PC Slow - IE opens by itself - pages do not load completely

[DarkBlood]

Running Windows XP SP2
using firefox, safari and netscape browsers (IE No longer functions)
When surfing to a web page, no matter which of the other 3 browsers I am using, IE attempts to open a page then crashes.

Also, web pages do not fully load or I have to reload them 3 or 4 times to get them to fully load.

Here are the requested logs:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Tillman at 12:52:32.88 on Fri 04/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1321 [GMT -4:00]

AV: avast! antivirus 4.7.1098 [VPS 090409-0] *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\Tablet.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Documents and Settings\Tillman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page =
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [<NO NAME>]
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CPM1b1c9a4f] Rundll32.exe "c:\windows\system32\topipega.dll",a
mRun: [fabuzupuwe] Rundll32.exe "c:\windows\system32\lesopuvi.dll",s
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
dRunOnce: [Google Updater] c:\program files\google\google updater\GoogleUpdater.exe
StartupFolder: c:\docume~1\tillman\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: &Subscribe with ArchosLink - file://c:\program files\archos\archoslink\\script.js
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
Trusted Zone: trymedia.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186001365765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~4\goec62~1.dll c:\windows\system32\junipine.dll c:\windows\system32\topipega.dll,c:\windows\system32\jutolatu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\topipega.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\topipega.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli c:\windows\system32\jutolatu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tillman\applic~1\mozilla\firefox\profiles\b04m0hnf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npcosmop211.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: network.proxy.type - 0

============= SERVICES / DRIVERS ===============

R0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\drivers\amdacpi.sys [2007-8-5 13824]
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-7-29 40840]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [2007-8-5 21632]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-7-29 10872]
R1 IkSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-7-29 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-7-29 81288]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\applications\virtualcd control panel\VCdRom.sys [2007-8-18 8576]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-11-7 140664]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-3-29 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-3-29 1079176]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 Alpham1;Ideazon Fang USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-3-20 42240]
R3 Alpham2;Ideazon Fang MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-3-20 18432]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-11-7 247160]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-11-7 345464]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2006-9-7 10112]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-12-23 468768]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-3 33752]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-29 29744]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2008-12-21 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2008-12-21 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2008-12-21 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2008-12-21 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2008-12-21 98696]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

=============== Created Last 30 ================

2009-04-09 12:59 <DIR> --d----- c:\docume~1\tillman\applic~1\OpenLife
2009-04-09 11:50 <DIR> --d----- c:\program files\OpenLife R16_3
2009-04-08 14:05 <DIR> --dsh--- c:\documents and settings\tillman\PrivacIE
2009-04-08 14:01 <DIR> --dsh--- c:\documents and settings\tillman\IETldCache
2009-04-08 12:58 <DIR> -cd-h--- c:\windows\ie8
2009-04-08 12:57 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-04-06 11:29 253,952 a------- c:\program files\Uninstall My Search Bar.dll
2009-04-06 11:26 241,664 a------- c:\program files\Uninstall Ask Toolbar.dll
2009-04-03 10:58 1,438,711 ---sh--- c:\windows\system32\igomujur.ini2
2009-04-03 10:55 1,428,591 ---sh--- c:\windows\system32\igomujur.tmp
2009-04-03 10:55 1,428,582 ---sh--- c:\windows\system32\igomujur.ini
2009-04-02 22:58 49,152 a--sh--- c:\windows\system32\hayifijo.dll
2009-04-02 12:47 244 a---h--- C:\sqmnoopt12.sqm
2009-04-02 12:47 232 a---h--- C:\sqmdata12.sqm
2009-03-21 08:59 <DIR> --d----- c:\program files\iPod
2009-03-21 08:59 <DIR> --d----- c:\program files\iTunes
2009-03-21 08:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

==================== Find3M ====================

2009-04-08 07:51 61,440 a--sh--- c:\windows\system32\rorivano.exe
2009-04-06 23:16 87,552 a--sh--- c:\windows\system32\topipega.dll
2009-04-03 10:55 61,440 a--sh--- c:\windows\system32\davaruye.exe
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-05 12:52 71,976 a------- c:\docume~1\tillman\applic~1\GDIPFONTCACHEV1.DAT
2008-05-18 21:27 0 a------- c:\program files\error.dat
2008-02-08 14:58 56,912 a------- c:\documents and settings\tillman\g2mdlhlpx.exe
2006-07-28 18:22 32 a--sh--- c:\windows\sminst\HPCD.SYS
2009-01-05 22:56 61,440 a--sh--- c:\windows\system32\dositesu.exe
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2009-01-06 10:57 61,440 a--sh--- c:\windows\system32\hunawaze.exe
2009-01-02 10:54 79,872 a--sh--- c:\windows\system32\jijawomu.dll
2009-01-02 10:54 49,152 a--sh--- c:\windows\system32\lurosuno.dll
2009-01-03 22:55 61,440 a--sh--- c:\windows\system32\matujako.exe
2009-01-01 22:54 76,852 a--sh--- c:\windows\system32\miyusepu.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2009-01-04 10:55 61,440 a--sh--- c:\windows\system32\navipiwu.exe
2009-01-04 22:55 61,440 a--sh--- c:\windows\system32\sayiruwu.exe
2009-01-02 22:55 79,872 a--sh--- c:\windows\system32\sibofuda.dll
2009-01-05 10:56 61,440 a--sh--- c:\windows\system32\vepuhuje.exe
2009-01-02 10:54 87,552 a--sh--- c:\windows\system32\vufofeso.dll
2009-01-02 22:55 61,440 a--sh--- c:\windows\system32\wipotazi.exe
2009-01-02 22:55 49,152 a--sh--- c:\windows\system32\yuhunufu.dll
2009-01-02 22:55 87,552 a--sh--- c:\windows\system32\zonodegu.dll

============= FINISH: 12:53:33.28 ===============

[Angelfire777]

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[DarkBlood]

ok, ran combofix.. results attached

ComboFix 09-04-13.07 - Tillman 2009-04-12 19:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1357 [GMT -4:00]
Running from: c:\documents and settings\Tillman\Desktop\New Downloads\ComboFix.exe
AV: avast! antivirus 4.7.1098 [VPS 090412-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\_000792_.tmp.dll
c:\windows\system32\hayifijo.dll
c:\windows\system32\igomujur.ini
c:\windows\system32\igomujur.ini2
c:\windows\system32\igomujur.tmp
c:\windows\system32\jijawomu.dll
c:\windows\system32\lurosuno.dll
c:\windows\system32\miyusepu.dll
c:\windows\system32\sibofuda.dll
c:\windows\system32\topipega.dll
c:\windows\system32\vufofeso.dll
c:\windows\system32\yuhunufu.dll
c:\windows\system32\zonodegu.dll
D:\Autorun.inf
L:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-09 16:59 . 2009-04-09 17:03 -------- d-----w c:\documents and settings\Tillman\Application Data\OpenLife
2009-04-09 15:50 . 2009-04-09 15:51 -------- d-----w c:\program files\OpenLife R16_3
2009-04-08 18:05 . 2009-04-08 18:05 -------- d-sh--w c:\documents and settings\Tillman\PrivacIE
2009-04-08 18:02 . 2009-04-08 18:02 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-08 18:01 . 2009-04-08 18:01 -------- d-sh--w c:\documents and settings\Tillman\IETldCache
2009-04-08 16:58 . 2009-04-08 17:02 -------- dc-h--w c:\windows\ie8
2009-04-08 16:57 . 2009-04-08 17:03 -------- d--h--w c:\windows\msdownld.tmp
2009-04-08 16:48 . 2009-04-11 13:59 -------- d-----w c:\documents and settings\Tillman\Application Data\Netscape
2009-04-06 15:29 . 2009-01-22 02:46 253952 ----a-w c:\program files\Uninstall My Search Bar.dll
2009-04-06 15:26 . 2008-02-26 15:31 241664 ----a-w c:\program files\Uninstall Ask Toolbar.dll
2009-04-02 16:47 . 2009-04-02 16:47 244 ---ha-w C:\sqmnoopt12.sqm
2009-04-02 16:47 . 2009-04-02 16:47 232 ---ha-w C:\sqmdata12.sqm
2009-03-25 02:50 . 2009-03-25 02:51 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-21 12:59 . 2009-03-21 12:59 -------- d-----w c:\program files\iPod
2009-03-21 12:59 . 2009-03-21 13:00 -------- d-----w c:\program files\iTunes
2009-03-21 12:59 . 2009-03-21 13:00 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 23:18 . 2007-08-20 01:55 -------- d-----w c:\documents and settings\Tillman\Application Data\WTablet
2009-04-12 15:56 . 2007-07-30 01:26 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-11 20:34 . 2007-08-20 22:34 -------- d-----w c:\documents and settings\LocalService\Application Data\WTablet
2009-04-11 14:02 . 2005-12-23 23:09 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-11 13:47 . 2008-10-18 13:11 -------- d-----w c:\program files\Norton Security Scan
2009-04-11 05:47 . 2007-11-14 10:18 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-10 16:10 . 2007-07-30 01:40 -------- d-----w c:\program files\Spyware Doctor
2009-04-08 17:02 . 2008-02-01 23:48 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-08 17:02 . 2008-02-01 23:47 -------- d-----w c:\program files\Yahoo!
2009-04-08 17:02 . 2008-03-11 21:18 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-08 11:51 . 2009-01-08 11:51 61440 --sha-w c:\windows\system32\rorivano.exe
2009-04-06 16:46 . 2008-03-11 21:18 -------- d-----w c:\documents and settings\Tillman\Application Data\Yahoo!
2009-04-06 16:33 . 2008-06-17 20:02 -------- d-----w c:\program files\SmartDraw 2008
2009-04-06 16:08 . 2005-12-23 22:23 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 15:54 . 2005-12-23 23:09 -------- d-----w c:\program files\Symantec
2009-04-06 15:34 . 2005-12-23 23:09 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-03 14:55 . 2009-01-03 14:55 61440 --sha-w c:\windows\system32\davaruye.exe
2009-03-27 18:28 . 2007-07-30 23:38 -------- d-----w c:\documents and settings\Tillman\Application Data\U3
2009-03-21 12:59 . 2007-07-31 01:54 -------- d-----w c:\program files\Common Files\Apple
2009-03-21 12:55 . 2007-07-31 02:04 -------- d-----w c:\program files\QuickTime
2009-03-21 12:43 . 2008-03-19 21:35 -------- d-----w c:\program files\Safari
2009-03-21 12:41 . 2008-04-15 15:02 -------- d-----w c:\program files\Bonjour
2009-03-18 21:45 . 2008-03-21 18:53 24 ----a-w C:\url_history.xml
2009-03-13 23:02 . 2009-03-13 20:45 1903 ----a-w C:\Connector-2009-03-13.log
2009-03-13 01:05 . 2009-03-12 19:13 1038 ----a-w C:\Connector-2009-03-12.log
2009-03-12 00:11 . 2009-03-12 00:11 173 ----a-w C:\Connector-2009-03-11.log
2009-03-08 18:09 . 2004-08-10 12:00 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 18:09 . 2004-08-10 12:00 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 08:41 . 2004-08-10 12:00 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 08:39 . 2007-04-25 08:41 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 08:34 . 2004-08-10 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-10 12:00 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 08:34 . 2004-08-10 12:00 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 08:34 . 2004-08-10 12:00 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 08:34 . 2004-08-10 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:34 . 2004-08-10 12:00 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 08:34 . 2004-08-10 12:00 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 08:34 . 2004-08-10 12:00 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 08:34 . 2004-08-10 12:00 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 08:33 . 2004-08-10 12:00 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 08:33 . 2004-08-10 12:00 18944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-03-08 08:33 . 2004-08-10 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-10 12:00 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 08:33 . 2004-08-10 12:00 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 08:33 . 2004-08-10 12:00 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 08:33 . 2004-08-10 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:33 . 2004-08-10 12:00 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 08:33 . 2004-08-10 12:00 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 08:32 . 2004-08-10 12:00 72704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 08:32 . 2004-08-10 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-10 12:00 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 08:32 . 2004-08-10 12:00 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 08:32 . 2004-08-10 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:32 . 2004-08-10 12:00 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 08:32 . 2004-08-10 12:00 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 08:32 . 2004-08-10 12:00 128512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 08:32 . 2004-08-10 12:00 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 08:32 . 2007-04-25 08:41 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 08:32 . 2007-04-25 08:41 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 08:32 . 2004-08-10 12:00 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 08:24 . 2004-08-10 12:00 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 08:22 . 2004-08-10 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 08:22 . 2004-08-10 12:00 156160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 08:11 . 2007-04-25 08:41 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-02-09 10:19 . 2004-08-10 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:19 . 2004-08-10 12:00 1846272 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-07 01:07 . 2007-04-17 09:28 3698584 ----a-w c:\windows\system32\dllcache\ieapfltr.dat
2009-02-05 16:52 . 2007-10-01 22:04 71976 ----a-w c:\documents and settings\Tillman\Application Data\GDIPFONTCACHEV1.DAT
2009-01-23 02:58 . 2009-01-23 02:58 3584 --sha-w C:\Thumbs.db
2008-12-08 03:07 . 2005-12-23 22:39 71976 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-05-19 01:27 . 2008-05-19 01:27 0 ----a-w c:\program files\error.dat
2008-02-08 18:58 . 2008-02-08 18:58 56912 ----a-w c:\documents and settings\Tillman\g2mdlhlpx.exe
2007-08-07 01:02 . 2007-07-30 10:55 130 ----a-w c:\documents and settings\Tillman\Local Settings\Application Data\fusioncache.dat
2007-07-30 01:17 . 2007-07-29 23:58 139 ----a-w c:\documents and settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2005-12-23 22:57 . 2007-07-30 10:55 50280 ----a-w c:\documents and settings\Tillman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-12-23 22:57 . 2007-07-29 23:58 50280 ----a-w c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-12-23 22:09 . 2005-12-23 22:09 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2008-04-28 22:2008-02-09 02:47 15:02 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-03 14:55 . 2009-01-03 14:55 61440 --sha-w c:\windows\system32\davaruye.exe
2009-04-08 11:51 . 2009-01-08 11:51 61440 --sha-w c:\windows\system32\rorivano.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-25 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13570048]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-27 86016]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
"WD Button Manager"="WDBtnMgr.exe" [2007-07-30 c:\windows\system32\WDBtnMgr.exe]
"nwiz"="nwiz.exe" [2008-07-27 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2009-03-24 161776]

c:\documents and settings\Tillman\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-05-28 115200]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]
Yahoo! Messenger.lnk - c:\program files\Yahoo!\Messenger\YahooMessenger.exe [2008-02-01 4363504]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
R3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-28 29744]
R3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
R3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
R3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
R3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
R3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\DRIVERS\AmdAcpi.sys [2005-02-14 13824]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys [2005-05-06 21632]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\applications\VirtualCD Control Panel\VCdRom.sys [2001-12-19 8576]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 Alpham1;Ideazon Fang USB Human Interface Device;c:\windows\system32\DRIVERS\Alpham1.sys [2007-03-20 42240]
S3 Alpham2;Ideazon Fang MM USB Human Interface Device;c:\windows\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2006-09-07 10112]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\DRIVERS\wn5301.sys [2005-10-05 468768]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\Autoplay.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0749a023-74e2-11dc-9c7a-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0749a025-74e2-11dc-9c7a-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0749a026-74e2-11dc-9c7a-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0749a027-74e2-11dc-9c7a-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b990bc3-87f2-11dd-9d40-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b990bce-87f2-11dd-9d40-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ea3640e-6e04-11dd-9d34-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21ac-72fb-11dc-9c71-0013d3ba7e94}]
\Shell\AutoRun\command - K:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21ad-72fb-11dc-9c71-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21b3-72fb-11dc-9c71-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21bf-72fb-11dc-9c71-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21c9-72fb-11dc-9c71-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21ca-72fb-11dc-9c71-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21ed-72fb-11dc-9c71-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e220b-72fb-11dc-9c71-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af4f555d-befb-11dc-9cbe-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b63f7f-7037-11dc-9c70-0013d3ba7e94}]
\Shell\AutoRun\command - K:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0ca81c-9339-11dd-9d5d-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0ca81d-9339-11dd-9d5d-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0ca81e-9339-11dd-9d5d-0013d3ba7e94}]
\Shell\AutoRun\command - G:\start.htm

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2009-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 14:10]

2009-04-07 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-fabuzupuwe - c:\windows\system32\lesopuvi.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Subscribe with ArchosLink - file://c:\program files\Archos\ArchosLink\\script.js
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Tillman\Application Data\Mozilla\Firefox\Profiles\b04m0hnf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcosmop211.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: network.proxy.type - 0
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 19:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,ed,24,e5,c4,d9,
64,f7,50,c8,28,51,af,b0,29,a3,98,a7,17,ce,ce,1e,dc,09,92,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,d5,e0,92,53,fd,
49,94,5c,71,3b,04,66,8b,46,0d,96,e3,2c,67,0d,e2,59,a1,ff,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,c8,42,2c,29,cf,
ef,83,e0,25,da,ec,7e,55,20,c9,26,46,75,43,8d,be,fc,b7,8f,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,91,74,00,fe,48,
59,70,45,3e,1e,9e,e0,57,5a,93,61,12,3a,e2,c1,75,ea,70,be,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,5a,d6,82,da,3f,
ae,42,ef,cd,44,cd,b9,a6,33,6c,cd,c4,f0,e8,9d,a6,a9,95,7f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,9a,da,65,c6,32,
5f,73,10,b0,18,ed,a7,3f,8d,37,a4,ed,06,0a,4c,c7,0c,e4,ee,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,9c,90,dd,73,8e,
ce,aa,7a,31,77,e1,ba,b1,f8,68,02,e3,b2,94,f2,85,c4,bf,52,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,43,32,34,26,60,
10,dc,98,83,6c,56,8b,a0,85,96,ab,9e,6e,f9,a8,97,29,a6,b0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,6c,37,42,43,46,
cc,12,75,51,fa,6e,91,28,9e,14,cc,78,47,0a,c2,bf,0b,ea,11,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,41,7b,38,82,81,
af,7b,d1,b1,cd,45,5a,a8,c4,f8,b9,00,fe,17,b8,d4,83,72,f8,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,58,a1,a9,1e,9c,
9c,1d,4b,e3,0e,66,d5,eb,bc,2f,6b,29,d6,ca,fb,fa,bc,95,ba,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,f1,83,18,ec,9c,
b3,50,49,fa,ea,66,7f,d4,3b,6b,70,e6,5d,d6,1f,c2,aa,86,2c,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5848)
c:\windows\system32\ieframe.dll
c:\program files\Sony Ericsson\Mobile2\File Manager\FM.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Common Files\Teleca Shared\tlib_log.dll
c:\program files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
c:\program files\Common Files\Teleca Shared\TC Device Mgmt.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\Tablet.exe
c:\program files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\DISC\DiscGui.exe
c:\windows\system32\rundll32.exe
c:\program files\DISC\DiscStreamHub.exe
c:\windows\system32\ps2.EXE
c:\windows\ALCXMNTR.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe
c:\windows\system\hpsysdrv.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Java\jre1.5.0_05\bin\jusched.exe
c:\program files\Java\jre1.5.0_05\bin\jucheck.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Windows Desktop Search\WindowsSearchFilter.exe
.
**************************************************************************
.
Completion time: 2009-04-13 19:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-13 23:30

Pre-Run: 174,399,860,736 bytes free
Post-Run: 175,502,217,216 bytes free

458 --- E O F --- 2009-03-12 09:02

[Angelfire777]

Hi,

Do you still have Norton installed?

