData
2009-05-31 12:26 . 2009-05-31 12:26   73784   ----a-w-   c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 03:04 . 2009-02-06 01:22   --------   d-----w-   c:\documents and settings\OM\Application Data\ZoomBrowser EX
2009-05-10 03:03 . 2009-02-06 01:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-05-07 15:32 . 2004-08-04 12:00   345600   ----a-w-   c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30   3366912   ----a-w-   c:\windows\system32\GPhotos.scr
2009-04-17 12:26 . 2004-08-04 12:00   1847168   ----a-w-   c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00   585216   ----a-w-   c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-02-24 3558136]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-03 1948440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-22 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2009-2-14 253952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-03 13:05   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SavRoam"=3 (0x3)
"HPSLPSVC"=2 (0x2)
"hpqddsvc"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"BITS"=2 (0x2)
"avg8emc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\MediaMelon\\bin\\wrapper.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11:TCP"= 11:TCP:INTERNET
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/18/2008 10:45 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/18/2008 10:45 PM 108552]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2009 8:05 AM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 9:06 AM 298776]
R2 MediaMelon Client;MediaMelon Client 1.0;c:\program files\MediaMelon\bin\wrapper.exe [4/16/2009 3:30 PM 217088]
S2 gupdate1c98fbdcfb083d4;Google Update Service (gupdate1c98fbdcfb083d4);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2009 5:36 PM 133104]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [7/2/2009 2:09 PM 1252474]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 4:48 AM 169192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2009-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 14:36]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 22:35]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 22:35]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpeedItUpEX - c:\program files\Speeditup Free\SpeedItUp.exe
HKCU-Run-SmartVoip - c:\program files\SmartVoip.com\SmartVoip\SmartVoip.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 23:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2836)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\java.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-07-05 23:59 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-05 04:59

Pre-Run: 3,585,925,120 bytes free
Post-Run: 4,511,961,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows Server 2003, Enterprise" /noexecute=optout /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

306   --- E O F ---   2009-06-11 08:03

[evilfantasy]

Download OTM by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:services

:reg

:files
c:\documents and settings\All Users\Application Data\Symantec

:Commands
[purity]
[emptytemp]
[start explorer]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

----------

Also let me know how the computer is running now.

.

[ksree]

hI evilfantasy,
THANK FOR YOUR HELP. I ran programs as you told me. when i ran OTM by Oldtimer, after clicking on "Move It" there is a message in the green box "it killed all" and screen went blank. I can see only desktop background. then I waited for 30 mins and restarted the system forcefully. It ran fine. then I ran DDS program. the logs are as follows.
DDS.txt


DDS (Ver_09-06-26.01) - NTFSx86 
Run by OM at  8:54:36.78 on Sun 07/05/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1324 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\MediaMelon\bin\wrapper.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\java.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\OM\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se\CameraMonitor.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.23.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/45.11/uploader2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {cafeefac-0016-0000-0014-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !saswinlogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-18 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-3 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-18 108552]
R1 sasdifsv;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 saskutil;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-3 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-4 298776]
R2 MediaMelon Client;MediaMelon Client 1.0;c:\program files\mediamelon\bin\wrapper.exe [2009-4-16 217088]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080613.003\naveng.sys [2008-6-14 89936]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080613.003\navex15.sys [2008-6-14 856336]
S2 gupdate1c98fbdcfb083d4;Google Update Service (gupdate1c98fbdcfb083d4);c:\program files\google\update\GoogleUpdate.exe [2009-2-15 133104]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2009-7-2 1252474]
S3 sasenum;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
S4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]
S4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]

