lalaomg

i feel like i'm always here with something new! DDD:
but recently my computer started to give me random pop ups in internet explorer, which isn't even the browser i use. and it also randomly freezes completely and doesn't allow me to click anything!


DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Administrator at 20:44:52.67 on Thu 04/16/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.98 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2276801728.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = actsvr.comcastonline.com;*.local
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
BHO: c:\windows\system32\jh9fgo4ksdgf.dll: {d7bf4552-94f1-42bd-f434-3604812c856d} - c:\windows\system32\jh9fgo4ksdgf.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [prunnet] "c:\windows\system32\prunnet.exe"
uRun: [Diagnostic Manager] c:\docume~1\compaq~1\locals~1\temp\2276801728.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [Motive SmartBridge] c:\progra~1\sbclig~1\smartb~1\MotiveSB.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [bezunogisi] Rundll32.exe "c:\windows\system32\kupaviba.dll",s
mRun: [CPM7f511cdc] Rundll32.exe "c:\windows\system32\weyokupi.dll",a
mRun: [7c622f40] rundll32.exe "c:\windows\system32\pilipeho.dll",b
dRun: [<NO NAME>] c:\windows\temp\hg8hqootyk.exe
dRun: [Windows Resurections] c:\windows\temp\hg8hqootyk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc lightspeed self support tool\bin\matcli.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\compaq_administrator\start menu\programs\imvu\Run IMVU.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\juzusiwe.dll c:\windows\system32\weyokupi.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\weyokupi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\weyokupi.dll
STS: c:\windows\system32\jh9fgo4ksdgf.dll: {d7bf4552-94f1-42bd-f434-3604812c856d} - c:\windows\system32\jh9fgo4ksdgf.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvdreg~1\DVDShell.dll
LSA: Notification Packages = scecli c:\windows\system32\juzusiwe.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\gimjrell.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1408409&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60337&qkw=
FF - plugin: c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\gimjrell.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {DAD9676A-B469-445B-AF93-2F9F13600D0B} - c:\documents and settings\compaq_administrator\local settings\application data\{DAD9676A-B469-445B-AF93-2F9F13600D0B}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-6-20 11840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-6-20 68865]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-6-20 151297]
S3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-6-20 52032]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2009-04-16 15:10 46 a------- c:\windows\system32\p2hhr.bat
2009-04-16 15:10 15,000 a------- c:\windows\system32\jh9fgo4ksdgf.dll
2009-04-15 14:22 155 a------- c:\windows\system32\SelfDel.bat
2009-04-15 14:07 <DIR> --d----- c:\program files\Microsoft Common
2009-04-15 11:10 1,408,745 ---sh--- c:\windows\system32\ohepilip.ini
2009-03-28 19:10 <DIR> --d----- c:\program files\Boilsoft Video Joiner
2009-03-28 19:09 <DIR> --d----- c:\program files\Boilsoft Video Splitter
2009-03-28 18:48 <DIR> --d----- c:\program files\AVI MPEG RM WMV Splitter

==================== Find3M ====================

2009-04-16 19:47 12,070 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-16 15:28 388,608 a------- c:\windows\system32\CF25338.exe
2009-02-16 15:28 388,608 a------- c:\windows\system32\CF25328.exe
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2008-05-27 20:37 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 20:45:01.92 ===============

Attached Files

	Attach.txt (13.6 KB, 2 views)
	ark.txt (6.6 KB, 4 views)

sjb007

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you thoughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

lalaomg

ComboFix 09-04-20.02 - Compaq_Administrator 04/20/2009 13:06.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.179 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
.
/wow section not completed

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7BF4552-94F1-42BD-F434-3604812C856D}]
2009-04-16 20:10 15000 ----a-w c:\windows\system32\jh9fgo4ksdgf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-07 3558136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-22 180269]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-24 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Resurections"="c:\windows\TEMP\hg8hqootyk.exe" [2009-04-16 15001]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
SBC Self Support Tool.lnk - c:\program files\SBC LightSpeed Self Support Tool\bin\matcli.exe [2007-3-29 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{D7BF4552-94F1-42BD-F434-3604812C856D}"= "c:\windows\system32\jh9fgo4ksdgf.dll" [2009-04-16 15000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\juzusiwe.dll c:\windows\system32\weyokupi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\juzusiwe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ClubBox.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 32256]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b31da8f6-8e63-11dd-af98-001731c0214a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - J:\system.exe
\Shell\Open\command - J:\system.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-prunnet - c:\windows\system32\prunnet.exe
HKLM-Run-bezunogisi - c:\windows\system32\kupaviba.dll
HKLM-Run-CPM7f511cdc - c:\windows\system32\weyokupi.dll
HKLM-Run-7c622f40 - c:\windows\system32\pilipeho.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\weyokupi.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = actsvr.comcastonline.com;*.local
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: **{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\gimjrell.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1408409&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60337&qkw=
FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\gimjrell.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 13:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-04-20 13:12
ComboFix-quarantined-files.txt 2009-04-20 18:10
ComboFix2.txt 2009-01-25 21:08

