[limpincat]

I have been reading about the other fixes for the iexplore.exe virus problem, but when I went to start my computer in safe mode, it just restarted, every time i selected safe mode, it would just restart and ask me again. Your help would be greatly appreciated.

here is the HijackThis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:44 PM, on 4/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PCCTLCOM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TMPFW.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://advisorcompass.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {c5991f80-9a0c-49ee-9b2a-1847007b2e2e} - C:\WINDOWS\system32\gasipuwi.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [844ca7b9] rundll32.exe "C:\WINDOWS\system32\hanaveje.dll",b
O4 - HKLM\..\Run: [viwihiyiya] Rundll32.exe "C:\WINDOWS\system32\yuzorapi.dll",s
O4 - HKLM\..\Run: [CPM877f9425] Rundll32.exe "c:\windows\system32\dunulaju.dll",a
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [viwihiyiya] Rundll32.exe "C:\WINDOWS\system32\yuzorapi.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [viwihiyiya] Rundll32.exe "C:\WINDOWS\system32\yuzorapi.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.ez-data.com
O15 - Trusted Zone: *.ez-data.com/java/index.htm
O15 - Trusted Zone: *.ezdata.com
O15 - Trusted Zone: *.smartofficeonline.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} (SOConfig6 Class) - https://ampf.ez-data.com/java/downloads/SOConfig6.cab
O16 - DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} (SmartBridge6 Class) - https://ampf.ez-data.com/java/downlo...fficeLink6.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.advisorcompass.com/dwa7W.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\barunehi.dll c:\windows\system32\dunulaju.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dunulaju.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dunulaju.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[evilfantasy]

We need the scans from this post > http://www.computer-juice.com/forums...-posting-7476/

You can run them all in Normal Mode and Safe Mode will only be needed if specifically requested.

[limpincat]

Ok, I did the scans requested.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/15/2009 at 06:51 PM

Application Version : 4.26.1000

Core Rules Database Version : 3845
Trace Rules Database Version: 1800

Scan type : Complete Scan
Total Scan Time : 00:46:52

Memory items scanned : 393
Memory threats detected : 2
Registry items scanned : 5674
Registry threats detected : 20
File items scanned : 20628
File threats detected : 213

Adware.Vundo/Variant-SR
C:\WINDOWS\SYSTEM32\DAREKOVE.DLL
C:\WINDOWS\SYSTEM32\DAREKOVE.DLL

Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\FIBUFETI.DLL
C:\WINDOWS\SYSTEM32\FIBUFETI.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad#SSODL
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}