=============== Created Last 30 ================

2009-07-05 08:10   <DIR>   --d-----   C:\_OTM
2009-07-04 23:58   <DIR>   -cd-----   c:\windows\system32\dllcache\cache
2009-07-04 23:50   50,176   ac------   c:\windows\system32\dllcache\proquota.exe
2009-07-04 23:50   50,176   a-------   c:\windows\system32\proquota.exe
2009-07-04 23:46   <DIR>   a-dshr--   C:\cmdcons
2009-07-04 23:44   161,792   a-------   c:\windows\SWREG.exe
2009-07-04 23:44   155,136   a-------   c:\windows\PEV.exe
2009-07-04 23:44   98,816   a-------   c:\windows\sed.exe
2009-07-04 23:44   <DIR>   --ds----   C:\ComboFix
2009-07-03 16:19   <DIR>   --d-----   c:\program files\Trend Micro
2009-07-03 15:34   <DIR>   --d-----   c:\docume~1\om\applic~1\Malwarebytes
2009-07-03 15:34   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 15:34   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-07-03 15:34   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-07-03 15:34   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-03 11:14   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-03 11:13   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-07-03 11:13   <DIR>   --d-----   c:\docume~1\om\applic~1\SUPERAntiSpyware.com
2009-07-03 11:13   <DIR>   --d-----   C:\MSId8962.tmp
2009-07-03 11:13   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-07-03 11:02   <DIR>   --d-----   c:\program files\CCleaner
2009-07-02 13:26   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\12080624
2009-07-02 13:26   <DIR>   --dsh---   c:\windows\System Volume Information
2009-06-28 22:13   <DIR>   --d-----   c:\program files\MediaMelon
2009-06-21 21:45   <DIR>   --d-----   c:\program files\common files\xing shared
2009-06-14 20:12   0   a-------   c:\windows\mtstack16.INI

==================== Find3M  ====================

2009-07-03 08:05   327,688   a-------   c:\windows\system32\drivers\avgldx86.sys
2009-07-03 08:05   11,952   a-------   c:\windows\system32\avgrsstx.dll
2009-07-03 08:05   108,552   a-------   c:\windows\system32\drivers\avgtdix.sys
2009-07-02 13:27   327   ----h---   c:\windows\fonts\mlog
2009-06-02 22:14   1,290,240   a-------   c:\windows\system32\NGWinSys.dll
2009-06-02 22:14   708,608   a-------   c:\windows\system32\Resecure60.dll
2009-06-02 22:14   458,752   a-------   c:\windows\system32\LiveUpdate.dll
2009-06-02 22:14   6,536   a-------   c:\windows\system32\WinGPDrv.dat
2009-06-02 22:14   6,533   a-------   c:\windows\system32\NGWinDrv.dat
2009-05-21 11:33   410,984   a-------   c:\windows\system32\deploytk.dll
2009-05-07 10:32   345,600   a-------   c:\windows\system32\localspl.dll
2009-05-01 13:30   3,366,912   a-------   c:\windows\system32\GPhotos.scr
2009-04-17 07:26   1,847,168   a-------   c:\windows\system32\win32k.sys
2009-04-15 09:51   585,216   a-------   c:\windows\system32\rpcrt4.dll
2009-03-14 19:08   60,744   a-------   c:\documents and settings\om\g2mdlhlpx.exe
2008-02-22 20:00   32   a----r--   c:\documents and settings\all users\hash.dat

============= FINISH:  8:54:54.70 ===============


Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/12/2007 11:53:14 PM
System Uptime: 7/5/2009 8:41:08 AM (0 hours ago)

Motherboard: Dell Inc. |  | 0XD720
Processor: Intel(R) Core(TM)2 CPU         T7200  @ 2.00GHz | Microprocessor | 1995/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 24 GiB total, 4.19 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 10 GiB total, 5.547 GiB free.
F: is FIXED (NTFS) - 78 GiB total, 11.013 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: BCM2045
Device ID: USB\VID_413C&PID_8126\5&2CD8A58F&0&2
Manufacturer:
Name: BCM2045
PNP Device ID: USB\VID_413C&PID_8126\5&2CD8A58F&0&2
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet J6400 series
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\PRINTER\0000
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N75
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N75
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP451: 7/4/2009 11:50:21 PM - ComboFix created restore point
RP452: 7/5/2009 8:29:04 AM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
4Media HD Video Converter
6400_Help
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Aide PDF to DXF Converter 9.5
AirXonix version 1.41
Any Video Converter 2.7.1
Ap PDF to IMAGE
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoCAD 2004
Autodesk Express Viewer
AVG 8.5
Bentley IEG License Service
Bentley MicroStation (V 08.05.01.25) - 1
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom 440x 10/100 Integrated Controller
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Creative WebCam NX Ultra Driver (1.01.03.0112)
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Dell Wireless WLAN Card
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Web Player
DocProc
DocProcQFolder
eSupportQFolder
Fax
Free DWG Viewer 6.2
Google Earth
Google Gears
Google Update Helper
Google Updater
GoToMeeting 4.0.0.320
GPBaseService
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Officejet J6400 Series
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
ImageMixer 3 SE
iTunes
J6400
Java(TM) 6 Update 14
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
MediaMelon Client
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetDeviceManager
Nokia Connectivity Cable Driver
OCR Software by I.R.I.S. 10.0
PC Connectivity Solution
Picasa 3
ProductContext
PSSWCORE
QuickSet
QuickTime
RealPlayer
RedistSysFiles
SafeCast Shared Components
Scan
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shop for HP Supplies
SigmaTel Audio
SmartWebPrintingOC
SolutionCenter
Sound Blaster ADVANCED MB Drivers
STAAD.Pro V8i
Status
SUPERAntiSpyware Free Edition
Symantec AntiVirus
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VBA (2627.01)
Veoh Web Player Beta
VeohTV BETA
VideoLAN VLC media player 0.8.6b
VideoToolkit01
Vuze
WebFldrs XP
WebReg
Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8 Release Candidate 1
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinStorm30
Yahoo! Messenger
Yahoo! Search Protection

