Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLL Errors AFTER Virus removal


  • This topic is locked This topic is locked
5 replies to this topic

#1 Treefarn

Treefarn

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 26 December 2008 - 01:30 PM

Referred here from Am I Infected. For contextual information and for what's been done, please read this topic: http://www.bleepingcomputer.com/forums/t/188634/dll-errors-after-virus-removal/ ~ OB

DDS (Version 1.1.0) - NTFSx86
Run by neil at 13:15:16.40 on Fri 12/26/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1358 [GMT -5:00]

AV: AVG 7.5.524 *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\neil.NEIL-D3691B5D86\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.yahoo.com/
uInternet Settings,ProxyOverride = *.local
TB: {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [TivoTransfer] "c:\program files\common files\tivo shared\transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: lhisrh.dll dypgtd.dll qfjuiq.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neil~1.nei\applic~1\mozilla\firefox\profiles\jg87a505.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.phpdiplomacy.net/index.php
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\NPExpFTP.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.07
============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-6-18 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-6-18 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-6-18 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-6-18 10760]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-10-28 127768]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-6-13 394952]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-7-7 611664]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-6-18 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-6-18 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-6-18 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-6-18 4960]
R2 TivoBeacon2;TiVo Beacon;"c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe" /service [2008-3-17 868864]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-8-24 40832]
S3 pmxscan;Memorex USB Kernel;c:\windows\system32\drivers\usbscan.sys [2007-11-10 15104]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 sgvnic;StoneGate VPN Virtual Adapter;c:\windows\system32\drivers\sgvnic.sys [2007-6-29 7104]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []

=============== Created Last 30 ================

2008-12-24 21:37 2,922 a------- c:\windows\system32\tmp.reg
2008-12-23 17:46 --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2008-12-23 17:46 --d----- c:\program files\SUPERAntiSpyware
2008-12-23 17:46 --d----- c:\docume~1\neil~1.nei\applic~1\SUPERAntiSpyware.com
2008-12-23 17:41 --d----- C:\11aaaaa
2008-12-22 17:26 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-22 17:26 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 17:26 --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 07:36 131,584 a------- c:\windows\system32\qfjuiq.dll
2008-12-22 07:33 114,688 a------- c:\windows\system32\oljnysxj.dll
2008-12-20 22:06 1,661,209 a--sh--- c:\windows\system32\sutqwlkm.ini
2008-12-20 22:02 0 a------- c:\windows\system32\udfuaw.dll
2008-12-20 21:55 891,181 a--sh--- c:\windows\system32\UvELknmp.ini2
2008-12-20 21:55 891,181 a--sh--- c:\windows\system32\UvELknmp.ini
2008-12-11 07:34 --d----- c:\docume~1\alluse~1.win\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 18:48 --d----- c:\docume~1\neil~1.nei\applic~1\Brother
2008-12-03 18:47 145 a------- c:\windows\BRVIDEO.INI
2008-12-03 18:47 0 a------- c:\windows\brmx2001.ini
2008-12-03 18:46 77,824 a------- c:\windows\system32\brlmw03a.dll
2008-12-03 18:46 114 a------- c:\windows\system32\brlmw03a.ini
2008-12-03 18:46 9,853 a------- c:\windows\HL-2140.INI
2008-12-03 18:46 --d----- c:\program files\Brownie
2008-12-03 18:46 426 a------- c:\windows\BRWMARK.INI
2008-12-03 18:46 34 a------- c:\windows\system32\BD2140.DAT
2008-12-03 18:45 --d----- c:\program files\Brother
2008-12-03 18:44 315 a------- c:\windows\Brownie.ini
2008-12-03 18:36 192,512 a------- c:\windows\system32\Pdrvinst.dll
2008-12-03 18:36 176,128 a------- c:\windows\system32\BROSNMP.DLL
2008-12-03 18:36 94,208 a------- c:\windows\system32\BRRBTOOL.EXE
2008-12-03 18:36 24,223 a------- c:\windows\system32\BRLM03A.DLL
2008-12-03 16:19 --d----- c:\windows\lhsp
2008-12-03 16:17 --d----- c:\program files\Broderbund

