Unknown Malware - Can't download and install updates

Hi,

I tried to download the latest acrobat, windows updates, malware bytes, and wasn't successfull - there's something that is not letting this happen. My automatic updates from windows is turned off even though I turn it on every couple of minutes. Also I have tried to start via safemode with networking and it is not letting me. A couple of popups are also coming in and out every now and then. I am hoping you guys can help me with this. Below is the logfile.

Thanks in advance for your assistance. Much appreciated!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:06 PM, on 10/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\INITIO\Button Manager v1.874\inihid.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [fazirowak] Rundll32.exe "c:\windows\system32\bofofevu.dll",a
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Button Manager v1.874.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent Customer ActiveX Control version 3) - https://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {C652C868-EEA2-4AA7-8461-2621AB0457FA} (Rviewer Control) - http://www.productiveconsultants.com/RViewer.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://69.66.104.110/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\bofofevu.dll,terobugo.dll
O21 - SSODL: fagelavab - {5a947ca3-c261-4f86-8b2b-dbac4db7e4b4} - c:\windows\system32\bofofevu.dll
O22 - SharedTaskScheduler: tokatiluy - {5a947ca3-c261-4f86-8b2b-dbac4db7e4b4} - c:\windows\system32\bofofevu.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 16592 bytes

Hi JMBTopGun, and welcome back to GeekPolice.

Please do the following:

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Thanks DragonMaster Jay for your reply. Ran the combofix which took almost 50 minutes. Also it took quite a while to boot up and it seemed to have updated some windows updates. Also gave me a couple of loading errors: sesisuvo.dll and bofofevu.dll. Below is the log file. Thanks again!!

ComboFix 09-10-28.06 - Owner 10/29/2009 9:28:42.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.146 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\desktop\commy.exe
Command switches used :: /stepdel
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Owner\LOCALS~1\Temp\IadHide4.dll
C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll
C:\RECYCLER\S-1-5-21-375365656-221509221-169222576-1003
C:\WINDOWS\desktop
C:\WINDOWS\system32\ps2.bat
C:\WINDOWS\viassary-hp.reg
C:\$$CIHTTP.TMP
C:\Program Files\INSTALL.LOG
C:\RECYCLER\S-1-5-21-375365656-221509221-169222576-1003\desktop.ini
C:\RECYCLER\S-1-5-21-375365656-221509221-169222576-1003\INFO2
C:\WINDOWS\desktop\The Little Prince.lnk
C:\WINDOWS\system32\bewatota.dll
c:\windows\system32\bofofevu.dll
C:\WINDOWS\system32\daleseso.dll
C:\WINDOWS\system32\defadato.dll
C:\WINDOWS\system32\dimiyina.dll
C:\WINDOWS\system32\nakokote.dll
C:\WINDOWS\system32\royoneyu.dll
C:\WINDOWS\system32\ruhufuga.dll
C:\WINDOWS\system32\sesisuvo.dll
C:\WINDOWS\system32\terobugo.dll
C:\WINDOWS\system32\vewihene.dll
C:\WINDOWS\system32\waduyeso.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-29 13:06:38 . 2009-10-29 13:06:38 0 d-sh--w- C:\Documents and Settings\LocalService\IETldCache
2009-10-29 02:18:16 . 2009-10-29 02:18:16 0 d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
2009-10-29 01:54:42 . 2009-10-29 01:56:54 0 d-----w- C:\Program Files\Windows Live Safety Center
2009-10-28 23:27:03 . 2009-10-29 00:08:02 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-28 13:53:55 . 2009-10-28 13:53:55 0 d-sh--w- C:\Documents and Settings\Owner\PrivacIE
2009-10-28 13:45:57 . 2009-10-28 13:45:57 0 d-sh--w- C:\Documents and Settings\Owner\IETldCache
2009-10-28 03:34:48 . 2009-10-28 03:39:13 0 dc-h--w- C:\WINDOWS\ie8
2009-10-27 03:34:29 . 2009-07-28 20:33:56 55656 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2009-10-27 03:34:29 . 2009-03-30 14:33:07 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2009-10-27 03:34:29 . 2009-02-13 16:29:11 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2009-10-27 03:34:28 . 2009-02-13 16:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2009-10-27 03:34:18 . 2009-10-27 03:34:18 0 d-----w- C:\Program Files\Avira
2009-10-27 03:34:18 . 2009-10-27 03:34:18 0 d-----w- C:\Documents and Settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 14:03:52 . 2005-02-20 16:50:25 0 d-----w- C:\Documents and Settings\Owner\Application Data\Skype
2009-10-29 14:02:57 . 2008-03-30 01:36:04 0 d-----w- C:\Documents and Settings\Owner\Application Data\skypePM
2009-10-29 13:27:48 . 2004-04-03 02:42:28 0 d-----w- C:\Program Files\Common Files\Symantec Shared
2009-10-28 23:39:29 . 2004-09-08 18:47:04 0 d-----w- C:\Documents and Settings\Owner\Application Data\Aim
2009-10-27 22:41:16 . 2004-09-08 00:10:16 0 d-----w- C:\Program Files\Common Files\Adobe
2009-10-27 22:35:32 . 2004-04-02 21:11:18 0 d-----w- C:\Program Files\Java
2009-10-18 20:51:04 . 2008-03-14 13:45:15 20 ---h--w- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2009-10-18 20:51:04 . 2008-03-14 13:34:48 20 ---h--w- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2009-10-18 14:08:29 . 2009-08-16 00:45:22 0 d-----w- C:\Program Files\Palm
2009-09-11 14:18:39 . 2004-04-13 16:19:31 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll
2009-09-10 23:39:31 . 2009-07-18 14:24:51 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-09-04 21:03:36 . 2004-04-02 18:41:23 58880 ----a-w- C:\WINDOWS\system32\msasn1.dll
2009-08-26 08:00:21 . 2004-04-13 16:20:18 247326 ----a-w- C:\WINDOWS\system32\strmdll.dll
2009-08-05 09:01:48 . 2002-12-12 15:14:32 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 15:13:08 . 2004-04-02 18:41:28 2145280 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-04 14:20:09 . 2002-08-29 08:04:56 2023936 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2005-05-26 19:35:42 . 2008-01-03 18:58:33 1422 ----a-w- C:\Program Files\ReadMe.txt
2005-04-30 00:12:13 . 2005-04-30 00:10:49 7336 ----a-w- C:\Program Files\DeIsL1.isu
2008-07-01 14:31:41 . 2008-07-01 14:31:41 0 --sha-w- C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 22:51:28 3885408]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2004-11-10 04:51:22 95456]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 10:46:37 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2005-01-09 00:29:08 20480]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 21:22:12 21898024]
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [2006-06-01 02:36:59 1003520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-02-16 17:41:16 148888]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04:38 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02:48 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-04-02 22:11:19 151597]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43:46 233472]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-09-15 01:02:18 70776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-13 03:13:20 98304]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 12:38:42 241664]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2004-11-10 04:51:22 95456]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-05-22 00:11:22 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 16:09:50 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 16:03:18 217088]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 20:49:00 49152]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 06:01:00 110592]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2007-03-27 14:33:10 2061816]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-01-05 20:18:48 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-03-13 00:56:58 342312]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 17:08:47 209153]
"VTTimer"="VTTimer.exe" - C:\WINDOWS\system32\VTTimer.exe [2004-10-22 15:53:06 53248]
"AGRSMMSG"="AGRSMMSG.exe" - C:\WINDOWS\AGRSMMSG.exe [2004-06-29 13:06:38 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 17:47:52 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2008-04-14 00:12:28 78848]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
IMStart.lnk - C:\Program Files\InterMute\IMStart.exe [2004-4-2 57344]
PowerReg Scheduler V3.exe [2005-12-2 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Button Manager v1.874.lnk - C:\Program Files\INITIO\Button Manager v1.874\inihid.exe [2008-1-3 200704]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-4-2 16384]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2008-1-3 1392640]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2004-9-8 73728]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-1-8 450560]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-3-14 118784]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-7-30 57344]
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-1-3 270336]