==== End Of File ===========================
Thanks,
Sree

[evilfantasy]

Go to Add or Remove Programs and uninstall:

• LiveUpdate 2.0 (Symantec Corporation)
• MarketResearch
• Symantec AntiVirus

.
Download the Norton Removal Tool (SymNRT) to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

• Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC.
• Delete the 'Norton_Removal_Tool' from your desktop.

.
----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[ksree]

HI,
I ran the combofix. Here is the log. Thanks.

ComboFix 09-07-05.01 - OM 07/05/2009 19:38.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1467 [GMT -5:00]
Running from: c:\documents and settings\OM\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\OM\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\messenger\msmsgs.exe

.
(((((((((((((((((((((((((   Files Created from 2009-06-06 to 2009-07-06  )))))))))))))))))))))))))))))))
.

2010-07-15 02:42 . 2009-06-04 22:31   --------   d-----w-   c:\documents and settings\OM\Application Data\dvdcss
2010-07-15 02:42 . 2010-07-15 02:42   --------   d-----w-   c:\documents and settings\OM\Application Data\vlc
2010-07-15 02:41 . 2010-07-15 02:41   --------   d-----w-   c:\program files\VideoLAN
2010-07-13 21:48 . 2009-04-05 00:33   73784   ----a-w-   c:\documents and settings\OM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-05 13:10 . 2009-07-05 13:10   --------   d-----w-   C:\_OTM
2009-07-05 04:50 . 2008-04-14 00:12   50176   -c--a-w-   c:\windows\system32\dllcache\proquota.exe
2009-07-05 04:50 . 2008-04-14 00:12   50176   ----a-w-   c:\windows\system32\proquota.exe
2009-07-03 21:19 . 2009-07-03 21:19   --------   d-----w-   c:\program files\Trend Micro
2009-07-03 20:59 . 2009-07-03 20:59   152576   ----a-w-   c:\documents and settings\OM\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-03 20:34 . 2009-07-03 20:34   --------   d-----w-   c:\documents and settings\OM\Application Data\Malwarebytes
2009-07-03 20:34 . 2009-06-17 16:27   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 20:34 . 2009-07-03 20:34   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-07-03 20:34 . 2009-07-03 20:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-03 20:34 . 2009-06-17 16:27   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-07-03 16:14 . 2009-07-03 21:39   117760   ----a-w-   c:\documents and settings\OM\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-03 16:14 . 2009-07-03 16:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-03 16:13 . 2009-07-03 16:13   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-07-03 16:13 . 2009-07-03 16:13   --------   d-----w-   c:\documents and settings\OM\Application Data\SUPERAntiSpyware.com
2009-07-03 16:13 . 2009-07-03 16:13   --------   d-----w-   C:\MSId8962.tmp
2009-07-03 16:13 . 2009-07-03 16:13   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-07-03 16:02 . 2009-07-03 16:02   --------   d-----w-   c:\program files\CCleaner
2009-07-03 04:12 . 2009-07-03 23:39   --------   d-----w-   c:\documents and settings\OM\Application Data\Lavasoft
2009-07-02 19:15 . 2009-07-02 19:15   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP7.sys
2009-07-02 19:12 . 2009-07-02 19:12   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP6.sys
2009-07-02 19:12 . 2009-07-02 19:12   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP5.sys
2009-07-02 19:11 . 2009-07-02 19:11   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP4.sys
2009-07-02 18:27 . 2009-07-02 18:27   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP3.sys
2009-07-02 18:27 . 2009-07-02 18:27   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP2.sys
2009-07-02 18:26 . 2009-07-02 18:26   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.sys
2009-07-02 18:26 . 2009-07-02 18:26   4656   ----a-w-   c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.sys
2009-07-02 18:26 . 2009-07-03 03:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\12080624
2009-07-02 18:26 . 2009-07-02 18:26   --------   d-sh--w-   c:\windows\System Volume Information
