Can't run antivirus or restore system

[romainl45]

Hello,

My computer was running slow, so I tried to scan it but my antivirus could not load (a message said a DLL was missing). I tried to restore the system to a previous state, but a message said the action could not be performed. Here is the DDS log :

DDS (Version 1.0) - NTFSx86
Run by Owner at 14:48:01,96 on 15/11/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.100 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\drivers\downld\145453.exe
C:\WINDOWS\system32\drivers\downld\222343.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://mail.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Qwest
uDefault_Page_URL = hxxp://qwest.live.com
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
mDefault_Page_URL = hxxp://qwest.live.com
mStart Page = hxxp://qwest.live.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
uURLSearchHooks: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - c:\program files\netzero\SearchEnh2.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {68C55168-E188-40DF-A514-835FCD78B1BF} - c:\program files\ie7pro\IE7pro.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TaskSwitchXP] "c:\program files\taskswitchxp\TaskSwitchXP.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgetEngine.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Barre RoboForm - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Chercher avec Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
IE: Enregistrer le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\ie7pro\IE7pro.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\google\google desktop search\GoogleDesktopNetwork1.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {553858A7-4922-4e7e-B1C1-97140C1C16EF} - c:\windows\system32\ieframe.dll
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 sK9Ou0s;sK9Ou0s;\??\c:\windows\system32\drivers\srosa2.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys
R1 srosa;srosa;\??\c:\windows\system32\drivers\srosa.sys
S1 aswSP;avast! Self Protection;
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys

=============== Created Last 30 ================

2008-11-15 12:12 <DIR> --d-h--- c:\docume~1\owner\applic~1\m
2008-11-15 12:04 117,836 a------- c:\windows\system32\drivers\srosa.sys
2008-11-15 12:03 7,168 a------- c:\windows\system32\drivers\srosa2.sys
2008-11-15 00:16 245,760 a------- c:\windows\system32\mp4sds32.ax
2008-11-15 00:16 420,240 a------- c:\windows\system32\mpg4c32.dll
2008-11-14 23:08 <DIR> --d----- c:\program files\Free DVD Ripper
2008-11-14 22:54 <DIR> --d----- C:\platodvdripper
2008-11-14 22:52 761,856 a------- c:\windows\system32\xvidcore.dll
2008-11-14 22:52 159,744 a------- c:\windows\system32\xvidvfw.dll
2008-11-14 22:52 77,824 a------- c:\windows\system32\xvid.ax
2008-11-14 22:52 <DIR> --d----- c:\program files\Plato DVD Ripper Professional
2008-11-14 16:09 <DIR> --d----- c:\program files\Wise Registry Cleaner 3
2008-11-12 17:47 <DIR> --d----- c:\program files\MSXML 4.0
2008-11-12 16:55 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:54 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 16:53 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-09 16:53 1,409 a------- c:\windows\QTFont.for
2008-10-26 19:37 <DIR> --d----- C:\EPSONREG
2008-10-26 19:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ArcSoft
2008-10-26 19:33 86,528 a------- c:\windows\system32\E_FLBEGA.DLL
2008-10-26 19:33 78,848 a------- c:\windows\system32\E_FD4BEGA.DLL
2008-10-26 19:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2008-10-26 19:31 <DIR> --d----- c:\program files\epson
2008-10-26 19:31 44 a------- c:\windows\EPSNX400.ini
2008-10-24 04:26 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

==================== Find3M ====================

2008-11-15 14:48 <DIR> --d----- c:\docume~1\owner\applic~1\SlimBrowser
2008-11-15 12:35 <DIR> --d----- c:\program files\ewido anti-malware
2008-11-15 12:26 <DIR> --d----- c:\program files\SlimBrowser
2008-11-15 07:39 <DIR> --d----- c:\program files\eMule
2008-11-14 23:41 <DIR> --d----- c:\program files\AviSynth 2.5
2008-11-14 23:40 <DIR> --d----- c:\program files\Ripp-it_AM
2008-11-14 23:20 <DIR> --d----- c:\program files\FreeCDRipper
2008-11-14 01:34 <DIR> --d----- c:\docume~1\owner\applic~1\Azureus
2008-11-13 10:24 3,714 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-10 09:22 <DIR> --d----- c:\program files\EClea2_0
2008-11-04 11:23 <DIR> --d----- c:\docume~1\owner\applic~1\Sony Corporation
2008-10-28 10:34 <DIR> --d----- c:\program files\regclean
2008-10-17 16:33 <DIR> --d----- c:\docume~1\owner\applic~1\W Photo Studio Viewer
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-29 10:22 171,546 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2008-09-29 08:44 <DIR> --d----- c:\program files\Secunia
2008-09-22 10:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2008-09-22 10:34 <DIR> --d----- c:\program files\Spyware Terminator
2008-09-22 10:16 <DIR> --d----- c:\docume~1\owner\applic~1\Spyware Terminator
2008-09-22 08:05 <DIR> --d----- c:\program files\Musicmatch
2008-09-15 06:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 22:23 <DIR> --d----- c:\docume~1\owner\applic~1\zweitgeist
2008-09-09 19:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 11:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-26 01:24 826,368 a------- c:\windows\system32\wininet.dll
2008-06-09 08:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Karen's Power Tools
2008-06-06 16:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreeRIP
2008-05-20 00:10 <DIR> --d----- c:\docume~1\owner\applic~1\Auslogics
2008-05-15 10:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-05-12 07:17 <DIR> --d----- c:\docume~1\owner\applic~1\Bret Taylor
2008-05-02 11:48 <DIR> --d----- c:\docume~1\owner\applic~1\Move Networks
2008-04-08 20:53 <DIR> --d----- c:\docume~1\owner\applic~1\Comodo
2008-04-08 20:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\comodo
2008-04-07 06:02 <DIR> --d----- c:\docume~1\owner\applic~1\Outertech
2008-04-04 10:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-03-17 09:47 <DIR> --d----- c:\docume~1\owner\applic~1\Delivery
2008-02-20 10:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NCH Swift Sound
2008-02-20 10:01 <DIR> --d----- c:\docume~1\owner\applic~1\NCH Swift Sound
2008-02-13 12:41 <DIR> --d----- c:\docume~1\owner\applic~1\Hamachi
2008-02-08 22:56 <DIR> --d----- c:\docume~1\owner\applic~1\FDRLab
2008-01-21 17:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Windows Live Toolbar
2008-01-05 12:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel
2007-12-17 07:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NetZero
2007-12-03 12:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Corporation
2007-11-25 13:59 <DIR> --d----- c:\docume~1\owner\applic~1\NoteTab Light
2007-11-23 15:53 <DIR> --d----- c:\docume~1\owner\applic~1\Walgreens
2007-11-22 22:16 <DIR> --d----- c:\docume~1\owner\applic~1\Vso
2007-10-29 21:40 <DIR> --d----- c:\docume~1\owner\applic~1\Xi
2007-10-09 22:34 <DIR> --d----- c:\docume~1\owner\applic~1\OfficeUpdate12
2007-08-28 15:35 <DIR> --d----- c:\docume~1\owner\applic~1\VersionTracker Pro
2007-08-26 16:31 <DIR> --d----- c:\docume~1\owner\applic~1\ma-config.com
2007-08-08 22:19 <DIR> --d----- c:\docume~1\owner\applic~1\demo
2007-06-12 16:45 <DIR> --d----- c:\docume~1\owner\applic~1\Snapfish
2007-06-07 16:09 <DIR> --d----- c:\docume~1\owner\applic~1\Uniblue
2007-03-15 15:35 <DIR> --d----- c:\docume~1\owner\applic~1\Dalloz
2007-02-05 13:51 <DIR> --d----- c:\docume~1\owner\applic~1\IE7pro
2007-01-07 20:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers Headquarters
2006-10-29 21:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2006-10-10 20:58 <DIR> --d----- c:\docume~1\owner\applic~1\RTDciv
2006-08-09 20:28 <DIR> --d----- c:\docume~1\owner\applic~1\WinPatrol
2006-05-21 21:38 <DIR> --d----- c:\docume~1\owner\applic~1\vlc
2006-04-23 21:52 <DIR> --d----- c:\docume~1\owner\applic~1\OLYMPUS
2006-03-27 21:10 <DIR> --d----- c:\docume~1\owner\applic~1\OrphansRemover
2006-02-21 08:58 <DIR> --d----- c:\docume~1\owner\applic~1\AOL
2006-02-21 08:10 <DIR> --d----- c:\docume~1\owner\applic~1\You've Got Pictures Screensaver
2006-02-21 08:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2006-02-21 08:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2006-01-26 19:21 <DIR> --d----- c:\docume~1\owner\applic~1\Jasc Software Inc
2006-01-13 09:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2005-11-08 14:07 <DIR> --d----- c:\docume~1\owner\applic~1\My Games
2005-10-25 09:13 <DIR> --d----- c:\docume~1\owner\applic~1\eConf
2005-09-06 21:14 <DIR> --d----- c:\docume~1\owner\applic~1\Copernic
2005-09-03 08:47 <DIR> --d----- c:\docume~1\owner\applic~1\XnView
2005-09-02 21:14 <DIR> --d----- c:\docume~1\owner\applic~1\ACAMPREF
2005-08-25 09:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2005-08-24 23:44 <DIR> --d----- c:\docume~1\owner\applic~1\Symantec
2005-03-07 18:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\VAIO Media Platform
2005-03-07 18:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2005-03-07 18:39 <DIR> --d----- c:\docume~1\owner\applic~1\Intuit
2005-03-02 19:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2005-09-01 08:44 21 ---sh--- c:\windows\dpwtddxp.dll
2005-09-01 08:44 14 ---sh--- c:\windows\dpwtpdxp.dll
2008-02-10 22:17 8 ---shr-- c:\windows\system32\4412AE13D9.sys
2005-09-01 08:44 21 ---sh--- c:\windows\system32\dpwtdaxp.dll
2005-09-01 08:44 14 ---sh--- c:\windows\system32\dpwtpaxp.dll
2005-09-01 08:44 12 ---sh--- c:\windows\system32\spwtpaxp.dll

============= FINISH: 14:49:45,75 ===============


Thank you !

