Spywareguard 2008

[mephistophilus]

Hi everyone

I have been infected with the spyguard virus and i cant remove it

here is the DDS information and attachment requested. Thank you




DDS (Version 1.1.0) - NTFSx86
Run by jimbob at 16:39:03.40 on 28/12/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2814.2279 [GMT 0:00]

AV: avast! antivirus 4.8.1296 [VPS 081228-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\jimbob\LOCALS~1\Temp\winloggn.exe
C:\DOCUME~1\jimbob\LOCALS~1\Temp\winlogin.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Steam\Steam.exe
C:\DOCUME~1\jimbob\LOCALS~1\Temp\csrssc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\winscenter.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\Documents and Settings\jimbob\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {65b56b5b-da17-43e1-86ea-4a67e962c2bc} - c:\windows\system32\wvUKdApO.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\wVpoolLB.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {804a365a-8636-7158-ffd4-613d2511b29c}: {c92b1152-d316-4dff-8517-6368a563a408} - c:\windows\system32\blmbla.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [gadcom] "c:\documents and settings\jimbob\application data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [xsjfn83jkemfofght] c:\docume~1\jimbob\locals~1\temp\winlogin.exe
uRun: [Jnskdfmf9eldfd] c:\docume~1\jimbob\locals~1\temp\csrssc.exe
uRun: [jsf8j34rgfght] c:\docume~1\jimbob\locals~1\temp\winloggn.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Xcecudezeno] rundll32.exe "c:\windows\akekoqat.dll",e
mRun: [Stokedabexobe] rundll32.exe "c:\windows\Pcocaderirifejel.dll",e
mRun: [jsf8j34rgfght] c:\docume~1\jimbob\locals~1\temp\winloggn.exe
mRun: [xsjfn83jkemfofght] c:\docume~1\jimbob\locals~1\temp\winlogin.exe
mRun: [spywareguard] c:\program files\spyware guard 2008\spywareguard.exe
mRun: [winampagent] "c:\program files\winamp\winampa.exe"
mRun: [updreg] c:\windows\UpdReg.EXE
mRun: [sunjavaupdatesched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [p17helper] Rundll32 P17.dll,P17Helper
mRun: [nwiz] nwiz.exe /install
mRun: [nvmediacenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nvcpldaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ctsysvol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [7cb5251a] rundll32.exe "c:\windows\system32\jwpdubln.dll",b
StartupFolder: c:\docume~1\jimbob\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\jimbob\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: wVpoolLB - wVpoolLB.dll
AppInit_DLLs: blmbla.dll
SSODL: ieModule - {9FDBC34E-953C-444B-8D4F-64E988F8D116} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\ieModule.dll
SSODL: InternetConnection - {0D261298-1FBA-4267-BD3A-E53D4555C38D} - c:\documents and settings\all users\application data\microsoft\internet explorer\dlls\fzewftpypb.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\wVpoolLB.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUKdApO

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jimbob\applic~1\mozilla\firefox\profiles\nea2j9z6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\documents and settings\jimbob\application data\mozilla\firefox\profiles\nea2j9z6.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - HiddenExtension: XUL Cache: {D8651E66-E3C4-4240-A7D8-2EB204E62106} - c:\documents and settings\jimbob\local settings\application data\{D8651E66-E3C4-4240-A7D8-2EB204E62106}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-19 111184]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-19 20560]
R2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashServ.exe" [2008-11-19 155160]
R3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashMaiSv.exe" /service [2008-11-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashWebSv.exe" /service [2008-11-19 352920]

