Internet Explorer has virus, I think. Keeps reappearing even after I delete it

[gona87]

Hey everyone, I've got a bunch of problems.

A few months ago, internet explorer seemed to have a virus- when I did a google search, the results were all spam and porn. I deleted internet explorer using the add/remove software feature. (I now know this didn't get rid of it, read on please). It seemed to work and everything was fine.

So, now I use firefox. But a few days ago, advertisements started playing on my computer but just the sound. Every few minutes a new ad would play but I wouldn't see anything! I saw in the processes section of task manager that internet explorer was active on the computer despite being open. I then went to Add/Remove Windows Components and got rid of internet explorer again, seemingly for good. But no, it's back doing the same stuff.

I've been ending iexplorer.exe processes on the task manager (only for it to reappear again in about one minute), but also explorer.exe programs but is that the same thing? Just one of many questions.

And when I just restarted the computer, Firefox's google results were all spam as well! I ran something called Security Task Manager and it said some Java software running through internet was the highest risk, so I deleted it and supposedly permanently got rid of iexplorer.exe...again. So far, so good, as firefox's google search works again. WAIT, spoke too soon. Internet explorer is back in the system processes. I can hear it make those page loading clicks it makes, despite it not being open or me opening any pages on it.

I'm an unsure if this is related, but this past week when I start up my computer, THREE things pop up right when it turns on, and I have to click OK to get rid of them. They say the following:

The instruction at "0x636e331e" referenced memory at "0x0112c070." The memory could not be read.
The instruction at "0x636e331e" referenced memory at "0x00fac070." The memory could not be read.
The instruction at "0x636e1926" referenced memory at "0x63708e08." The memory could not be written.

Please help me, thanks!

[harry 48]

http://www.computerhope.com/forum/index.php/topic,46313.0.html

go to above post the 3 logs and an expert will see them , harry

[gona87]

Where do I post the logs? I can't reply to that thread.

[Quantos]

Post them here, that'll be perfect.

[gona87]

I'm sorry but SuperAntiSpyware and Malwarebytes do not function properly on my computer. This may have something to do with the apparent virus on my computer. I've never had problems like this before. The only log that worked is Hijack this. I'm not sure if this will be enough but here it is:

DDS.txt log below:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Billy at 21:35:37.25 on Fri 06/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.243 [GMT -7:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Billy\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {b7f907ee-0a1b-43b8-a611-b429a184ad6b} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191260223699
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\billy\applic~1\mozilla\firefox\profiles\waucp2wg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-21 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-6-21 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-6-21 39200]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-9-23 160792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-6-21 159600]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2007-10-1 16384]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-6-21 33056]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2007-10-1 57216]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-4-24 24652]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-6-21 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-8-9 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-8-9 1095560]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2009-06-26 20:58 <DIR> --d----- c:\program files\CCleaner
2009-06-24 00:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-06-24 00:41 <DIR> --d----- c:\program files\Security Task Manager
2009-06-22 14:56 <DIR> --d----- C:\spoolerlogs
2009-06-21 01:42 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-06-21 01:42 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-06-21 01:42 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-06-21 01:42 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-06-21 01:40 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-21 01:39 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-21 01:39 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-21 01:39 64,392 a------- c:\windows\system32\drivers\pctplsg.sys

==================== Find3M ====================

2009-05-26 21:58 9,634,304 a------- C:\iaplayer_2.71.14.0211-esd.exe
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 21:37:47.60 ===============

[harry 48]

Try the renamer download for Malwarbytes.

http://kixhelp.com/wr/files/mb/randmbam.exe

The randmbam.exe will try to create random names and shortcuts for Malwarebytes Anti Malware (MBAM) if you have it installed already.

If it installs then use this link to download the updates.