Adware.Vundo/Variant-EmpiaA
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{c5991f80-9a0c-49ee-9b2a-1847007b2e2e}
HKCR\CLSID\{C5991F80-9A0C-49EE-9B2A-1847007B2E2E}
HKCR\CLSID\{C5991F80-9A0C-49EE-9B2A-1847007B2E2E}\InprocServer32
HKCR\CLSID\{C5991F80-9A0C-49EE-9B2A-1847007B2E2E}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PIBUJUDO.DLL
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{C5991F80-9A0C-49EE-9B2A-1847007B2E2E}
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C5991F80-9A0C-49EE-9B2A-1847007B2E2E}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{C5991F80-9A0C-49EE-9B2A-1847007B2E2E}
C:\WINDOWS\SYSTEM32\DIWEVARI.DLL
C:\WINDOWS\SYSTEM32\GILETISA.DLL
C:\WINDOWS\SYSTEM32\HATEFEBA.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Master\Cookies\master@yadro[1].txt
C:\Documents and Settings\Master\Cookies\master@media.adrevolver[1].txt
C:\Documents and Settings\Master\Cookies\master@enhance[2].txt
C:\Documents and Settings\Master\Cookies\master@mediaplex[2].txt
C:\Documents and Settings\Master\Cookies\master@specificmedia[2].txt
C:\Documents and Settings\Master\Cookies\master@stopzilla[2].txt
C:\Documents and Settings\Master\Cookies\master@19452074[2].txt
C:\Documents and Settings\Master\Cookies\master@wikiporno[1].txt
C:\Documents and Settings\Master\Cookies\master@fastclick[2].txt
C:\Documents and Settings\Master\Cookies\master@ad2.doublepimp[3].txt
C:\Documents and Settings\Master\Cookies\master@specificclick[2].txt
C:\Documents and Settings\Master\Cookies\master@statse.webtrendsliv e[2].txt
C:\Documents and Settings\Master\Cookies\master@rcci.122.2o7[1].txt
C:\Documents and Settings\Master\Cookies\master@apmebf[1].txt
C:\Documents and Settings\Master\Cookies\master@revsci[1].txt
C:\Documents and Settings\Master\Cookies\master@serving-sys[2].txt
C:\Documents and Settings\Master\Cookies\master@www.shopica[1].txt
C:\Documents and Settings\Master\Cookies\master@adrevolver[2].txt
C:\Documents and Settings\Master\Cookies\master@mediatraffic[2].txt
C:\Documents and Settings\Master\Cookies\master@advertising[1].txt
C:\Documents and Settings\Master\Cookies\master@server.iad.livepers on[2].txt
C:\Documents and Settings\Master\Cookies\master@www.stopzilla[1].txt
C:\Documents and Settings\Master\Cookies\master@redirectclicks[1].txt
C:\Documents and Settings\Master\Cookies\master@interclick[1].txt
C:\Documents and Settings\Master\Cookies\master@247realmedia[2].txt
C:\Documents and Settings\Master\Cookies\master@bs.serving-sys[2].txt
C:\Documents and Settings\Master\Cookies\master@www.tracklead[1].txt
C:\Documents and Settings\Master\Cookies\master@roiservice[1].txt
C:\Documents and Settings\Master\Cookies\master@doubleclick[1].txt
C:\Documents and Settings\Master\Cookies\master@at.atwola[1].txt
C:\Documents and Settings\Master\Cookies\master@atdmt[3].txt
C:\Documents and Settings\Master\Cookies\master@ad.yieldmanager[2].txt
.tribalfusion.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.atdmt.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.atdmt.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.doubleclick.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.doubleclick.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.revsci.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.kontera.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.kontera.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.apmebf.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.avgtechnologies.112.2o7.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.specificclick.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.at.atwola.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.at.atwola.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.at.atwola.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
www.burstnet.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.chitika.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.xiti.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.microsoftwindows.112.2o7.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.media6degrees.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.media6degrees.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.media6degrees.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.media6degrees.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.media6degrees.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.media6degrees.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.iacas.adbureau.net [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.specificmedia.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.specificmedia.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
flagcounter.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.kanoodle.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.nextag.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.nextag.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.content.yieldmanager.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.media.medhelp.org [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.interclick.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.interclick.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.a1.interclick.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.dmtracker.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.banners.exitexchange.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.banners.exitexchange.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.adinterax.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.adinterax.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
banners.jumponmarkslist.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
tracking.hearthstoneonline.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.adiscountbeauty.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
.adiscountbeauty.com [ C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\coo kies.txt ]
C:\Documents and Settings\Master\Cookies\master@microsoftwindows.11 2.2o7[1].txt
C:\Documents and Settings\Master\Cookies\master@richmedia.yahoo[1].txt
C:\Documents and Settings\Master\Cookies\master@adinterax[2].txt
C:\Documents and Settings\Master\Cookies\master@atwola[1].txt
C:\Documents and Settings\Master\Cookies\master@iacas.adbureau[1].txt
C:\Documents and Settings\Master\Cookies\master@media6degrees[1].txt
C:\Documents and Settings\Master\Cookies\master@ameriprisestats[2].txt
C:\Documents and Settings\Master\Cookies\master@ameriprisestats[1].txt
C:\Documents and Settings\Master\Cookies\master@hardsextube[2].txt
C:\Documents and Settings\Master\Cookies\master@ad2.doublepimp[1].txt
C:\Documents and Settings\Master\Cookies\master@accounts[1].txt
C:\Documents and Settings\Master\Cookies\master@edge.ru4[1].txt
C:\Documents and Settings\Master\Cookies\master@adserver.adtechus[2].txt
C:\Documents and Settings\Master\Local Settings\Temp\Cookies\master@at.atwola[1].txt
.ads.pointroll.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
ad.interclick.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
ad.interclick.com [ C:\Documents and Settings\Visitors\Application Data\Mozilla\Firefox\Profiles\tegyz61c.default\coo kies.txt ]
C:\Documents and Settings\Visitors\Cookies\visitors@find.intelius[1].txt
C:\Documents and Settings\Visitors\Cookies\visitors@adecn[1].txt
C:\Documents and Settings\Visitors\Cookies\visitors@atwola[1].txt

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\contim
HKLM\SOFTWARE\Microsoft\contim#SysShell
HKLM\SOFTWARE\Microsoft\rdfa
HKLM\SOFTWARE\Microsoft\rdfa#F
HKLM\SOFTWARE\Microsoft\rdfa#N

Rogue.Component/Trace
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\FIAS4057

Adware.Vundo/Variant-Empia
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1045\A0110645.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1045\A0110646.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP1045\A0110647.DLL