Please run Trend Micro Housecall online scan.

• Click Scan now.
  
• Read and put a Check next to Yes I accept the terms of use.
  
• Click the Launching HouseCall>> button.
  
• If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
  
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  
• Please be patient while it installs, updates, and scans your system.
  
• Once the scan is complete, it will take you to the summary page.
  
• Under Cleanup options, choose clean all detected infections automatically.
  
• Click the Clean now>> button.
  
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

Ok, downloaded the house call and ran the scan. It found one trojan - TROJ_GENERIC.A - and cleaned it up. I have re-started the computer. Will wait for your next instructions. Thanks!!

To uninstall ComboFix

• Click the Start button. Click Run.
  
• In the field, type in ComboFix /u

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

NEXT


Please download CKScanner by askey127 from here

Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

NEXT


Please download Rooter and Save it to your desktop

1. Double click it to start the tool.
   
2. Click Scan.
   
3. Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
   

==

Please let me know how your computer is running, and also make sure to include the CKScanner log and the Rooter log.

The computer seems to be running very well. Everything seems to be working - I was able to download Malwarebytes and run it as well. It found another virus and took care of it. Below you will find the logs that you asked for. Thanks very much for your help!!! Let me know if there's anything else I should do.


CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\owner\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\documents and settings\owner\my documents\borrero\pfizer\borreroj\application data\macromedia\flash player\#sharedobjects\bl225a6b\crackle.com\cracklesettings.sol
c:\documents and settings\owner\my documents\borrero\pfizer\borreroj\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\documents and settings\owner\my documents\my music\itunes\itunes music\compilations\bandstand christmas holiday swing\09 nutcracker.m4a
c:\documents and settings\owner\my documents\my music\itunes\itunes music\compilations\my ballerina album\2-04 tchaikovsky_ nutcracker suite 1.m4a
c:\documents and settings\owner\my documents\my music\itunes\itunes music\compilations\my ballerina album\2-05 tchaikovsky_ the nutcracker sui.m4a
c:\documents and settings\owner\my documents\my music\itunes\itunes music\compilations\my ballerina album\2-06 tchaikovsky_ nutcracker suite 1.m4a
c:\documents and settings\owner\my documents\my music\itunes\itunes music\compilations\my ballerina album\2-07 tchaikovsky_ the nutcracker sui.m4a
c:\documents and settings\owner\my documents\my music\itunes\itunes music\compilations\my ballerina album\2-08 tchaikovsky_ nutcracker suite 1.m4a
c:\documents and settings\owner\my documents\my music\itunes\itunes music\compilations\my ballerina album\2-09 tchaikovsky_ the nutcracker sui.m4a
c:\documents and settings\owner\my documents\my music\itunes\itunes music\compilations\my ballerina album\2-10 tchaikovsky_ nutcracker suite 1.m4a
c:\documents and settings\owner\my documents\my music\itunes\itunes music\compilations\my ballerina album\2-11 nutcracker--dance of the reeds.m4a
scanner sequence 3.ZZ.11
----- EOF -----

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 10 Stepping 0, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
C:\ [fȋxed-NTFS] .. ( Total:182 Go - Free:96 Go )
D:\ [fȋxed-FAT32] .. ( Total:4 Go - Free:0 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
G:\ [Removable]
I:\ [Removable]
J:\ [Removable]
K:\ [Removable]
L:\ [Removable]
.
Scan : 23:22.19
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (600)
______ \??\C:\WINDOWS\system32\csrss.exe (676)
______ \??\C:\WINDOWS\system32\winlogon.exe (700)
______ C:\WINDOWS\system32\services.exe (744)
______ C:\WINDOWS\system32\lsass.exe (756)
______ C:\WINDOWS\system32\svchost.exe (936)
______ C:\WINDOWS\system32\svchost.exe (1008)
______ C:\WINDOWS\System32\svchost.exe (1104)
______ C:\WINDOWS\System32\svchost.exe (1184)
______ C:\WINDOWS\system32\svchost.exe (1348)
______ C:\WINDOWS\Explorer.EXE (1532)
______ C:\WINDOWS\system32\spoolsv.exe (1648)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (1692)
______ C:\WINDOWS\System32\svchost.exe (324)
______ C:\Program Files\Java\jre6\bin\jusched.exe (460)
______ C:\windows\system\hpsysdrv.exe (468)
______ C:\HP\KBD\KBD.EXE (476)
______ C:\WINDOWS\system32\VTTimer.exe (496)
______ C:\WINDOWS\AGRSMMSG.exe (508)
______ C:\WINDOWS\System32\LVCOMSX.EXE (636)
______ C:\WINDOWS\ALCXMNTR.EXE (260)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (652)
______ C:\Program Files\Skype\Phone\Skype.exe (964)
______ C:\WINDOWS\system32\ctfmon.exe (804)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1176)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1204)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1212)
______ c:\Program Files\Common Files\Symantec Shared\ccProxy.exe (1296)
______ c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (1304)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1396)
______ C:\Program Files\Palm\Hotsync.exe (1516)
______ C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (1828)
______ C:\WINDOWS\System32\svchost.exe (2008)
______ C:\WINDOWS\system32\wdfmgr.exe (172)
______ c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (228)
______ C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (1076)
______ C:\Program Files\Skype\Plugin Manager\skypePM.exe (2932)
______ C:\WINDOWS\System32\alg.exe (3408)
______ C:\Program Files\Internet Explorer\iexplore.exe (2972)
______ C:\Program Files\Internet Explorer\iexplore.exe (3640)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (1596)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:4381622784)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:4381655040 | Length:195657154560)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Address Book.job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\Symantec NetDetect.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:24.57
.
C:\Rooter$\Rooter_1.txt - (29/10/2009 | 23:24.57)