Download Malwarebytes' Anti-Malware Database - GT500.org

Just download it to the desktop and run the exe then run Malwarebytes Mbam   renamer


i do not have a fix for sas , harry

[gona87]

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/18/2009 2:16:28 PM
mbam-log-2009-07-18 (14-16-28).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 125588
Time elapsed: 29 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhces8j0ecbr (Rogue.AntiVirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhces8j0ecbr (Rogue.AntiVirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

[harry 48]

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:
•ViewMgr.exe - Useless

•Viewpoint to Plunge Into Adware
It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
•Viewpoint

•Viewpoint Manager

•Viewpoint Media Player

•Viewpoint Toolbar

•Viewpoint Experience Technology

[gona87]

Thanks a lot, I had Viewpoint Manager installed so I removed the program. It got rid of the popup that always appeared immediately when I restarted the computer that said "Viewpoint Mgr has encountered a problem and needs to close"

However, iexplorer.exe is still running and taking up a lot of space, and I still hear it clicking- the noise it makes when internet is loading and/or reloading a page. Any suggestions?

[harry 48]

I'm an unsure if this is related, but this past week when I start up my computer, THREE things pop up right when it turns on, and I have to click OK to get rid of them. They say the following:

The instruction at "0x636e331e" referenced memory at "0x0112c070." The memory could not be read.
The instruction at "0x636e331e" referenced memory at "0x00fac070." The memory could not be read.
The instruction at "0x636e1926" referenced memory at "0x63708e08." The memory could not be written.


http://www.computerhope.com/forum/index.php/board,1.0.html


go to above and post this and about the sound , it seems more for this forum

[evilfantasy]

Run DDS again and post both logs please.

[gona87]

Just restarted my computer and now Hijack This will not run.

[evilfantasy]

Download ComboFix from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop.

Link 1
Link 2
Link 3

Rename ComboFix to Combo-Fix before saving it to the desktop.





Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

[gona87]

Here is my combo-fix log:

ComboFix 09-07-14.08 - Billy 07/18/2009 19:09.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.502.326 [GMT -7:00]
Running from: c:\documents and settings\Billy\Desktop\Combo-Fix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACxorlgjqxiegwvvbbm.sys
c:\windows\system32\UAChuowxjsnucgbamgnt.dat
c:\windows\system32\UACidhxpqfpqkaaqfmex.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjekrysmcimqsfktwx.log
c:\windows\system32\UACjvxuugjdtweesclvi.dll
c:\windows\system32\UACkbyttopnlpwqwxjqs.log
c:\windows\system32\UACqdtfqlulqijuacqhe.log
c:\windows\system32\UACtcvghldpwfkrkihch.dll
c:\windows\system32\UACunsvnpwakpmhbqltg.dll
c:\windows\system32\UACxjnkenxxfaakerqum.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


(((((((((((((((((((((((((   Files Created from 2009-06-19 to 2009-07-19  )))))))))))))))))))))))))))))))
.

