Unknown processes, mrofinu572.exe, scanregw.exe, help!!

[jrtech]

My IE is constantly opening itself when i don't even use it. I've used many cleansing programs to no success. Here is my log:

Deckard's System Scanner v20071014.68
Run by Junior on 2008-01-28 02:42:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
96: 2008-01-28 10:43:12 UTC - RP788 - Deckard's System Scanner Restore Point
95: 2008-01-28 08:09:17 UTC - RP787 - Installed Dell Support Center.
94: 2008-01-28 07:18:47 UTC - RP786 - Made by Registry Mechanic
93: 2008-01-28 07:18:34 UTC - RP785 - Made by Registry Mechanic
92: 2008-01-28 07:01:27 UTC - RP784 - Restore Operation


-- First Restore Point --
1: 2008-01-28 01:21:54 UTC - RP693 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Junior.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:22 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\qwerty12.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\mrofinu572.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\FNTS~1\wuaclt.exe
C:\WINDOWS\system32\?racle\s?anregw.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Junior\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Junior.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netster.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {089d8004-de81-4857-a552-6671d923870a} - (no file)
O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: (no name) - {433BD534-6885-2305-F8CD-66A395FAF8BA} - C:\WINDOWS\system32\bmtl.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - (no file)
O2 - BHO: (no name) - {979C18FB-35A3-4D70-9E77-AD4EDD119904} - C:\WINDOWS\system32\jkhhg.dll
O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\opnlkjh.dll
O2 - BHO: (no name) - {99291725-7939-455B-ACEC-387508DE1AAD} - C:\Program Files\Online Services\vizykinu4444.dll
O2 - BHO: (no name) - {A41B291B-987E-4954-B1FD-9E722BEA6178} - C:\Program Files\Online Services\vizykinu83122.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: 0 - {C225521C-2913-49C5-26A0-AE19F8B84E68} - (no file)
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\iihhfe.dll",forkonce
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\RunOnce: [RemoveInstallPath] cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\Dot1XCfg" > nul
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uaol] "C:\WINDOWS\FNTS~1\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [POSTRBT] C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhealer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhealer.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: ialcap - ialcap.dll (file missing)
O20 - Winlogon Notify: opnlkjh - C:\WINDOWS\SYSTEM32\opnlkjh.dll
O20 - Winlogon Notify: rpcc1 - C:\WINDOWS\
O21 - SSODL: itNvUfnoPKDSkA - {04EE4652-AE44-ECF8-7E0E-53444C0D25FB} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Service (INSY) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Plus\dirto.html

--
End of file - 11547 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 mcdd - c:\windows\system32\drivers\mcdd.sys

S1 EXAMPLE - c:\windows\system32\main.sys (file missing)
S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S2 driverpp (Plug and Play Support Driver) - c:\windows\system32\msdrives\driverpp.sys (file missing)
S2 windev-73db-d83 - c:\windows\system32\windev-73db-d83.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 NDnet1 - c:\windows\system32\ksys.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DomainService - c:\windows\system32\qwerty12.exe /service
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 INSY (Security Service) - c:\windows\system32\svcd\svchost.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-27 23:28:06 272 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-01-27 23:28:04 394 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2008-01-26 09:21:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-28 and 2008-01-28 -----------------------------

