Virus?

[UnstableWingman]

Okay, my HP, built, computer has not started in two days.

About a week ago, it restarted with no warning, and I got a flash of a blue screen error before it gave me an option to go to safe mode. I tried system restore to no avail. I got in safe mode and deleted a driver I recently downloaded, and it seemed to work. I could get back in normal mode. But I turned it off for the night, and the next day it gave bme the same flash of hardware error message for 1 second and went to safe mode options. So I went back in, and deleted all drivers downloaded or updated in 2009.
That worked again. But the same thing happened yesterday. SO I went in, and deleted more things downloaded in 2009. But it didnt work this time. And, it wont let me in safe mode, because it says the copy of windows needs to be registered, and can only be registered in normal mode. Which I cant get into.

Anyone have a clue what I can do?

EDIT:
For about a month before the crash, I kept getting an error saying I was missing a file. C:\WINDOWS\system32\fawrjjob.dll

EDIT EDIT:
My computer logged on no problems just now. Still getting the above error message.

[evilfantasy]

Start here http://www.computerhope.com/forum/index.php/topic,46313.0.html

Post the 3 logs when complete.

[UnstableWingman]

Still not booting in normal mode.



[attachment deleted by admin]

[tgp1994]

So, you can't boot into normal mode, but can boot into Safe mode?

My first recommendation is to boot into Safe Mode with Networking and get any Windows updates that you can find. (They actually tend to fix things, even after Vista )

My next suggestion is to download CCleaner, (http://www.filehippo.com/download_ccleaner/) which is pretty much known as Crap Cleaner, and run a Registry scan and clean it up. (Of course, before you do the cleaning part, make sure you save the backup of your registry when it prompts you to do so.) Reboot, and at least see if that fixes the error.

Next, if you still can't boot into normal mode, I recommend you download Spybot Search & Destroy (http://www.safer-networking.org/en/mirrors/index.html) and do a full system scan with it. It tends to be pretty thorough.

And if all else fails, and no one else can help you, pop in the Windows installation disk and do a repair installation.

Hope I helped!

[UnstableWingman]

CCleaner hasnt worked, im in Safe mode with networking.
I have all the windows updates, have deleted about 20 virus files, but it still will not boot. It boots sometimes and not others. For the past 3 days now.

[tgp1994]

Did you try Spybot Search & Destroy?

[UnstableWingman]

Just tried it. I deleted many more files. Now, the BSoD stays instead of flashing for a second and going away.  Even though I had it set to not restart, it would anyway.
Still not booting in normal mode.

EDIT:
Put in the XP CD into the CD-ROM drive, without prompting it booted normally.

[kpac]

CCleaner and Spybot won't do much against new malware.

UnstableWingman: Yes, you are still infected after the scans but you'll have to wait for an expert to review the HJT log.

[evilfantasy]

Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

* Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
* A window will now open showing SDFix being extracted into the C:\SDFix folder.     
* Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
* DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

When your computer has started in safe mode, and you see the desktop, close all open Windows.

* Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK  button.

Code: [Select]

C:\SDFix\RunThis.bat
* SDFix window will open containing some brief info and a disclaimer on the use of the tool.
* Type Y on your keyboard and then press Enter to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
* Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log (from normal boot mode).

[UnstableWingman]

SDFix: Version 1.240
Run by Jimmy George on Sun 02/15/2009 at 04:46 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DLLHOS~1.EXE - Deleted





Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 17:49:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:56,4f,18,37,d4,c3,5e,36,b0,60,29,2a,cd,df,87,0c,cc,a6,ba,ab,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:56,4f,18,37,d4,c3,5e,36,b0,60,29,2a,cd,df,87,0c,cc,a6,ba,ab,a3,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Steam\\steamapps\\renji_taicho\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\renji_taicho\\counter-strike source\\hl2.exe:*:Enabled:hl2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 26 Jan 2009     1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009     5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 26 Jan 2009     2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 20 Mar 2008         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 13 Sep 2008        99,328 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\~WRL0002.tmp"
Tue 11 Nov 2008        24,576 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\~WRL0005.tmp"
Tue 11 Nov 2008        27,648 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\~WRL0456.tmp"
Thu  1 May 2008        29,696 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\~WRL0673.tmp"
Wed 30 Apr 2008        29,184 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\~WRL1912.tmp"
Wed 28 Jan 2009     1,157,632 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\~WRL2103.tmp"
Thu  1 May 2008        29,696 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\~WRL2272.tmp"
Wed 28 Jan 2009     1,157,632 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\~WRL2731.tmp"
Tue 11 Nov 2008        26,624 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\~WRL3300.tmp"
Thu  1 May 2008        29,696 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\~WRL3987.tmp"
Mon 10 Nov 2008           460 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti127.tmp"
Thu  5 Jul 2007       146,432 ..SHR --- "C:\Program Files\Verizon Wireless\V CAST Music Manager\Setup.exe"
Mon  7 May 2007        53,248 A.SHR --- "C:\Program Files\Verizon Wireless\V CAST Music Manager\_Setupx.dll"
Sat 19 Apr 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 13 Nov 2006       319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Thu 20 Mar 2008         4,348 ...H. --- "C:\Documents and Settings\Jimmy George\My Documents\My Music\License Backup\drmv1key.bak"
Thu 20 Mar 2008            20 A..H. --- "C:\Documents and Settings\Jimmy George\My Documents\My Music\License Backup\drmv1lic.bak"
Thu 20 Mar 2008         9,655 A.SH. --- "C:\Documents and Settings\Jimmy George\My Documents\My Music\License Backup\drmv2key.bak"

Finished!



[attachment deleted by admin]

[evilfantasy]

Getting closer.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[UnstableWingman]

ComboFix 09-02-15.01 - Jimmy George 2009-02-15 18:42:45.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2047.1421 [GMT -8:00]
Running from: c:\documents and settings\Jimmy George\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\vxignpmm.job

.
(((((((((((((((((((((((((   Files Created from 2009-01-16 to 2009-02-16  )))))))))))))))))))))))))))))))
.

2009-02-15 16:43 . 2009-02-15 16:44   <DIR>   d--------   c:\windows\ERUNT
2009-02-15 16:37 . 2009-02-15 17:51   <DIR>   d--------   C:\SDFix
2009-02-14 20:10 . 2009-02-14 20:10   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2009-02-14 20:10 . 2009-02-14 22:59   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 20:02 . 2009-02-14 20:02   <DIR>   d--------   c:\documents and settings\Jimmy George\.SunDownloadManager
2009-02-14 17:00 . 2009-02-14 17:00   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-14 16:59 . 2009-02-14 19:42   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-02-14 16:59 . 2009-02-14 16:59   <DIR>   d--------   c:\documents and settings\Jimmy George\Application Data\SUPERAntiSpyware.com
2009-02-14 16:57 . 2009-02-14 16:57   <DIR>   d--------   c:\program files\CCleaner
2009-02-11 18:28 . 2009-02-11 18:28   <DIR>   d--------   C:\c598fe486e6c00070a0f9c29dff0
2009-02-11 18:28 . 2009-02-11 18:28   <DIR>   d--------   C:\89200b32165d195b00b4
2009-02-11 16:25 . 2009-02-11 16:25   <DIR>   dr-h-----   C:\AHCache
2009-02-11 16:25 . 2009-02-11 16:25   <DIR>   d--------   C:\59655147b6d111e15c88
2009-02-11 16:25 . 2009-02-11 16:25   <DIR>   d--------   C:\27f6147b376fc2bb44d9abe7ce9957b9
2009-02-08 20:44 . 2009-02-08 20:44   <DIR>   d--------   c:\program files\Trend Micro
2009-02-08 20:41 . 2009-02-08 20:41   <DIR>   d--------   c:\program files\Avira
2009-02-08 20:41 . 2009-02-08 20:41   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Avira
2009-02-08 20:39 . 2009-02-08 20:39   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-02-08 20:39 . 2009-02-08 20:39   <DIR>   d--------   c:\documents and settings\Jimmy George\Application Data\Malwarebytes
2009-02-08 20:39 . 2009-02-08 20:39   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-08 20:39 . 2009-01-14 16:11   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 20:39 . 2009-01-14 16:11   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-02-05 21:08 . 2009-02-15 18:46   13,646   --a------   c:\windows\system32\wpa.dbl
2009-01-31 15:26 . 2009-01-31 15:26   <DIR>   d--------   c:\program files\Aspyr
2009-01-29 21:36 . 2009-01-29 21:36   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-01-29 21:36 . 2009-01-29 21:36   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-01-29 21:35 . 2009-02-02 16:51   <DIR>   d--------   c:\program files\Microsoft Xbox 360 Accessories
2009-01-29 21:35 . 2006-09-28 16:04   68,888   --a------   c:\windows\system32\xinput1_3(6).dll
2009-01-29 21:35 . 2006-09-28 16:04   68,888   --a------   c:\windows\system32\xinput1_3(5).dll
2009-01-29 21:35 . 2006-09-28 16:04   68,888   --a------   c:\windows\system32\xinput1_3(4).dll
2009-01-29 21:35 . 2006-09-28 16:04   68,888   --a------   c:\windows\system32\xinput1_3(3).dll
2009-01-29 21:35 . 2006-09-28 16:04   68,888   --a------   c:\windows\system32\xinput1_3(2).dll
2009-01-29 21:06 . 2009-02-02 16:51   <DIR>   d--------   c:\program files\XBCD
2009-01-29 20:42 . 2009-02-02 16:51   <DIR>   d--------   c:\program files\Frets on Fire
2009-01-29 20:42 . 2009-02-02 16:51   <DIR>   d--------   c:\documents and settings\Jimmy George\Application Data\fretsonfire