[sjb007]

Hi there romainl45

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Please copy and paste any requested logs into replies rather than add as attachments, this makes it easier for analysis.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

If this is a computer from a work place then please advise your IT department of the concerning issues before commencing past this point.

Please follow these directions in the order they are set out for you.

I see you have P2P software ( Azureus,eMule ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here and here.

I would strongly recommend that you uninstall them. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

--------------------------------------------------------------------

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt results so we can continue cleaning the system.

[romainl45]

Thank you. Here is the ComboFix log:

ComboFix 08-11-16.04 - Owner 2008-11-16 22:02:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.125 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\CFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\m
C:\InfoSat.txt
c:\program files\INSTALL.LOG
c:\program files\TaskSwitchXP\TaskSwitchXP.exe
c:\windows\setup.exe
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\103093.exe
c:\windows\system32\drivers\downld\104703.exe
c:\windows\system32\drivers\downld\114390.exe
c:\windows\system32\drivers\downld\125984.exe
c:\windows\system32\drivers\downld\127000.exe
c:\windows\system32\drivers\downld\137296.exe
c:\windows\system32\drivers\downld\138406.exe
c:\windows\system32\drivers\downld\147218.exe
c:\windows\system32\drivers\downld\14832953.exe
c:\windows\system32\drivers\downld\14876203.exe
c:\windows\system32\drivers\downld\14877953.exe
c:\windows\system32\drivers\downld\148906.exe
c:\windows\system32\drivers\downld\14910828.exe
c:\windows\system32\drivers\downld\14912078.exe
c:\windows\system32\drivers\downld\14913796.exe
c:\windows\system32\drivers\downld\149187.exe
c:\windows\system32\drivers\downld\14927265.exe
c:\windows\system32\drivers\downld\14996000.exe
c:\windows\system32\drivers\downld\14996500.exe
c:\windows\system32\drivers\downld\15062906.exe
c:\windows\system32\drivers\downld\15086656.exe
c:\windows\system32\drivers\downld\15122390.exe
c:\windows\system32\drivers\downld\158609.exe
c:\windows\system32\drivers\downld\160750.exe
c:\windows\system32\drivers\downld\169312.exe
c:\windows\system32\drivers\downld\182796.exe
c:\windows\system32\drivers\downld\184828.exe
c:\windows\system32\drivers\downld\185015.exe
c:\windows\system32\drivers\downld\186265.exe
c:\windows\system32\drivers\downld\190406.exe
c:\windows\system32\drivers\downld\191437.exe
c:\windows\system32\drivers\downld\191578.exe
c:\windows\system32\drivers\downld\200531.exe
c:\windows\system32\drivers\downld\215421.exe
c:\windows\system32\drivers\downld\217406.exe
c:\windows\system32\drivers\downld\219562.exe
c:\windows\system32\drivers\downld\226406.exe
c:\windows\system32\drivers\downld\229578.exe
c:\windows\system32\drivers\downld\230156.exe
c:\windows\system32\drivers\downld\273093.exe
c:\windows\system32\drivers\downld\273625.exe
c:\windows\system32\drivers\downld\274296.exe
c:\windows\system32\drivers\downld\287234.exe
c:\windows\system32\drivers\downld\287906.exe
c:\windows\system32\drivers\downld\301109.exe
c:\windows\system32\drivers\downld\311406.exe
c:\windows\system32\drivers\downld\311687.exe
c:\windows\system32\drivers\downld\326140.exe
c:\windows\system32\drivers\downld\335390.exe
c:\windows\system32\drivers\downld\352765.exe
c:\windows\system32\drivers\downld\354421.exe
c:\windows\system32\drivers\downld\356234.exe
c:\windows\system32\drivers\downld\357156.exe
c:\windows\system32\drivers\downld\398937.exe
c:\windows\system32\drivers\downld\415812.exe
c:\windows\system32\drivers\downld\554734.exe
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\open.ico