=============== Created Last 30 ================

2008-12-28 15:21 41,472 a------- c:\windows\system32\aqllvhdk.dll
2008-12-27 15:16 103,936 a------- c:\windows\system32\blmbla.dll
2008-12-27 15:16 103,936 a------- c:\windows\system32\kkeeynfc.dll
2008-12-27 15:13 1,312,533 ---sh--- c:\windows\system32\nlbudpwj.ini
2008-12-27 15:13 68,096 a------- c:\windows\system32\jwpdubln.dll
2008-12-27 15:13 41,472 a------- c:\windows\system32\issybqce.dll
2008-12-27 14:11 <DIR> --d----- c:\program files\Spyware Guard 2008
2008-12-27 05:13 1,003,957 a------- c:\windows\sysexplorer.exe
2008-12-27 05:13 134,149 a------- c:\windows\reged.exe
2008-12-27 05:13 51,197 a------- c:\windows\spoolsystem.exe
2008-12-27 05:13 50,620 a------- c:\windows\sys.com
2008-12-27 05:13 47,872 a------- c:\windows\syscert.exe
2008-12-27 05:13 18,941 a------- c:\windows\vmreg.dll
2008-12-27 04:19 <DIR> --d----- C:\$WIN_NT$.~BT
2008-12-26 20:58 <DIR> --d----- c:\windows\pss
2008-12-26 19:34 <DIR> --d----- c:\windows\setup.pss
2008-12-26 19:18 260,272 a----r-- C:\$LDR$
2008-12-26 15:11 1,639,241 ---sh--- c:\windows\system32\eislthgd.ini
2008-12-26 15:11 68,608 a------- c:\windows\system32\dghtlsie.dll
2008-12-26 15:10 566,389 a--sh--- c:\windows\system32\OpAdKUvw.ini2
2008-12-26 15:10 566,389 a--sh--- c:\windows\system32\OpAdKUvw.ini
2008-12-26 15:10 236,032 a------- c:\windows\system32\wvUKdApO.dll
2008-12-26 14:17 133,632 a------- c:\windows\akekoqat.dll
2008-12-26 14:09 <DIR> --d----- C:\games
2008-12-26 14:06 384,000 a------- c:\windows\system32\winscenter.exe
2008-12-26 14:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2008-12-26 14:05 112,364 a------- c:\windows\system32\drivers\cdc80873.sys
2008-12-26 14:05 15,000 a------- c:\windows\system32\tyshb36rfjdf.dll
2008-12-26 14:04 44,032 a------- c:\windows\Pcocaderirifejel.dll
2008-12-26 14:04 15,000 a------- c:\windows\system32\jkse73hedfdgf.dll
2008-12-26 14:04 45,056 a------- c:\windows\system32\ljJCRiGW.dll
2008-12-26 14:04 36,864 a------- c:\windows\system32\wVpoolLB.dll
2008-12-19 18:38 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2008-12-17 17:27 <DIR> --d----- c:\program files\Eidos
2008-12-16 18:20 <DIR> --d----- c:\docume~1\jimbob\applic~1\dyyno-vlc
2008-12-16 18:19 <DIR> --d----- c:\program files\Dyyno
2008-12-16 00:21 <DIR> --d----- c:\program files\EA Games
2008-12-14 17:47 <DIR> --d----- c:\program files\common files\BioWare
2008-12-14 17:38 <DIR> --d----- c:\program files\Mass Effect
2008-12-12 06:03 410,976 a------- c:\windows\system32\deploytk.dll
2008-12-11 20:37 42,320 a------- c:\windows\system32\xfcodec.dll
2008-12-10 04:42 <DIR> --d----- c:\docume~1\jimbob\applic~1\LimeWire
2008-12-09 19:22 <DIR> --d-h--- c:\windows\PIF
2008-12-07 20:02 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-07 20:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-07 19:21 <DIR> --d----- c:\program files\Lavasoft
2008-12-07 17:11 <DIR> --d----- C:\Temp
2008-12-06 18:06 608,448 a------- c:\windows\system32\COMCTL32.OCX
2008-12-06 18:06 224,016 a------- c:\windows\system32\TabCtl32.ocx
2008-12-06 18:06 40,960 a------- c:\windows\system32\FxHorizBtn.ocx
2008-12-06 18:06 36,864 a------- c:\windows\system32\FxPanel.ocx
2008-12-06 18:06 2,493 a------- c:\windows\system32\COMCTL32.DEP
2008-12-06 18:05 <DIR> --d----- c:\program files\Fx MPEG Writer
2008-12-06 18:05 1,081,616 a------- c:\windows\system32\MSCOMCTL.OCX
2008-12-06 18:05 368,912 a------- c:\windows\system32\vbar332.dll
2008-12-06 18:05 152,848 a------- c:\windows\system32\COMDLG32.OCX
2008-12-06 18:01 <DIR> --d----- C:\videooutput
2008-12-06 18:01 3,086,336 a------- c:\windows\system32\NCMedia.dll
2008-12-06 18:01 3,086,336 a------- c:\windows\system32\flvvideo.dll
2008-12-06 18:01 383,238 a------- c:\windows\system32\libmp3lame-0.dll
2008-12-06 18:01 <DIR> --d----- c:\program files\Smallvideosoft
2008-12-06 15:56 1,706,800 a------- c:\windows\system32\gdiplus.dll
2008-12-06 15:56 180,224 a------- c:\windows\system32\cnvshell.dll
2008-12-06 15:56 <DIR> --d----- c:\program files\ImageConverter Plus
2008-12-05 23:26 <DIR> --d----- c:\docume~1\jimbob\applic~1\Xfire
2008-12-05 23:26 <DIR> --d----- c:\program files\Xfire
2008-11-29 19:31 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2008-11-29 19:31 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2008-11-29 19:24 7,062 a------- c:\windows\system32\audiopid.vxd
2008-11-29 19:24 662,288 a------- c:\windows\system32\Mscomct2.ocx
2008-11-29 19:24 53,248 -------- c:\windows\Ctregrun.exe
2008-11-29 19:22 <DIR> --d----- c:\program files\common files\Creative
2008-11-29 19:22 <DIR> --d-h--- c:\program files\Creative Installation Information
2008-11-29 19:22 90,112 -------- c:\windows\Updreg.EXE
2008-11-29 19:21 7,572,224 -------- c:\windows\system32\CT8MGM.SF2
2008-11-29 18:37 584 a------- c:\windows\system32\settingsbkup.sfm
2008-11-29 18:37 584 a------- c:\windows\system32\settings.sfm
2008-11-29 18:35 409,600 a------- c:\windows\system32\wrap_oal.dll
2008-11-29 18:35 114,688 a------- c:\windows\system32\OpenAL32.dll
2008-11-29 18:34 5,627 a----r-- c:\windows\system32\ludap17.ini
2008-11-29 18:34 39 a----r-- c:\windows\system32\ctzapxx.ini
2008-11-29 18:34 11,264 a------- c:\windows\INRES.DLL
2008-11-29 18:34 <DIR> --d----- c:\windows\system32\Data
2008-11-29 18:34 <DIR> --d----- c:\program files\Creative
2008-11-29 18:26 <DIR> --d----- C:\RM
2008-11-29 16:40 2,250,024 a------- c:\windows\system32\pbsvc.exe
2008-11-29 15:49 <DIR> --d----- c:\program files\Steam
2008-11-29 04:47 137,688 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-11-29 04:47 22,328 a------- c:\docume~1\jimbob\applic~1\PnkBstrK.sys
2008-11-29 04:46 202,040 a------- c:\windows\system32\PnkBstrB.exe
2008-11-29 04:46 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-11-28 19:48 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2008-11-28 19:48 3,495,784 a------- c:\windows\system\d3dx9_33.dll
2008-11-28 18:32 <DIR> --d----- c:\program files\Paradox Interactive
2008-11-28 18:28 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2008-11-28 18:27 <DIR> --d----- c:\program files\DAEMON Tools Lite
2008-11-28 18:25 717,296 a------- c:\windows\system32\drivers\sptd.sys