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\WOLUSIWU.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\3Q7FCX8V\folder[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\1JF7TTSI\error_detected[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\3Q7FCX8V\disk2[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\290FU565\i2[2].jpg
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\CB972UN5\l_bg3[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JK185M0L\w_bg[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\251IVQL4\i4[2].jpg
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\QPDUV6PW\jquery[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\B2OV3XCX\sg1[2].css
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JK185M0L\progressbar_green[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JOAQ1609\progressbar[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\290FU565\i3[2].jpg
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\251IVQL4\i1[1].jpg
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JOAQ1609\banner2[1].jpg
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\N20NWX98\i6000000[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\B2OV3XCX\142[1].htm
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\Z2ORJ5CT\w_top[2].jpg
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\251IVQL4\140[1].htm
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\3Q7FCX8V\box_top_[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\1JF7TTSI\box_top_bg[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\1JF7TTSI\l.s.bg2z[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JK185M0L\down[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\B2OV3XCX\i1000000[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\Z2ORJ5CT\i6[1].jpg
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\OXWRSZC3\disk1[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\QPDUV6PW\indexsg[1].htm
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JOAQ1609\i7000000[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\B2OV3XCX\jquery[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JOAQ1609\142[1].htm
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\B2OV3XCX\input[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\CB972UN5\closebutton[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JOAQ1609\jquery-init[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JOAQ1609\shit2[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\1JF7TTSI\i3000000[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\QPDUV6PW\common[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\1JF7TTSI\fileslist[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\N20NWX98\rght[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JK185M0L\config[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\CB972UN5\page_progressbar[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JK185M0L\flist[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\3Q7FCX8V\inf20000[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\B2OV3XCX\alert[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\JOAQ1609\init[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\B2OV3XCX\closebutton[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\N20NWX98\indexsg[1].htm
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\QPDUV6PW\dvd[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\CB972UN5\styles[2].css
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\1JF7TTSI\engine[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\QPDUV6PW\crypt[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\1JF7TTSI\5[1].htm
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\QPDUV6PW\i2000000[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\N20NWX98\hrline[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\CB972UN5\i4000000[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\QPDUV6PW\l.s.bg1z[1].gif
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\3Q7FCX8V\progressbar[2].js
C:\Documents and Settings\Master\Local Settings\Temporary Internet Files\Content.IE5\CB972UN5\bg[1].gif


Malwarebytes' Anti-Malware 1.36
Database version: 1987
Windows 5.1.2600 Service Pack 2

4/15/2009 9:24:21 PM
mbam-log-2009-04-15 (21-24-21).txt

Scan type: Quick Scan
Objects scanned: 103202
Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\844ca7b9 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\viwihiyiya (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpm877f9425 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:28 PM, on 4/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://advisorcompass.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [viwihiyiya] Rundll32.exe "C:\WINDOWS\system32\darekove.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [viwihiyiya] Rundll32.exe "C:\WINDOWS\system32\darekove.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.ez-data.com
O15 - Trusted Zone: *.ez-data.com/java/index.htm
O15 - Trusted Zone: *.ezdata.com
O15 - Trusted Zone: *.smartofficeonline.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} (SOConfig6 Class) - https://ampf.ez-data.com/java/downloads/SOConfig6.cab
O16 - DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} (SmartBridge6 Class) - https://ampf.ez-data.com/java/downlo...fficeLink6.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.advisorcompass.com/dwa7W.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\giletisa.dll c:\windows\system32\fibufeti.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\WMP11 Config Utility\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6319 bytes


I'd like to add that my computer wont start in safe mode.
Thank You for your help.

[evilfantasy]

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[limpincat]