==================== Find3M ====================

2008-12-26 13:15 11,905,056 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-26 10:49 140,252 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-03 19:36 55,641 a------- c:\windows\system32\nvModes.dat
2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-10-28 20:26 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 06:46 2,560 a------- c:\windows\_MSRSTRT.EXE
2008-10-16 05:37 659,456 a------- c:\windows\system32\wininet.dll
2008-10-08 20:31 3,082 a------- c:\windows\system32\affv9869p2now.sys
2008-10-03 05:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-01 14:51 87,552 a------- c:\windows\system32\VACFix.exe
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2007-12-27 20:15 87,608 a------- c:\docume~1\neil~1.nei\applic~1\inst.exe
2007-12-27 20:15 47,360 a------- c:\docume~1\neil~1.nei\applic~1\pcouffin.sys
2007-08-11 19:35 60,968 a------- c:\documents and settings\neil.neil-d3691b5d86\GoToAssistDownloadHelper.exe
2006-05-03 04:06 163,328 a--shr-- c:\windows\system32\flvDX.dll
2007-02-21 05:47 31,232 a--shr-- c:\windows\system32\msfDX.dll

============= FINISH: 13:28:01.48 ===============

Edited by Orange Blossom, 26 December 2008 - 08:46 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:18 PM

Posted 03 January 2009 - 10:30 PM

Hello, Treefarn
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :)
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Treefarn

Treefarn
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 04 January 2009 - 09:06 PM

Ok, two things. First, I had some difficulty (due to user error) turning off AVG when I ran it the first time. In looking at the logs, unbeknownst to me, Zone Alarm was also on. So I turned those both off and ran them combofix the first time. It appeared both were turned off when I ran the 2nd time, but I still got popups that AVG was running. I could not find any trace of it running. Here is the first log (the 2nd log follows): (Incidentally, the errors about the missing DLL are not happening any more:

ComboFix 09-01-02.01 - neil 2009-01-04 20:36:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1122 [GMT -5:00]
Running from: c:\documents and settings\neil.NEIL-D3691B5D86\Desktop\ComboFix.exe
AV: AVG 7.5.524 *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\inst.exe
c:\documents and settings\neil.NEIL-D3691B5D86\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\fxsbwntj.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\qfjuiq.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sutqwlkm.ini
c:\windows\system32\tmp.reg
c:\windows\system32\udfuaw.dll
c:\windows\system32\UvELknmp.ini
c:\windows\system32\UvELknmp.ini2
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-03 08:32 . 2009-01-03 08:32 <DIR> d-------- c:\windows\Cache
2009-01-03 08:32 . 2009-01-03 08:32 <DIR> d-------- c:\program files\Coupons
2009-01-03 08:32 . 2009-01-03 08:32 197,976 -ra------ c:\windows\system32\cpnprt2.cid
2009-01-01 10:31 . 2009-01-01 10:31 <DIR> d-------- c:\program files\Common Files\Kodak
2008-12-29 11:03 . 2008-12-29 11:03 <DIR> d-------- c:\program files\DK Multimedia
2008-12-29 11:03 . 1997-01-27 14:45 756,736 --a------ c:\windows\system32\IR41_32.DLL
2008-12-29 11:03 . 1993-06-25 14:47 20,272 --a------ c:\windows\system\CTL3D.DLL
2008-12-29 11:02 . 2004-08-04 05:00 14,848 --a------ c:\windows\system32\Backup of MSADP32.ACM
2008-12-26 17:25 . 2008-12-26 17:25 <DIR> d-------- c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\Fisher-Price
2008-12-26 17:12 . 2008-12-26 17:12 <DIR> d-------- c:\program files\Fisher-Price
2008-12-26 17:09 . 2008-12-26 17:09 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Fisher-Price
2008-12-24 05:33 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-23 17:46 . 2008-12-23 17:46 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-23 17:46 . 2008-12-23 17:46 <DIR> d-------- c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\SUPERAntiSpyware.com
2008-12-23 17:46 . 2008-12-23 17:46 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-12-23 17:41 . 2008-12-23 17:45 <DIR> d-------- C:\11aaaaa
2008-12-23 17:30 . 2008-12-23 17:31 <DIR> d-------- c:\documents and settings\Administrator.NEIL-D3691B5D86
2008-12-22 17:26 . 2008-12-22 17:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 17:26 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 17:26 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 07:33 . 2008-12-22 07:33 114,688 --a------ c:\windows\system32\oljnysxj.dll
2008-12-21 08:23 . 2008-12-21 08:23 <DIR> d-------- c:\program files\Alwil Software
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 65,536 --a------ c:\windows\system32\jdns_sd.dll
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-11 07:34 . 2008-12-11 07:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 01:53 13,447,200 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-05 01:45 158,468 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-05 01:44 --------- d-----w c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\Azureus
2009-01-03 01:30 --------- d-----w c:\program files\Bonjour
2009-01-01 15:28 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kodak
2008-12-26 21:38 --------- d-----w c:\program files\QuickTime
2008-12-21 11:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 11:31 --------- d-----w c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\AVG7
2008-12-21 03:02 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2008-12-21 02:57 --------- d-----w c:\program files\Lavasoft
2008-12-21 02:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-11 12:34 --------- d-----w c:\program files\iTunes
2008-12-11 12:34 --------- d-----w c:\program files\iPod
2008-12-11 12:34 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 23:48 --------- d-----w c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\Brother
2008-12-03 23:46 --------- d-----w c:\program files\Brownie
2008-12-03 23:46 --------- d-----w c:\program files\Brother
2008-12-03 21:17 --------- d-----w c:\program files\Broderbund
2008-11-27 14:02 --------- d-----w c:\program files\Xilisoft
2008-11-26 01:41 --------- d-----w c:\program files\Safari
2008-11-23 15:31 --------- d-----w c:\program files\Azureus
2008-11-17 22:42 --------- d-----w c:\program files\The Learning Company
2008-11-08 12:20 --------- d-----w c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\ICAClient
2008-11-08 12:08 --------- d-----w c:\program files\Citrix
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 11:46 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-13 11:02 5,206,059 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-09 01:31 3,082 ----a-w c:\windows\system32\affv9869p2now.sys
2007-12-28 01:15 47,360 ----a-w c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\pcouffin.sys
2007-08-12 00:35 60,968 ----a-w c:\documents and settings\neil.NEIL-D3691B5D86\GoToAssistDownloadHelper.exe
2007-11-09 21:10 30,288 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 21:10 79,440 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 21:10 75,344 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 21:10 140,880 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 21:10 42,576 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 21:10 50,768 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 21:10 34,384 ----a-w c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 21:11 685,648 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 21:11 30,288 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-03-17 1193472]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2008-03-17 393728]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2008-03-17 1876480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2008-03-13 128256]
"nwiz"="nwiz.exe" [2006-05-01 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-05-01 c:\windows\system32\nvhotkey.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-30 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2005-03-10 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-28 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-28 688128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lhisrh.dll dypgtd.dll qfjuiq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-04-22 04:03 579584 c:\progra~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2007-03-16 20:10 1392640 c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 20:23 102400 c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-04-10 11:15 868352 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-03 18:51 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 22:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 11:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
--a------ 2008-03-17 10:29 393728 c:\program files\TiVo\Desktop\TiVoNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
--a------ 2008-03-17 10:30 1876480 c:\program files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
--a------ 2008-03-17 10:28 1193472 c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 22:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-07-09 08:05 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2006-05-01 14:46 73728 c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 19:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R4 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-03-17 868864]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-08-24 40832]
S3 pmxscan;Memorex USB Kernel;c:\windows\system32\drivers\usbscan.sys [2007-11-10 15104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 sgvnic;StoneGate VPN Virtual Adapter;c:\windows\system32\drivers\sgvnic.sys [2007-06-29 7104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30a6d5f2-001e-11dc-ba43-0019b96da0ed}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aee79d3-ca02-11dc-a897-0019b96da0ed}]
\Shell\AutoRun\command - F:\Launch.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-05 c:\windows\Tasks\wxwnvhql.job
- c:\windows\system32\rundll32.exe [2004-08-04 05:00]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-StoneGateAgent - c:\program files\Stonesoft\StoneGate VPN Client\sgagent.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\Mozilla\Firefox\Profiles\jg87a505.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.phpdiplomacy.net/index.php
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPExpFTP.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.07.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 20:49:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{220aeaaf-8dcc-4a4b-b03d-ca1c68af40e5}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\dypgtd.dll"
"ThreadingModel"="free"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4161325f-1969-473c-9e7e-1ecf50fea66e}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\lhisrh.dll"
"ThreadingModel"="free"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
c:\windows\system32\msiexec.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-01-04 21:00:41 - machine was rebooted [neil]
ComboFix-quarantined-files.txt 2009-01-05 02:00:37

Pre-Run: 29,277,147,136 bytes free
Post-Run: 29,793,681,408 bytes free

324 --- E O F --- 2009-01-05 01:57:22


And here's the 2nd log

ComboFix 09-01-02.01 - neil 2009-01-04 21:08:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1390 [GMT -5:00]
Running from: c:\documents and settings\neil.NEIL-D3691B5D86\Desktop\ComboFix.exe
AV: AVG 7.5.524 *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-04 20:56 . 2009-01-04 20:56 <DIR> d-------- c:\windows\LastGood
2009-01-03 08:32 . 2009-01-03 08:32 <DIR> d-------- c:\windows\Cache
2009-01-03 08:32 . 2009-01-03 08:32 <DIR> d-------- c:\program files\Coupons
2009-01-03 08:32 . 2009-01-03 08:32 197,976 -ra------ c:\windows\system32\cpnprt2.cid
2009-01-01 10:31 . 2009-01-01 10:31 <DIR> d-------- c:\program files\Common Files\Kodak
2008-12-29 11:03 . 2008-12-29 11:03 <DIR> d-------- c:\program files\DK Multimedia
2008-12-29 11:03 . 1997-01-27 14:45 756,736 --a------ c:\windows\system32\IR41_32.DLL
2008-12-29 11:03 . 1993-06-25 14:47 20,272 --a------ c:\windows\system\CTL3D.DLL
2008-12-29 11:02 . 2004-08-04 05:00 14,848 --a------ c:\windows\system32\Backup of MSADP32.ACM
2008-12-26 17:25 . 2008-12-26 17:25 <DIR> d-------- c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\Fisher-Price
2008-12-26 17:12 . 2008-12-26 17:12 <DIR> d-------- c:\program files\Fisher-Price
2008-12-26 17:09 . 2008-12-26 17:09 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Fisher-Price
2008-12-24 05:33 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-23 17:46 . 2008-12-23 17:46 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-23 17:46 . 2008-12-23 17:46 <DIR> d-------- c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\SUPERAntiSpyware.com
2008-12-23 17:46 . 2008-12-23 17:46 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-12-23 17:41 . 2008-12-23 17:45 <DIR> d-------- C:\11aaaaa
2008-12-23 17:30 . 2008-12-23 17:31 <DIR> d-------- c:\documents and settings\Administrator.NEIL-D3691B5D86
2008-12-22 17:26 . 2008-12-22 17:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-22 17:26 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-22 17:26 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 07:33 . 2008-12-22 07:33 114,688 --a------ c:\windows\system32\oljnysxj.dll
2008-12-21 08:23 . 2008-12-21 08:23 <DIR> d-------- c:\program files\Alwil Software
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 65,536 --a------ c:\windows\system32\jdns_sd.dll
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-11 07:34 . 2008-12-11 07:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 02:11 13,531,168 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-05 01:45 158,468 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-05 01:44 --------- d-----w c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\Azureus
2009-01-03 01:30 --------- d-----w c:\program files\Bonjour
2009-01-01 15:28 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Kodak
2008-12-26 21:38 --------- d-----w c:\program files\QuickTime
2008-12-21 11:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-21 11:31 --------- d-----w c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\AVG7
2008-12-21 03:02 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2008-12-21 02:57 --------- d-----w c:\program files\Lavasoft
2008-12-21 02:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-11 12:34 --------- d-----w c:\program files\iTunes
2008-12-11 12:34 --------- d-----w c:\program files\iPod
2008-12-11 12:34 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 23:48 --------- d-----w c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\Brother
2008-12-03 23:46 --------- d-----w c:\program files\Brownie
2008-12-03 23:46 --------- d-----w c:\program files\Brother
2008-12-03 21:17 --------- d-----w c:\program files\Broderbund
2008-11-27 14:02 --------- d-----w c:\program files\Xilisoft
2008-11-26 01:41 --------- d-----w c:\program files\Safari
2008-11-23 15:31 --------- d-----w c:\program files\Azureus
2008-11-17 22:42 --------- d-----w c:\program files\The Learning Company
2008-11-08 12:20 --------- d-----w c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\ICAClient
2008-11-08 12:08 --------- d-----w c:\program files\Citrix
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 11:46 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-13 11:02 5,206,059 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-09 01:31 3,082 ----a-w c:\windows\system32\affv9869p2now.sys
2007-12-28 01:15 47,360 ----a-w c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\pcouffin.sys
2007-08-12 00:35 60,968 ----a-w c:\documents and settings\neil.NEIL-D3691B5D86\GoToAssistDownloadHelper.exe
2007-11-09 21:10 30,288 ----a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 21:10 79,440 ----a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 21:10 75,344 ----a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 21:10 140,880 ----a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 21:10 42,576 ----a-w c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 21:10 50,768 ----a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 21:10 34,384 ----a-w c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 21:11 685,648 ----a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 21:11 30,288 ----a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-04_20.59.39.31 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-03-17 1193472]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2008-03-17 393728]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2008-03-17 1876480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2008-03-13 128256]
"nwiz"="nwiz.exe" [2006-05-01 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-05-01 c:\windows\system32\nvhotkey.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-30 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\system32\narrator.exe]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2005-03-10 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-28 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-28 688128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lhisrh.dll dypgtd.dll qfjuiq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-04-22 04:03 579584 c:\progra~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2007-03-16 20:10 1392640 c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 20:23 102400 c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-04-10 11:15 868352 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-03 18:51 1032192 c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 22:29 49152 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 11:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
--a------ 2008-03-17 10:29 393728 c:\program files\TiVo\Desktop\TiVoNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
--a------ 2008-03-17 10:30 1876480 c:\program files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
--a------ 2008-03-17 10:28 1193472 c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 22:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-07-09 08:05 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
--a------ 2006-05-01 14:46 73728 c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-24 19:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R4 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-03-17 868864]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-08-24 40832]
S3 pmxscan;Memorex USB Kernel;c:\windows\system32\drivers\usbscan.sys [2007-11-10 15104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 sgvnic;StoneGate VPN Virtual Adapter;c:\windows\system32\drivers\sgvnic.sys [2007-06-29 7104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30a6d5f2-001e-11dc-ba43-0019b96da0ed}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6aee79d3-ca02-11dc-a897-0019b96da0ed}]
\Shell\AutoRun\command - F:\Launch.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-05 c:\windows\Tasks\wxwnvhql.job
- c:\windows\system32\rundll32.exe [2004-08-04 05:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\neil.NEIL-D3691B5D86\Application Data\Mozilla\Firefox\Profiles\jg87a505.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.phpdiplomacy.net/index.php
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPExpFTP.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.07.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 21:11:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-01-04 21:13:28
ComboFix-quarantined-files.txt 2009-01-05 02:12:49
ComboFix2.txt 2009-01-05 02:00:43

Pre-Run: 34,083,217,408 bytes free
Post-Run: 34,061,070,336 bytes free

260 --- E O F --- 2009-01-05 01:57:22

Edited by Treefarn, 04 January 2009 - 09:15 PM.


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:18 PM

Posted 05 January 2009 - 11:24 PM

Hello, Treefarn
Your System is Infected with a Backdoor!!
Backdoors cause severe damage to windows' internals, and allow an attacker complete control over the infected system. Because this state allows the attacker to download new malware on demand, log keystrokes, execute programs, and/or view the system's screen, it is recommended to reformat and reinstall the operating system on this machine. Several experts in the security community believe that once a system is infected with one of these types of backdoors, the system itself can never be trusted again.

I ask that you disconnect this system from the internet NOW!. While it is attached to the internet, the attacker can modify the system, and prevent fixes from working as intended.

Another danger of this type of infection is that of Identity Theft. Because such malware can read all of your passwords, bank account numbers, etc. from your keystrokes, I would recomend contacting banking institutions accessed from this machine to ensure your accounts are secure. Most banks will not charge to send you new credit/debit cards, and getting these numbers replaced would be a good idea. It would also be a good idea to change passwords for anything you commonly use online. Online stores, Facebook/Myspace, Email, etc. If it has been on that machine it may have been read by someone else. Don't do it from this machine, as it is now compromised. Do it from another known clean machine. A good place to do this is at your local public library.

I would strongly recomend format and reinstallation of this machine. For more information, you may wish to read one of these excellent articles:Please let me know if you wish to continue to clean this machine or if you wish to format.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:18 PM

Posted 09 January 2009 - 07:09 PM

Hello, Treefarn
Are you still here?

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:11:18 PM

Posted 12 January 2009 - 10:37 PM

Hello, Treefarn
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users