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 02:47   ---------   d-----w   c:\documents and settings\Jimmy George\Application Data\LimeWire
2009-02-16 02:46   ---------   d-----w   c:\program files\Steam
2009-02-16 01:19   ---------   d-----w   c:\documents and settings\Jimmy George\Application Data\Hamachi
2009-02-15 03:55   90,112   ----a-w   c:\windows\DUMP31ed.tmp
2009-02-15 00:59   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-02-12 02:18   90,112   ----a-w   c:\windows\DUMP3894.tmp
2009-02-06 05:11   98,304   ----a-w   c:\windows\DUMP3884.tmp
2009-02-06 05:10   98,304   ----a-w   c:\windows\DUMP3cab.tmp
2009-02-04 22:28   98,304   ----a-w   c:\windows\DUMP45e2.tmp
2009-02-04 22:26   98,304   ----a-w   c:\windows\DUMP4d35.tmp
2009-02-04 22:25   98,304   ----a-w   c:\windows\DUMP4621.tmp
2009-02-04 22:22   98,304   ----a-w   c:\windows\DUMP4d74.tmp
2009-02-04 22:21   98,304   ----a-w   c:\windows\DUMP4cf7.tmp
2009-02-04 22:17   98,304   ----a-w   c:\windows\DUMP4cd7.tmp
2009-02-04 22:14   98,304   ----a-w   c:\windows\DUMP4df1.tmp
2009-02-04 22:12   98,304   ----a-w   c:\windows\DUMP46fb.tmp
2009-02-04 22:10   98,304   ----a-w   c:\windows\DUMP4b70.tmp
2009-02-04 22:09   98,304   ----a-w   c:\windows\DUMP4cb9.tmp
2009-02-04 22:07   98,304   ----a-w   c:\windows\DUMP4cb8.tmp
2009-02-04 22:06   98,304   ----a-w   c:\windows\DUMP593b.tmp
2009-02-03 01:03   98,304   ----a-w   c:\windows\DUMP48e0.tmp
2009-02-03 01:02   98,304   ----a-w   c:\windows\DUMP44e8.tmp
2009-02-03 00:57   ---------   d-----w   c:\documents and settings\Jimmy George\Application Data\uTorrent
2009-02-03 00:41   98,304   ----a-w   c:\windows\DUMP4bdd.tmp
2009-02-03 00:39   98,304   ----a-w   c:\windows\DUMP535f.tmp
2009-01-24 06:02   ---------   d-----w   c:\documents and settings\All Users\Application Data\TrackMania
2008-06-20 02:59   604   ---ha-w   c:\program files\STLL Notifier
2001-03-30 00:19   718   ----a-w   c:\program files\player.nfx
2001-03-29 19:21   328   ----a-w   c:\program files\player.nfo
2001-03-20 04:14   563   ----a-w   c:\program files\player1.hki
2000-09-01 08:53   22,431   ----a-w   c:\program files\Readme_a.rtf
2000-09-01 08:47   1,173,558   ----a-w   c:\program files\crack.zip
2000-09-01 08:16   2,643,424   ----a-w   c:\program files\age2upa.exe
2000-08-09 00:44   340   ----a-w   c:\program files\setup.bat
2000-08-09 00:39   45,056   ----a-w   c:\program files\SETUPREG.EXE
2000-08-09 00:18   34   ----a-w   c:\program files\fonts.bat
2000-08-09 00:17   0   ----a-w   c:\program files\STPENUX.DLL
2000-08-09 00:17   0   ----a-w   c:\program files\EBUSetup.sem
2000-08-08 10:13   2,695,213   ----a-w   c:\program files\age2_x1.exe
2000-08-07 10:11   20,992   ----a-w   c:\program files\mythxpak.exe
2000-06-28 10:00   44,452   ----a-w   c:\program files\Readmex.rtf
2000-06-13 10:09   339,968   ----a-w   c:\program files\language_x1.dll
2000-06-13 09:59   53,299   ----a-w   c:\program files\ebueulax.dll
2000-05-27 10:58   39,647   ----a-w   c:\program files\EULAx.RTF
2000-04-01 07:47   301,568   ----a-w   c:\program files\myth.acm
1999-11-17 22:00   32,768   ----a-w   c:\program files\SETUPENU.DLL
1999-09-22 12:32   57,363   ----a-w   c:\program files\Readme.rtf
1999-09-22 12:32   53,304   ----a-w   c:\program files\EBUEula.dll
1999-09-22 12:32   499,712   ----a-w   c:\program files\language.dll
1999-09-22 12:32   40,507   ----a-w   c:\program files\EULA.RTF
1999-09-22 12:32   365,568   ----a-w   c:\program files\HA312W32.DLL
1999-09-22 12:32   158,902   ----a-w   c:\program files\scenariobkg.bmp
1999-09-22 12:32   112,688   ----a-w   c:\program files\SHW32.DLL
1999-09-22 03:46   2,560,000   ----a-w   c:\program files\empires2.exe
2007-06-13 22:07   6,276,080   ----a-w   c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-15 68856]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-08-08 148760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SkyTel"="SkyTel.EXE" [2008-02-25 c:\windows\SkyTel.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-25 c:\windows\RTHDCPL.exe]