ComboFix 09-04-16.04 - Master 04/16/2009 12:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.553 [GMT -4:00]
Running from: c:\documents and settings\Master\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\system32\abefetah.ini
c:\windows\system32\ejevanah.ini
c:\windows\system32\femivowa.exe
c:\windows\system32\gulafage.exe
c:\windows\system32\migukaho.exe
c:\windows\system32\omemaliw.ini
c:\windows\system32\togipuvi.exe
c:\windows\system32\yitafawi.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\documents and settings\Master\Application Data\Malwarebytes
2009-04-16 01:10 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-16 01:10 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\documents and settings\Master\Application Data\SUPERAntiSpyware.com
2009-04-15 01:46 . 2009-04-15 01:46 -------- d-----w c:\documents and settings\Master\Application Data\U3
2009-04-15 00:27 . 2009-04-16 12:16 -------- d--h--w C:\$AVG8.VAULT$
2009-04-15 00:25 . 2009-04-15 00:25 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-15 00:25 . 2009-04-15 00:25 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-15 00:25 . 2009-04-15 00:25 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-15 00:24 . 2009-04-15 20:56 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-15 00:24 . 2009-04-15 22:03 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-14 00:10 . 2009-04-14 00:20 -------- d-----w C:\SDFix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-15 21:13 . 2008-10-21 03:45 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-15 00:24 . 2009-04-15 00:24 -------- d-----w c:\program files\AVG
2009-04-13 23:59 . 2005-07-09 23:28 -------- d-----w c:\program files\Trend Micro
2009-04-11 00:19 . 2009-01-11 00:19 63488 --sha-w c:\windows\system32\hosuriru.exe
2009-04-11 00:19 . 2009-01-11 00:19 63488 --sha-w c:\windows\system32\hosuriru.exe
2009-03-24 19:35 . 2005-06-22 19:35 1744 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-22 04:43 . 2005-06-21 21:21 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-12 16:41 . 2005-07-09 03:35 -------- d-----w c:\documents and settings\Master\Application Data\dvdcss
2008-12-01 14:59 . 2007-05-09 05:16 81920 ----a-w c:\documents and settings\Master\Application Data\ezpinst.exe
2008-12-01 14:59 . 2007-05-09 05:16 47360 ----a-w c:\documents and settings\Master\Application Data\pcouffin.sys
2008-11-12 21:46 . 2005-06-17 04:27 49448 ----a-w c:\documents and settings\Master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-07-15 19:22 . 2005-07-15 19:22 129 ----a-w c:\documents and settings\Master\Local Settings\Application Data\fusioncache.dat
2001-12-15 02:56 . 2001-12-15 02:56 17408 --sha-w c:\program files\Thumbs.db
2008-11-18 17:2008-11-18 17:56 56:57 . c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-18 17:2008-11-18 17:56 56:57 . c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-09-12 15:2007-12-11 23:46 19:00 . c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 15:2007-12-11 23:46 22:00 . c:\program files\mozilla firefox\plugins\unicows.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\jar50.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\myspell.dll
2009-01-28 08:2009-01-26 22:14 20:41 . c:\program files\mozilla firefox\components\spellchk.dll
2009-01-28 08:2009-01-26 22:14 20:42 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-15 1932568]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-15 00:25 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 23:46 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= sonymjpg.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Real-time Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Real-time Monitor.lnk
backup=c:\windows\pss\Real-time Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk
backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless-B PCI Adapter Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless-B PCI Adapter Utility.lnk
backup=c:\windows\pss\Wireless-B PCI Adapter Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Master^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Master\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Master^Start Menu^Programs^Startup^Invisible IRC Proxy.lnk]
path=c:\documents and settings\Master\Start Menu\Programs\Startup\Invisible IRC Proxy.lnk
backup=c:\windows\pss\Invisible IRC Proxy.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Master^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Master\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Master^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Master\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2003-07-29 17:44 61440 ----a-w c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 ------w c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2005-02-15 22:10 57344 ------w c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
2003-02-22 22:44 266311 ----a-w c:\program files\AIM\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2004-07-07 11:44 1409136 ------w c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-24 10:24 282624 ----a-w c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 23:42 32768 ----a-w c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-03-04 07:36 36975 ----a-w c:\program files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-06-24 00:37 180269 ----a-w c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2005-10-24 20:53 307200 ----a-w c:\program files\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2007-11-13 20:48 3411968 ----a-w c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2001-04-26 19:02 2220 ----a-w c:\program files\support.com\client\lserver\Server.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2005-06-18 06:01 16384 ----a-w c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"59334:UDP"= 59334:UDP:utorrent
"59334:TCP"= 59334:TCP:utorrent

R2 LMIInfo;LogMeIn Kernel Information Provider; [x]
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
R3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2004-01-19 6828]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\DRIVERS\LSIPNDS.sys [2003-07-10 96256]
R3 KORG_1394;KORG_1394;c:\windows\system32\Drivers\KO RG_1394.sys [2006-11-17 114176]
R3 KORG_avs;KORG_avs;c:\windows\system32\Drivers\KORG _avs.sys [2006-11-17 28672]
R3 MADFU;MADFU;c:\windows\system32\DRIVERS\MADFUXP.sy s [2007-04-12 16512]
R3 MAUSBXP;Service for M-Audio Xponent (WDM); [x]
R3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\Drivers\SMBE.SYS [2001-09-22 593000]
R3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2007-11-14 20168]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-15 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-15 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-15 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-15 298264]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [2007-08-03 46112]
S2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\Drivers\SonyFKC.sys [2001-12-06 12032]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{20b41e90-34fb-11dd-8a15-0080c6ee4658}]
\Shell\AutoRun\command - i:\system\DriveGuard\DriveProtect.exe -run
\Shell\Explore\Command - i:\system\DriveGuard\DriveProtect.exe -run
\Shell\Open\Command - i:\system\DriveGuard\DriveProtect.exe -run
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AIMWDInstallFilename - c:\progra~1\AIM\AIMWDI~1.EXE
MSConfigStartUp-CleanupProgram - c:\sonysys\cleanup.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-M-Audio Taskbar Icon - c:\windows\System32\M-AudioTaskBarIcon.exe
MSConfigStartUp-Motive SmartBridge - c:\progra~1\VERIZO~1\SMARTB~1\MotiveSB.exe
MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\GameDrvr.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://advisorcompass.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ez-data.com
Trusted Zone: ez-data.com/java/index.htm
Trusted Zone: ezdata.com
Trusted Zone: smartofficeonline.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} - hxxps://ampf.ez-data.com/java/downloads/SOConfig6.cab
DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} - hxxps://ampf.ez-data.com/java/downloads/SmartOfficeLink6.cab
FF - ProfilePath - c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\ext ensions\moveplayer@movenetworks.com\platform\WINNT _x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 12:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3F D-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\fibufeti.dll"
"ThreadingModel"="Both"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2016)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
************************************************** ************************
.
Completion time: 2009-04-16 12:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-16 16:35

Pre-Run: 2,688,344,064 bytes free
Post-Run: 3,620,024,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

276 --- E O F --- 2008-12-17 22:44

[evilfantasy]

Getting closer. I need these two logs then we will run a new fix and hopefully be done.

Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[limpincat]

1) DDS (Ver_09-03-16.01) - NTFSx86
Run by Master at 17:31:51.50 on Thu 04/16/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.670 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Master\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://advisorcompass.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: http://www.sony.com/vaiopeople: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: ez-data.com
Trusted Zone: ez-data.com/java/index.htm
Trusted Zone: ezdata.com
Trusted Zone: smartofficeonline.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} - hxxps://ampf.ez-data.com/java/downloads/SOConfig6.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} - hxxps://ampf.ez-data.com/java/downloads/SmartOfficeLink6.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail.advisorcompass.com/dwa7W.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\master\applic~1\mozilla\firefox\profil es\vfh5z0zn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-14 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-14 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-14 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-14 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-14 298264]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [2007-12-11 46112]
R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [2001-12-14 12032]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2001-12-14 54271]
S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2005-9-19 6828]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\lsipnds.sys --> c:\windows\system32\drivers\LSIPNDS.sys [?]
S3 KORG_1394;KORG_1394;c:\windows\system32\drivers\KO RG_1394.sys [2008-5-27 114176]
S3 KORG_avs;KORG_avs;c:\windows\system32\drivers\KORG _avs.sys [2008-5-27 28672]
S3 MADFU;MADFU;c:\windows\system32\drivers\MADFUXP.sy s [2008-4-21 16512]
S3 MAUSBXP;Service for M-Audio Xponent (WDM);c:\windows\system32\drivers\mausbxp.sys --> c:\windows\system32\drivers\mausbxp.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2001-12-14 593000]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2008-5-9 20168]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-04-16 13:09 <DIR> --d----- c:\program files\CCleaner
2009-04-16 12:23 <DIR> a-dshr-- C:\cmdcons
2009-04-16 12:22 161,792 a------- c:\windows\SWREG.exe
2009-04-16 12:22 98,816 a------- c:\windows\sed.exe
2009-04-15 21:10 <DIR> --d----- c:\docume~1\master\applic~1\Malwarebytes
2009-04-15 21:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-15 21:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 21:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-15 21:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-15 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-15 17:13 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-15 17:13 <DIR> --d----- c:\docume~1\master\applic~1\SUPERAntiSpyware.com
2009-04-14 20:27 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-14 20:25 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-14 20:25 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-14 20:25 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-14 20:24 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-14 20:24 <DIR> --d----- c:\program files\AVG
2009-04-14 20:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-13 20:10 <DIR> --d----- C:\SDFix

==================== Find3M ====================

2009-04-10 20:19 63,488 a--sh--- c:\windows\system32\hosuriru.exe
2009-03-24 15:35 1,744 a------- c:\windows\system32\d3d9caps.dat
2008-12-01 10:59 81,920 a------- c:\docume~1\master\applic~1\ezpinst.exe
2008-12-01 10:59 47,360 a------- c:\docume~1\master\applic~1\pcouffin.sys
2001-12-14 22:56 17,408 a--sh--- c:\program files\Thumbs.db

============= FINISH: 17:32:39.20 ===============

2) UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2005 11:58:35 PM
System Uptime: 4/16/2009 5:26:31 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4B266LM
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | mPGA 478 | 1816/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 24 GiB total, 5.267 GiB free.
D: is FIXED (NTFS) - 209 GiB total, 116.56 GiB free.
E: is Removable
F: is CDROM ()
G: is CDROM ()
H: is FIXED (NTFS) - 153 GiB total, 144.535 GiB free.
J: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80EA104D&REV_10\4&135 1887D&0&68F0
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80EA104D&REV_10\4&135 1887D&0&68F0
Service: rtl8139