==================== Find3M ====================

2008-11-24 14:32 57,344 a------- c:\windows\system32\ff_vfw.dll
2008-11-21 13:17 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-19 17:53 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-11-19 17:45 3,624 a------- c:\windows\system32\ealregsnapshot1.reg
2008-11-19 15:03 279,712 a------- c:\windows\system32\drivers\atksgt.sys
2008-11-19 15:03 25,888 a------- c:\windows\system32\drivers\lirsgt.sys
2008-11-19 10:43 315,392 a------- c:\windows\HideWin.exe
2008-11-19 06:15 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-11-12 13:45 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-10-28 22:35 684,032 a------- c:\windows\system32\divx.dll
2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 10:37 659,456 a------- c:\windows\system32\wininet.dll
2008-10-13 09:56 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-10-07 09:13 288,024 a------- c:\windows\system32\PhysXCplUI.exe
2008-10-07 09:13 23,320 a------- c:\windows\system32\PhysXDevice.dll
2008-10-07 09:13 288,024 a------- c:\windows\system32\PhysXCompatCplUI.exe
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelSwedish.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelSpanish.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelPortugese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelKorean.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelJapanese.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelGerman.dll
2008-10-07 09:13 58,648 a------- c:\windows\system32\AgCPanelFrench.dll
2008-10-03 10:15 247,326 a------- c:\windows\system32\strmdll.dll

============= FINISH: 16:39:40.42 ===============

[Clark76]

Hello,

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

-------------------------

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.

--------------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following report for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

--------------------------

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

[mephistophilus]

Hi Clark76

thank you for your assistance! it is greatly appreciated

spyware guard has not started after following your instructions

i was unsure if you wanted the combo log attached or posted in a thread so i have done both. here is the log

[EDIT: i have the spyware guard shortcut on my desktop still and dont know what to do with it please advise]