c:\documents and settings\Jimmy George\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-05-30 624416]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-02-08 147456]
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-06-19 947544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=fnpear.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\renji_taicho\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-02-26 24652]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-02-23 30720]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-11-09 40832]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f627f16-158a-11dd-a61d-001d60272211}]
\Shell\AutoRun\command - I:\LaunchU3.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{3C3F8F62-8061-4874-8925-5066D6AC1F9B} - c:\windows\system32\jkkJdCUk.dll


.
------- Supplementary Scan -------
.
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jimmy George\Application Data\Mozilla\Firefox\Profiles\5lrhd2kh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 18:47:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Completion time: 2009-02-15 18:48:55 - machine was rebooted
ComboFix-quarantined-files.txt  2009-02-16 02:48:52

Pre-Run: 375,930,830,848 bytes free
Post-Run: 375,849,598,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

234   --- E O F ---   2008-12-11 07:35:37

[evilfantasy]

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Also let me know how the computer is running now.

[UnstableWingman]

ComboFix 09-02-15.01 - Jimmy George 2009-02-15 19:52:16.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2047.1444 [GMT -8:00]
Running from: c:\documents and settings\Jimmy George\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jimmy George\My Documents\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2009-01-16 to 2009-02-16  )))))))))))))))))))))))))))))))
.