2009-07-18 21:21 . 2009-07-18 21:21   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-07-18 21:21 . 2009-07-18 21:21   --------   d-----w-   c:\documents and settings\Billy\Application Data\SUPERAntiSpyware.com
2009-07-18 21:20 . 2009-07-18 21:20   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-07-18 20:30 . 2009-07-18 20:30   --------   d-----w-   c:\documents and settings\Billy\Application Data\Malwarebytes
2009-07-17 00:55 . 2009-07-13 20:36   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 00:55 . 2009-07-17 00:55   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-17 00:55 . 2009-07-18 20:30   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-07-17 00:55 . 2009-07-13 20:36   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-29 05:09 . 2009-06-29 05:09   --------   d-----w-   c:\documents and settings\Billy\Application Data\Uniblue
2009-06-27 03:58 . 2009-06-27 03:58   --------   d-----w-   c:\program files\CCleaner
2009-06-27 03:51 . 2009-06-27 03:51   --------   d-----w-   c:\documents and settings\Billy\Local Settings\Application Data\torrents.to
2009-06-24 07:41 . 2009-06-29 05:05   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\SecTaskMan
2009-06-24 07:41 . 2009-06-29 05:05   --------   d-----w-   c:\program files\Security Task Manager
2009-06-22 21:56 . 2009-06-22 21:56   --------   d-----w-   C:\spoolerlogs
2009-06-21 08:42 . 2009-03-31 18:23   39200   ----a-w-   c:\windows\system32\drivers\TfSysMon.sys
2009-06-21 08:42 . 2009-03-31 18:23   33056   ----a-w-   c:\windows\system32\drivers\TfNetMon.sys
2009-06-21 08:42 . 2009-03-31 18:23   12576   ----a-w-   c:\windows\system32\drivers\TfKbMon.sys
2009-06-21 08:42 . 2009-03-31 18:23   51488   ----a-w-   c:\windows\system32\drivers\TfFsMon.sys
2009-06-21 08:40 . 2008-12-11 15:38   159600   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2009-06-21 08:39 . 2009-04-03 18:18   130936   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2009-06-21 08:39 . 2008-12-18 19:16   73840   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-21 08:39 . 2008-12-10 18:36   64392   ----a-w-   c:\windows\system32\drivers\pctplsg.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 21:45 . 2008-04-24 22:58   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
2009-06-27 04:27 . 2008-08-10 05:17   --------   d---a-w-   c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-06-27 04:26 . 2008-08-10 05:17   --------   d-----w-   c:\program files\Spyware Doctor
2009-06-27 03:53 . 2008-06-02 02:04   --------   d-----w-   c:\program files\Conduit
2009-06-27 03:53 . 2008-06-02 02:04   --------   d-----w-   c:\program files\torrents.to
2009-06-21 08:40 . 2008-08-10 23:18   --------   d-----w-   c:\program files\Common Files\PC Tools
2009-06-17 19:06 . 2007-10-01 18:25   20216   ----a-w-   c:\documents and settings\Billy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 14:36 . 2006-02-28 12:00   81920   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-06-11 21:44 . 2009-06-11 21:44   1878984   ----a-w-   c:\documents and settings\Billy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-03 19:09 . 2006-02-28 12:00   1291264   ----a-w-   c:\windows\system32\quartz.dll
2009-06-02 17:12 . 2009-06-02 17:12   390664   ----a-w-   c:\documents and settings\Billy\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-27 04:59 . 2009-05-27 04:52   --------   d-----w-   c:\program files\PCFriendly
2009-05-27 04:59 . 2009-05-27 04:58   --------   d-----w-   c:\program files\InterActual
2009-05-27 04:58 . 2009-05-27 04:57   9634304   ----a-w-   C:\iaplayer_2.71.14.0211-esd.exe
2009-05-07 15:32 . 2006-02-28 12:00   345600   ----a-w-   c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-02-28 12:00   827392   ----a-w-   c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2006-02-28 12:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-06-13 07:44 . 2008-12-06 16:45   134648   ----a-w-   c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-15 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-1 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/21/2009 1:39 AM 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [6/21/2009 1:42 AM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [6/21/2009 1:42 AM 39200]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [9/23/2008 10:45 AM 160792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/21/2009 1:40 AM 159600]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [10/1/2007 9:48 AM 16384]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [10/1/2007 9:55 AM 57216]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/21/2009 1:39 AM 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/9/2008 10:17 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [6/21/2009 1:42 AM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
- - - - ORPHANS REMOVED - - - -

BHO-{b7f907ee-0a1b-43b8-a611-b429a184ad6b} - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\docume~1\Billy\APPLIC~1\Mozilla\Firefox\Profiles\waucp2wg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 19:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1252)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1308)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Completion time: 2009-07-19 19:16
ComboFix-quarantined-files.txt  2009-07-19 02:16

Pre-Run: 26,917,011,456 bytes free
Post-Run: 26,976,337,920 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

167   --- E O F ---   2009-07-18 19:13

[evilfantasy]

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

• ViewMgr.exe - Useless
  
• Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  
• Viewpoint Experience Technology

.
----------

How is the computer running now?