==== System Restore Points ===================

RP1020: 3/21/2009 5:53:48 AM - System Checkpoint
RP1021: 3/22/2009 6:53:47 AM - System Checkpoint
RP1022: 3/23/2009 5:31:27 PM - System Checkpoint
RP1023: 3/24/2009 5:49:52 PM - System Checkpoint
RP1024: 3/25/2009 6:49:58 PM - System Checkpoint
RP1025: 3/26/2009 7:38:30 PM - System Checkpoint
RP1026: 3/27/2009 7:49:57 PM - System Checkpoint
RP1027: 3/28/2009 8:49:57 PM - System Checkpoint
RP1028: 3/29/2009 9:49:57 PM - System Checkpoint
RP1029: 3/30/2009 10:06:49 PM - System Checkpoint
RP1030: 3/31/2009 10:49:58 PM - System Checkpoint
RP1031: 4/2/2009 12:57:41 AM - System Checkpoint
RP1032: 4/3/2009 1:49:57 AM - System Checkpoint
RP1033: 4/4/2009 2:49:58 AM - System Checkpoint
RP1034: 4/5/2009 3:49:57 AM - System Checkpoint
RP1035: 4/6/2009 4:49:58 AM - System Checkpoint
RP1036: 4/7/2009 5:50:01 AM - System Checkpoint
RP1037: 4/8/2009 6:49:59 AM - System Checkpoint
RP1038: 4/9/2009 7:49:59 AM - System Checkpoint
RP1039: 4/10/2009 8:49:59 AM - System Checkpoint
RP1040: 4/11/2009 9:50:02 AM - System Checkpoint
RP1041: 4/12/2009 10:02:30 AM - System Checkpoint
RP1042: 4/13/2009 11:02:30 AM - System Checkpoint
RP1043: 4/14/2009 11:37:28 AM - System Checkpoint
RP1044: 4/14/2009 8:14:48 PM - Removed Trend Micro PC-cillin Internet Security 2006
RP1045: 4/14/2009 8:24:44 PM - Installed AVG Free 8.5
RP1046: 4/15/2009 5:13:29 PM - Installed SUPERAntiSpyware Free Edition
RP1047: 4/15/2009 6:05:01 PM - Avg8 Update
RP1048: 4/16/2009 12:22:54 PM - ComboFix created restore point
RP1049: 4/16/2009 12:33:57 PM - Avg8 Update
RP1050: 4/16/2009 12:45:14 PM - Removed Ad-Aware
RP1051: 4/16/2009 1:19:29 PM - Removed Verizon Broadband Toolbar
RP1052: 4/16/2009 1:19:55 PM - Removed Verizon Online Consumer DSL 6.1
RP1053: 4/16/2009 1:24:02 PM - Removed StreetSmart Pro
RP1054: 4/16/2009 5:08:41 PM - Removed SDP Downloader
RP1055: 4/16/2009 5:09:34 PM - Removed WinMP3Packer-1.0.13
RP1056: 4/16/2009 5:10:15 PM - Removed Wireless-B PCI Adapter WLAN Monitor

==== Installed Programs ======================

Ableton Live v7.0.2
AC3Filter (remove only)
Adobe Acrobat 5.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements
Adobe Premiere 6 LE
Adobe Premiere Elements 3.0
Adobe Reader 7.0.7
AOL Instant Messenger
Applian FLV Player
Audacity 1.2.6
AVG 8.5
AviSynth 2.5
Calculator Powertoy for Windows XP
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Creative System Information
dBpowerAMP Mp4 Codec
DeadAIM
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVgate
Experience VAIO
ffdshow (remove only)
GraphCalc v4.0.1
GSpot Codec Information Appliance
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
ImageStation
InCD EasyWrite Reader
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic ISO Maker v5.4 (build 0256)
MagicDisc 2.6.93
Malwarebytes' Anti-Malware
MaxBlast 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Minitab 15 English
Motion JPEG Software Decoder
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Music Visualizer Library 1.2
Nero Suite
NVIDIA Windows 2000/XP Display Drivers
OpenMG Secure Module 3.0.01
PowerDVD
QuickTime
RealPlayer
Reason 4.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
SEMC DSS SyncStation Driver
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Smart Capture
SmartOffice Download Manager
SmartOffice Utilities
SonicStage 1.1.00
SonicStage CD-R Writing Module
Sony Certificate PCH
Sony DV Shared Library
Sound Blaster Audigy 4
SUPERAntiSpyware Free Edition
Support Actions Win2K,WinXP
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VAIO Action Setup
VAIO Brezza Wallpaper
VAIO Edit Components
VAIO Grid Wallpaper
VAIO Help & Support
VAIO Registration
VAIO Serenus Wallpaper
VAIO Support
VeohTV BETA
VideoLAN VLC media player 0.8.6a
VobSub v2.23 (Remove Only)
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
XviD MPEG-4 Video Codec

==== Event Viewer Messages From Past Week ========

4/16/2009 12:19:23 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/16/2009 12:19:20 PM, error: Service Control Manager [7034] - The AVG Free8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
4/15/2009 4:57:14 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).
4/15/2009 4:55:05 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/15/2009 4:54:46 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
4/14/2009 8:23:02 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 10.231.119.216. The machine with the IP address 10.231.115.84 did not allow the name to be claimed by this machine.
4/14/2009 8:16:03 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
4/14/2009 8:14:48 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DELL-WUC9ISYTZE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6B10A5E4-D23. The master browser is stopping or an election is being forced.
4/14/2009 7:56:50 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6B10A5E4-D23C-4EF4-B382-BB1DB4E7B7FB} because another computer on the network has the same name. The server could not start.
4/14/2009 7:56:38 PM, error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start.
4/14/2009 7:51:12 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
4/13/2009 7:41:44 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.
4/13/2009 7:38:17 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/13/2009 5:44:04 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.2180.