Pre-Run: 21,980,131,328 bytes free
Post-Run: 21,964,636,160 bytes free

153 --- E O F --- 2009-03-11 13:25

sjb007

Hi there

Please download Flash Disinfector by sUBs.
Hold down the Shift key and insert your thumbdrive.
Double click on Flash_Disinfector.exe to run it. Once done, you will be prompted. Click OK.
Repeat this step if you have more than one thumbdrives.

Once done.....

Please open Notepad and copy and paste the following in the Code box into Notepad.

Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.



Combofix will start running. When done, a log will be produced. Please post this log in your next reply.

In addition, it will prompt you to submit some files for analyzing.



Click OK.

Combofix will then upload the files automatically. Please do not close Combofix's window.

Do not mouse click on Combofix while it is running. That may cause it to stall.

=========================================

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

=========================================

I want you to run an online scan at kaspersky. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click IE/Firefox icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

=========================================

Please post back with the new combofix log and the log from Kaspersky

lalaomg

What do you mean insert my thumb drive?

sjb007

Hi there

By a thumb drive I mean memory stick or flash drive, which ever you wish to name them by. If you do not have one then proceed on to the next step in the process.

lalaomg

i just returned from my vacation! sorry!
i will do the steps tomorrow!

sjb007

Not a problem. Thanks for the update

lalaomg

ComboFix 09-04-25.A3 - Compaq_Administrator 04/26/2009 8:11.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.99 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\jh9fgo4ksdgf.dll
c:\windows\system32\juzusiwe.dll
c:\windows\system32\senekaxjlqevmq.dat
c:\windows\system32\senekayrpkhqwu.dat
c:\windows\system32\weyokupi.dll
c:\windows\TEMP\hg8hqootyk.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft Common
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\jh9fgo4ksdgf.dll
c:\windows\system32\ohepilip.ini
c:\windows\system32\p2hhr.bat