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-16 15:20 . 2008-11-16 15:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-16 15:20 . 2008-11-16 15:20 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-16 15:20 . 2008-11-16 15:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-16 15:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-16 15:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-16 14:47 . 2008-11-16 21:51 <DIR> d-------- c:\program files\MYweb4net
2008-11-16 14:47 . 2008-11-16 21:51 <DIR> d-------- c:\documents and settings\Owner\Application Data\MYweb4net
2008-11-16 01:32 . 2008-11-16 01:32 <DIR> d-------- c:\program files\Panda Security
2008-11-16 00:06 . 2008-11-16 16:23 <DIR> d-------- c:\program files\AVPersonal
2008-11-15 22:41 . 2006-09-05 10:03 3,968 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-15 22:34 . 2008-11-15 22:34 <DIR> d-------- C:\HiijackThis
2008-11-15 00:16 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2008-11-15 00:16 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2008-11-14 23:08 . 2008-11-14 23:09 <DIR> d-------- c:\program files\Free DVD Ripper
2008-11-14 22:54 . 2008-11-14 22:55 <DIR> d-------- C:\platodvdripper
2008-11-14 22:52 . 2008-11-14 22:52 <DIR> d-------- c:\program files\Plato DVD Ripper Professional
2008-11-14 22:52 . 2005-12-30 19:10 761,856 --a------ c:\windows\system32\xvidcore.dll
2008-11-14 22:52 . 2006-02-28 20:17 159,744 --a------ c:\windows\system32\xvidvfw.dll
2008-11-14 22:52 . 2005-12-30 19:16 77,824 --a------ c:\windows\system32\xvid.ax
2008-11-14 16:09 . 2008-11-14 17:14 <DIR> d-------- c:\program files\Wise Registry Cleaner 3
2008-11-12 17:49 . 2008-11-12 17:49 1,393 --a------ c:\windows\imsins.BAK
2008-11-12 17:47 . 2008-11-12 17:47 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 16:55 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:54 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 16:53 . 2008-11-13 10:24 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-09 16:53 . 2008-11-09 16:53 1,409 --a------ c:\windows\QTFont.for
2008-10-27 08:17 . 2008-10-27 08:20 <DIR> d-------- c:\documents and settings\Owner\Application Data\Winamp
2008-10-26 19:37 . 2008-10-26 19:37 <DIR> d-------- C:\EPSONREG
2008-10-26 19:35 . 2008-10-26 19:35 <DIR> d-------- c:\documents and settings\Owner\Application Data\Arcsoft
2008-10-26 19:35 . 2008-10-26 19:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ArcSoft
2008-10-26 19:34 . 2008-10-26 19:34 <DIR> d-------- c:\program files\Common Files\ArcSoft
2008-10-26 19:34 . 2008-10-26 19:34 <DIR> d-------- c:\program files\ArcSoft
2008-10-26 19:33 . 2007-12-06 20:08 86,528 --a------ c:\windows\system32\E_FLBEGA.DLL
2008-10-26 19:33 . 2007-12-06 20:01 78,848 --a------ c:\windows\system32\E_FD4BEGA.DLL
2008-10-26 19:32 . 2008-10-26 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\EPSON
2008-10-26 19:31 . 2008-10-26 19:35 <DIR> d-------- c:\program files\epson
2008-10-26 19:31 . 2008-10-26 19:37 44 --a------ c:\windows\EPSNX400.ini
2008-10-24 04:26 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 04:03 --------- d-----w c:\program files\TaskSwitchXP
2008-11-17 03:57 --------- d-----w c:\documents and settings\Owner\Application Data\Spyware Terminator
2008-11-17 03:13 --------- d-----w c:\program files\Spyware Terminator
2008-11-17 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-11-16 22:21 --------- d-----w c:\documents and settings\Owner\Application Data\SlimBrowser
2008-11-16 22:18 61,440 ----a-w c:\program files\sarcli.exe
2008-11-16 22:18 401,408 ----a-w c:\program files\sargui.exe
2008-11-16 22:18 35,840 ----a-w c:\program files\helper.exe
2008-11-16 04:34 --------- d-----w c:\documents and settings\Owner\Application Data\Azureus
2008-11-16 01:06 --------- d-----w c:\program files\regclean
2008-11-15 18:35 --------- d-----w c:\program files\ewido anti-malware
2008-11-15 18:26 --------- d-----w c:\program files\SlimBrowser
2008-11-15 13:39 --------- d-----w c:\program files\eMule
2008-11-15 05:41 --------- d-----w c:\program files\AviSynth 2.5
2008-11-15 05:40 --------- d-----w c:\program files\Ripp-it_AM
2008-11-15 05:20 --------- d-----w c:\program files\FreeCDRipper
2008-11-13 16:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 16:31 --------- d-----w c:\documents and settings\Owner\Application Data\Corel
2008-11-10 15:22 --------- d-----w c:\program files\EClea2_0
2008-11-04 17:23 --------- d-----w c:\documents and settings\Owner\Application Data\Sony Corporation
2008-11-04 14:33 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2008-10-27 14:18 --------- d-----w c:\program files\Winamp
2008-10-27 01:45 --------- d-----w c:\program files\Hewlett-Packard
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 23:51 --------- d-----w c:\documents and settings\LocalService\Application Data\Sony Corporation
2008-10-17 22:33 --------- d-----w c:\documents and settings\Owner\Application Data\W Photo Studio Viewer
2008-09-29 14:44 --------- d-----w c:\program files\Secunia
2008-09-22 14:05 --------- d-----w c:\program files\Musicmatch
2008-09-19 03:00 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-09-08 02:56 102,424 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-06-09 14:15 1,321,976 ----a-w c:\program files\ptdirprn-setup.exe
2008-06-06 22:39 9,659,807 ----a-w c:\program files\fcrsetup.exe
2008-06-06 22:27 1,134,226 ----a-w c:\program files\Setup_KRAC_EN.exe
2008-05-13 19:37 1,346,784 ----a-w c:\program files\EClea2_0.zip
2008-05-02 02:11 532,480 ----a-w c:\program files\cwshredder.exe
2008-04-30 17:28 4,726,096 ----a-w c:\program files\AWCSetup.exe
2008-04-27 05:07 1,439,646 ----a-w c:\program files\123memor.exe
2008-04-21 16:52 25,839,688 ----a-w c:\program files\wmp11-windowsxp-x86-FR-FR.exe
2008-04-21 16:50 2,202,008 ----a-w c:\program files\wmp11-windowsxp-x86-enu.exe.part
2008-04-21 16:48 1,478,696 ----a-w c:\program files\GenuineCheck.exe
2008-04-21 16:30 2,223,653 ----a-w c:\program files\mpc2kxp6490.zip
2008-04-20 17:05 1,495,112 ----a-w c:\program files\install_flash_player.exe
2008-04-20 16:54 318,904 ----a-w c:\program files\wmpfirefoxplugin.exe
2008-04-19 03:14 3,861,320 ----a-w c:\program files\eMule0.48a-Installer2.exe
2008-04-18 21:01 6,575,800 ----a-w c:\program files\sunbelt-personal-firewall-ex-kerio_sunbelt_personal_firewall_4.3.916_francais_11071.exe
2008-04-12 20:15 190 ----a-w c:\program files\95R50zz1H4.rar
2008-04-08 03:38 20,902,656 ----a-w c:\program files\CFP_Setup_3.0.21.329_XP_Vista_x32.exe
2008-04-03 03:55 7,649,072 ----a-w c:\program files\Firefox Setup 3.0 Beta 5.exe
2008-03-10 20:49 923,280 ----a-w c:\program files\processscanner.exe
2008-03-03 13:35 399,780 ----a-w c:\program files\IEScreenshotInstaller.exe
2008-03-01 20:37 1,107,536 ----a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2008-03-01 20:34 16,671,744 ----a-w c:\program files\Snapfire130_FR_COREL.msi
2008-02-20 19:19 513,544 ----a-w c:\program files\Turbo Cut File v2.21_freeware.zip
2008-02-20 15:58 432,552 ----a-w c:\program files\wavepsetup.exe
2008-02-01 10:11 39,451 ----a-w c:\program files\GetDiz.chm
2008-01-31 20:11 3,277 ----a-w c:\program files\readme.nfo
2008-01-31 19:29 285,184 ----a-w c:\program files\GetDiz.exe
2008-01-29 13:38 184,075 ------w c:\program files\dicorime.zip
2008-01-23 14:50 2,904,384 ----a-w c:\program files\ca_yahooantispy_211_setup_en.exe
2008-01-10 17:07 525,816 ----a-w c:\program files\PC-Decrapifier-1.8.6.exe
2008-01-07 14:06 7,934,488 ----a-w c:\program files\dap86.exe
2008-01-06 20:24 3,159,040 ----a-w c:\program files\SeaToolsForWindowsSetup.exe
2007-12-17 13:57 6,042,619 ------w c:\program files\Setup_FreeFlvConverter.exe
2007-12-14 22:20 1,401,291 ----a-w c:\program files\MP4Cam2AVI_v2.71.zip
2007-12-11 13:54 1,280,956 ----a-w c:\program files\happy_install.exe
2007-12-08 19:27 1,193,451 ------w c:\program files\FLVplayer_v0.0.5.exe
2007-11-23 04:16 81,920 ----a-w c:\documents and settings\Owner\Application Data\ezpinst.exe
2007-11-23 04:16 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2007-10-29 20:19 2,155,208 ----a-w c:\program files\totalcommander_7-02a.exe
2007-10-29 19:49 3,237,948 ----a-w c:\program files\NXSetup_Vista(x86).zip
2007-10-29 15:03 11,070,584 ----a-w c:\program files\ezvideosfree.exe
2007-10-29 14:47 1,644,181 ----a-w c:\program files\net-transport_net_transport_1.94d_anglais_11133.exe
2007-10-22 18:02 28,982 ----a-w c:\program files\xp_remove_hotfix_backup.zip
2007-10-18 03:39 11,590,948 ----a-w c:\program files\GAME - Puzzle Inlay+Magic Inlay.rar
2007-10-14 15:56 527,168 ----a-w c:\program files\yahoo_installer.exe
2007-10-12 03:30 1,446,932 ----a-w c:\program files\bubble97.zip
2007-10-12 03:15 1,191,365 ----a-w c:\program files\WDCSetup.exe
2007-10-12 03:12 530,458 ----a-w c:\program files\PC-Decrapifier-1.8.3.exe
2007-10-08 04:52 133,544 ----a-w c:\program files\TubeMeV1.2.rar
2007-10-05 16:33 3,262,255 ----a-w c:\program files\ChickenInvadersInstaller130.exe
2007-10-03 04:00 17,012,488 ----a-w c:\program files\setupfre.exe
2007-10-01 13:28 61,694,328 ----a-w c:\program files\defcon-win32-v1.43.exe
2007-10-01 12:49 26,464 ----a-w c:\program files\ExpiredCookiesCleaner.zip
2007-10-01 12:47 1,586,114 ------w c:\program files\regdefrag_install.exe
2007-08-28 21:21 388,915 ----a-w c:\program files\dustbuster.zip
2007-08-09 04:19 5,393,800 ----a-w c:\program files\SudokuSetup.exe
2007-07-30 03:19 734,006 ----a-w c:\program files\wf107.exe
2007-07-25 04:29 1,578,378 ------w c:\program files\diskdefrag_install.exe
2007-07-17 03:54 495,702 ----a-w c:\program files\autoruns.zip
2007-06-24 16:47 1,534,085 ----a-w c:\program files\the-rad-video-tools_the_rad_video_tools_1.8v_anglais_11111.exe
2007-06-20 04:00 384,432 ----a-w c:\program files\MostFun-Tetris.exe
2007-06-05 22:07 7,394,519 ----a-w c:\program files\Alcohol_120_v1.9.6.4719_Retail_Incl_Activator.rar
2007-06-04 21:29 5,319,309 ----a-w c:\program files\SpeedUpMyPC.v3.5.2321.28 + Crack.rar
2007-05-08 03:11 5,278,017 ----a-w c:\program files\tf0_2.zip
2007-05-08 03:08 13,505,824 ----a-w c:\program files\AndYetItMoves_Win_v1_04.zip
2007-04-30 23:41 2,714,784 ----a-w c:\program files\ccsetup139.exe
2007-04-22 04:31 66,048 ----a-w c:\program files\ExpiredCookiesCleaner.exe
2007-04-07 04:11 2,685,104 ----a-w c:\program files\ccsetup138.exe
2007-03-27 01:28 641,881 ----a-w c:\program files\windirstat1_1_2_setup.exe
2007-03-26 23:55 3,453,243 ----a-w c:\program files\Vopt 8.09 -For Hd Defragment Full Crack.rar
2005-09-01 14:44 21 --sh--w c:\windows\dpwtddxp.dll
2005-09-01 14:44 14 --sh--w c:\windows\dpwtpdxp.dll
2008-02-11 04:17 8 --sh--r c:\windows\system32\4412AE13D9.sys
2005-09-01 14:44 21 --sh--w c:\windows\system32\dpwtdaxp.dll
2005-09-01 14:44 14 --sh--w c:\windows\system32\dpwtpaxp.dll
2005-09-01 14:44 12 --sh--w c:\windows\system32\spwtpaxp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 333120]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-16 81000]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-06-26 24651]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 2913584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Assistant d'Acrobat.lnk]
backup=c:\windows\pss\Assistant d'Acrobat.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\WASTE\\WASTE.exe"=
"c:\\Program Files\\Ubisoft\\Chessmaster 10th Edition\\game.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgetEngine.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnectLaunch.exe"=
"c:\\Program Files\\Tweak-XP Pro 4\\tweak-xp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Torpark\\Torpark 2.0.0.3a\\Torpark.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10402:TCP"= 10402:TCP:eMule TCP
"10700:UDP"= 10700:UDP:eMule UDP
"19733:TCP"= 19733:TCP:Azureus TCP

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-03-27 141312]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB []
S1 aswSP;avast! Self Protection; []
S1 sK9Ou0s;sK9Ou0s;\??\c:\windows\system32\drivers\srosa2.sys []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS []
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-02-19 7808]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB []
S4 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-10-26 104960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b492b722-8a34-11dc-b3b6-0012178aeb7c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-11-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 19:32]

2008-11-17 c:\windows\Tasks\User_Feed_Synchronization-{6182AE7D-49B4-4DAF-A43C-79D854AD0C20}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TaskSwitchXP - c:\program files\TaskSwitchXP\TaskSwitchXP.exe
Notify-WgaLogon - (no file)
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\40gq8ge4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://mail.yahoo.com/
FF -: plugin - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - c:\program files\Google\Google Updater\1.4.660.29079\npCIDetect7.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 22:05:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\snmp.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
.
**************************************************************************
.
Completion time: 2008-11-16 22:12:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-17 04:12:07

Pre-Run: 16*272*535*552 bytes free
Post-Run: 16,257,699,840 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

369 --- E O F --- 2008-11-12 23:56:19

[sjb007]

Hi there

Cracked (Illegal) Software

Alongside P2P applications this is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

=================================

We will need to unhide hidden files:
Open up your computer
From the tools menu select folder options
Click on the view tab
Scrol down to where it says hidden files and folder
Place a check in the box entitled show hidden files and folders
remove the check mark next to hide protected operating system files (recommended)
Click on apply
Click on ok

=================================

Please go to: VirusTotal

• In the middle of the page you'll find a "Browse" button.
  