==== End Of File ===========================

[evilfantasy]

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

DDS::
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20b41e90-34fb-11dd-8a15-0080c6ee4658}]

RegLock::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3F  D-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Click Additional Tasks
• Place a check next to Remove Useless JRE Files and click Go
• Exit JavaRa
• Delete the JavaRa files from the Desktop

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

[limpincat]

ComboFix 09-04-17.01 - Master 04/16/2009 18:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.657 [GMT -4:00]
Running from: c:\documents and settings\Master\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Master\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\messenger\msmsgs.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-16 to 2009-04-16 )))))))))))))))))))))))))))))))
.

2009-04-16 22:00 . 2009-04-16 22:01 1374 ----a-w c:\windows\imsins.BAK
2009-04-16 21:56 . 2009-04-16 21:56 -------- d-----w c:\documents and settings\Master\Application Data\Auslogics
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\documents and settings\Master\Application Data\Malwarebytes
2009-04-16 01:10 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-16 01:10 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\documents and settings\Master\Application Data\SUPERAntiSpyware.com
2009-04-15 01:46 . 2009-04-15 01:46 -------- d-----w c:\documents and settings\Master\Application Data\U3
2009-04-15 00:27 . 2009-04-16 12:16 -------- d--h--w C:\$AVG8.VAULT$
2009-04-15 00:25 . 2009-04-15 00:25 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-15 00:25 . 2009-04-15 00:25 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-15 00:25 . 2009-04-15 00:25 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-15 00:24 . 2009-04-16 21:56 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-15 00:24 . 2009-04-15 22:03 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-14 00:10 . 2009-04-14 00:20 -------- d-----w C:\SDFix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-16 21:54 . 2009-04-16 21:54 -------- d-----w c:\program files\Auslogics
2009-04-16 21:09 . 2005-06-21 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-16 21:09 . 2001-12-14 21:09 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-16 21:08 . 2008-05-07 17:06 -------- d-----w c:\program files\Native Instruments
2009-04-16 17:19 . 2006-01-26 00:57 -------- d-----w c:\program files\Common Files\Motive
2009-04-16 17:18 . 2001-12-14 21:11 -------- d-----w c:\program files\Sony
2009-04-16 17:09 . 2009-04-16 17:09 -------- d-----w c:\program files\CCleaner
2009-04-16 16:45 . 2008-10-21 03:45 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-16 01:10 . 2009-04-16 01:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 21:13 . 2009-04-15 21:13 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-15 00:24 . 2009-04-15 00:24 -------- d-----w c:\program files\AVG
2009-04-13 23:59 . 2005-07-09 23:28 -------- d-----w c:\program files\Trend Micro
2009-04-11 00:19 . 2009-01-11 00:19 63488 --sha-w c:\windows\system32\hosuriru.exe
2009-03-24 19:35 . 2005-06-22 19:35 1744 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-22 04:43 . 2005-06-21 21:21 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-12 16:41 . 2005-07-09 03:35 -------- d-----w c:\documents and settings\Master\Application Data\dvdcss
2009-02-09 10:19 . 2001-12-14 19:26 1846272 ----a-w c:\windows\system32\win32k.sys
2008-12-01 14:59 . 2007-05-09 05:16 81920 ----a-w c:\documents and settings\Master\Application Data\ezpinst.exe
2008-12-01 14:59 . 2007-05-09 05:16 47360 ----a-w c:\documents and settings\Master\Application Data\pcouffin.sys
2008-11-12 21:46 . 2005-06-17 04:27 49448 ----a-w c:\documents and settings\Master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-07-15 19:22 . 2005-07-15 19:22 129 ----a-w c:\documents and settings\Master\Local Settings\Application Data\fusioncache.dat
2001-12-15 02:56 . 2001-12-15 02:56 17408 --sha-w c:\program files\Thumbs.db
2008-11-18 17:2008-11-18 17:56 56:57 . c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-11-18 17:2008-11-18 17:56 56:57 . c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-09-12 15:2007-12-11 23:46 19:00 . c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 15:2007-12-11 23:46 22:00 . c:\program files\mozilla firefox\plugins\unicows.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\jar50.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-28 08:2009-01-26 22:14 20:40 . c:\program files\mozilla firefox\components\myspell.dll
2009-01-28 08:2009-01-26 22:14 20:41 . c:\program files\mozilla firefox\components\spellchk.dll
2009-01-28 08:2009-01-26 22:14 20:42 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-16_16.33.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-12-14 20:42 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2009-04-16 22:00 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2009-04-16 22:00 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2009-04-16 22:01 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2009-04-16 22:01 . 2007-11-30 11:18 17272 c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2009-04-16 22:00 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2009-04-16 22:00 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB958690\spmsg.dll
- 2001-12-14 19:25 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2001-12-14 19:25 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2001-12-14 12:30 . 2009-04-16 22:05 223224 c:\windows\system32\FNTCACHE.DAT
- 2001-12-14 12:30 . 2008-11-18 04:44 223224 c:\windows\system32\FNTCACHE.DAT
+ 2001-12-14 19:26 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2006-04-21 06:12 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
+ 2007-04-25 14:21 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
- 2007-04-25 14:21 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-16 22:00 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2009-04-16 22:00 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2009-04-16 22:00 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-02-15 09:06 . 2008-02-15 09:06 351744 c:\windows\$hf_mig$\KB967715\SP2QFE\xpsp3res.dll
+ 2009-04-16 22:01 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2009-04-16 22:01 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2009-04-16 22:01 . 2007-11-30 11:18 231288 c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2008-12-05 06:58 . 2008-12-05 06:58 144896 c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2008-12-05 06:54 . 2008-12-05 06:54 144896 c:\windows\$hf_mig$\KB960225\SP3GDR\schannel.dll
+ 2008-12-05 06:41 . 2008-12-05 06:41 144896 c:\windows\$hf_mig$\KB960225\SP2QFE\schannel.dll
+ 2009-04-16 22:00 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2009-04-16 22:00 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2009-04-16 22:00 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2007-03-08 13:47 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2006-07-13 13:33 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
- 2006-07-13 13:33 . 2007-10-26 03:36 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:04 . 2008-06-17 19:04 8461824 c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\$hf_mig$\KB967715\SP3GDR\shell32.dll
+ 2008-07-03 13:03 . 2008-07-03 13:03 8460800 c:\windows\$hf_mig$\KB967715\SP2QFE\shell32.dll
+ 2009-02-09 11:08 . 2009-02-09 11:08 1847552 c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2009-02-09 11:13 . 2009-02-09 11:13 1846784 c:\windows\$hf_mig$\KB958690\SP3GDR\win32k.sys
+ 2009-02-09 10:20 . 2009-02-09 10:20 1847424 c:\windows\$hf_mig$\KB958690\SP2QFE\win32k.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-15 1932568]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-15 00:25 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 23:46 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= sonymjpg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDrvEmulator]
2005-06-17 00:25 49152 ------w c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-06-17 00:25 49152 ------w c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-03-04 07:36 36975 ----a-w c:\program files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-03-23 18:07 1830128 ----a-w c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
2001-04-26 19:02 2220 ----a-w c:\program files\support.com\client\lserver\Server.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"59334:UDP"= 59334:UDP:utorrent
"59334:TCP"= 59334:TCP:utorrent