2009-06-29 03:13 . 2009-06-29 03:13   --------   d-----w-   c:\program files\MediaMelon
2009-06-22 02:45 . 2009-06-22 02:45   --------   d-----w-   c:\program files\Common Files\xing shared
2009-06-09 03:53 . 2009-06-09 03:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 03:11 . 2007-07-13 04:50   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-06 00:35 . 2008-06-17 01:01   --------   d-----w-   c:\documents and settings\OM\Application Data\HPAppData
2009-07-06 00:25 . 2007-03-27 11:27   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2009-07-06 00:25 . 2007-03-27 11:27   --------   d-----w-   c:\program files\Symantec
2009-07-06 00:25 . 2007-03-27 11:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
2009-07-05 13:02 . 2009-04-03 14:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2009-07-03 21:03 . 2008-04-23 00:50   --------   d-----w-   c:\program files\Java
2009-07-03 16:07 . 2009-03-31 00:50   --------   d-----w-   c:\documents and settings\OM\Application Data\Azureus
2009-07-03 13:05 . 2008-06-19 03:45   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-07-03 13:05 . 2008-06-19 03:45   327688   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-07-03 13:05 . 2007-03-03 08:01   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-07-03 13:05 . 2008-06-19 03:45   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-07-03 02:52 . 2008-06-19 03:45   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2009-07-02 18:55 . 2009-04-11 11:22   --------   d-----w-   c:\documents and settings\OM\Application Data\Amazon
2009-07-02 18:55 . 2009-04-11 11:21   --------   d-----w-   c:\program files\Amazon
2009-07-02 18:27 . 2009-07-02 18:27   327   ---h--w-   c:\windows\Fonts\mlog
2009-07-02 18:25 . 2007-01-16 18:01   --------   d-----w-   c:\documents and settings\OM\Application Data\AdobeUM
2009-06-30 00:58 . 2009-04-17 16:59   --------   d-----w-   c:\documents and settings\OM\Application Data\U3
2009-06-22 02:45 . 2008-07-17 01:21   --------   d-----w-   c:\program files\Common Files\Real
2009-06-20 01:19 . 2009-02-03 04:21   --------   d-----w-   c:\program files\Google
2009-06-05 13:29 . 2009-06-05 13:29   152576   ----a-w-   c:\documents and settings\OM\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-03 04:41 . 2009-06-03 04:41   --------   d-----w-   c:\documents and settings\OM\Application Data\ATI
2009-06-03 03:14 . 2009-06-03 03:14   708608   ----a-w-   c:\windows\system32\Resecure60.dll
2009-06-03 03:14 . 2009-06-03 03:14   6536   ----a-w-   c:\windows\system32\WinGPDrv.dat
2009-06-03 03:14 . 2009-06-03 03:14   6533   ----a-w-   c:\windows\system32\NGWinDrv.dat
2009-06-03 03:14 . 2009-06-03 03:14   458752   ----a-w-   c:\windows\system32\LiveUpdate.dll
2009-06-03 03:14 . 2009-06-03 03:14   1290240   ----a-w-   c:\windows\system32\NGWinSys.dll
2009-06-03 03:14 . 2004-08-04 12:00   1025   ----a-w-   c:\windows\system32\y1vz87p.dll
2009-06-03 03:14 . 2004-08-04 12:00   1024   ----a-w-   c:\windows\system32\grcauth2.dll
2009-06-03 03:14 . 2004-08-04 12:00   1024   ----a-w-   c:\windows\system32\grcauth1.dll
2009-06-03 03:14 . 2004-08-04 12:00   1024   ----a-w-   c:\windows\system32\clauth2.dll
2009-06-03 03:14 . 2004-08-04 12:00   1024   ----a-w-   c:\windows\system32\clauth1.dll
2009-06-03 03:12 . 2009-06-03 03:12   --------   d-----w-   c:\program files\Common Files\RAM Common
2009-06-03 03:11 . 2009-06-03 03:11   --------   d-----w-   c:\program files\VectorDraw
2009-06-03 03:11 . 2009-06-03 03:11   --------   d-----w-   c:\program files\Common Files\Bentley
2009-06-03 03:09 . 2009-06-03 03:09   10134   ----a-r-   c:\documents and settings\OM\Application Data\Microsoft\Installer\{D4A33E08-4FE7-40C4-BF5E-5853C56ADD7C}\ARPPRODUCTICON.exe
2009-06-03 03:09 . 2009-03-31 01:57   --------   d-----w-   c:\program files\Common Files\Bentley Shared
2009-06-01 15:56 . 2008-07-20 03:46   --------   d-----w-   c:\documents and settings\Guest\Application Data\HPAppData