It is time to fix the damages due to malware, and to secure your computer to help prevent re-infection.
Please download DragonFix by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.

• Please disable realtime protection. (If any)
  
• Double-click RunFirst.vbs. Follow the prompts and make sure it completes. It will confirm the Restore Point was added.
  
• Double-click DragonFix.reg, and follow the prompt(s).
  
• Please reboot your computer.

=[=

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

When I try to run the RunFirst.vbs it give me the following: "Error Unknown - System Restore Point Not Created.

I didn't want to go further. Let me know!

Thx.

Seems like a bug. I will check that out.

To workaround, please click Start > All Programs > Accessories > System Tools > System Restore.

Create a Restore Point, give it a name, etc. Then, please try DragonFix again.

Below is the log for Malware. Just as an FYI, after I re-started my Avira is not in the startup or quick launch menu.

Thanks,


Malwarebytes' Anti-Malware 1.41
Database version: 3058
Windows 5.1.2600 Service Pack 3

10/30/2009 12:13:01 AM
mbam-log-2009-10-30 (00-13-01).txt

Scan type: Quick Scan
Objects scanned: 112652
Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

No big deal. Almost done:

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click Yes to the Optional_Scan
• Please follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your Desktop.

No Threats Found!!

What next?

Did you run DDS?

Sorry for the last post.. here are the results of the DDS


DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 0:43:05.28 on Fri 10/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.233 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {287b7db4-11a5-4294-9572-4274ec3781db} - bewatota.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-ca\msntb.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-ca\msntb.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
uRun: [RecordNow!]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [SRUUninstall] "c:\windows\system32\msiexec.exe" /l*v c:\windows\temp\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\imstart.lnk - c:\program files\intermute\IMStart.exe
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\button~1.lnk - c:\program files\initio\button manager v1.874\inihid.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} - hxxps://intuitcanada.ehosts.net/netagent/objects/custappx3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/b/d/b/bdb4e4ee-63b2-45ff-9d84-33205bf43143/WebCleaner.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256877484484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.costcophotocenter.com/CostcoUpload.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.photolab.ca/en/Photo/ImageUploader3.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {C652C868-EEA2-4AA7-8461-2621AB0457FA} - hxxp://www.productiveconsultants.com/RViewer.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.66.104.110/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://costco.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: fagelavab - {5a947ca3-c261-4f86-8b2b-dbac4db7e4b4} - c:\windows\system32\bofofevu.dll
STS: tokatiluy: {5a947ca3-c261-4f86-8b2b-dbac4db7e4b4} - c:\windows\system32\bofofevu.dll

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-26 108289]
S2 mrtRate;mrtRate; [x]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 WLUX96;I-Hotel (v1.1.14.2) -- 3Com 3CRSHEW696 Wireless LAN USB Adapter;c:\windows\system32\drivers\wlux96f.sys [2004-9-8 80768]

=============== Created Last 30 ================

2009-10-30 03:24:57 0 d-----w- C:\Rooter$
2009-10-30 03:16:26 0 d-s---w- C:\commy
2009-10-30 02:27:10 0 d-----w- c:\windows\pss
2009-10-30 01:05:35 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-10-30 01:05:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-30 01:05:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 01:05:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-29 14:09:16 0 d-----w- c:\windows\ie8updates
2009-10-28 23:27:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 13:53:55 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2009-10-28 13:45:57 0 d-sh--w- c:\documents and settings\owner\IETldCache
2009-10-28 03:48:27 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-28 03:48:24 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-28 03:34:48 0 dc-h--w- c:\windows\ie8
2009-10-27 03:34:29 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-27 03:34:18 0 d-----w- c:\program files\Avira
2009-10-27 03:34:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

==================== Find3M ====================

2009-10-18 20:51:04 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2009-10-18 20:51:04 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:23:26 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2005-05-26 19:35:42 1422 ----a-w- c:\program files\ReadMe.txt
2005-04-30 00:12:13 7336 ----a-w- c:\program files\DeIsL1.isu
2008-07-01 14:31:41 0 --sha-w- c:\windows\sminst\HPCD.sys
2008-10-25 22:07:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102520081026\index.dat

============= FINISH: 0:44:07.90 ===============

Uh oh. It may have come back. No panic.

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.

Here they are:

ComboFix 09-10-28.08 - Owner 10/30/2009 1:09.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.217 [GMT -4:00]
Running from: c:\documents and settings\Owner\desktop\commy.exe
Command switches used :: /stepdel
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-29 13:06 . 2009-10-29 13:06 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-29 02:18 . 2009-10-29 02:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-29 01:54 . 2009-10-29 01:56 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-28 23:27 . 2009-10-30 01:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 13:53 . 2009-10-28 13:53 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-10-28 13:45 . 2009-10-28 13:45 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-10-28 03:48 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-28 03:48 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-28 03:34 . 2009-10-28 03:39 -------- dc-h--w- c:\windows\ie8
2009-10-27 03:34 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-27 03:34 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-27 03:34 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-27 03:34 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-27 03:34 . 2009-10-27 03:34 -------- d-----w- c:\program files\Avira
2009-10-27 03:34 . 2009-10-27 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 05:20 . 2005-02-20 16:50 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-10-30 01:53 . 2009-10-30 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-30 01:44 . 2004-09-08 00:10 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-30 01:40 . 2004-04-03 02:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-30 01:38 . 2009-10-30 01:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-30 01:05 . 2009-10-30 01:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-30 01:05 . 2009-10-30 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-30 00:21 . 2008-03-30 01:36 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-10-28 23:39 . 2004-09-08 18:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Aim
2009-10-27 22:35 . 2004-04-02 21:11 -------- d-----w- c:\program files\Java
2009-10-18 20:51 . 2008-03-14 13:45 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-10-18 20:51 . 2008-03-14 13:34 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-10-18 14:08 . 2009-08-16 00:45 -------- d-----w- c:\program files\Palm
2009-09-11 14:18 . 2004-04-13 16:19 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 23:39 . 2009-07-18 14:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:54 . 2009-10-30 01:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-10-30 01:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-04-02 18:41 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-06-18 03:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-04-13 16:20 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 23:24 . 2005-01-26 14:17 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2005-01-26 14:17 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-01-26 14:17 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-04-13 16:21 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-04-13 16:48 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2005-01-26 14:17 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2004-04-13 16:21 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2009-05-18 21:40 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2002-12-12 15:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2004-04-02 18:41 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 08:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2005-05-26 19:35 . 2008-01-03 18:58 1422 ----a-w- c:\program files\ReadMe.txt
2005-04-30 00:12 . 2005-04-30 00:10 7336 ----a-w- c:\program files\DeIsL1.isu
2008-07-01 14:31 . 2008-07-01 14:31 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2004-11-10 95456]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="c:\windows\System32\msiexec.exe" [2008-04-14 78848]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
IMStart.lnk - c:\program files\InterMute\IMStart.exe [2004-4-2 57344]
PowerReg Scheduler V3.exe [2005-12-2 225280]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealOne Player\\trueplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/26/2009 11:34 PM 108289]
S2 mrtRate;mrtRate; [x]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 7168]
S3 WLUX96;I-Hotel (v1.1.14.2) -- 3Com 3CRSHEW696 Wireless LAN USB Adapter;c:\windows\system32\drivers\wlux96f.sys [9/8/2004 2:24 PM 80768]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
.
Contents of the 'Scheduled Tasks' folder

2009-10-30 c:\windows\Tasks\Address Book.job
- c:\progra~1\OUTLOO~1\wab.exe [2003-03-04 00:12]

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2009-10-24 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-09-08 22:22]

2009-10-30 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-04-03 22:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q304&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {C652C868-EEA2-4AA7-8461-2621AB0457FA} - hxxp://www.productiveconsultants.com/RViewer.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.66.104.110/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{287b7db4-11a5-4294-9572-4274ec3781db} - bewatota.dll
HKCU-Run-RecordNow! - (no file)
SharedTaskScheduler-{5a947ca3-c261-4f86-8b2b-dbac4db7e4b4} - c:\windows\system32\bofofevu.dll
SSODL-fagelavab-{5a947ca3-c261-4f86-8b2b-dbac4db7e4b4} - c:\windows\system32\bofofevu.dll
AddRemove-HijackThis - c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9H3PBVQ1\HijackThis.exe
AddRemove-the Little Prince - c:\program files\Tivola\The Little Prince\unwise.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 01:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3876148633-2572049064-2962400939-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\3&61aaa01&1\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-10-30 1:28
ComboFix-quarantined-files.txt 2009-10-30 05:28

Pre-Run: 103,601,422,336 bytes free
Post-Run: 103,620,579,328 bytes free

- - End Of File - - 510DA083BDF05806ACAA7077582DC2DC



1300
1300_Help
1300Tour
1300Trb
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Agere Systems PCI Soft Modem
AiO_Scan
AIOMinimal
AiOSoftware
AnyDVD
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Backup & Record
Avira AntiVir Personal - Free Antivirus
AXIS Media Control Embedded
Bonjour
Button Manager v1.874
Caillou(R) Magic Playhouse(TM)
Caillou(R) Party Fun & Games(TM)
CC_ccProxyMSI
CC_ccStart
ccCommon
Choice Guard
CloneDVD Trial 3.0.2.5
CloneDVD2
Compaq Connections
Compaq Instant Support
Compaq Organize
Copy
CreativeProjects
CrossLoop 2.41
Director
DocProc
DriverAgent by TouchStone Software
EuroTalk Multimedia Dictionary
EuroTalk Talk Now Plus!
EVEREST Home Edition v2.20
Fax
getPlus(R)_ocx
Google Earth
Google Video Player
Herramienta de carga de Windows Live
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
Image Transfer
ImageMixer for Sony
InstantShare
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 12
K-Lite Codec Pack 4.8.5 (Basic)
KBD
LimeWire 4.12.6
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Logitech Camera Driver
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Merriam-Webster 3.0
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft FrontPage 2000
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft PhotoDraw 2000
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 7.0
MicroStaff WINASPI
MSN Music Assistant
MSN Toolbar
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nikon Message Center
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall (Symantec Corporation)
Norton WMI Update
Octoshape add-in for Adobe Flash Player
Overland
Palm Desktop by ACCESS
PC-Doctor for Windows
PhotoGallery
PictureProject
PictureProject In Touch Downloader 1.0
PrintScreen
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
QuickTime
QuickTime 3.0
Readme
RealOne Player
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3GSetup
Scan
School Days Personal Datebook
screensaver
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
SkinsHP1
SkinsHP2
Skype 3.6
Sonic Update Manager
Sony USB Driver
Symantec Network Driver Update
Symantec Network Drivers Update
Sympatico Security Advisor 1.5.11
The Little Prince
Total Video Converter 3.10
TrayApp
TVUPlayer 2.3.3.2
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player
Virtools 3D Life Player
WebFldrs XP
WebReg
Websters Medical Dictionary
WildTangent Web Driver
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Asistente para el inicio de sesión
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3

Good. That banished those leftovers.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /u

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

Please download SpiderKill and save it to your Desktop.

• Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  
• Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  
• Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C is PRESARIO
Volume Serial Number is 0CFB-2073

Directory of C:\Windows\System32\Drivers

10/30/2009 01:20 AM .
10/30/2009 01:20 AM ..
04/13/2008 02:46 PM 53,376 1394bus.sys
04/13/2008 02:36 PM 187,776 acpi.sys
08/15/2003 10:54 PM 11,648 acpiec.sys
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 12:39 PM 142,592 aec.sys
02/23/2005 03:58 PM 11,776 afc.sys
08/14/2008 06:04 AM 138,496 afd.sys
02/09/2005 09:52 AM 43,672 AFS2K.SYS
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
06/29/2004 09:07 AM 1,268,204 AGRSM.sys
08/01/2003 11:37 PM 1,040 alcxinit.dat
12/12/2003 10:54 AM 391,424 ALCXSENS.SYS
10/01/2004 10:24 AM 2,279,424 ALCXWDM.SYS
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
01/05/2007 05:05 PM 38,600 AnyDVD.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:40 PM 96,512 atapi.sys
08/04/2004 01:29 AM 56,623 ati1btxx.sys
08/04/2004 01:29 AM 11,615 ati1mdxx.sys
08/04/2004 01:29 AM 12,047 ati1pdxx.sys
08/04/2004 01:29 AM 30,671 ati1raxx.sys
08/04/2004 01:29 AM 63,663 ati1rvxx.sys
08/04/2004 01:29 AM 26,367 ati1snxx.sys
08/04/2004 01:29 AM 21,343 ati1ttxx.sys
08/04/2004 01:29 AM 36,463 ati1tuxx.sys
08/04/2004 01:29 AM 29,455 ati1xbxx.sys
08/04/2004 01:29 AM 34,735 ati1xsxx.sys
08/04/2004 01:29 AM 327,040 ati2mtaa.sys
08/04/2004 01:29 AM 701,440 ati2mtag.sys
08/04/2004 01:29 AM 57,856 atinbtxx.sys
08/04/2004 01:29 AM 13,824 atinmdxx.sys
08/04/2004 01:29 AM 14,336 atinpdxx.sys
08/04/2004 01:29 AM 52,224 atinraxx.sys
08/04/2004 01:29 AM 104,960 atinrvxx.sys
08/04/2004 01:29 AM 28,672 atinsnxx.sys
08/04/2004 01:29 AM 13,824 atinttxx.sys
08/04/2004 01:29 AM 73,216 atintuxx.sys
08/04/2004 01:29 AM 31,744 atinxbxx.sys
08/04/2004 01:29 AM 63,488 atinxsxx.sys
07/17/2004 02:36 PM 64,352 ativmc20.cod
04/13/2008 02:51 PM 59,904 atmarpc.sys
08/15/2003 10:11 PM 31,360 atmepvc.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
08/15/2003 10:11 PM 352,256 atmuni.sys
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
08/17/2001 04:59 PM 3,072 audstub.sys
02/13/2009 12:17 PM 45,416 avgntdd.sys
07/28/2009 04:33 PM 55,656 avgntflt.sys
02/13/2009 12:29 PM 22,360 avgntmgr.sys
03/30/2009 10:33 AM 96,104 avipbb.sys
04/13/2008 02:46 PM 11,776 bdasup.sys
08/16/2003 12:25 AM 4,224 beep.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
06/13/2008 07:05 AM 272,128 bthport.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
08/15/2003 09:54 PM 13,952 cbidf2k.sys
04/13/2008 02:46 PM 17,024 ccdecode.sys
08/16/2003 06:22 AM 18,688 cdaudio.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
04/13/2008 02:40 PM 62,976 cdrom.sys
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
08/16/2003 06:22 AM 262,528 cinemst2.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
08/16/2003 06:22 AM 11,776 cpqdap01.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
07/18/2004 01:55 AM 129,045 cxthsfs2.cty
04/02/2004 07:43 AM disdn
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:44 PM 153,344 dmio.sys
08/15/2003 09:53 PM 5,888 dmload.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
11/03/2005 08:39 PM 245,504 Dr71WU.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
08/15/2003 10:26 PM 10,496 dxapi.sys
04/13/2008 02:38 PM 71,168 dxg.sys
08/15/2003 10:26 PM 3,328 dxgthk.sys
12/13/2006 07:41 PM 15,440 ElbyCDIO.sys
12/13/2006 07:41 PM 11,984 ElbyDelay.sys
08/17/2001 04:46 PM 6,400 enum1394.sys
10/29/2009 09:57 AM etc
04/13/2008 03:14 PM 143,744 fastfat.sys
12/02/2003 10:23 PM 142,336 Fasttx2k.sys
04/13/2008 02:40 PM 27,392 fdc.sys
11/12/2003 05:41 AM 41,984 fetnd5b.sys
12/16/2004 01:36 PM 42,496 fetnd5bv.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
08/16/2003 06:22 AM 12,160 fsvga.sys
08/15/2003 09:56 PM 7,936 fs_rec.sys
08/15/2003 09:56 PM 125,056 ftdisk.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
01/15/2009 12:19 PM 23,848 GEARAspiWDM.sys
08/15/2003 10:08 PM 3,440,660 gm.dls
08/15/2003 10:04 PM 646 gmreadme.txt
04/13/2008 12:36 PM 144,384 hdaudbus.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
01/05/2004 03:27 AM 51,056 hpzid412.sys
01/05/2004 03:27 AM 16,496 HPZipr12.sys
01/05/2004 03:27 AM 21,488 HPZius12.sys
08/04/2004 01:41 AM 220,032 hsfbs2s2.sys
08/04/2004 01:41 AM 685,056 hsfcxts2.sys
08/04/2004 01:41 AM 1,041,536 hsfdpsp2.sys
04/13/2008 02:53 PM 264,832 http.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
02/10/2004 10:17 PM 681,469 ialmnt5.sys
04/13/2008 02:40 PM 42,112 imapi.sys
05/10/2004 01:59 AM 13,696 inigpio.sys
04/13/2008 02:40 PM 5,504 intelide.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
08/15/2003 10:24 PM 32,896 ipfltdrv.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
09/11/2003 02:36 AM 21,060 iviaspi.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 03:16 PM 141,056 ks.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
05/21/2004 03:16 PM 471,232 lvcm.sys
05/27/2004 11:47 AM 19,968 LVUSBSta.sys
03/29/2000 05:11 PM 8,096 MASPINT.SYS
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
08/15/2003 09:51 PM 7,680 mcd.sys
08/04/2004 01:41 AM 11,868 mdmxsdk.sys
04/13/2008 02:36 PM 63,744 mf.sys
08/15/2003 09:53 PM 4,224 mnmdd.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
04/13/2008 02:46 PM 15,232 mpe.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
10/24/2008 07:21 AM 455,296 mrxsmb.sys
04/13/2008 02:46 PM 51,200 msdv.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
04/13/2008 02:39 PM 5,504 mstee.sys
08/04/2004 01:41 AM 126,686 mtlmnt5.sys
08/04/2004 01:41 AM 1,309,184 mtlstrm.sys
08/04/2004 01:29 AM 452,736 mtxparhm.sys