  
  
  Click the "Browse" button and browse to this file in RED:
  
  c:\windows\system32\dpwtpaxp.dll
  
  
• Click "Open".
• Then click the "Send File" button at the bottom of the VirusTotal page.
• This will scan the file. Please be patient.
• Once scanned, copy and paste the results in your next reply.

Do the same with:

c:\windows\system32\4412AE13D9.sys
and
c:\windows\system32\spwtpaxp.dll

=================================

Next.....

Go to start menu - Select Run and in the command box type in notepad
Next - copy/paste the text in the code box below into it:

Quote:

Driver::
srosa

Rootkit::
C:\WINDOWS\system32\drivers\srosa.sys

- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.



Combofix will then execute the script and produce a fresh log
Save and post this log back in your next reply.

=================================

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

=================================

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

This animation will guide you through the process:


**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please post back with the following reports:
>> Results from virustotal
>> Combofix Log
>> Kaspersky Scan results

[romainl45]

Hello,

Thank you. I will uninstall the P2P and caracked programs as soon as this cleaning process is over.

Here are the Virustotal results, the Combofix log and the Kaspersky Scan results.

Fichier dpwtpaxp.dll reçu le 2008.11.17 2221 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/36 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 3.
L'heure estimée de démarrage est entre 54 et 77 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.18.0 2008.11.17 -
AntiVir 7.9.0.31 2008.11.17 -
Authentium 5.1.0.4 2008.11.17 -
Avast 4.8.1281.0 2008.11.17 -
AVG 8.0.0.199 2008.11.17 -
BitDefender 7.2 2008.11.17 -
CAT-QuickHeal 10.00 2008.11.17 -
ClamAV 0.94.1 2008.11.17 -
DrWeb 4.44.0.09170 2008.11.17 -
eSafe 7.0.17.0 2008.11.17 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.17 -
F-Prot 4.4.4.56 2008.11.17 -
F-Secure 8.0.14332.0 2008.11.17 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.17 -
Ikarus T3.1.1.45.0 2008.11.17 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.17 -
McAfee 5437 2008.11.17 -
Microsoft 1.4104 2008.11.17 -
NOD32 3619 2008.11.17 -
Norman 5.80.02 2008.11.17 -
Panda 9.0.0.4 2008.11.17 -
PCTools 4.4.2.0 2008.11.17 -
Prevx1 V2 2008.11.17 -
Rising 21.04.02.00 2008.11.17 -
SecureWeb-Gateway 6.7.6 2008.11.17 -
Sophos 4.35.0 2008.11.17 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.17 -
TheHacker 6.3.1.1.155 2008.11.15 -
TrendMicro 8.700.0.1004 2008.11.17 -
VBA32 3.12.8.9 2008.11.17 -
ViRobot 2008.11.17.1472 2008.11.17 -
VirusBuster 4.5.11.0 2008.11.17 -
Information additionnelle
File size: 14 bytes
MD5...: 16257bb43797fcab05cbe8d76822e8a0
SHA1..: b893ae88529f10dfa6082126d42a66f156869cba
SHA256: 39bc37d4cbf8f7b01db34b480c4d2429d2cac84b9d28fe6989c700cdd5734ef4
SHA512: 032b895affd2166a4335c3094470b56e40034252a5ad204e99fd3fd1cc1fc5c3
e688491e0d07a4a3ad620abea93930ed2bd1c6d63da2ac3982adeae211d28fda
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -


File 4412AE13D9.sys received on 11.17.2008 23:31:13 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.11.18.0 2008.11.17 -
AntiVir 7.9.0.31 2008.11.17 -
Authentium 5.1.0.4 2008.11.17 -
Avast 4.8.1281.0 2008.11.17 -
AVG 8.0.0.199 2008.11.17 -
BitDefender 7.2 2008.11.17 -
CAT-QuickHeal 10.00 2008.11.17 -
ClamAV 0.94.1 2008.11.17 -
DrWeb 4.44.0.09170 2008.11.17 -
eSafe 7.0.17.0 2008.11.17 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.17 -
F-Prot 4.4.4.56 2008.11.17 -
F-Secure 8.0.14332.0 2008.11.17 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.17 -
Ikarus T3.1.1.45.0 2008.11.17 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.17 -
McAfee 5437 2008.11.17 -
Microsoft 1.4104 2008.11.17 -
NOD32 3619 2008.11.17 -
Norman 5.80.02 2008.11.17 -
Panda 9.0.0.4 2008.11.17 -
PCTools 4.4.2.0 2008.11.17 -
Prevx1 V2 2008.11.17 -
Rising 21.04.02.00 2008.11.17 -
SecureWeb-Gateway 6.7.6 2008.11.17 -
Sophos 4.35.0 2008.11.17 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.17 -
TheHacker 6.3.1.1.155 2008.11.15 -
TrendMicro 8.700.0.1004 2008.11.17 -
VBA32 3.12.8.9 2008.11.17 -
ViRobot 2008.11.17.1472 2008.11.17 -
VirusBuster 4.5.11.0 2008.11.17 -
Additional information
File size: 8 bytes
MD5...: 0641a46f1e58529a42ead4573a3a0861
SHA1..: 2fa91927668fb0b3a4da32722825e15080cb5c21
SHA256: 9d7d948ef1329cc1db5fb77cbe9ed7bbf7d74cd8be1ad214689ebbe52a2267cb
SHA512: a176bddbd12b058a1932bcf39e6b848c195b4293aad3dcb829ed8b093c2d096a
deb5dbaf2e5182bebab7afb899c47f5e33298060f7cedbbd7ef569ac36f23a6e
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -


File spwtpaxp.dll received on 11.17.2008 23:54:29 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 54 and 77 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.11.18.0 2008.11.17 -
AntiVir 7.9.0.31 2008.11.17 -
Authentium 5.1.0.4 2008.11.17 -
Avast 4.8.1281.0 2008.11.17 -
AVG 8.0.0.199 2008.11.17 -
BitDefender 7.2 2008.11.17 -
CAT-QuickHeal 10.00 2008.11.17 -
ClamAV 0.94.1 2008.11.17 -
DrWeb 4.44.0.09170 2008.11.17 -
eSafe 7.0.17.0 2008.11.17 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.17 -
F-Prot 4.4.4.56 2008.11.17 -
F-Secure 8.0.14332.0 2008.11.17 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.17 -
Ikarus T3.1.1.45.0 2008.11.17 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.17 -
McAfee 5437 2008.11.17 -
Microsoft 1.4104 2008.11.17 -
NOD32 3619 2008.11.17 -
Norman 5.80.02 2008.11.17 -
Panda 9.0.0.4 2008.11.17 -
PCTools 4.4.2.0 2008.11.17 -
Prevx1 V2 2008.11.17 -
Rising 21.04.02.00 2008.11.17 -
SecureWeb-Gateway 6.7.6 2008.11.17 -
Sophos 4.35.0 2008.11.17 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.17 -
TheHacker 6.3.1.1.155 2008.11.15 -
TrendMicro 8.700.0.1004 2008.11.17 -
VBA32 3.12.8.9 2008.11.17 -
ViRobot 2008.11.17.1472 2008.11.17 -
VirusBuster 4.5.11.0 2008.11.17 -
Additional information
File size: 12 bytes
MD5...: 54097c1b21380e5729e5e27c877896c5
SHA1..: a818b7e9318f9e3a74e6fe3669e4be40718a7bfa
SHA256: 40e5c449c4e64a3800de1580eadd3d1483fa06fb955a552cc307452a9165262b
SHA512: 19f2cbbe10464794c2b583693fa4409d2a1779a4c277c330520474cbdf238318
132c4c87c7f51d1e87d4749a0d23ba5236c720de41a0a244498008aa9e9c8717
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