2009-02-15 16:43 . 2009-02-15 16:44   <DIR>   d--------   c:\windows\ERUNT
2009-02-15 16:37 . 2009-02-15 17:51   <DIR>   d--------   C:\SDFix
2009-02-14 20:10 . 2009-02-14 20:10   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2009-02-14 20:10 . 2009-02-14 22:59   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 20:02 . 2009-02-14 20:02   <DIR>   d--------   c:\documents and settings\Jimmy George\.SunDownloadManager
2009-02-14 17:00 . 2009-02-14 17:00   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-14 16:59 . 2009-02-14 19:42   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-02-14 16:59 . 2009-02-14 16:59   <DIR>   d--------   c:\documents and settings\Jimmy George\Application Data\SUPERAntiSpyware.com
2009-02-14 16:57 . 2009-02-14 16:57   <DIR>   d--------   c:\program files\CCleaner
2009-02-11 18:28 . 2009-02-11 18:28   <DIR>   d--------   C:\c598fe486e6c00070a0f9c29dff0
2009-02-11 18:28 . 2009-02-11 18:28   <DIR>   d--------   C:\89200b32165d195b00b4
2009-02-11 16:25 . 2009-02-11 16:25   <DIR>   dr-h-----   C:\AHCache
2009-02-11 16:25 . 2009-02-11 16:25   <DIR>   d--------   C:\59655147b6d111e15c88
2009-02-11 16:25 . 2009-02-11 16:25   <DIR>   d--------   C:\27f6147b376fc2bb44d9abe7ce9957b9
2009-02-08 20:44 . 2009-02-08 20:44   <DIR>   d--------   c:\program files\Trend Micro
2009-02-08 20:41 . 2009-02-08 20:41   <DIR>   d--------   c:\program files\Avira
2009-02-08 20:41 . 2009-02-08 20:41   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Avira
2009-02-08 20:39 . 2009-02-08 20:39   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-02-08 20:39 . 2009-02-08 20:39   <DIR>   d--------   c:\documents and settings\Jimmy George\Application Data\Malwarebytes
2009-02-08 20:39 . 2009-02-08 20:39   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-08 20:39 . 2009-01-14 16:11   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 20:39 . 2009-01-14 16:11   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-02-05 21:08 . 2009-02-15 19:57   13,646   --a------   c:\windows\system32\wpa.dbl
2009-01-31 15:26 . 2009-01-31 15:26   <DIR>   d--------   c:\program files\Aspyr
2009-01-29 21:36 . 2009-01-29 21:36   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-01-29 21:36 . 2009-01-29 21:36   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-01-29 21:35 . 2009-02-02 16:51   <DIR>   d--------   c:\program files\Microsoft Xbox 360 Accessories
2009-01-29 21:35 . 2006-09-28 16:04   68,888   --a------   c:\windows\system32\xinput1_3(6).dll
2009-01-29 21:35 . 2006-09-28 16:04   68,888   --a------   c:\windows\system32\xinput1_3(5).dll
2009-01-29 21:35 . 2006-09-28 16:04   68,888   --a------   c:\windows\system32\xinput1_3(4).dll
2009-01-29 21:35 . 2006-09-28 16:04   68,888   --a------   c:\windows\system32\xinput1_3(3).dll
2009-01-29 21:35 . 2006-09-28 16:04   68,888   --a------   c:\windows\system32\xinput1_3(2).dll
2009-01-29 21:06 . 2009-02-02 16:51   <DIR>   d--------   c:\program files\XBCD
2009-01-29 20:42 . 2009-02-02 16:51   <DIR>   d--------   c:\program files\Frets on Fire
2009-01-29 20:42 . 2009-02-02 16:51   <DIR>   d--------   c:\documents and settings\Jimmy George\Application Data\fretsonfire