04/13/2008 03:17 PM 105,344 mup.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
04/13/2008 02:46 PM 85,248 nabtsfec.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 02:46 PM 10,880 ndisip.sys
04/13/2008 02:57 PM 10,112 ndistapi.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 02:57 PM 40,576 ndproxy.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 03:21 PM 162,816 netbt.sys
04/15/2002 09:11 PM 67,866 netwlan5.img
04/13/2008 02:51 PM 61,824 nic1394.sys
08/16/2003 06:22 AM 12,032 nikedrv.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
08/04/2004 01:41 AM 180,360 ntmtlfax.sys
08/15/2003 10:06 PM 2,944 null.sys
08/04/2004 01:29 AM 1,897,408 nv4_mini.sys
08/15/2003 10:10 PM 12,416 nwlnkflt.sys
08/15/2003 10:10 PM 32,512 nwlnkfwd.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
08/15/2003 10:10 PM 63,232 nwlnknb.sys
08/15/2003 10:10 PM 55,936 nwlnkspx.sys
04/13/2008 02:46 PM 61,696 ohci1394.sys
08/16/2003 03:38 AM 3,456 oprghdlr.sys
04/13/2008 02:31 PM 42,752 p3.sys
12/04/2007 05:10 PM 16,640 PalmUSBD.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
08/16/2003 05:14 AM 6,784 parvdm.sys
01/10/2004 05:09 AM 21,332 pcdrsrvc.pkms
04/13/2008 02:36 PM 68,224 pci.sys
08/17/2001 04:51 PM 3,328 pciide.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
09/19/2003 04:47 AM 10,368 pfc.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 02:31 PM 35,840 processr.sys
07/30/2002 01:43 AM 23,808 PS2.sys
04/13/2008 02:56 PM 69,120 psched.sys
08/15/2003 10:10 PM 17,792 ptilink.sys
08/27/2003 03:02 AM 17,232 pxhelp20.sys
10/04/2002 09:04 PM 46,976 R8139n51.sys
08/15/2003 10:52 PM 8,832 rasacd.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
08/16/2003 12:20 AM 16,512 raspti.sys
08/16/2003 03:38 AM 34,432 rawwan.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
08/16/2003 03:38 AM 4,224 rdpcdd.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 08:13 PM 139,656 rdpwd.sys
08/04/2004 01:41 AM 13,776 recagent.sys
04/13/2008 02:40 PM 57,600 redbook.sys
01/05/2007 05:04 PM 11,984 RegKill.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
08/16/2003 06:22 AM 12,032 rio8drv.sys
08/16/2003 06:22 AM 12,032 riodrv.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
08/15/2003 09:51 PM 5,888 rootmdm.sys
08/04/2004 01:31 AM 20,992 rtl8139.sys
08/04/2004 01:29 AM 166,912 s3gnbm.sys
04/13/2008 02:40 PM 43,904 sbp2port.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
11/13/2007 06:25 AM 20,480 secdrv.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 02:36 PM 40,960 sisagp.sys
07/18/2003 08:58 PM 36,992 SISAGPX.SYS
01/02/2004 11:20 PM 432,000 sisgrp.sys
04/13/2008 02:46 PM 11,136 slip.sys
08/04/2004 01:41 AM 129,535 slnt7554.sys
08/04/2004 01:41 AM 404,990 slntamr.sys
08/04/2004 01:41 AM 95,424 slnthal.sys
08/04/2004 01:41 AM 13,240 slwdmsup.sys
04/13/2008 02:36 PM 5,888 smbali.sys
08/15/2003 09:55 PM 14,592 smclib.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
08/17/2001 01:56 PM 7,552 SONYPVU1.SYS
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:36 PM 73,472 sr.sys
12/11/2008 06:57 AM 333,952 srv.sys
01/03/2004 12:05 AM 11,520 srvkp.sys
05/11/2009 10:12 AM 28,520 ssmdrv.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:46 PM 15,232 streamip.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
10/15/2004 05:24 PM 11,040 symdns.sys
08/16/2003 10:22 AM 82,136 SYMEVENT.SYS
10/15/2004 05:24 PM 171,424 symfw.sys
10/15/2004 05:24 PM 34,496 symids.sys
07/01/2004 11:23 PM 170,208 SymIDSCo.sys
10/15/2004 05:24 PM 46,208 symndis.sys
10/15/2004 05:15 PM 20 SymRedir.cat
10/15/2004 05:15 PM 1,133 SymRedir.inf
10/15/2004 05:24 PM 25,824 symredrv.sys
10/15/2004 05:24 PM 266,432 symtdi.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 02:40 PM 14,976 tape.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
06/20/2008 07:08 AM 225,856 tcpip6.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
04/13/2008 08:13 PM 40,840 termdd.sys
08/16/2003 06:22 AM 51,712 tosdvd.sys
08/16/2003 06:22 AM 21,376 tsbvcap.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
06/28/2008 10:48 AM 23,600 TVICHW32.SYS
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:32 PM 66,048 udfs.sys
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
03/05/2009 11:59 PM 36,864 usbaapl.sys
04/13/2008 02:45 PM 60,032 usbaudio.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 32,128 usbccgp.sys
08/15/2003 09:51 PM 4,736 usbd.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/26/2005 08:38 PM 4,736 UsbFi2K.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:45 PM 17,152 usbohci.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:47 PM 25,856 usbprint.sys
04/13/2008 02:45 PM 15,104 usbscan.sys
04/13/2008 02:45 PM 26,368 usbstor.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
04/13/2008 08:12 PM 11,325 vchnt5.dll
08/16/2003 06:22 AM 58,112 vdmindvd.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
07/02/2003 03:42 PM 27,904 VIAAGP1.SYS
04/13/2008 02:40 PM 5,376 viaide.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
12/07/2004 08:08 PM 172,672 vtmini.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
08/04/2004 01:29 AM 11,807 wadv07nt.sys
08/04/2004 01:29 AM 11,295 wadv08nt.sys
08/04/2004 01:29 AM 11,871 wadv09nt.sys
08/04/2004 01:29 AM 11,935 wadv11nt.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
08/04/2004 01:29 AM 22,271 watv06nt.sys
08/04/2004 01:29 AM 25,471 watv10nt.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
01/28/2003 07:59 AM 80,768 wlux96f.sys
08/15/2003 10:01 PM 4,352 wmilib.sys
09/22/2004 07:46 PM 18,944 wpdusb.sys
08/15/2003 10:50 PM 12,032 ws2ifsl.sys
04/13/2008 02:46 PM 19,200 wstcodec.sys
337 File(s) 34,225,519 bytes

Directory of C:\Windows\System32\Drivers\disdn

04/02/2004 07:43 AM .
04/02/2004 07:43 AM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

10/29/2009 09:57 AM .
10/29/2009 09:57 AM ..
10/29/2009 09:57 AM 27 hosts
08/16/2003 11:26 AM 734 hosts.msn
08/16/2003 12:21 AM 3,683 lmhosts.sam
08/16/2003 04:49 AM 407 networks
08/16/2003 05:06 AM 799 protocol
08/16/2003 05:40 AM 7,116 services
6 File(s) 12,766 bytes

Total Files Listed:
343 File(s) 34,238,285 bytes
8 Dir(s) 103,781,429,248 bytes free


***********************Hidden Drivers********************
Volume in drive C is PRESARIO
Volume Serial Number is 0CFB-2073

Directory of C:\Windows\System32\Drivers

09/07/2004 06:50 PM 4,176 HP_PC136A-ABA SR1150NX NA430_YC_Pres_QMXK433_E43NAheRET3_4_IKelut_SASUSTek Computer INC._V2.02_B3.10_T040726_WXH1_L409_M448_J200_7AMD_8Athlon XP 3200+_92.2_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G11067205.MRK
1 File(s) 4,176 bytes
0 Dir(s) 103,781,441,536 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 568 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 644 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 668 High C:\WINDOWS\system32\winlogon.exe
services.exe 712 Normal C:\WINDOWS\system32\services.exe
lsass.exe 724 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 892 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 972 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1068 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1160 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1264 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1560 Normal C:\WINDOWS\system32\spoolsv.exe
sched.exe 1616 Normal C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe 1728 Normal C:\WINDOWS\System32\svchost.exe
Skype.exe 460 Normal C:\Program Files\Skype\Phone\Skype.exe
ctfmon.exe 472 Normal C:\WINDOWS\system32\ctfmon.exe
Hotsync.exe 508 Normal C:\Program Files\Palm\Hotsync.exe
avguard.exe 728 Normal C:\Program Files\Avira\AntiVir Desktop\avguard.exe
AppleMobileDeviceService.exe 908 Normal C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
mDNSResponder.exe 920 Normal C:\Program Files\Bonjour\mDNSResponder.exe
ccProxy.exe 1020 Normal c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
ccSetMgr.exe 1060 Normal c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
SNDSrvc.exe 1440 Normal C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
wdfmgr.exe 1880 Normal C:\WINDOWS\system32\wdfmgr.exe
ccEvtMgr.exe 1928 Normal c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
SymWSC.exe 2000 Normal C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
skypePM.exe 2340 Normal C:\Program Files\Skype\Plugin Manager\skypePM.exe
alg.exe 3004 Normal C:\WINDOWS\System32\alg.exe
explorer.exe 3880 Normal C:\WINDOWS\explorer.exe
iexplore.exe 1292 Normal C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 3920 Normal C:\Program Files\Internet Explorer\iexplore.exe
wmiprvse.exe 3980 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
cmd.exe 2968 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 2172 Normal C:\Documents and Settings\Owner\Desktop\SpiderKill\SpiderKill\processes.exe


Module information for 'explorer.exe'(3880)
MODULE BASE SIZE PATH
explorer.exe 1000000 1044480 C:\WINDOWS\explorer.exe 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
apphelp.dll 77b40000 139264 C:\WINDOWS\system32\apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442) Microsoft Text Frame Work Service IME
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\System32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1100000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
actxprxy.dll 71d40000 110592 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
wmpband.dll 74a0000 77824 C:\PROGRA~1\WINDOW~2\wmpband.dll 10.00.00.3646 Windows Media Player
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
ieframe.dll 3e1c0000 11087872 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700) Internet Explorer
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
webcheck.dll 1df0000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
DSOUND.dll 73f10000 376832 C:\WINDOWS\system32\DSOUND.dll 5.3.2600.5512 (xpsp.080413-0845) DirectSound
fxsst.dll 68df0000 577536 C:\WINDOWS\system32\fxsst.dll 5.2.2600.5512 (xpsp.080413-0852) Fax Service
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
FXSAPI.dll 5a980000 466944 C:\WINDOWS\system32\FXSAPI.dll 5.2.2600.5512 (xpsp.080413-0852) Microsoft Fax API Support DLL
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
zipfldr.dll 73380000 356352 C:\WINDOWS\System32\zipfldr.dll 6.00.2900.5512 (xpsp.080413-2105) Compressed (zipped) Folders
NavShExt.dll 10000000 98304 c:\Program Files\Norton AntiVirus\NavShExt.dll 10.00.13 Norton AntiVirusNAVShellExt Module
MSVCP70.dll 7c080000 487424 C:\WINDOWS\system32\MSVCP70.dll 7.00.9466.0 Microsoft C++ Runtime Library
MSVCR70.dll 7c000000 344064 C:\WINDOWS\system32\MSVCR70.dll 7.00.9466.0 Microsoft C Runtime Library
shlext.dll 2730000 311296 C:\Program Files\Avira\AntiVir Desktop\shlext.dll 9.00.00.04 AntiVirus context menu
mbamext.dll 1ee0000 73728 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 2, 0, 0 Malwarebytes' Anti-Malware
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
PDFShell.dll 1fe0000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 9.1.0.2009022700 PDF Shell Extension
MSVCR80.dll 3870000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 8.00.50727.762 Microsoft C Runtime Library
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\System32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host



******************************************
EOF

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

How is your computer running? Are you able to download and install updates now?

It is letting me download and install updates - it seems to be working very well!!! Just one more question: Do I need to delete all the other programs/files that we installed eg. HouseCallLaunchCenter, CKScanner, Rooter, DragonFix, SpiderKill??

Thanks again for all of your assistance.