________
ComboFix 08-11-16.05 - Owner 2008-11-17 17:17:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.86 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\CFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-16 15:20 . 2008-11-16 15:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-16 15:20 . 2008-11-16 15:20 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-16 15:20 . 2008-11-16 15:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-16 15:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-16 15:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-16 14:47 . 2008-11-16 21:51 <DIR> d-------- c:\program files\MYweb4net
2008-11-16 14:47 . 2008-11-17 00:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\MYweb4net
2008-11-16 01:32 . 2008-11-16 01:32 <DIR> d-------- c:\program files\Panda Security
2008-11-16 00:06 . 2008-11-16 16:23 <DIR> d-------- c:\program files\AVPersonal
2008-11-15 22:41 . 2006-09-05 10:03 3,968 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-15 22:34 . 2008-11-15 22:34 <DIR> d-------- C:\HiijackThis
2008-11-15 00:16 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2008-11-15 00:16 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2008-11-14 23:08 . 2008-11-14 23:09 <DIR> d-------- c:\program files\Free DVD Ripper
2008-11-14 22:54 . 2008-11-14 22:55 <DIR> d-------- C:\platodvdripper
2008-11-14 22:52 . 2008-11-14 22:52 <DIR> d-------- c:\program files\Plato DVD Ripper Professional
2008-11-14 22:52 . 2005-12-30 19:10 761,856 --a------ c:\windows\system32\xvidcore.dll
2008-11-14 22:52 . 2006-02-28 20:17 159,744 --a------ c:\windows\system32\xvidvfw.dll
2008-11-14 22:52 . 2005-12-30 19:16 77,824 --a------ c:\windows\system32\xvid.ax
2008-11-14 16:09 . 2008-11-14 17:14 <DIR> d-------- c:\program files\Wise Registry Cleaner 3
2008-11-12 17:49 . 2008-11-12 17:49 1,393 --a------ c:\windows\imsins.BAK
2008-11-12 17:47 . 2008-11-12 17:47 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 16:55 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:54 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-27 08:17 . 2008-10-27 08:20 <DIR> d-------- c:\documents and settings\Owner\Application Data\Winamp
2008-10-26 19:37 . 2008-10-26 19:37 <DIR> d-------- C:\EPSONREG
2008-10-26 19:35 . 2008-10-26 19:35 <DIR> d-------- c:\documents and settings\Owner\Application Data\Arcsoft
2008-10-26 19:35 . 2008-10-26 19:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ArcSoft
2008-10-26 19:34 . 2008-10-26 19:34 <DIR> d-------- c:\program files\Common Files\ArcSoft
2008-10-26 19:34 . 2008-10-26 19:34 <DIR> d-------- c:\program files\ArcSoft
2008-10-26 19:33 . 2007-12-06 20:08 86,528 --a------ c:\windows\system32\E_FLBEGA.DLL
2008-10-26 19:33 . 2007-12-06 20:01 78,848 --a------ c:\windows\system32\E_FD4BEGA.DLL
2008-10-26 19:32 . 2008-10-26 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\EPSON
2008-10-26 19:31 . 2008-10-26 19:35 <DIR> d-------- c:\program files\epson
2008-10-26 19:31 . 2008-10-26 19:37 44 --a------ c:\windows\EPSNX400.ini
2008-10-24 04:26 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 23:17 --------- d-----w c:\documents and settings\Owner\Application Data\SlimBrowser
2008-11-17 04:03 --------- d-----w c:\program files\TaskSwitchXP
2008-11-17 03:57 --------- d-----w c:\documents and settings\Owner\Application Data\Spyware Terminator
2008-11-17 03:13 --------- d-----w c:\program files\Spyware Terminator
2008-11-17 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-11-16 22:18 61,440 ----a-w c:\program files\sarcli.exe
2008-11-16 22:18 401,408 ----a-w c:\program files\sargui.exe
2008-11-16 22:18 35,840 ----a-w c:\program files\helper.exe
2008-11-16 04:34 --------- d-----w c:\documents and settings\Owner\Application Data\Azureus
2008-11-16 01:06 --------- d-----w c:\program files\regclean
2008-11-15 18:35 --------- d-----w c:\program files\ewido anti-malware
2008-11-15 18:26 --------- d-----w c:\program files\SlimBrowser
2008-11-15 13:39 --------- d-----w c:\program files\eMule
2008-11-15 05:41 --------- d-----w c:\program files\AviSynth 2.5
2008-11-15 05:40 --------- d-----w c:\program files\Ripp-it_AM
2008-11-15 05:20 --------- d-----w c:\program files\FreeCDRipper
2008-11-13 16:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 16:31 --------- d-----w c:\documents and settings\Owner\Application Data\Corel
2008-11-10 15:22 --------- d-----w c:\program files\EClea2_0
2008-11-04 17:23 --------- d-----w c:\documents and settings\Owner\Application Data\Sony Corporation
2008-11-04 14:33 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2008-10-27 14:18 --------- d-----w c:\program files\Winamp
2008-10-27 01:45 --------- d-----w c:\program files\Hewlett-Packard
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 23:51 --------- d-----w c:\documents and settings\LocalService\Application Data\Sony Corporation
2008-10-17 22:33 --------- d-----w c:\documents and settings\Owner\Application Data\W Photo Studio Viewer
2008-09-29 14:44 --------- d-----w c:\program files\Secunia
2008-09-22 14:05 --------- d-----w c:\program files\Musicmatch
2008-09-19 03:00 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-09-08 02:56 102,424 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-06-09 14:15 1,321,976 ----a-w c:\program files\ptdirprn-setup.exe
2008-06-06 22:39 9,659,807 ----a-w c:\program files\fcrsetup.exe
2008-06-06 22:27 1,134,226 ----a-w c:\program files\Setup_KRAC_EN.exe
2008-05-13 19:37 1,346,784 ----a-w c:\program files\EClea2_0.zip
2008-05-02 02:11 532,480 ----a-w c:\program files\cwshredder.exe
2008-04-30 17:28 4,726,096 ----a-w c:\program files\AWCSetup.exe
2008-04-27 05:07 1,439,646 ----a-w c:\program files\123memor.exe
2008-04-21 16:52 25,839,688 ----a-w c:\program files\wmp11-windowsxp-x86-FR-FR.exe
2008-04-21 16:50 2,202,008 ----a-w c:\program files\wmp11-windowsxp-x86-enu.exe.part
2008-04-21 16:48 1,478,696 ----a-w c:\program files\GenuineCheck.exe
2008-04-21 16:30 2,223,653 ----a-w c:\program files\mpc2kxp6490.zip
2008-04-20 17:05 1,495,112 ----a-w c:\program files\install_flash_player.exe
2008-04-20 16:54 318,904 ----a-w c:\program files\wmpfirefoxplugin.exe
2008-04-19 03:14 3,861,320 ----a-w c:\program files\eMule0.48a-Installer2.exe
2008-04-18 21:01 6,575,800 ----a-w c:\program files\sunbelt-personal-firewall-ex-kerio_sunbelt_personal_firewall_4.3.916_francais_11071.exe
2008-04-12 20:15 190 ----a-w c:\program files\95R50zz1H4.rar
2008-04-08 03:38 20,902,656 ----a-w c:\program files\CFP_Setup_3.0.21.329_XP_Vista_x32.exe
2008-04-03 03:55 7,649,072 ----a-w c:\program files\Firefox Setup 3.0 Beta 5.exe
2008-03-10 20:49 923,280 ----a-w c:\program files\processscanner.exe
2008-03-03 13:35 399,780 ----a-w c:\program files\IEScreenshotInstaller.exe
2008-03-01 20:37 1,107,536 ----a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2008-03-01 20:34 16,671,744 ----a-w c:\program files\Snapfire130_FR_COREL.msi
2008-02-20 19:19 513,544 ----a-w c:\program files\Turbo Cut File v2.21_freeware.zip
2008-02-20 15:58 432,552 ----a-w c:\program files\wavepsetup.exe
2008-02-01 10:11 39,451 ----a-w c:\program files\GetDiz.chm
2008-01-31 20:11 3,277 ----a-w c:\program files\readme.nfo
2008-01-31 19:29 285,184 ----a-w c:\program files\GetDiz.exe
2008-01-29 13:38 184,075 ------w c:\program files\dicorime.zip
2008-01-23 14:50 2,904,384 ----a-w c:\program files\ca_yahooantispy_211_setup_en.exe
2008-01-10 17:07 525,816 ----a-w c:\program files\PC-Decrapifier-1.8.6.exe
2008-01-07 14:06 7,934,488 ----a-w c:\program files\dap86.exe
2008-01-06 20:24 3,159,040 ----a-w c:\program files\SeaToolsForWindowsSetup.exe
2007-12-17 13:57 6,042,619 ------w c:\program files\Setup_FreeFlvConverter.exe
2007-12-14 22:20 1,401,291 ----a-w c:\program files\MP4Cam2AVI_v2.71.zip
2007-12-11 13:54 1,280,956 ----a-w c:\program files\happy_install.exe
2007-12-08 19:27 1,193,451 ------w c:\program files\FLVplayer_v0.0.5.exe
2007-11-23 04:16 81,920 ----a-w c:\documents and settings\Owner\Application Data\ezpinst.exe
2007-11-23 04:16 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2007-10-29 20:19 2,155,208 ----a-w c:\program files\totalcommander_7-02a.exe
2007-10-29 19:49 3,237,948 ----a-w c:\program files\NXSetup_Vista(x86).zip
2007-10-29 15:03 11,070,584 ----a-w c:\program files\ezvideosfree.exe
2007-10-29 14:47 1,644,181 ----a-w c:\program files\net-transport_net_transport_1.94d_anglais_11133.exe
2007-10-22 18:02 28,982 ----a-w c:\program files\xp_remove_hotfix_backup.zip
2007-10-18 03:39 11,590,948 ----a-w c:\program files\GAME - Puzzle Inlay+Magic Inlay.rar
2007-10-14 15:56 527,168 ----a-w c:\program files\yahoo_installer.exe
2007-10-12 03:30 1,446,932 ----a-w c:\program files\bubble97.zip
2007-10-12 03:15 1,191,365 ----a-w c:\program files\WDCSetup.exe
2007-10-12 03:12 530,458 ----a-w c:\program files\PC-Decrapifier-1.8.3.exe
2007-10-08 04:52 133,544 ----a-w c:\program files\TubeMeV1.2.rar
2007-10-05 16:33 3,262,255 ----a-w c:\program files\ChickenInvadersInstaller130.exe
2007-10-03 04:00 17,012,488 ----a-w c:\program files\setupfre.exe
2007-10-01 13:28 61,694,328 ----a-w c:\program files\defcon-win32-v1.43.exe
2007-10-01 12:49 26,464 ----a-w c:\program files\ExpiredCookiesCleaner.zip
2007-10-01 12:47 1,586,114 ------w c:\program files\regdefrag_install.exe
2007-08-28 21:21 388,915 ----a-w c:\program files\dustbuster.zip
2007-08-09 04:19 5,393,800 ----a-w c:\program files\SudokuSetup.exe
2007-07-30 03:19 734,006 ----a-w c:\program files\wf107.exe
2007-07-25 04:29 1,578,378 ------w c:\program files\diskdefrag_install.exe
2007-07-17 03:54 495,702 ----a-w c:\program files\autoruns.zip
2007-06-24 16:47 1,534,085 ----a-w c:\program files\the-rad-video-tools_the_rad_video_tools_1.8v_anglais_11111.exe
2007-06-20 04:00 384,432 ----a-w c:\program files\MostFun-Tetris.exe
2007-06-05 22:07 7,394,519 ----a-w c:\program files\Alcohol_120_v1.9.6.4719_Retail_Incl_Activator.rar
2007-06-04 21:29 5,319,309 ----a-w c:\program files\SpeedUpMyPC.v3.5.2321.28 + Crack.rar
2007-05-08 03:11 5,278,017 ----a-w c:\program files\tf0_2.zip
2007-05-08 03:08 13,505,824 ----a-w c:\program files\AndYetItMoves_Win_v1_04.zip
2007-04-30 23:41 2,714,784 ----a-w c:\program files\ccsetup139.exe
2007-04-22 04:31 66,048 ----a-w c:\program files\ExpiredCookiesCleaner.exe
2007-04-07 04:11 2,685,104 ----a-w c:\program files\ccsetup138.exe
2007-03-27 01:28 641,881 ----a-w c:\program files\windirstat1_1_2_setup.exe
2007-03-26 23:55 3,453,243 ----a-w c:\program files\Vopt 8.09 -For Hd Defragment Full Crack.rar
2005-09-01 14:44 21 --sh--w c:\windows\dpwtddxp.dll
2005-09-01 14:44 14 --sh--w c:\windows\dpwtpdxp.dll
2008-02-11 04:17 8 --sh--r c:\windows\system32\4412AE13D9.sys
2005-09-01 14:44 21 --sh--w c:\windows\system32\dpwtdaxp.dll
2005-09-01 14:44 14 --sh--w c:\windows\system32\dpwtpaxp.dll
2005-09-01 14:44 12 --sh--w c:\windows\system32\spwtpaxp.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-16_22.11.34.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 23:25:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2a4.dat
+ 2008-11-17 23:25:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 333120]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-16 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-09-28 155648]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-06-26 24651]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 2913584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Assistant d'Acrobat.lnk]
backup=c:\windows\pss\Assistant d'Acrobat.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\WASTE\\WASTE.exe"=
"c:\\Program Files\\Ubisoft\\Chessmaster 10th Edition\\game.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgetEngine.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnectLaunch.exe"=
"c:\\Program Files\\Tweak-XP Pro 4\\tweak-xp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Torpark\\Torpark 2.0.0.3a\\Torpark.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10402:TCP"= 10402:TCP:eMule TCP
"10700:UDP"= 10700:UDP:eMule UDP
"19733:TCP"= 19733:TCP:Azureus TCP