ComboFix 08-12-29.02 - jimbob 2008-12-30 6:04:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2814.2212 [GMT 0:00]
Running from: c:\documents and settings\jimbob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jimbob\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1296 [VPS 081229-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jimbob\Application Data\.#
c:\documents and settings\jimbob\Application Data\.#\MBX@FF0@A141A8.###
c:\documents and settings\jimbob\Application Data\.#\MBX@FF0@A141D8.###
c:\documents and settings\jimbob\Application Data\.#\MBX@FF0@A14208.###
c:\documents and settings\jimbob\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\conf.cfg
c:\program files\Spyware Guard 2008\mbase.vdb
c:\program files\Spyware Guard 2008\quarantine.vdb
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\spywareguard.exe
c:\program files\Spyware Guard 2008\vbase.vdb
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\auwaak.dll
c:\windows\system32\blmbla.dll
c:\windows\system32\cpcurslh.dll
c:\windows\system32\dghtlsie.dll
c:\windows\system32\jkse73hedfdgf.dll
c:\windows\system32\kkeeynfc.dll
c:\windows\system32\ndvotqpt.dll
c:\windows\system32\OpAdKUvw.ini
c:\windows\system32\OpAdKUvw.ini2
c:\windows\system32\TDSSweat.dat
c:\windows\system32\tpqtovdn.ini
c:\windows\system32\tyshb36rfjdf.dll
c:\windows\vmreg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-28 20:03 . 2008-12-28 20:03 250 --a------ c:\windows\gmer.ini
2008-12-28 17:37 . 2008-12-28 17:37 383 --a------ c:\windows\wininit.ini
2008-12-27 04:10 . 2008-12-27 04:10 <DIR> d-------- c:\documents and settings\Administrator
2008-12-26 14:17 . 2008-12-26 14:17 133,632 --a------ c:\windows\akekoqat.dll
2008-12-26 14:09 . 2008-12-26 14:09 <DIR> d-------- C:\games
2008-12-26 14:06 . 2008-12-26 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
2008-12-26 14:05 . 2008-12-28 16:28 2,710 --a------ c:\windows\system32\TDSSxehr.dll
2008-12-26 14:04 . 2008-12-26 14:04 44,032 --a------ c:\windows\Pcocaderirifejel.dll
2008-12-19 18:38 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-17 22:05 . 2008-12-17 22:05 <DIR> d-------- c:\program files\Winamp
2008-12-17 22:05 . 2008-12-17 22:12 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Winamp
2008-12-17 17:27 . 2008-12-17 17:27 <DIR> d-------- c:\program files\Eidos
2008-12-16 18:20 . 2008-12-16 18:20 <DIR> d-------- c:\documents and settings\jimbob\Application Data\dyyno-vlc
2008-12-16 18:19 . 2008-12-16 18:19 <DIR> d-------- c:\program files\Dyyno
2008-12-16 00:36 . 2008-12-16 00:36 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Leadertech
2008-12-16 00:21 . 2008-12-16 00:21 <DIR> d-------- c:\program files\EA Games
2008-12-14 17:47 . 2008-12-14 17:47 <DIR> d-------- c:\program files\Common Files\BioWare
2008-12-14 17:38 . 2008-12-14 18:48 <DIR> d-------- c:\program files\Mass Effect
2008-12-12 06:03 . 2008-12-12 06:03 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-11 20:37 . 2008-12-11 20:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-10 04:42 . 2008-12-17 22:12 <DIR> d-------- c:\documents and settings\jimbob\Application Data\LimeWire
2008-12-09 19:22 . 2008-12-09 19:22 <DIR> d--h----- c:\windows\PIF
2008-12-07 20:02 . 2008-12-07 20:04 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-07 20:02 . 2008-12-07 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-07 19:21 . 2008-12-07 19:21 <DIR> d-------- c:\program files\Lavasoft
2008-12-07 19:21 . 2008-12-07 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-07 17:11 . 2008-12-07 18:51 <DIR> d-------- C:\Temp
2008-12-06 18:06 . 2000-05-21 23:00 608,448 --a------ c:\windows\system32\COMCTL32.OCX
2008-12-06 18:06 . 2004-03-08 23:00 224,016 --a------ c:\windows\system32\TabCtl32.ocx
2008-12-06 18:06 . 2005-02-04 10:21 40,960 --a------ c:\windows\system32\FxHorizBtn.ocx
2008-12-06 18:06 . 2003-03-06 10:43 36,864 --a------ c:\windows\system32\FxPanel.ocx
2008-12-06 18:06 . 2000-06-13 00:00 2,493 --a------ c:\windows\system32\COMCTL32.DEP
2008-12-06 18:05 . 2008-12-06 18:11 <DIR> d-------- c:\program files\Fx MPEG Writer
2008-12-06 18:05 . 2004-07-14 15:27 1,081,616 --a------ c:\windows\system32\MSCOMCTL.OCX
2008-12-06 18:05 . 1999-02-16 20:49 368,912 --a------ c:\windows\system32\vbar332.dll
2008-12-06 18:05 . 2004-07-14 15:26 152,848 --a------ c:\windows\system32\COMDLG32.OCX
2008-12-06 18:01 . 2008-12-06 18:01 <DIR> d-------- C:\videooutput
2008-12-06 18:01 . 2008-12-06 18:01 <DIR> d-------- c:\program files\Smallvideosoft
2008-12-06 18:01 . 2007-03-07 00:45 3,086,336 --a------ c:\windows\system32\NCMedia.dll
2008-12-06 18:01 . 2007-03-07 00:45 3,086,336 --a------ c:\windows\system32\flvvideo.dll
2008-12-06 18:01 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2008-12-06 17:41 . 2008-12-06 17:41 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire
2008-12-06 15:56 . 2008-12-06 15:56 <DIR> d-------- c:\program files\ImageConverter Plus
2008-12-06 15:56 . 2004-04-19 17:53 1,706,800 --a------ c:\windows\system32\gdiplus.dll
2008-12-06 15:56 . 2008-11-24 21:34 180,224 --a------ c:\windows\system32\cnvshell.dll
2008-12-06 04:32 . 2008-12-06 04:32 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Xfire
2008-12-05 23:26 . 2008-12-17 04:15 <DIR> d-------- c:\program files\Xfire
2008-12-05 23:26 . 2008-12-29 04:07 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Xfire
2008-11-29 19:31 . 1999-12-13 01:01 44,032 --a------ c:\windows\system32\CTSVCCDA.EXE
2008-11-29 19:31 . 1999-11-18 01:00 25,088 --a------ c:\windows\system32\CTSVCCTL.EXE
2008-11-29 19:26 . 2008-11-29 19:26 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Creative
2008-11-29 19:26 . 2008-11-29 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative
2008-11-29 19:24 . 2004-03-08 23:00 662,288 --a------ c:\windows\system32\Mscomct2.ocx
2008-11-29 19:24 . 2006-10-06 06:17 53,248 --------- c:\windows\Ctregrun.exe
2008-11-29 19:24 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2008-11-29 19:22 . 2008-11-29 19:32 <DIR> d--h----- c:\program files\Creative Installation Information
2008-11-29 19:22 . 2008-11-29 19:22 <DIR> d-------- c:\program files\Common Files\Creative
2008-11-29 19:22 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
2008-11-29 19:21 . 2000-12-13 02:21 7,572,224 --a------ c:\windows\system32\CT8MGM.SF2
2008-11-29 18:37 . 2008-11-29 19:26 584 --a------ c:\windows\system32\settingsbkup.sfm
2008-11-29 18:37 . 2008-11-29 19:26 584 --a------ c:\windows\system32\settings.sfm
2008-11-29 18:35 . 2008-11-29 18:35 409,600 --a------ c:\windows\system32\wrap_oal.dll
2008-11-29 18:35 . 2008-11-29 18:35 114,688 --a------ c:\windows\system32\OpenAL32.dll
2008-11-29 18:34 . 2008-11-29 18:34 <DIR> d-------- c:\windows\system32\Data
2008-11-29 18:34 . 2008-11-29 19:24 <DIR> d-------- c:\program files\Creative
2008-11-29 18:34 . 2005-06-15 03:07 11,264 --a------ c:\windows\INRES.DLL
2008-11-29 18:34 . 2005-07-07 09:26 5,627 -ra------ c:\windows\system32\ludap17.ini
2008-11-29 18:34 . 2005-03-08 06:14 39 -ra------ c:\windows\system32\ctzapxx.ini
2008-11-29 18:26 . 2008-11-29 18:26 <DIR> d-------- C:\RM
2008-11-29 16:40 . 2008-11-29 16:40 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-29 16:38 . 2008-11-29 16:38 <DIR> d-------- c:\program files\Ubisoft
2008-11-29 15:49 . 2008-12-30 06:07 <DIR> d-------- c:\program files\Steam
2008-11-29 04:47 . 2008-12-28 23:07 137,688 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-29 04:47 . 2008-11-29 16:41 22,328 --a------ c:\documents and settings\jimbob\Application Data\PnkBstrK.sys
2008-11-29 04:46 . 2008-12-28 23:06 202,040 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-29 04:46 . 2008-11-29 15:07 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-28 19:48 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-11-28 19:48 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system\d3dx9_33.dll
2008-11-28 18:32 . 2008-11-28 18:32 <DIR> d-------- c:\program files\Paradox Interactive
2008-11-28 18:28 . 2008-11-28 20:13 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-28 18:27 . 2008-11-28 18:28 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-28 18:25 . 2008-11-28 18:25 <DIR> d-------- c:\documents and settings\jimbob\Application Data\DAEMON Tools
2008-11-28 18:25 . 2008-11-28 18:25 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-27 20:06 . 2008-11-27 20:06 <DIR> d-------- c:\program files\Activision
2008-11-27 19:21 . 2008-11-29 04:46 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-27 11:58 . 2008-11-27 11:58 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Media Player Classic
2008-11-27 11:57 . 2008-12-20 00:41 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-27 11:53 . 2004-08-04 12:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-26 11:55 . 2008-11-26 11:55 <DIR> d-------- c:\program files\LucasArts
2008-11-26 11:55 . 1997-01-18 10:40 299,520 --a------ c:\windows\uninst.exe
2008-11-26 11:53 . 2008-11-26 11:53 <DIR> d-------- c:\documents and settings\jimbob\WINDOWS
2008-11-25 23:33 . 2008-11-25 23:33 <DIR> d-------- c:\program files\id Software
2008-11-25 23:30 . 2008-11-25 23:30 <DIR> d--hs---- c:\windows\ftpcache
2008-11-24 22:11 . 2008-11-24 22:11 <DIR> d-------- c:\windows\nview
2008-11-24 22:11 . 2008-11-12 14:54 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-24 22:11 . 2008-12-30 06:07 203,520 --a------ c:\windows\system32\nvapps.xml
2008-11-24 22:11 . 2008-11-12 14:54 18,537 --a------ c:\windows\system32\nvdisp.nvu
2008-11-24 22:03 . 2007-09-27 00:07 356,352 --a------ c:\windows\system32\nvunrm.exe
2008-11-24 22:03 . 2007-10-13 00:14 194,048 --a------ c:\windows\system32\fdco1.dll
2008-11-24 22:03 . 2007-10-13 00:15 54,144 -ra------ c:\windows\system32\drivers\NVENETFD.sys
2008-11-24 22:03 . 2007-09-27 00:07 37,376 -ra------ c:\windows\system32\nvconrm.dll
2008-11-24 22:03 . 2007-10-13 00:14 9,216 -ra------ c:\windows\system32\bdco1.dll
2008-11-24 22:03 . 2007-09-27 00:05 5,847 -ra------ c:\windows\system32\nvnrm.nvu
2008-11-24 22:02 . 2007-10-13 00:15 942,080 -ra------ c:\windows\system32\drivers\nvnrm.sys
2008-11-24 22:02 . 2008-11-12 13:45 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-24 22:02 . 2007-09-28 11:32 356,352 --a------ c:\windows\system32\nvusmb.exe
2008-11-24 22:02 . 2007-10-13 00:15 22,016 -ra------ c:\windows\system32\drivers\nvnetbus.sys
2008-11-24 22:02 . 2006-10-19 18:36 1,864 -ra------ c:\windows\system32\nvsmb.nvu
2008-11-23 15:57 . 2008-11-23 15:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\CCP
2008-11-23 15:51 . 2008-11-23 15:51 <DIR> d-------- c:\program files\CCP
2008-11-22 19:10 . 2008-11-22 19:10 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-11-22 19:10 . 2008-11-22 19:10 <DIR> d-------- c:\program files\JRE
2008-11-22 19:10 . 2008-11-22 19:10 <DIR> d-------- c:\documents and settings\jimbob\Application Data\OpenOffice.org
2008-11-22 19:09 . 2008-12-12 06:03 <DIR> d-------- c:\program files\Java
2008-11-22 19:09 . 2008-11-22 19:09 <DIR> d-------- c:\program files\Common Files\Java
2008-11-22 19:09 . 2008-12-12 06:03 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-21 13:40 . 2008-11-21 13:40 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-20 20:11 . 2008-12-05 00:01 <DIR> d-------- c:\documents and settings\jimbob\Application Data\skypePM
2008-11-20 20:11 . 2008-11-20 20:11 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-20 20:10 . 2008-11-20 20:10 <DIR> d-------- c:\program files\Skype
2008-11-20 20:10 . 2008-11-20 20:10 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-20 20:10 . 2008-12-05 00:25 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Skype
2008-11-20 20:10 . 2008-11-20 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-11-20 19:41 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-11-20 17:35 . 2008-12-20 22:58 <DIR> d-------- C:\Warhammer Online - Age of Reckoning

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 10:43 315,392 ----a-w c:\windows\HideWin.exe
2008-11-19 06:18 --------- d-----w c:\program files\microsoft frontpage
2008-11-12 14:54 6,188,320 ----a-w c:\windows\system32\drivers\nv4_mini.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Steam"="c:\program files\Steam\Steam.exe" [2008-11-29 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Xcecudezeno"="c:\windows\akekoqat.dll" [2008-12-26 133632]
"Stokedabexobe"="c:\windows\Pcocaderirifejel.dll" [2008-12-26 44032]
"winampagent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"updreg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"sunjavaupdatesched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"nvmediacenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"nvcpldaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"ctsysvol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"p17helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

c:\documents and settings\jimbob\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2008-12-11 2990416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=auwaak.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-19 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-19 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20e71c27-b5ee-11dd-93ce-806d6172696f}]
\Shell\AutoRun\command - D:\AutorunPlayer.exe RightAutorunPro.dat
.
- - - - ORPHANS REMOVED - - - -

BHO-{3EA17662-080F-44D3-BABA-4989D2EF1CE4} - c:\windows\system32\wvUKdApO.dll
BHO-{f61cd462-b849-42f4-bc1f-0001a237bcb6} - c:\windows\system32\auwaak.dll
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2008\spywareguard.exe
Notify-wVpoolLB - wVpoolLB.dll