2008-01-28 02:46:22 0 d-------- C:\Program Files\Trend Micro
2008-01-28 01:24:37 0 d-------- C:\Program Files\SpywareBlaster
2008-01-28 00:56:56 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-28 00:41:27 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-28 00:41:21 0 d-------- C:\WINDOWS\LastGood
2008-01-28 00:15:43 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-28 00:14:13 0 d-------- C:\Program Files\Dell Support Center
2008-01-28 00:14:12 0 d-------- C:\Program Files\Common Files\supportsoft
2008-01-28 00:05:17 0 dr-h----- C:\Documents and Settings\Junior\Recent
2008-01-27 23:34:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-27 23:27:54 0 d-------- C:\Program Files\Uniblue
2008-01-27 23:12:40 0 d-------- C:\Documents and Settings\Junior\Application Data\Uniblue
2008-01-27 23:02:10 0 d-------- C:\Documents and Settings\Junior\Application Data\PC Tools
2008-01-27 23:02:09 0 d-------- C:\Program Files\Spyware Doctor
2008-01-27 20:38:34 49647 --ahs---- C:\WINDOWS\system32\ghhkj.ini2
2008-01-27 18:40:06 1040384 --a------ C:\Documents and Settings\Guest\ntuser.dat
2008-01-27 18:40:06 1306624 --a------ C:\Documents and Settings\Genesis\ntuser.dat
2008-01-27 18:40:06 696320 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-01-27 18:40:05 11272192 --a------ C:\Documents and Settings\Junior\ntuser.dat
2008-01-27 18:34:19 0 d-------- C:\Program Files\Temporary
2008-01-27 18:26:59 87552 --a------ C:\WINDOWS\system32\TmpX.exe
2008-01-27 18:26:54 114 --a------ C:\WINDOWS\system32\url3
2008-01-27 18:26:54 102 --a------ C:\WINDOWS\system32\url2
2008-01-27 18:26:54 102 --a------ C:\WINDOWS\system32\url1
2008-01-27 18:26:54 8 --a------ C:\WINDOWS\system32\CID
2008-01-27 18:26:49 4 --a------ C:\WINDOWS\system32\SvcNm
2008-01-27 18:26:49 0 d-------- C:\WINDOWS\system32\svcd
2008-01-27 18:26:41 34816 --a------ C:\info.exe
2008-01-27 17:21:35 333312 --a------ C:\WINDOWS\system32\jkhhg.dll
2008-01-27 17:17:18 135168 --a------ C:\WINDOWS\tk58.exe
2008-01-27 17:17:06 0 d-------- C:\WINDOWS\system32\?racle
2008-01-27 17:17:00 60928 --a------ C:\WINDOWS\system32\bmtl.dll
2008-01-27 17:16:56 169147 --a------ C:\WINDOWS\TTC-4444.exe
2008-01-27 17:16:47 36864 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-01-27 17:16:38 36864 -ra------ C:\WINDOWS\mrofinu572.exe
2008-01-27 17:16:35 86016 --a------ C:\WINDOWS\system32\drivers\mcdd.sys
2008-01-27 17:16:21 0 d-------- C:\WINDOWS\system32\wnis6
2008-01-27 17:16:21 0 d-------- C:\WINDOWS\system32\ets1
2008-01-27 17:16:20 0 d-------- C:\WINDOWS\system32\nip4
2008-01-27 17:16:18 38400 --a------ C:\WINDOWS\system32\opnlkjh.dll
2008-01-27 17:16:17 0 d-------- C:\WINDOWS\system32\nGpxx01
2008-01-26 11:43:01 0 d-------- C:\Program Files\Ubisoft
2008-01-25 12:02:10 0 d-------- C:\Documents and Settings\Junior\My Documents
2008-01-24 11:19:56 0 d-------- C:\Documents and Settings\Junior\Application Data\Adobe
2008-01-24 11:03:57 58904 --a------ C:\WINDOWS\system32\sysfolderazipcnt.dll
2008-01-24 11:03:57 58904 --a------ C:\WINDOWS\system32\azipcontmn.dll
2008-01-24 11:03:49 0 d-------- C:\Program Files\AlphaZIP
2008-01-21 09:44:38 53760 --a------ C:\WINDOWS\b122.exe


-- Find3M Report ---------------------------------------------------------------

2008-01-28 01:51:36 0 d-------- C:\Program Files\BitComet
2008-01-28 01:51:32 0 d-------- C:\Program Files\AIM
2008-01-28 00:14:12 0 d-------- C:\Program Files\Common Files
2008-01-27 20:37:25 6144 --a------ C:\WINDOWS\system32\perfc000.dat
2008-01-27 18:53:57 0 d-------- C:\Program Files\Starcraft
2008-01-27 17:17:23 0 d-------- C:\Program Files\Windows Plus
2008-01-27 17:17:06 0 d-------- C:\Program Files\Online Services
2008-01-26 12:13:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-25 12:01:48 0 d-------- C:\Documents and Settings\Junior\Application Data\Aim
2008-01-19 23:49:56 0 d-------- C:\Program Files\Soulseek-Test
2007-12-09 10:45:00 0 d-------- C:\Program Files\LimeWire