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-03-27 141312]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB []
S1 aswSP;avast! Self Protection; []
S1 sK9Ou0s;sK9Ou0s;\??\c:\windows\system32\drivers\srosa2.sys []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS []
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-02-19 7808]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB []
S4 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-10-26 104960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b492b722-8a34-11dc-b3b6-0012178aeb7c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
.
Contents of the 'Scheduled Tasks' folder

2008-11-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-17 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 19:32]

2008-11-17 c:\windows\Tasks\User_Feed_Synchronization-{6182AE7D-49B4-4DAF-A43C-79D854AD0C20}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 17:27:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\snmp.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
.
**************************************************************************
.
Completion time: 2008-11-17 17:33:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-17 23:33:06
ComboFix2.txt 2008-11-17 04:12:13

Pre-Run: 16*255*971*328 bytes free
Post-Run: 16,281,436,160 bytes free

276 --- E O F --- 2008-11-12 23:56:19

___
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 18, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 17, 2008 20:48:48
Records in database: 1390341
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Files scanned 179111
Threat name 13
Infected objects 32
Suspicious objects 0
Duration of the scan 08:37:27

File name Threat name Threats count
C:\Documents and Settings\Owner\Application Data\Auslogics\Rescue\One Button Checkup\080922113648157.rsc Infected: Trojan.Win32.Autoit.gs 2
C:\Documents and Settings\Owner\Desktop\pc-decrapifier-2.0.0.exe Infected: Trojan.Win32.Autoit.gs 1
C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.)\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.).rar Infected: Trojan.Win32.Monder.gen 2
C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.)\winamp.rar Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Owner\My Documents\Fichiers Mule\Billion Chords v1.0+KeyGen.zip Infected: HackTool.Win32.AntiAV.c 1
C:\Documents and Settings\Owner\My Documents\Fichiers Mule\Billion Chords v1.0_KeyGen.zip Infected: HackTool.Win32.AntiAV.c 1
C:\Documents and Settings\Owner\My Documents\torpark_torpark_2.0.0.3a_francais_25495.exe Infected: not-a-virus:RiskTool.Win32.FWDisabler.a 1
C:\Program Files\arcade-4[1].1.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ahh 1
C:\Program Files\eMule\Incoming\Adobe Acrobat 8.0 KeyGen.rar Infected: not-a-virus:AdWare.Win32.Mostofate.v 2
C:\Program Files\eMule\Incoming\Plato DVD to Divx Xvid Ripper 6.88\setup.exe Infected: Trojan-Downloader.Win32.Bagle.afz 1
C:\Program Files\PC-Decrapifier-1.8.3.exe Infected: Trojan.Win32.Starter.et 1
C:\Program Files\PhotoOne.Recovery.v2.0.build.04032005.Read.NFO.WinAll.inc.kaygen-ARN.zip Infected: Trojan.Win32.Agent.acw 1
C:\Program Files\Webroot.Spy.Sweeper.v5.0.7.1608.incl.serials.and.BigScott_27.updater.by.ChingLiu\sspsetup1_.exe Infected: Backdoor.Win32.Delf.jgi 1
C:\Qoobox\Quarantine\C\Program Files\TaskSwitchXP\TaskSwitchXP.exe.vir Infected: Trojan-Downloader.Win32.Bagle.afz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\winfilse.exe.vir Infected: Trojan-Downloader.Win32.Bagle.afz 1
C:\Qoobox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183576.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183577.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183578.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183579.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183580.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183581.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183582.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183583.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183584.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183590.exe Infected: Email-Worm.Win32.Bagle.majc 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1142\A0183591.exe Infected: Email-Worm.Win32.Bagle.majc 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1143\A0183670.exe Infected: Trojan-Downloader.Win32.Bagle.afz 1
C:\System Volume Information\_restore{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP1143\A0183672.exe Infected: Trojan-Downloader.Win32.Bagle.afz 1
The selected area was scanned.

__

Thank you!

[sjb007]

Hi there romainl45

Great work, so far so good.

Im glad to hear that you will removing the P2P and cracked programs. The main infection you have is know as a Bagle infection. The most probably source of this is this file - C:\Program Files\eMule\Incoming\Plato DVD to Divx Xvid Ripper 6.88\setup.exe which came to you though emule.

Go to start menu - Select Run and in the command box type in notepad
Next - copy/paste the text in the code box below into it:

Quote:

File::
C:\Documents and Settings\Owner\Application Data\Auslogics\Rescue\One Button Checkup\080922113648157.rsc
C:\Documents and Settings\Owner\Desktop\pc-decrapifier-2.0.0.exe
C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.)\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.).rar
C:\Documents and Settings\Owner\My Documents\Azureus Downloads\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.)\winamp.rar
C:\Documents and Settings\Owner\My Documents\Fichiers Mule\Billion Chords v1.0+KeyGen.zip
C:\Documents and Settings\Owner\My Documents\torpark_torpark_2.0.0.3a_francais_25495.exe
C:\Program Files\arcade-4[1].1.exe
C:\Program Files\eMule\Incoming\Adobe Acrobat 8.0 KeyGen.rar
C:\Program Files\eMule\Incoming\Plato DVD to Divx Xvid Ripper 6.88\setup.exe
C:\Program Files\PC-Decrapifier-1.8.3.exe
C:\Program Files\PhotoOne.Recovery.v2.0.build.04032005.Read.NFO.WinAll.inc.kaygen-ARN.zip
C:\Program Files\Webroot.Spy.Sweeper.v5.0.7.1608.incl.serials.and.BigScott_27.updater.by.ChingLiu\sspsetup1_.exe

- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.



Combofix will then execute the script and produce a fresh log
Post this back in your next reply. Also update me on how things are running now.

[romainl45]

Hello,

Thank you. My system seems to be running smoothly. Here is the Conbofix log:

ComboFix 08-11-17.06 - Owner 2008-11-18 10:49:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.241 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\CFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\Owner\Application Data\Auslogics\Rescue\One Button Checkup\080922113648157.rsc
c:\documents and settings\Owner\Desktop\pc-decrapifier-2.0.0.exe
c:\documents and settings\Owner\My Documents\Azureus Downloads\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.)\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.).rar
c:\documents and settings\Owner\My Documents\Azureus Downloads\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.)\winamp.rar
c:\documents and settings\Owner\My Documents\Fichiers Mule\Billion Chords v1.0+KeyGen.zip
c:\documents and settings\Owner\My Documents\torpark_torpark_2.0.0.3a_francais_25495.exe
c:\program files\arcade-4[1].1.exe
c:\program files\eMule\Incoming\Adobe Acrobat 8.0 KeyGen.rar
c:\program files\eMule\Incoming\Plato DVD to Divx Xvid Ripper 6.88\setup.exe
c:\program files\PC-Decrapifier-1.8.3.exe
c:\program files\PhotoOne.Recovery.v2.0.build.04032005.Read.NFO.WinAll.inc.kaygen-ARN.zip
c:\program files\Webroot.Spy.Sweeper.v5.0.7.1608.incl.serials.and.BigScott_27.updater.by.ChingLiu\sspsetup1_.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Auslogics\Rescue\One Button Checkup\080922113648157.rsc
c:\documents and settings\Owner\Desktop\pc-decrapifier-2.0.0.exe
c:\documents and settings\Owner\My Documents\Azureus Downloads\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.)\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.).rar
c:\documents and settings\Owner\My Documents\Azureus Downloads\Winamp 5.53 Pro GoldPack - 90 Skins + Plugins (Fix Incl.)\winamp.rar
c:\documents and settings\Owner\My Documents\Fichiers Mule\Billion Chords v1.0+KeyGen.zip
c:\documents and settings\Owner\My Documents\torpark_torpark_2.0.0.3a_francais_25495.exe
c:\program files\arcade-4[1].1.exe
c:\program files\eMule\Incoming\Adobe Acrobat 8.0 KeyGen.rar
c:\program files\eMule\Incoming\Plato DVD to Divx Xvid Ripper 6.88\setup.exe
c:\program files\PC-Decrapifier-1.8.3.exe
c:\program files\PhotoOne.Recovery.v2.0.build.04032005.Read.NFO.WinAll.inc.kaygen-ARN.zip
c:\program files\Webroot.Spy.Sweeper.v5.0.7.1608.incl.serials.and.BigScott_27.updater.by.ChingLiu\sspsetup1_.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.

2008-11-18 08:57 . 2008-11-18 08:57 <DIR> d-------- c:\program files\Trend Micro
2008-11-16 15:20 . 2008-11-16 15:20 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-16 15:20 . 2008-11-16 15:20 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-16 15:20 . 2008-11-16 15:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-16 15:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-16 15:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-16 14:47 . 2008-11-16 21:51 <DIR> d-------- c:\program files\MYweb4net
2008-11-16 14:47 . 2008-11-17 00:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\MYweb4net
2008-11-16 01:32 . 2008-11-16 01:32 <DIR> d-------- c:\program files\Panda Security
2008-11-16 00:06 . 2008-11-16 16:23 <DIR> d-------- c:\program files\AVPersonal
2008-11-15 22:41 . 2006-09-05 10:03 3,968 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-15 22:34 . 2008-11-15 22:34 <DIR> d-------- C:\HiijackThis
2008-11-15 00:16 . 2001-05-11 13:18 420,240 --a------ c:\windows\system32\mpg4c32.dll
2008-11-15 00:16 . 2001-03-26 04:41 245,760 --a------ c:\windows\system32\mp4sds32.ax
2008-11-14 23:08 . 2008-11-14 23:09 <DIR> d-------- c:\program files\Free DVD Ripper
2008-11-14 22:54 . 2008-11-14 22:55 <DIR> d-------- C:\platodvdripper
2008-11-14 22:52 . 2008-11-14 22:52 <DIR> d-------- c:\program files\Plato DVD Ripper Professional
2008-11-14 22:52 . 2005-12-30 19:10 761,856 --a------ c:\windows\system32\xvidcore.dll
2008-11-14 22:52 . 2006-02-28 20:17 159,744 --a------ c:\windows\system32\xvidvfw.dll
2008-11-14 22:52 . 2005-12-30 19:16 77,824 --a------ c:\windows\system32\xvid.ax
2008-11-14 16:09 . 2008-11-14 17:14 <DIR> d-------- c:\program files\Wise Registry Cleaner 3
2008-11-12 17:49 . 2008-11-12 17:49 1,393 --a------ c:\windows\imsins.BAK
2008-11-12 17:47 . 2008-11-12 17:47 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 16:55 . 2008-09-04 11:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:54 . 2008-10-24 05:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-27 08:17 . 2008-10-27 08:20 <DIR> d-------- c:\documents and settings\Owner\Application Data\Winamp
2008-10-26 19:37 . 2008-10-26 19:37 <DIR> d-------- C:\EPSONREG
2008-10-26 19:35 . 2008-10-26 19:35 <DIR> d-------- c:\documents and settings\Owner\Application Data\Arcsoft
2008-10-26 19:35 . 2008-10-26 19:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ArcSoft
2008-10-26 19:34 . 2008-10-26 19:34 <DIR> d-------- c:\program files\Common Files\ArcSoft
2008-10-26 19:34 . 2008-10-26 19:34 <DIR> d-------- c:\program files\ArcSoft
2008-10-26 19:33 . 2007-12-06 20:08 86,528 --a------ c:\windows\system32\E_FLBEGA.DLL
2008-10-26 19:33 . 2007-12-06 20:01 78,848 --a------ c:\windows\system32\E_FD4BEGA.DLL
2008-10-26 19:32 . 2008-10-26 19:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\EPSON
2008-10-26 19:31 . 2008-10-26 19:35 <DIR> d-------- c:\program files\epson
2008-10-26 19:31 . 2008-10-26 19:37 44 --a------ c:\windows\EPSNX400.ini
2008-10-24 04:26 . 2008-10-15 10:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 16:50 --------- d-----w c:\program files\Webroot.Spy.Sweeper.v5.0.7.1608.incl.serials.and.BigScott_27.updater.by.ChingLiu
2008-11-18 16:38 --------- d-----w c:\documents and settings\Owner\Application Data\SlimBrowser
2008-11-17 04:03 --------- d-----w c:\program files\TaskSwitchXP
2008-11-17 03:57 --------- d-----w c:\documents and settings\Owner\Application Data\Spyware Terminator
2008-11-17 03:13 --------- d-----w c:\program files\Spyware Terminator
2008-11-17 03:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-11-16 22:18 61,440 ----a-w c:\program files\sarcli.exe
2008-11-16 22:18 401,408 ----a-w c:\program files\sargui.exe
2008-11-16 22:18 35,840 ----a-w c:\program files\helper.exe
2008-11-16 04:34 --------- d-----w c:\documents and settings\Owner\Application Data\Azureus
2008-11-16 01:06 --------- d-----w c:\program files\regclean
2008-11-15 18:35 --------- d-----w c:\program files\ewido anti-malware
2008-11-15 18:26 --------- d-----w c:\program files\SlimBrowser
2008-11-15 13:39 --------- d-----w c:\program files\eMule
2008-11-15 05:41 --------- d-----w c:\program files\AviSynth 2.5
2008-11-15 05:40 --------- d-----w c:\program files\Ripp-it_AM
2008-11-15 05:20 --------- d-----w c:\program files\FreeCDRipper
2008-11-13 16:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 16:31 --------- d-----w c:\documents and settings\Owner\Application Data\Corel
2008-11-10 15:22 --------- d-----w c:\program files\EClea2_0
2008-11-04 17:23 --------- d-----w c:\documents and settings\Owner\Application Data\Sony Corporation
2008-11-04 14:33 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2008-10-27 14:18 --------- d-----w c:\program files\Winamp
2008-10-27 01:45 --------- d-----w c:\program files\Hewlett-Packard
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 23:51 --------- d-----w c:\documents and settings\LocalService\Application Data\Sony Corporation
2008-10-17 22:33 --------- d-----w c:\documents and settings\Owner\Application Data\W Photo Studio Viewer
2008-09-29 14:44 --------- d-----w c:\program files\Secunia
2008-09-22 14:05 --------- d-----w c:\program files\Musicmatch
2008-09-19 03:00 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-09-08 02:56 102,424 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-06-09 14:15 1,321,976 ----a-w c:\program files\ptdirprn-setup.exe
2008-06-06 22:39 9,659,807 ----a-w c:\program files\fcrsetup.exe
2008-06-06 22:27 1,134,226 ----a-w c:\program files\Setup_KRAC_EN.exe
2008-05-13 19:37 1,346,784 ----a-w c:\program files\EClea2_0.zip
2008-05-02 02:11 532,480 ----a-w c:\program files\cwshredder.exe
2008-04-30 17:28 4,726,096 ----a-w c:\program files\AWCSetup.exe
2008-04-27 05:07 1,439,646 ----a-w c:\program files\123memor.exe
2008-04-21 16:52 25,839,688 ----a-w c:\program files\wmp11-windowsxp-x86-FR-FR.exe
2008-04-21 16:50 2,202,008 ----a-w c:\program files\wmp11-windowsxp-x86-enu.exe.part
2008-04-21 16:48 1,478,696 ----a-w c:\program files\GenuineCheck.exe
2008-04-21 16:30 2,223,653 ----a-w c:\program files\mpc2kxp6490.zip
2008-04-20 17:05 1,495,112 ----a-w c:\program files\install_flash_player.exe
2008-04-20 16:54 318,904 ----a-w c:\program files\wmpfirefoxplugin.exe
2008-04-19 03:14 3,861,320 ----a-w c:\program files\eMule0.48a-Installer2.exe
2008-04-18 21:01 6,575,800 ----a-w c:\program files\sunbelt-personal-firewall-ex-kerio_sunbelt_personal_firewall_4.3.916_francais_11071.exe
2008-04-12 20:15 190 ----a-w c:\program files\95R50zz1H4.rar
2008-04-08 03:38 20,902,656 ----a-w c:\program files\CFP_Setup_3.0.21.329_XP_Vista_x32.exe
2008-04-03 03:55 7,649,072 ----a-w c:\program files\Firefox Setup 3.0 Beta 5.exe
2008-03-10 20:49 923,280 ----a-w c:\program files\processscanner.exe
2008-03-03 13:35 399,780 ----a-w c:\program files\IEScreenshotInstaller.exe
2008-03-01 20:37 1,107,536 ----a-w c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
2008-03-01 20:34 16,671,744 ----a-w c:\program files\Snapfire130_FR_COREL.msi
2008-02-20 19:19 513,544 ----a-w c:\program files\Turbo Cut File v2.21_freeware.zip
2008-02-20 15:58 432,552 ----a-w c:\program files\wavepsetup.exe
2008-02-01 10:11 39,451 ----a-w c:\program files\GetDiz.chm
2008-01-31 20:11 3,277 ----a-w c:\program files\readme.nfo
2008-01-31 19:29 285,184 ----a-w c:\program files\GetDiz.exe
2008-01-29 13:38 184,075 ------w c:\program files\dicorime.zip
2008-01-23 14:50 2,904,384 ----a-w c:\program files\ca_yahooantispy_211_setup_en.exe
2008-01-10 17:07 525,816 ----a-w c:\program files\PC-Decrapifier-1.8.6.exe
2008-01-07 14:06 7,934,488 ----a-w c:\program files\dap86.exe
2008-01-06 20:24 3,159,040 ----a-w c:\program files\SeaToolsForWindowsSetup.exe
2007-12-17 13:57 6,042,619 ------w c:\program files\Setup_FreeFlvConverter.exe
2007-12-14 22:20 1,401,291 ----a-w c:\program files\MP4Cam2AVI_v2.71.zip
2007-12-11 13:54 1,280,956 ----a-w c:\program files\happy_install.exe
2007-12-08 19:27 1,193,451 ------w c:\program files\FLVplayer_v0.0.5.exe
2007-11-23 04:16 81,920 ----a-w c:\documents and settings\Owner\Application Data\ezpinst.exe
2007-11-23 04:16 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
2007-10-29 20:19 2,155,208 ----a-w c:\program files\totalcommander_7-02a.exe
2007-10-29 19:49 3,237,948 ----a-w c:\program files\NXSetup_Vista(x86).zip
2007-10-29 15:03 11,070,584 ----a-w c:\program files\ezvideosfree.exe
2007-10-29 14:47 1,644,181 ----a-w c:\program files\net-transport_net_transport_1.94d_anglais_11133.exe
2007-10-22 18:02 28,982 ----a-w c:\program files\xp_remove_hotfix_backup.zip
2007-10-18 03:39 11,590,948 ----a-w c:\program files\GAME - Puzzle Inlay+Magic Inlay.rar
2007-10-14 15:56 527,168 ----a-w c:\program files\yahoo_installer.exe
2007-10-12 03:30 1,446,932 ----a-w c:\program files\bubble97.zip
2007-10-12 03:15 1,191,365 ----a-w c:\program files\WDCSetup.exe
2007-10-08 04:52 133,544 ----a-w c:\program files\TubeMeV1.2.rar
2007-10-05 16:33 3,262,255 ----a-w c:\program files\ChickenInvadersInstaller130.exe
2007-10-03 04:00 17,012,488 ----a-w c:\program files\setupfre.exe
2007-10-01 13:28 61,694,328 ----a-w c:\program files\defcon-win32-v1.43.exe
2007-10-01 12:49 26,464 ----a-w c:\program files\ExpiredCookiesCleaner.zip
2007-10-01 12:47 1,586,114 ------w c:\program files\regdefrag_install.exe
2007-08-28 21:21 388,915 ----a-w c:\program files\dustbuster.zip
2007-08-09 04:19 5,393,800 ----a-w c:\program files\SudokuSetup.exe
2007-07-30 03:19 734,006 ----a-w c:\program files\wf107.exe
2007-07-25 04:29 1,578,378 ------w c:\program files\diskdefrag_install.exe
2007-07-17 03:54 495,702 ----a-w c:\program files\autoruns.zip
2007-06-24 16:47 1,534,085 ----a-w c:\program files\the-rad-video-tools_the_rad_video_tools_1.8v_anglais_11111.exe
2007-06-20 04:00 384,432 ----a-w c:\program files\MostFun-Tetris.exe
2007-06-05 22:07 7,394,519 ----a-w c:\program files\Alcohol_120_v1.9.6.4719_Retail_Incl_Activator.rar
2007-06-04 21:29 5,319,309 ----a-w c:\program files\SpeedUpMyPC.v3.5.2321.28 + Crack.rar
2007-05-08 03:11 5,278,017 ----a-w c:\program files\tf0_2.zip
2007-05-08 03:08 13,505,824 ----a-w c:\program files\AndYetItMoves_Win_v1_04.zip
2007-04-30 23:41 2,714,784 ----a-w c:\program files\ccsetup139.exe
2007-04-22 04:31 66,048 ----a-w c:\program files\ExpiredCookiesCleaner.exe
2007-04-07 04:11 2,685,104 ----a-w c:\program files\ccsetup138.exe
2007-03-27 01:28 641,881 ----a-w c:\program files\windirstat1_1_2_setup.exe
2007-03-26 23:55 3,453,243 ----a-w c:\program files\Vopt 8.09 -For Hd Defragment Full Crack.rar
2005-09-01 14:44 21 --sh--w c:\windows\dpwtddxp.dll
2005-09-01 14:44 14 --sh--w c:\windows\dpwtpdxp.dll
2008-02-11 04:17 8 --sh--r c:\windows\system32\4412AE13D9.sys
2005-09-01 14:44 21 --sh--w c:\windows\system32\dpwtdaxp.dll
2005-09-01 14:44 14 --sh--w c:\windows\system32\dpwtpaxp.dll
2005-09-01 14:44 12 --sh--w c:\windows\system32\spwtpaxp.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-16_22.11.34.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-17 23:25:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2a4.dat
+ 2008-11-17 23:25:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 333120]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-16 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-09-28 155648]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 c:\windows\KHALMNPR.Exe]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-06-26 24651]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 2913584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Assistant d'Acrobat.lnk]
backup=c:\windows\pss\Assistant d'Acrobat.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\WASTE\\WASTE.exe"=
"c:\\Program Files\\Ubisoft\\Chessmaster 10th Edition\\game.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgetEngine.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnectLaunch.exe"=
"c:\\Program Files\\Tweak-XP Pro 4\\tweak-xp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Torpark\\Torpark 2.0.0.3a\\Torpark.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10402:TCP"= 10402:TCP:eMule TCP
"10700:UDP"= 10700:UDP:eMule UDP
"19733:TCP"= 19733:TCP:Azureus TCP

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys [2008-03-27 141312]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB []
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS []
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2008-02-19 7808]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB []
S4 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-10-26 104960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b492b722-8a34-11dc-b3b6-0012178aeb7c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-11-18 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 19:32]

2008-11-18 c:\windows\Tasks\User_Feed_Synchronization-{6182AE7D-49B4-4DAF-A43C-79D854AD0C20}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 11:04:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Owner\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\snmp.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
.
**************************************************************************
.
Completion time: 2008-11-18 11:10:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-18 17:09:57
ComboFix2.txt 2008-11-17 23:33:14
ComboFix3.txt 2008-11-17 04:12:13

Pre-Run: 16*198*230*016 bytes free
Post-Run: 16,254,156,800 bytes free

310 --- E O F --- 2008-11-12 23:56:19

[sjb007]

Hi there

All is looking good. Your logs appear clear of malware

Lets tidy up after ourselves

Go start menu select run (vista users press windows key & r) to bring up the run dialog
In the command line type in combofix /u - Note the space between combofix & /u)

This will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Now that you appear to be free from malware lets help you stay that way!

Update windows on a regular basis - If you do not have automatic updates enabled then

Visit Microsoft's Update Page and update your computer from there
Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions.
Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more information on firewalls read this article here

Make your Internet Explorer more secure - This can be done by following these simple instructions:

Open Internet Explorer, click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

Safer Browsing
Use software such as Trendprotect or Sitehound to help you stay away from unsuspecting sites that have malicious purposes.
Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects)

Use an alternative browser
Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser.

Computer Maintenance
Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis.

Scan your computer regularly for malware
Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy and Adaware 2007 Free by Lavasoft can help you keep clear. These products are scan on demand and do not have active back ground scanning. These two products can be installed together without any complications.

Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) - Please note that this product can also be run as free without a licience but the background protection will not be active.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet.

-> So How Did I Get Infected In First Place - By TonyKlein
-> How to prevent Malware - By miekiemoes
-> I'm not pulling your leg, honest - By Sandi Hardmeie

**Kindly respond one more time and let me know if we may consider this thread resolved.

[romainl45]

Hello again,

My system seems to be working perfectly! I could reinstall my AV. Thank you VERY much for your help.

Romainl45