2009-05-31 12:26 . 2009-05-31 12:26   73784   ----a-w-   c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-21 16:33 . 2009-06-05 13:30   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-05-10 03:04 . 2009-02-06 01:22   --------   d-----w-   c:\documents and settings\OM\Application Data\ZoomBrowser EX
2009-05-10 03:03 . 2009-02-06 01:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-05-07 15:32 . 2004-08-04 12:00   345600   ----a-w-   c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30   3366912   ----a-w-   c:\windows\system32\GPhotos.scr
2009-04-17 12:26 . 2004-08-04 12:00   1847168   ----a-w-   c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00   585216   ----a-w-   c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-07-05_04.55.54   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-06 00:43 . 2009-07-06 00:43   16384              c:\windows\Temp\Perflib_Perfdata_fc.dat
- 2004-08-04 12:00 . 2009-07-03 03:42   58998              c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-07-05 04:58   58998              c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-07-05 04:58   392864              c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-07-03 03:42   392864              c:\windows\system32\perfh009.dat
+ 2007-01-16 16:51 . 2009-07-05 18:13   3817984              c:\windows\Installer\1073be.msi
- 2007-01-16 16:51 . 2009-07-03 23:38   3817984              c:\windows\Installer\1073be.msi
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-02-24 3558136]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-03 1948440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-22 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2009-2-14 253952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-12-22 17:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-03 13:05   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"TapiSrv"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SavRoam"=3 (0x3)
"HPSLPSVC"=2 (0x2)
"hpqddsvc"=2 (0x2)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"BITS"=2 (0x2)
"avg8emc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\MediaMelon\\bin\\wrapper.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11:TCP"= 11:TCP:INTERNET
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/18/2008 10:45 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/18/2008 10:45 PM 108552]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2009 8:05 AM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 9:06 AM 298776]
R2 MediaMelon Client;MediaMelon Client 1.0;c:\program files\MediaMelon\bin\wrapper.exe [4/16/2009 3:30 PM 217088]
S2 gupdate1c98fbdcfb083d4;Google Update Service (gupdate1c98fbdcfb083d4);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2009 5:36 PM 133104]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [7/2/2009 2:09 PM 1252474]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

2009-07-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 14:36]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 22:35]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 19:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3104)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\java.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-07-06 19:47 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-06 00:47
ComboFix2.txt  2009-07-05 04:59

Pre-Run: 4,735,184,896 bytes free
Post-Run: 4,738,347,008 bytes free

284   --- E O F ---   2009-06-11 08:03

[evilfantasy]

How is the computer running now?

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.
.
The above procedure will:

• Delete: ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

1. Double click OTM to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTM will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTM.

[ksree]

HI,
My computer is running Normal now. Thank you very much. Do I need to do anything else?

Thanks a million,
Sree

[evilfantasy]

Final suggestions.

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.