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089d8004-de81-4857-a552-6671d923870a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E1500AC-87A5-416b-A211-82E848649DA9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{433BD534-6885-2305-F8CD-66A395FAF8BA}]
01/15/2008 08:30 AM 60928 --a------ C:\WINDOWS\system32\bmtl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{979C18FB-35A3-4D70-9E77-AD4EDD119904}]
01/27/2008 05:21 PM 333312 --a------ C:\WINDOWS\system32\jkhhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98663E21-9CCE-4CF6-863C-911A9523A66F}]
01/27/2008 05:16 PM 38400 --a------ C:\WINDOWS\system32\opnlkjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99291725-7939-455B-ACEC-387508DE1AAD}]
08/02/2007 05:43 AM 282624 --a------ C:\Program Files\Online Services\vizykinu4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A41B291B-987E-4954-B1FD-9E722BEA6178}]
08/02/2007 05:43 AM 282624 --a------ C:\Program Files\Online Services\vizykinu83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C225521C-2913-49C5-26A0-AE19F8B84E68}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 12:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/19/2005 09:09 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/19/2005 09:06 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/19/2005 09:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 03:48 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 10:20 PM C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 02:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/05/2004 11:05 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 08:44 AM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 09:06 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/08/2005 02:00 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [12/30/2005 10:10 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [04/19/2007 10:07 AM]
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [06/20/2005 11:10 AM]
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe" [05/09/2005 11:19 AM]
"SystemOptimizer"="C:\WINDOWS\iihhfe.dll" [08/06/2007 11:30 AM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"runner1"="C:\WINDOWS\mrofinu572.exe" [01/23/2008 11:36 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [12/30/2005 10:10 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [03/12/2004 12:22 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/17/2007 11:46 AM]
"Uaol"="C:\WINDOWS\FNTS~1\wuaclt.exe" [01/27/2008 05:16 PM]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [12/07/2007 09:31 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"RemoveInstallPath"=cmd.exe C:\WINDOWS\system32\cmd.exe /c rmdir /S /Q "C:\PROGRA~1\Dot1XCfg" > nul

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"POSTRBT"=C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /REMEDIATE

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/5/2005 3:52:50 PM]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [3/5/2006 8:57:37 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
MyWebSearch Email Plugin.lnk - C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE [12/30/2005 10:10:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Plus\dirto.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{98663E21-9CCE-4CF6-863C-911A9523A66F}"= C:\WINDOWS\system32\opnlkjh.dll [01/27/2008 05:16 PM 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ialcap]
ialcap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlkjh]
opnlkjh.dll 01/27/2008 05:16 PM 38400 C:\WINDOWS\system32\opnlkjh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc1]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\perfc000.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - PLHRGJHTBSKO
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK



-- End of Deckard's System Scanner: finished at 2008-01-28 02:49:45 ------------

[Pancake]

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

[jrtech]

SDFix:

SDFix: Version 1.133

Run by Junior on Wed 01/30/2008 at 02:13 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\PROGRA~1\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\PROGRA~1\WINDOW~2\ZYLI - Deleted
C:\WINDOWS\system32\CID - Deleted
C:\WINDOWS\system32\SvcNm - Deleted
C:\WINDOWS\system32\upds.log - Deleted
C:\WINDOWS\system32\url1 - Deleted
C:\WINDOWS\system32\url2 - Deleted
C:\WINDOWS\system32\url3 - Deleted





Removing Temp Files...

ADS Check:




Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 02:21:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c7,8d,be,b1,ae,94,5f,ad,1c,a3,94,83,b3,b3,f4,19,e2,f3,7e,03,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ff,b2,6c,2d,14,85,11,2f,83,c3,74,20,c1,0d,65,1c,61,..
"khjeh"=hex:e0,f0,36,f4,8f,fc,a8,8d,e1,46,d5,fe,86,e2,f9,25,37,2a,21,e6,5b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:13,45,c6,fc,4b,4d,f4,d7,01,8f,ee,8b,80,05,69,8d,75,b7,52,ee,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:0c,8a,2c,ec,66,ea,90,c5,4c,83,8d,e1,86,a2,7c,44,0f,6d,e5,30,05,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:33,3f,d0,9d,a1,19,13,56,1e,7c,7c,bc,a3,19,82,4c,8b,18,bb,ab,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c7,8d,be,b1,ae,94,5f,ad,1c,a3,94,83,b3,b3,f4,19,e2,f3,7e,03,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ff,b2,6c,2d,14,85,11,2f,83,c3,74,20,c1,0d,65,1c,61,..
"khjeh"=hex:e0,f0,36,f4,8f,fc,a8,8d,e1,46,d5,fe,86,e2,f9,25,37,2a,21,e6,5b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:13,45,c6,fc,4b,4d,f4,d7,01,8f,ee,8b,80,05,69,8d,75,b7,52,ee,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:68,07,72,f6,69,97,96,e2,f5,f4,ef,25,66,4f,bb,d8,7c,d4,fe,96,a7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:33,3f,d0,9d,a1,19,13,56,1e,7c,7c,bc,a3,19,82,4c,8b,18,bb,ab,cf,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:831bfada
"s1"=dword:2eee09d5
"s2"=dword:a50cda5c
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c7,8d,be,b1,ae,94,5f,ad,1c,a3,94,83,b3,b3,f4,19,e2,f3,7e,03,e2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ff,b2,6c,2d,14,85,11,2f,83,c3,74,20,c1,0d,65,1c,61,..
"khjeh"=hex:e0,f0,36,f4,8f,fc,a8,8d,e1,46,d5,fe,86,e2,f9,25,37,2a,21,e6,5b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:13,45,c6,fc,4b,4d,f4,d7,01,8f,ee,8b,80,05,69,8d,75,b7,52,ee,26,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:68,07,72,f6,69,97,96,e2,f5,f4,ef,25,66,4f,bb,d8,7c,d4,fe,96,a7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:33,3f,d0,9d,a1,19,13,56,1e,7c,7c,bc,a3,19,82,4c,8b,18,bb,ab,cf,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Program Files\Softwin\BitDefender8\Quarantine\ws2_32.dll:fork2 30720 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\PROGRA~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 10 Oct 2007 625,152 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Thu 23 Jun 2005 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Tue 8 May 2007 82,944 ...H. --- "C:\Program Files\Softwin\BitDefender8\Quarantine\ws2_32.dll"
Wed 4 Apr 2001 28,738 A..HR --- "C:\Documents and Settings\Junior\Desktop\Word\MSDE2000\SQLRESLD.DLL"
Wed 26 Apr 2006 12,944 A.SH. --- "C:\Documents and Settings\Junior\Start Menu\My Documents\My Music\License Backup\drmv2key.bak"
Mon 14 May 2007 8 A..H. --- "C:\Documents and Settings\Genesis\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Mon 14 May 2007 8 A..H. --- "C:\Documents and Settings\Genesis\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Mon 14 May 2007 8 A..H. --- "C:\Documents and Settings\Genesis\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Mon 14 May 2007 8 A..H. --- "C:\Documents and Settings\Genesis\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sun 13 May 2007 8 A..H. --- "C:\Documents and Settings\Junior\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 13 May 2007 8 A..H. --- "C:\Documents and Settings\Junior\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Wed 16 May 2007 8 A..H. --- "C:\Documents and Settings\Junior\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 23 May 2007 8 A..H. --- "C:\Documents and Settings\Junior\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!


ComboFix:

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\azipcontmn.dll
C:\WINDOWS\system32\drivers\mcdd.sys
C:\WINDOWS\system32\sysfolderazipcnt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\azipcontmn.dll
C:\WINDOWS\system32\CID\
C:\WINDOWS\system32\drivers\mcdd.sys
C:\WINDOWS\system32\SvcNm\
C:\WINDOWS\system32\sysfolderazipcnt.dll
C:\WINDOWS\system32\url1\
C:\WINDOWS\system32\url2\
C:\WINDOWS\system32\url3\