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 03:57   ---------   d-----w   c:\program files\Steam
2009-02-16 03:54   90,112   ----a-w   c:\windows\DUMP4381.tmp
2009-02-16 02:52   ---------   d-----w   c:\documents and settings\Jimmy George\Application Data\LimeWire
2009-02-16 02:47   ---------   d-----w   c:\documents and settings\Jimmy George\Application Data\Hamachi
2009-02-15 03:55   90,112   ----a-w   c:\windows\DUMP31ed.tmp
2009-02-15 00:59   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-02-12 02:18   90,112   ----a-w   c:\windows\DUMP3894.tmp
2009-02-06 05:11   98,304   ----a-w   c:\windows\DUMP3884.tmp
2009-02-06 05:10   98,304   ----a-w   c:\windows\DUMP3cab.tmp
2009-02-04 22:28   98,304   ----a-w   c:\windows\DUMP45e2.tmp
2009-02-04 22:26   98,304   ----a-w   c:\windows\DUMP4d35.tmp
2009-02-04 22:25   98,304   ----a-w   c:\windows\DUMP4621.tmp
2009-02-04 22:22   98,304   ----a-w   c:\windows\DUMP4d74.tmp
2009-02-04 22:21   98,304   ----a-w   c:\windows\DUMP4cf7.tmp
2009-02-04 22:17   98,304   ----a-w   c:\windows\DUMP4cd7.tmp
2009-02-04 22:14   98,304   ----a-w   c:\windows\DUMP4df1.tmp
2009-02-04 22:12   98,304   ----a-w   c:\windows\DUMP46fb.tmp
2009-02-04 22:10   98,304   ----a-w   c:\windows\DUMP4b70.tmp
2009-02-04 22:09   98,304   ----a-w   c:\windows\DUMP4cb9.tmp
2009-02-04 22:07   98,304   ----a-w   c:\windows\DUMP4cb8.tmp
2009-02-04 22:06   98,304   ----a-w   c:\windows\DUMP593b.tmp
2009-02-03 01:03   98,304   ----a-w   c:\windows\DUMP48e0.tmp
2009-02-03 01:02   98,304   ----a-w   c:\windows\DUMP44e8.tmp
2009-02-03 00:57   ---------   d-----w   c:\documents and settings\Jimmy George\Application Data\uTorrent
2009-02-03 00:41   98,304   ----a-w   c:\windows\DUMP4bdd.tmp
2009-02-03 00:39   98,304   ----a-w   c:\windows\DUMP535f.tmp
2009-01-24 06:02   ---------   d-----w   c:\documents and settings\All Users\Application Data\TrackMania
2008-06-20 02:59   604   ---ha-w   c:\program files\STLL Notifier
2001-03-30 00:19   718   ----a-w   c:\program files\player.nfx
2001-03-29 19:21   328   ----a-w   c:\program files\player.nfo
2001-03-20 04:14   563   ----a-w   c:\program files\player1.hki
2000-09-01 08:53   22,431   ----a-w   c:\program files\Readme_a.rtf
2000-09-01 08:47   1,173,558   ----a-w   c:\program files\crack.zip
2000-09-01 08:16   2,643,424   ----a-w   c:\program files\age2upa.exe
2000-08-09 00:44   340   ----a-w   c:\program files\setup.bat
2000-08-09 00:39   45,056   ----a-w   c:\program files\SETUPREG.EXE
2000-08-09 00:18   34   ----a-w   c:\program files\fonts.bat
2000-08-09 00:17   0   ----a-w   c:\program files\STPENUX.DLL
2000-08-09 00:17   0   ----a-w   c:\program files\EBUSetup.sem
2000-08-08 10:13   2,695,213   ----a-w   c:\program files\age2_x1.exe
2000-08-07 10:11   20,992   ----a-w   c:\program files\mythxpak.exe
2000-06-28 10:00   44,452   ----a-w   c:\program files\Readmex.rtf
2000-06-13 10:09   339,968   ----a-w   c:\program files\language_x1.dll
2000-06-13 09:59   53,299   ----a-w   c:\program files\ebueulax.dll
2000-05-27 10:58   39,647   ----a-w   c:\program files\EULAx.RTF
2000-04-01 07:47   301,568   ----a-w   c:\program files\myth.acm
1999-11-17 22:00   32,768   ----a-w   c:\program files\SETUPENU.DLL
1999-09-22 12:32   57,363   ----a-w   c:\program files\Readme.rtf
1999-09-22 12:32   53,304   ----a-w   c:\program files\EBUEula.dll
1999-09-22 12:32   499,712   ----a-w   c:\program files\language.dll
1999-09-22 12:32   40,507   ----a-w   c:\program files\EULA.RTF
1999-09-22 12:32   365,568   ----a-w   c:\program files\HA312W32.DLL
1999-09-22 12:32   158,902   ----a-w   c:\program files\scenariobkg.bmp
1999-09-22 12:32   112,688   ----a-w   c:\program files\SHW32.DLL
1999-09-22 03:46   2,560,000   ----a-w   c:\program files\empires2.exe
2007-06-13 22:07   6,276,080   ----a-w   c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-15 68856]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-08-08 148760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SkyTel"="SkyTel.EXE" [2008-02-25 c:\windows\SkyTel.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
"nwiz"="nwiz.exe" [2007-11-06 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-25 c:\windows\RTHDCPL.exe]

c:\documents and settings\Jimmy George\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-05-30 624416]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-02-08 147456]
MEMonitor.lnk - c:\program files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2008-06-19 947544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\renji_taicho\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-02-26 24652]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-02-23 30720]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-11-09 40832]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f627f16-158a-11dd-a61d-001d60272211}]
\Shell\AutoRun\command - I:\LaunchU3.exe
.
.
------- Supplementary Scan -------
.
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jimmy George\Application Data\Mozilla\Firefox\Profiles\5lrhd2kh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 19:57:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-02-15 20:00:47 - machine was rebooted [Jimmy George]
ComboFix-quarantined-files.txt  2009-02-16 04:00:45
ComboFix2.txt  2009-02-16 02:48:56

Pre-Run: 375,805,448,192 bytes free
Post-Run: 375,782,617,088 bytes free

222   --- E O F ---   2008-12-11 07:35:37

[evilfantasy]

How is the computer is running now?