Please uninstall AVG Anti-Spyware 7.5 from control panel > add or remove programs since it's no longer supported by AVG as a stand alone app.


*Open notepad.
Copy and paste the text inside the code box below to notepad

Code:

File::
c:\Program Files\Uninstall My Search Bar.dll
c:\Program Files\Uninstall Ask Toolbar.dll
c:\windows\system32\rorivano.exe
c:\windows\system32\davaruye.exe
Driver::
SCREAMINGBDRIVER
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0749a023-74e2-11dc-9c7a-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0749a025-74e2-11dc-9c7a-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0749a026-74e2-11dc-9c7a-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0749a027-74e2-11dc-9c7a-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b990bc3-87f2-11dd-9d40-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b990bce-87f2-11dd-9d40-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ea3640e-6e04-11dd-9d34-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21ac-72fb-11dc-9c71-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21ad-72fb-11dc-9c71-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21b3-72fb-11dc-9c71-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21bf-72fb-11dc-9c71-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21c9-72fb-11dc-9c71-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21ca-72fb-11dc-9c71-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e21ed-72fb-11dc-9c71-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262e220b-72fb-11dc-9c71-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af4f555d-befb-11dc-9cbe-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b63f7f-7037-11dc-9c70-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0ca81c-9339-11dd-9d5d-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0ca81d-9339-11dd-9d5d-0013d3ba7e94}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb0ca81e-9339-11dd-9d5d-0013d3ba7e94}]
Regnull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
DDS::
Trusted Zone: trymedia.com

• Save and Name it as "CFScript"
• Drag and drop CFScript.txt to your copy of combofix.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.


*Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 13.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 13".
• Click the "Download" button to the right.
• For Platform, select "Windows"
• For language, select your language
• Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
• Click Continue
• Click on the link to download Windows Offline Installation and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  • J2SE Runtime Environment 5.0 Update 5
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

*Next, it's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

On your next reply, please include a

• kaspersky scan log
• combofix log

[DarkBlood]

1. Norton is no longer installed. It expired and I replaced with with Avast.

2. AVG AntiSpyware WAS already uninstalled, or should have been

3. Here's the Kaspersky and the new ComboFix logs...

[Angelfire777]

Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type clean.bat in the File name and save it to your desktop.

Code:

@echo off 
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in ( 
"C:\Program Files\Mozilla Firefox\~.exe"
"C:\WINDOWS\system32\dositesu.exe"
"C:\WINDOWS\system32\goluposi.dll.tmp"
"C:\WINDOWS\system32\hitewohe.dll.tmp"
"C:\WINDOWS\system32\hunawaze.exe"
"C:\WINDOWS\system32\matujako.exe"
"C:\WINDOWS\system32\navipiwu.exe"
"C:\WINDOWS\system32\sayiruwu.exe"
"C:\WINDOWS\system32\vepuhuje.exe"
"C:\WINDOWS\system32\wipotazi.exe"
"L:\BACKUP MAIN HD 040509\Downloads\freeripmp3.exe"
) do ( 
del /a/f/q %%g 
if exist %%g echo.%%g >>"%temp%\log.txt" 
)>nul 2>&1 

if exist "%temp%\log.txt" (start notepad "%temp%\log.txt" 
) else echo.Deleted Successfully! 
echo. 
pause 
del %0

Locate clean.bat on your Desktop and double-click on it. Tell me what it says.

also, let me know how's it running.

[DarkBlood]

results of the batch are:

Deleted Successfully!
Press any key to continue...

it seems to be running much better now, at least no more auto-pop-ups of IE when I'm changing pages in Firefox.

Thank you.

Is there anything else I need to do?

[Angelfire777]

Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Read TonyKlein's How Did I Get Infected In The First Place?.

Please check out miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.

[DarkBlood]

thank you for all your help. My PC seems to be 100% again. Thank You Thank You Thank you. You and this forum are a life saver.