.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\jimbob\Application Data\Mozilla\Firefox\Profiles\nea2j9z6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\documents and settings\jimbob\Application Data\Mozilla\Firefox\Profiles\nea2j9z6.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 06:07:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-12-30 6:08:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-30 06:08:56

Pre-Run: 281,205,587,968 bytes free
Post-Run: 281,938,518,016 bytes free

285 --- E O F --- 2008-12-13 04:15:33

[Clark76]

Looking a lot better

Quote:

i have the spyware guard shortcut on my desktop still and dont know what to do with it please advise

You can delete this shortcut from your desktop now

-----------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following program (if it exists):

Java(TM) 6 Update 7

-----------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/328764-spywareguard-2008-a.html

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xcecudezeno"=-
"Stokedabexobe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Collect::
c:\windows\system32\TDSSxehr.dll
c:\windows\Pcocaderirifejel.dll
c:\windows\akekoqat.dll

Save this as "CFScript"




Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
• A browser will open.
• Simply follow the instructions to copy/paste/send the requested file.

-----------------------

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

-----------------------

Please provide the following logs with your next post:

C:\ComboFix.txt
Kaspersky Report

Also include an update on how your system is running

[mephistophilus]

Quote:

Originally Posted by Clark76

Looking a lot better


its running alot better :D will finish up this eve online mission (10 mins) then get right on that

You can delete this shortcut from your desktop now

-----------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following program (if it exists):

Java(TM) 6 Update 7

-----------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/328764-spywareguard-2008-a.html

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xcecudezeno"=-
"Stokedabexobe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Collect::
c:\windows\system32\TDSSxehr.dll
c:\windows\Pcocaderirifejel.dll
c:\windows\akekoqat.dll

Save this as "CFScript"




Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
• A browser will open.
• Simply follow the instructions to copy/paste/send the requested file.

-----------------------

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

-----------------------

Please provide the following logs with your next post:

C:\ComboFix.txt
Kaspersky Report

Also include an update on how your system is running

[Clark76]

Was there a reason you quoted my post?

[mephistophilus]

was meant as a reply not a quote. doing requested steps now

[mephistophilus]

update on my pc: pc is running great startup is fast once again and i have no problems opening any programs