R2 LMIInfo;LogMeIn Kernel Information Provider; [x]
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\DRIVERS\bcm42xx5.sys [2001-08-17 54271]
R3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2004-01-19 6828]
R3 IPN2120;Instant Wireless-B PCI Adapter Driver; [x]
R3 KORG_1394;KORG_1394;c:\windows\system32\Drivers\KO RG_1394.sys [2006-11-17 114176]
R3 KORG_avs;KORG_avs;c:\windows\system32\Drivers\KORG _avs.sys [2006-11-17 28672]
R3 MADFU;MADFU;c:\windows\system32\DRIVERS\MADFUXP.sy s [2007-04-12 16512]
R3 MAUSBXP;Service for M-Audio Xponent (WDM); [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\Drivers\SMBE.SYS [2001-09-22 593000]
R3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2007-11-14 20168]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-15 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-15 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-15 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-15 298264]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sy s [2007-08-03 46112]
S2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\Drivers\SonyFKC.sys [2001-12-06 12032]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://advisorcompass.com/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ez-data.com
Trusted Zone: ez-data.com/java/index.htm
Trusted Zone: ezdata.com
Trusted Zone: smartofficeonline.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} - hxxps://ampf.ez-data.com/java/downloads/SOConfig6.cab
DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} - hxxps://ampf.ez-data.com/java/downloads/SmartOfficeLink6.cab
FF - ProfilePath - c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\vfh5z0zn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 18:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3F D-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]
@DACL=(02 0000)
@="c:\\windows\\system32\\fibufeti.dll"
"ThreadingModel"="Both"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2452)
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-04-16 18:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-16 22:27
ComboFix2.txt 2009-04-16 16:36

Pre-Run: 5,318,721,536 bytes free
Post-Run: 5,307,408,384 bytes free

232 --- E O F --- 2009-04-16 22:02

[evilfantasy]

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

RegLockDel::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3F  D-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze