Hi amateur:
Thanks much for your help!
Here's the logs you requested. I followed all instructions in your post accurately.
ComboFix log:
ComboFix 09-06-23.01 - Gaming 06/24/2009 9:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1598 [GMT -4:00]
Running from: c:\documents and settings\Gaming\Desktop\CompFix 09\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090623-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\BHO
c:\program files\BHO\BHODemon.exe
c:\program files\BHO\BHODemon.INI
c:\program files\BHO\BHODemon.LOG.XML
c:\program files\BHO\BHODemonHelp.html
c:\program files\BHO\bhodmon1.zip
c:\windows\system32\stera.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
-------\Legacy_OREANS32
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.
2009-06-23 14:30 . 2009-06-23 15:40 -------- d-----w- c:\documents and settings\Gaming\Application Data\dvdcss
2009-06-23 14:30 . 2009-06-23 15:48 -------- d-----w- c:\documents and settings\Gaming\Application Data\vlc
2009-06-23 14:28 . 2009-06-23 14:28 -------- d-----w- c:\program files\VideoLAN
2009-06-21 20:09 . 2009-06-21 20:09 -------- d-sh--w- c:\documents and settings\Gaming\IECompatCache
2009-06-19 17:47 . 2009-06-19 17:47 -------- d-sh--w- c:\documents and settings\Gaming\PrivacIE
2009-06-19 17:24 . 2009-06-19 17:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-19 17:23 . 2009-06-19 17:23 -------- d-sh--w- c:\documents and settings\Gaming\IETldCache
2009-06-19 17:17 . 2009-06-19 17:20 -------- dc-h--w- c:\windows\ie8
2009-06-09 00:22 . 2009-06-09 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-09 00:19 . 2009-06-09 00:19 -------- d-----w- c:\program files\Bonjour
2009-06-09 00:14 . 2009-06-09 00:15 -------- d-----w- c:\program files\QuickTime
2009-06-09 00:07 . 2009-06-09 00:07 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 22:41 . 2009-06-03 22:42 -------- d-----w- C:\OutputFolder
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 13:42 . 2007-08-13 15:14 54218784 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-24 13:41 . 2007-08-15 01:41 213441869 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-24 13:40 . 2007-08-13 15:14 636380 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-19 22:47 . 2006-06-16 05:00 -------- d-----w- c:\program files\Agent
2009-06-19 22:46 . 2005-04-27 03:14 -------- d-----w- c:\documents and settings\Rich\Application Data\Lavasoft
2009-06-19 18:07 . 2006-09-20 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-18 22:19 . 2005-04-27 09:28 -------- d-----w- c:\program files\FirstClass
2009-06-09 22:12 . 2006-12-22 20:14 132960 ----a-w- c:\documents and settings\Gaming\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-09 00:23 . 2006-09-17 01:09 -------- d-----w- c:\program files\iTunes
2009-06-09 00:22 . 2005-05-10 09:42 -------- d-----w- c:\program files\iPod
2009-06-09 00:22 . 2007-09-02 17:05 -------- d-----w- c:\program files\Common Files\Apple
2009-06-08 22:44 . 2008-02-13 22:47 -------- d-----w- c:\documents and settings\Gaming\Application Data\uTorrent
2009-05-07 15:32 . 2004-08-10 17:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2004-08-10 17:51 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 17:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/1/2008 5:53 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/1/2008 5:53 PM 20560]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Turbine Download Manager Tray Icon - c:\program files\Turbine\Turbine Download Manager - Preview\TurbineDownloadManagerIcon.exe
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-06-24 09:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2392)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\nvcpl.dll
c:\windows\system32\nvapi.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\windows\system32\igfxres.dll
c:\windows\system32\igfxress.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\nvshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\UStorSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-06-24 9:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-24 13:51
Pre-Run: 16,173,293,568 bytes free
Post-Run: 16,572,518,400 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
181 --- E O F --- 2009-06-19 17:20
Goored Log:
GooredFix v1.92 by jpshortstuff
Log created at 09:55 on 24/06/2009 running Option #1 (Gaming)
Firefox version [Unable to determine]
=====Suspect Goored Entries=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{EFD28066-FE97-4E34-94C2-4A5E08B5FEE1}"="C:\Documents and Settings\Rich\Local Settings\Application Data\{EFD28066-FE97-4E34-94C2-4A5E08B5FEE1}\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{EB015E33-4E86-4798-AC9D-8B74588A6EAE}"="C:\Documents and Settings\Gaming\Local Settings\Application Data\{EB015E33-4E86-4798-AC9D-8B74588A6EAE}"
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{EFD28066-FE97-4E34-94C2-4A5E08B5FEE1}"="C:\Documents and Settings\Rich\Local Settings\Application Data\{EFD28066-FE97-4E34-94C2-4A5E08B5FEE1}\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{EB015E33-4E86-4798-AC9D-8B74588A6EAE}"="C:\Documents and Settings\Gaming\Local Settings\Application Data\{EB015E33-4E86-4798-AC9D-8B74588A6EAE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"