Happy New Year all


ComboFix 08-12-30.02 - jimbob 2008-12-31 19:28:15.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2814.1967 [GMT 0:00]
Running from: c:\documents and settings\jimbob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jimbob\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 081231-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-31 19:26 . 2008-12-31 19:26 754 --a------ c:\windows\WORDPAD.INI
2008-12-31 03:21 . 2008-12-31 03:21 <DIR> d-------- c:\windows\Sun
2008-12-28 20:03 . 2008-12-28 20:03 250 --a------ c:\windows\gmer.ini
2008-12-28 17:37 . 2008-12-28 17:37 383 --a------ c:\windows\wininit.ini
2008-12-27 04:10 . 2008-12-27 04:10 <DIR> d-------- c:\documents and settings\Administrator
2008-12-26 14:09 . 2008-12-26 14:09 <DIR> d-------- C:\games
2008-12-26 14:06 . 2008-12-26 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
2008-12-19 18:38 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-17 22:05 . 2008-12-17 22:05 <DIR> d-------- c:\program files\Winamp
2008-12-17 22:05 . 2008-12-17 22:12 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Winamp
2008-12-17 17:27 . 2008-12-17 17:27 <DIR> d-------- c:\program files\Eidos
2008-12-16 18:20 . 2008-12-16 18:20 <DIR> d-------- c:\documents and settings\jimbob\Application Data\dyyno-vlc
2008-12-16 18:19 . 2008-12-16 18:19 <DIR> d-------- c:\program files\Dyyno
2008-12-16 00:36 . 2008-12-16 00:36 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Leadertech
2008-12-16 00:21 . 2008-12-16 00:21 <DIR> d-------- c:\program files\EA Games
2008-12-14 17:47 . 2008-12-14 17:47 <DIR> d-------- c:\program files\Common Files\BioWare
2008-12-14 17:38 . 2008-12-14 18:48 <DIR> d-------- c:\program files\Mass Effect
2008-12-12 06:03 . 2008-12-12 06:03 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-11 20:37 . 2008-12-11 20:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-10 04:42 . 2008-12-17 22:12 <DIR> d-------- c:\documents and settings\jimbob\Application Data\LimeWire
2008-12-09 19:22 . 2008-12-09 19:22 <DIR> d--h----- c:\windows\PIF
2008-12-07 20:02 . 2008-12-07 20:04 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-07 20:02 . 2008-12-07 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-07 19:21 . 2008-12-07 19:21 <DIR> d-------- c:\program files\Lavasoft
2008-12-07 19:21 . 2008-12-07 19:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-07 17:11 . 2008-12-07 18:51 <DIR> d-------- C:\Temp
2008-12-06 18:06 . 2000-05-21 23:00 608,448 --a------ c:\windows\system32\COMCTL32.OCX
2008-12-06 18:06 . 2004-03-08 23:00 224,016 --a------ c:\windows\system32\TabCtl32.ocx
2008-12-06 18:06 . 2005-02-04 10:21 40,960 --a------ c:\windows\system32\FxHorizBtn.ocx
2008-12-06 18:06 . 2003-03-06 10:43 36,864 --a------ c:\windows\system32\FxPanel.ocx
2008-12-06 18:06 . 2000-06-13 00:00 2,493 --a------ c:\windows\system32\COMCTL32.DEP
2008-12-06 18:05 . 2008-12-06 18:11 <DIR> d-------- c:\program files\Fx MPEG Writer
2008-12-06 18:05 . 2004-07-14 15:27 1,081,616 --a------ c:\windows\system32\MSCOMCTL.OCX
2008-12-06 18:05 . 1999-02-16 20:49 368,912 --a------ c:\windows\system32\vbar332.dll
2008-12-06 18:05 . 2004-07-14 15:26 152,848 --a------ c:\windows\system32\COMDLG32.OCX
2008-12-06 18:01 . 2008-12-06 18:01 <DIR> d-------- C:\videooutput
2008-12-06 18:01 . 2008-12-06 18:01 <DIR> d-------- c:\program files\Smallvideosoft
2008-12-06 18:01 . 2007-03-07 00:45 3,086,336 --a------ c:\windows\system32\NCMedia.dll
2008-12-06 18:01 . 2007-03-07 00:45 3,086,336 --a------ c:\windows\system32\flvvideo.dll
2008-12-06 18:01 . 2007-02-25 15:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2008-12-06 17:41 . 2008-12-06 17:41 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Xfire
2008-12-06 15:56 . 2008-12-06 15:56 <DIR> d-------- c:\program files\ImageConverter Plus
2008-12-06 15:56 . 2004-04-19 17:53 1,706,800 --a------ c:\windows\system32\gdiplus.dll
2008-12-06 15:56 . 2008-11-24 21:34 180,224 --a------ c:\windows\system32\cnvshell.dll
2008-12-06 04:32 . 2008-12-06 04:32 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Xfire
2008-12-05 23:26 . 2008-12-17 04:15 <DIR> d-------- c:\program files\Xfire
2008-12-05 23:26 . 2008-12-29 04:07 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Xfire
2008-11-29 19:31 . 1999-12-13 01:01 44,032 --a------ c:\windows\system32\CTSVCCDA.EXE
2008-11-29 19:31 . 1999-11-18 01:00 25,088 --a------ c:\windows\system32\CTSVCCTL.EXE
2008-11-29 19:26 . 2008-11-29 19:26 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Creative
2008-11-29 19:26 . 2008-11-29 19:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative
2008-11-29 19:24 . 2004-03-08 23:00 662,288 --a------ c:\windows\system32\Mscomct2.ocx
2008-11-29 19:24 . 2006-10-06 06:17 53,248 --------- c:\windows\Ctregrun.exe
2008-11-29 19:24 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2008-11-29 19:22 . 2008-11-29 19:32 <DIR> d--h----- c:\program files\Creative Installation Information
2008-11-29 19:22 . 2008-11-29 19:22 <DIR> d-------- c:\program files\Common Files\Creative
2008-11-29 19:22 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE
2008-11-29 19:21 . 2000-12-13 02:21 7,572,224 --a------ c:\windows\system32\CT8MGM.SF2
2008-11-29 18:37 . 2008-11-29 19:26 584 --a------ c:\windows\system32\settingsbkup.sfm
2008-11-29 18:37 . 2008-11-29 19:26 584 --a------ c:\windows\system32\settings.sfm
2008-11-29 18:35 . 2008-11-29 18:35 409,600 --a------ c:\windows\system32\wrap_oal.dll
2008-11-29 18:35 . 2008-11-29 18:35 114,688 --a------ c:\windows\system32\OpenAL32.dll
2008-11-29 18:34 . 2008-11-29 18:34 <DIR> d-------- c:\windows\system32\Data
2008-11-29 18:34 . 2008-11-29 19:24 <DIR> d-------- c:\program files\Creative
2008-11-29 18:34 . 2005-06-15 03:07 11,264 --a------ c:\windows\INRES.DLL
2008-11-29 18:34 . 2005-07-07 09:26 5,627 -ra------ c:\windows\system32\ludap17.ini
2008-11-29 18:34 . 2005-03-08 06:14 39 -ra------ c:\windows\system32\ctzapxx.ini
2008-11-29 18:26 . 2008-11-29 18:26 <DIR> d-------- C:\RM
2008-11-29 16:40 . 2008-11-29 16:40 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-29 16:38 . 2008-11-29 16:38 <DIR> d-------- c:\program files\Ubisoft
2008-11-29 15:49 . 2008-12-31 08:09 <DIR> d-------- c:\program files\Steam
2008-11-29 04:47 . 2008-12-28 23:07 137,688 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-29 04:47 . 2008-11-29 16:41 22,328 --a------ c:\documents and settings\jimbob\Application Data\PnkBstrK.sys
2008-11-29 04:46 . 2008-12-28 23:06 202,040 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-29 04:46 . 2008-11-29 15:07 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-28 19:48 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-11-28 19:48 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system\d3dx9_33.dll
2008-11-28 18:32 . 2008-11-28 18:32 <DIR> d-------- c:\program files\Paradox Interactive
2008-11-28 18:28 . 2008-11-28 20:13 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-28 18:27 . 2008-11-28 18:28 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-28 18:25 . 2008-11-28 18:25 <DIR> d-------- c:\documents and settings\jimbob\Application Data\DAEMON Tools
2008-11-28 18:25 . 2008-11-28 18:25 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-27 20:06 . 2008-11-27 20:06 <DIR> d-------- c:\program files\Activision
2008-11-27 19:21 . 2008-11-29 04:46 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-27 11:58 . 2008-11-27 11:58 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Media Player Classic
2008-11-27 11:57 . 2008-12-20 00:41 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-27 11:53 . 2004-08-04 12:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-26 11:55 . 2008-11-26 11:55 <DIR> d-------- c:\program files\LucasArts
2008-11-26 11:55 . 1997-01-18 10:40 299,520 --a------ c:\windows\uninst.exe
2008-11-26 11:53 . 2008-11-26 11:53 <DIR> d-------- c:\documents and settings\jimbob\WINDOWS
2008-11-25 23:33 . 2008-11-25 23:33 <DIR> d-------- c:\program files\id Software
2008-11-25 23:30 . 2008-11-25 23:30 <DIR> d--hs---- c:\windows\ftpcache
2008-11-24 22:11 . 2008-11-24 22:11 <DIR> d-------- c:\windows\nview
2008-11-24 22:11 . 2008-11-12 14:54 453,152 --a------ c:\windows\system32\nvudisp.exe
2008-11-24 22:11 . 2008-12-31 03:17 203,520 --a------ c:\windows\system32\nvapps.xml
2008-11-24 22:11 . 2008-11-12 14:54 18,537 --a------ c:\windows\system32\nvdisp.nvu
2008-11-24 22:03 . 2007-09-27 00:07 356,352 --a------ c:\windows\system32\nvunrm.exe
2008-11-24 22:03 . 2007-10-13 00:14 194,048 --a------ c:\windows\system32\fdco1.dll
2008-11-24 22:03 . 2007-10-13 00:15 54,144 -ra------ c:\windows\system32\drivers\NVENETFD.sys
2008-11-24 22:03 . 2007-09-27 00:07 37,376 -ra------ c:\windows\system32\nvconrm.dll
2008-11-24 22:03 . 2007-10-13 00:14 9,216 -ra------ c:\windows\system32\bdco1.dll
2008-11-24 22:03 . 2007-09-27 00:05 5,847 -ra------ c:\windows\system32\nvnrm.nvu
2008-11-24 22:02 . 2007-10-13 00:15 942,080 -ra------ c:\windows\system32\drivers\nvnrm.sys
2008-11-24 22:02 . 2008-11-12 13:45 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2008-11-24 22:02 . 2007-09-28 11:32 356,352 --a------ c:\windows\system32\nvusmb.exe
2008-11-24 22:02 . 2007-10-13 00:15 22,016 -ra------ c:\windows\system32\drivers\nvnetbus.sys
2008-11-24 22:02 . 2006-10-19 18:36 1,864 -ra------ c:\windows\system32\nvsmb.nvu
2008-11-23 15:57 . 2008-11-23 15:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\CCP
2008-11-23 15:51 . 2008-11-23 15:51 <DIR> d-------- c:\program files\CCP
2008-11-22 19:10 . 2008-11-22 19:10 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-11-22 19:10 . 2008-11-22 19:10 <DIR> d-------- c:\program files\JRE
2008-11-22 19:10 . 2008-11-22 19:10 <DIR> d-------- c:\documents and settings\jimbob\Application Data\OpenOffice.org
2008-11-22 19:09 . 2008-12-31 03:23 <DIR> d-------- c:\program files\Java
2008-11-22 19:09 . 2008-12-12 06:03 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-21 13:40 . 2008-11-21 13:40 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-20 20:11 . 2008-12-05 00:01 <DIR> d-------- c:\documents and settings\jimbob\Application Data\skypePM
2008-11-20 20:11 . 2008-11-20 20:11 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-20 20:10 . 2008-11-20 20:10 <DIR> d-------- c:\program files\Skype
2008-11-20 20:10 . 2008-11-20 20:10 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-20 20:10 . 2008-12-05 00:25 <DIR> d-------- c:\documents and settings\jimbob\Application Data\Skype
2008-11-20 20:10 . 2008-11-20 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-11-20 19:41 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-11-20 17:35 . 2008-12-20 22:58 <DIR> d-------- C:\Warhammer Online - Age of Reckoning
2008-11-20 15:20 . 2008-11-20 15:20 <DIR> d-------- c:\program files\Common Files\SWF Studio
2008-11-20 12:03 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-11-19 10:43 315,392 ----a-w c:\windows\HideWin.exe
2008-11-19 06:18 --------- d-----w c:\program files\microsoft frontpage
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
2008-10-13 09:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll
2008-10-07 09:13 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll
2008-10-07 09:13 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-10-07 09:13 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
2008-10-07 09:13 23,320 ----a-w c:\windows\system32\PhysXDevice.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-30_ 6.08.45.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-31 03:17:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_108.dat
+ 2008-12-31 03:17:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_154.dat
+ 2008-12-31 03:17:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_70c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Steam"="c:\program files\Steam\Steam.exe" [2008-11-29 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"winampagent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"updreg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"nvmediacenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"nvcpldaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"ctsysvol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"p17helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]