C:\WINDOWS\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-29 01:10 . 2008-01-29 01:15 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-29 01:10 . 2008-01-29 01:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-29 00:05 . 2008-01-29 00:33 <DIR> d-------- C:\VundoFix Backups
2008-01-28 21:38 . 2008-01-28 21:38 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-28 21:29 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-28 21:29 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-28 14:43 . 2008-01-28 14:43 <DIR> d-------- C:\Program Files\Half Life 2
2008-01-28 02:46 . 2008-01-28 02:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 02:42 . 2008-01-28 02:42 <DIR> d-------- C:\Deckard
2008-01-28 01:24 . 2008-01-28 02:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-28 00:56 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-28 00:41 . 2008-01-28 01:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-28 00:41 . 2008-01-28 00:41 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-28 00:41 . 2008-01-28 00:41 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-28 00:41 . 2008-01-28 00:41 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-28 00:15 . 2008-01-28 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-28 00:14 . 2008-01-28 00:15 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-28 00:14 . 2008-01-28 00:14 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-27 23:34 . 2008-01-28 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-27 23:27 . 2008-01-27 23:27 <DIR> d-------- C:\Program Files\Uniblue
2008-01-27 23:12 . 2008-01-27 23:28 <DIR> d-------- C:\Documents and Settings\Junior\Application Data\Uniblue
2008-01-27 23:02 . 2008-01-27 23:02 <DIR> d-------- C:\Documents and Settings\Junior\Application Data\PC Tools
2008-01-27 22:40 . 2004-10-14 19:22 5,110 --a------ C:\WINDOWS\system32\e100b325.din
2008-01-27 22:40 . 2003-11-03 18:15 1,902 --------- C:\WINDOWS\system32\SetupBD.din
2008-01-27 18:26 . 2008-01-29 16:30 114 --a------ C:\WINDOWS\system32\url3
2008-01-27 18:26 . 2008-01-29 16:30 102 --a------ C:\WINDOWS\system32\url2
2008-01-27 18:26 . 2008-01-29 16:30 102 --a------ C:\WINDOWS\system32\url1
2008-01-27 18:26 . 2008-01-29 16:30 8 --a------ C:\WINDOWS\system32\CID
2008-01-27 18:26 . 2008-01-27 18:26 4 --a------ C:\WINDOWS\system32\SvcNm
2008-01-26 11:43 . 2008-01-26 11:43 <DIR> d-------- C:\Program Files\Ubisoft
2008-01-24 11:03 . 2008-01-24 11:08 <DIR> d-------- C:\Program Files\AlphaZIP
2008-01-02 00:54 . 2002-04-11 19:21 13,335 -ra------ C:\WINDOWS\system32\drivers\usbcm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 03:46 --------- d-----w C:\Program Files\Starcraft
2008-01-29 23:09 14 ----a-w C:\Documents and Settings\Junior\getfile.dat
2008-01-29 08:54 --------- d-----w C:\Program Files\Windows Plus
2008-01-29 07:25 --------- d-----w C:\Program Files\WordPerfect Office 12
2008-01-28 11:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 11:21 --------- d-----w C:\Program Files\Dell
2008-01-28 09:51 --------- d-----w C:\Program Files\BitComet
2008-01-28 09:51 --------- d-----w C:\Program Files\AIM
2008-01-26 20:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 20:01 --------- d-----w C:\Documents and Settings\Junior\Application Data\Aim
2008-01-20 07:49 --------- d-----w C:\Program Files\Soulseek-Test
2007-12-09 18:45 --------- d-----w C:\Program Files\LimeWire
2007-05-14 23:01 14 ----a-w C:\Documents and Settings\Genesis\getfile.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-03-12 12:22 61440]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 03:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-17 11:46 4670704]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-12-07 09:31 9479448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 12:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 21:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 21:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 21:10 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48 32881]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 339968 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 09:06 106496]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 14:00 128920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [ ]
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 11:10 421888]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [2005-05-09 11:19 8192]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-12-05 15:52:50 24576]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-03-05 20:57:37 315392]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 17:21:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-28 07:28:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-28 07:28:04 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 21:03:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
r Running Proce
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-01-29 21:08:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 05:08:38
ComboFix2.txt 2008-01-30 03:39:51
ComboFix3.txt 2008-01-29 09:05:28
.
2008-01-29 06:42:13 --- E O F ---

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:52 AM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZC
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201583178359
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O21 - SSODL: itNvUfnoPKDSkA - {04EE4652-AE44-ECF8-7E0E-53444C0D25FB} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7880 bytes

[Pancake]

We need to download the installation package from Microsoft so that it can be used to install the Recovery Console on your computer.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware. No validation required! Please select the download link below that's appropriate for your Operating System then download and save the setup package to your desktop. If necessary, change the language version to match your installation. Do NOT change the name of the downloaded file!



Microsoft Windows XP Home Edition
Service Pack 1
http://www.microsoft.com/downloads/d...5-719F45C382A4

Service Pack 2
http://www.microsoft.com/downloads/d...D-81C2137FF464

Microsoft Windows XP Professional
Without Service Packs

http://www.microsoft.com/downloads/d...7-4FED408EA73F

Service Pack 1
http://www.microsoft.com/downloads/d...2-631504EF5E26

Service Pack 2
http://www.microsoft.com/downloads/d...C-0A0205368124



Download the file & save it as it's originally named, next to the ComboFix.exe.


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it.




Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

[jrtech]

Hey, I have the Windows mEdia center edition, i'm not sure which one to download.. and do i download both? Also.. these SP packets i think came with my OS already.. but i'm not sure maybe its somehting else.

[sUBs]

Select the XP Pro SP2 copy => http://www.microsoft.com/downloads/d...displaylang=en

[jrtech]

Okay, i've downloaded it.

[Pancake]

Can you go into safe mode and run the Combofix and post the log please.

[jrtech]

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

[sUBs]

You may reboot the machine.

Pancake shall have new instructs for you a bit later

[Pancake]

Can you go into safe mode and run the Combofix and post the log please.