.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-15 19:22 . 2009-04-15 19:22 155 ----a-w c:\windows\system32\SelfDel.bat
2009-03-29 00:10 . 2009-03-29 00:10 -------- d-----w c:\program files\Boilsoft Video Joiner
2009-03-29 00:09 . 2009-03-29 00:09 -------- d-----w c:\program files\Boilsoft Video Splitter
2009-03-28 23:48 . 2009-03-28 23:50 -------- d-----w c:\program files\AVI MPEG RM WMV Splitter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 00:39 . 2006-12-28 16:15 12224 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2009-04-23 15:57 . 2008-11-22 00:33 3532 ----a-w C:\drmHeader.bin
2009-04-16 19:58 . 2007-03-30 03:25 -------- d-----w c:\program files\Yahoo!
2009-04-16 19:56 . 2006-05-22 20:46 49741945 ----a-w C:\hpWebHelper.log
2009-04-12 06:10 . 2009-03-02 03:15 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2009-04-05 16:52 . 2006-05-22 19:54 -------- d-----w c:\program files\Java
2009-03-28 01:59 . 2008-05-29 00:29 -------- d-----w c:\program files\Last.fm
2009-03-21 14:18 . 2004-08-09 21:00 986112 ----a-w c:\windows\system32\dllcache\kernel32.dll
2009-03-11 13:23 . 2009-03-11 13:23 268 ---ha-w C:\sqmdata07.sqm
2009-03-11 13:23 . 2009-03-11 13:23 244 ---ha-w C:\sqmnoopt07.sqm
2009-03-09 10:19 . 2009-03-05 15:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2004-08-09 21:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 14:44 . 2004-08-09 21:00 283648 ----a-w c:\windows\system32\dllcache\pdh.dll
2009-03-05 18:23 . 2006-05-22 20:19 58192 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-05 18:21 . 2006-05-22 20:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 23:27 . 2004-08-09 21:00 1499136 ----a-w c:\windows\system32\dllcache\shdocvw.dll
2009-03-02 03:29 . 2009-03-02 03:29 -------- d-----w c:\program files\Ulead Systems
2009-02-20 21:44 . 2004-08-09 21:00 3067904 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-02-19 09:50 . 2004-08-09 21:00 18432 ----a-w c:\windows\system32\dllcache\iedw.exe
2009-02-09 10:20 . 2004-08-09 21:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-09 21:00 723456 ----a-w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 10:20 . 2004-08-09 21:00 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-09 21:00 399360 ----a-w c:\windows\system32\dllcache\rpcss.dll
2009-02-09 10:20 . 2004-08-10 04:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2004-08-10 04:00 714752 ----a-w c:\windows\system32\dllcache\ntdll.dll
2009-02-09 10:20 . 2004-08-09 21:00 616960 ----a-w c:\windows\system32\dllcache\advapi32.dll
2009-02-09 10:20 . 2004-08-09 21:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-09 21:00 473088 ----a-w c:\windows\system32\dllcache\fastprox.dll
2009-02-09 10:20 . 2004-08-09 21:00 453120 ----a-w c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 10:19 . 2004-08-09 21:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:19 . 2004-08-09 21:00 1846272 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-06 17:24 . 2006-12-19 14:17 2180480 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 17:24 . 2004-08-10 04:00 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:22 . 2006-12-19 14:15 2136064 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 17:14 . 2004-08-09 21:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 17:14 . 2004-08-09 21:00 110592 ----a-w c:\windows\system32\dllcache\services.exe
2009-02-06 16:54 . 2004-08-09 21:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:54 . 2004-08-09 21:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 16:49 . 2006-12-19 12:55 2015744 ----a-w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 16:49 . 2006-12-19 12:55 2057728 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 16:49 . 2004-08-10 04:00 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 16:39 . 2004-08-09 21:00 227840 ----a-w c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 20:08 . 2004-08-09 21:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-03 20:08 . 2004-08-09 21:00 55808 ----a-w c:\windows\system32\dllcache\secur32.dll
2006-12-27 03:08 . 2006-12-25 14:06 143 -c--a-w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
2006-05-22 20:40 . 2006-12-25 14:06 47280 -c--a-w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-05-22 19:48 . 2006-05-22 19:48 136 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2008-05-28 01:37 . 2008-05-28 01:37 4184 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-20_18.08.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-26 13:16 . 2009-04-26 13:16 16384 c:\windows\temp\Perflib_Perfdata_1e0.dat
+ 2006-05-22 19:49 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2006-05-22 19:57 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2006-05-22 19:57 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 39424 c:\windows\system32\pngfilt.dll
+ 2005-08-30 21:07 . 2009-04-21 14:30 64404 c:\windows\system32\perfc009.dat
- 2005-08-30 21:07 . 2008-04-12 04:20 64404 c:\windows\system32\perfc009.dat
+ 2004-08-09 21:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2004-08-09 21:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2004-08-09 21:00 . 2004-08-09 21:00 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-10 04:00 . 2004-08-10 04:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2009-02-22 14:59 . 2009-04-23 12:18 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-02-22 14:59 . 2009-02-22 14:59 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2004-08-09 21:00 . 2008-10-16 10:20 16384 c:\windows\system32\jsproxy.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 16384 c:\windows\system32\jsproxy.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 96256 c:\windows\system32\inseng.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 96256 c:\windows\system32\inseng.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 81920 c:\windows\system32\ieencode.dll
- 2004-08-09 21:00 . 2004-08-09 21:00 81920 c:\windows\system32\ieencode.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 55808 c:\windows\system32\extmgr.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 55808 c:\windows\system32\extmgr.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2004-08-09 21:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2004-08-09 21:00 . 2004-08-09 21:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 96256 c:\windows\system32\dllcache\inseng.dll