c:\documents and settings\jimbob\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2008-12-11 2990416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-19 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-19 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20e71c27-b5ee-11dd-93ce-806d6172696f}]
\Shell\AutoRun\command - D:\AutorunPlayer.exe RightAutorunPro.dat

*Newly Created Service* - APPMGMT
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\jimbob\Application Data\Mozilla\Firefox\Profiles\nea2j9z6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\documents and settings\jimbob\Application Data\Mozilla\Firefox\Profiles\nea2j9z6.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 19:29:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-31 19:29:38
ComboFix-quarantined-files.txt 2008-12-31 19:29:23
ComboFix2.txt 2008-12-31 03:29:09
ComboFix3.txt 2008-12-30 06:08:59

Pre-Run: 347,282,759,680 bytes free
Post-Run: 347,321,147,392 bytes free

255 --- E O F --- 2008-12-13 04:15:33




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 31, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 31, 2008 06:26:17
Records in database: 1536423
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 76756
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 00:57:26


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe Infected: Trojan.Win32.FraudPack.iwp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dghtlsie.dll.vir Infected: Trojan.Win32.Pakes.mkn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ndvotqpt.dll.vir Infected: Trojan.Win32.Pakes.mlu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tyshb36rfjdf.dll.vir Infected: Trojan-Downloader.Win32.Small.ahzt 1

The selected area was scanned.

[Clark76]

Logs look good. The only thing Kaspersky found was some items in ComboFix's quarantine which we will take care of now.

---------------------

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

------------------------

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[mephistophilus]

final step completed. thank you so much for your help

[Clark76]

Glad I could help and happy New Year