- 2004-08-09 21:00 . 2004-08-09 21:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2006-05-22 20:41 . 2006-02-16 16:37 9188 c:\windows\system32\pcintro\FirstBoot.bat
+ 2004-08-09 21:00 . 2004-08-09 21:00 2589 c:\windows\I386\RUNW32.BAT
+ 2006-05-22 19:49 . 2009-02-19 09:47 351744 c:\windows\system32\xpsp3res.dll
- 2006-05-22 19:49 . 2008-10-15 14:00 351744 c:\windows\system32\xpsp3res.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 668160 c:\windows\system32\wininet.dll
+ 2004-08-09 21:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-08-09 21:00 . 2004-08-09 21:00 351232 c:\windows\system32\winhttp.dll
+ 2004-08-09 21:00 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-09 21:00 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-09 21:00 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 619520 c:\windows\system32\urlmon.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 474112 c:\windows\system32\shlwapi.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 474112 c:\windows\system32\shlwapi.dll
+ 2005-08-30 21:07 . 2009-04-21 14:30 408000 c:\windows\system32\perfh009.dat
- 2005-08-30 21:07 . 2008-04-12 04:20 408000 c:\windows\system32\perfh009.dat
+ 2004-08-09 21:00 . 2009-02-20 08:14 532480 c:\windows\system32\mstime.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 532480 c:\windows\system32\mstime.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 146432 c:\windows\system32\msrating.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 146432 c:\windows\system32\msrating.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 449024 c:\windows\system32\mshtmled.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-09 21:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 251904 c:\windows\system32\iepeers.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 251904 c:\windows\system32\iepeers.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 205312 c:\windows\system32\dxtrans.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 205312 c:\windows\system32\dxtrans.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 357888 c:\windows\system32\dxtmsft.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-09 21:00 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-08-09 21:00 . 2009-02-20 08:14 668160 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-09 21:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-09 21:00 . 2004-08-09 21:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 619520 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 532480 c:\windows\system32\dllcache\mstime.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 532480 c:\windows\system32\dllcache\mstime.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-09 21:00 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 151040 c:\windows\system32\cdfview.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 151040 c:\windows\system32\cdfview.dll
+ 2004-08-09 21:00 . 2009-03-02 23:27 1499136 c:\windows\system32\shdocvw.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 1499136 c:\windows\system32\shdocvw.dll
- 2004-08-09 21:00 . 2008-05-07 04:55 1288192 c:\windows\system32\quartz.dll
+ 2004-08-09 21:00 . 2008-12-20 22:59 1288192 c:\windows\system32\quartz.dll
+ 2004-08-09 21:00 . 2009-02-20 21:44 3067904 c:\windows\system32\mshtml.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2004-08-09 21:00 . 2008-05-07 04:55 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2004-08-09 21:00 . 2008-12-20 22:59 1288192 c:\windows\system32\dllcache\quartz.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 1054208 c:\windows\system32\dllcache\danim.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 1054208 c:\windows\system32\danim.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 1054208 c:\windows\system32\danim.dll
+ 2004-08-09 21:00 . 2009-02-20 08:14 1024000 c:\windows\system32\browseui.dll
- 2004-08-09 21:00 . 2008-10-16 10:20 1024000 c:\windows\system32\browseui.dll
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-07 3558136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-22 180269]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"Motive SmartBridge"="c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-24 1519616]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
SBC Self Support Tool.lnk - c:\program files\SBC LightSpeed Self Support Tool\bin\matcli.exe [2007-3-29 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 18:41 294912 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ClubBox.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 32256]

.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = actsvr.comcastonline.com;*.local
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: **{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\gimjrell.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1408409&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60337&qkw=
FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\gimjrell.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 08:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3888)
c:\progra~1\SBCLIG~1\SMARTB~1\SBHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\nexon\Mabinogi\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-04-26 8:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 13:27
ComboFix2.txt 2009-04-20 18:12
ComboFix3.txt 2009-01-25 21:08

Pre-Run: 24,866,594,816 bytes free
Post-Run: 24,851,587,072 bytes free

352 --- E O F --- 2009-04-21 05:11

sjb007

Hi there

Please post the log from Kaspersky as requested, also can you update me on how things are running. Thanks

lalaomg

I'm sorry but am I allowed more time? My school life has been very hectic recently. I can do the Kapersky scan after tomorrow. I'm sorry for this!

sjb007

Not a problem there, thanks for the update

lalaomg

I tried the Kapersky scan - but it kept freezing at 82 percent. I tried it twice. I'm leaving my dad's house today, but I will try the scan again and hopefully it'll complete. >,>

And by the way, the computer is running a lot better than before. But it still slows down sometimes.

sjb007

Hi there

Let me know how it goes, if you experience problems still, then we can try a alternative method.