Go ahead and delete all those after posting the next log:

To make sure the security on your computer is good:

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Here it is:

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus 2004
Norton AntiVirus Parent MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Personal Firewall (Symantec Corporation)
Norton Personal Firewall
Avira updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 12
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

I posted the results above but ......
I noticed something else, I cannot access passed a certain point in some websites - I went to the donation page of your site and when I click the option and username it gives me that Internet Explorer cannot display webpage - it also has an icon of diagnose connection problem which takes me to another screen. This also is happening in my hotmail account. When I give it my password it takes me to the same page.

Thanks for your insight!!

Hi. Were you talking about GeekPolice, not being able to access the donation page? If so, I will report it to the administrator.

==

I notice that you are using more than one antivirus program.

• Norton Internet Security
  
• Avira Antivir
  

This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through.
It is important that only ONE antivirus program is running realtime protection.
I strongly suggest you either (1) uninstall all but one antivirus program through Control Panel->Add or remove Programs,
OR (2) keep the programs, but leave all but one of them disabled most of the time.
You can still use them for scanning your computer. I recommend to remove Avira Antivir or set it to scan only.

==

Please navigate to this webpage: http://support.microsoft.com/kb/313222 and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Do you have any more questions?

Thanks for your tips DragonMaster Jay, I'll be sure to implement them tonight when I get home and will let you know how that goes. Now with regards to the access on my internet explorer to password relational sites (hotmail, facebook, my personal banking, etc.) I am not able to have access any of them (including your donation page - even though it does not require a password). I can surf on google or any other site but when it comes to these type of sites it gives me "cannot display page". I did just install IE8.0 through the automatic updates that we did these couple of days, don't know if this might have something to do with it. Any insight will be much appreciated. Thanks!

For IE8, use compatibility view when on those sites: http://www.infinityarts.com/IE8_Compatibility_View/blogpost10334

Also, working on the Firefox browser might help.

I think I did everything that you mentioned. Everything seemed to be working, my explorer now let's me go into hotmail, facebook, etc.. Now after performing Spybot scan, it reported that certain items could not be fȋxed and asked if it could run after reboot. The system was rebooted and now it is popping up with black command line boxes with c:\windows\system32\command.com many at once then after 4 or so they close and more come up quite rapidly. What did I do wrong? thanks for your assistance.

Please DISREGARD Last message. I think I know what I didn't finish doing. I just OKed all of the spybot registry changes and on my second re-start nȯne of the blackboxes showed up again. Only two more questions - I cannot seem to be able to update my avira hence it is giving me a windows security alert. I try to start the update manually and it just hangs and doesn't actually do anything. The other question is if Windows Firewall is worth utilizing (I unistalled the Norton - it was expired)or do you recommend another one - looking for a free one if possible.
Thanks!!

Windows Firewall in XP does not work properly. Turn that off. Then, here are some choices:

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

The deal on Avira is a bug that they won't fix. I tested out the program this past spring, and reported the issue, and it was assumed to be fȋxed. However, it is still not fȋxed. I will say that the program will eventually update itself, automatically.

Ok.. I downloaded the PCToolsFirewall Plus. What about Avira.. do you recommend that one or do you know of another one that is better?
Thanks!

Avira is just fine! Stay with it!

Hey DragonMaster Jay.. sorry to be such a pain.. but now I have an issue with the autoplay function. Don't know if it is related to what we have done all along. I tried to download my pictures from my digital camera and the corresponding program does not startup as it did before. I updated the latest program from the Nikon website and it didn't help. I also took the memory card and tried it on the SD slot and didn't work that way either. As always your advise is very much appreciated!! Let me know if you need more info.

DragonFix automatically removes the ability to "autostart" - because Microsoft has urged all of its customers to disable that ability. The main reason for the urgency is because spyware and viruses these days are utilizing it to "autorun" itself. For example, if you are infected with a dangerous virus, and it infected your flash drive - you could take the flash drive to another computer and infect it upon inserting the flash drive. Only because the autostart command was enabled.

DragonFix repairs a computer infected by malware - then secures it to prevent infection.

If you would like to re-enable autostart - it is your own risk - but let me know and I can help you with that.

Thanks for the explanation and totally understand it and we will take measures in the future to not insert any outside flash drive. Having said that, we do require that functionality so we can store our family pictures in both the computer's hard drive and our external backup hard drive. I know it is at our own risk to do this.

Thanks for your help!!

It is fine to use a flash drive, don't stop doing that. I was talking about a setting on computers. It does not mean flash drives are bad at all.

Can you help me with re-enabling the auto-start? Thanks.

Copy the following in to Notepad:


Click File > Save as
Choose Save as type: All Files
Save the file to your Desktop as fixautorun.reg
Exit Notepad.
Double click on the file to run it. Choose Yes/Confirm any prompts.

Please reboot for changes to take effect.

Did exactly the process you mentioned above and after reboot unfortunately it didn't help. The auto-upload of the camera program does not work - neither does the SD card reader. Any other ideas?

Try to place a CD in your CD drive and see if it autostarts.

Actually it is not the CD drive that is acting up. It is when I connect the cable from my camera to one of the USB ports of the computer. It always used to recognize it and open up the picture manager program to start downloading them. Now it doesn't do any of them. I try to do it manually and also try to look up as a drive (I used to be able to see it as a folder with all .jpg) and I'm not able to either way. Also I try plugging in the SD card directly to the port and I don't get that popup where it told me what I wanted to do with those files (open up as folder, open up as music, etc..) Hope that is a little more clear.

The point of the CD test was to make sure autorun was working properly.

1. Insert any device, and open My Computer.
2. Right-click the device and select Properties from the menu.
3. Select the AutoPlay tab.
4. Select each item from the pulldown list and for the Action to perform, pick the appropriate action to take if enabling autorun.
5. Select OK.

I looked and finally found the issue.. as always user error!! There was a button that got changed somehow in the Digital camera regarding the USB output - mass storage or MTP/PTP - changed that setting and VOILA!! It recognized the camera as a device and the rest is history. Now the only question that I would have is if I should go back to removing the "Autostart" as previously recommended. I am supposing that not having that enabled didn't have anything to do with the inability for the computer to see the camera. Sorry to go back and forth and thanks so much for your patience and assistance!!! Please let me know and if you recommend removing I would appreciate if you can send me the necessary steps.
Once again thanks very much for this invaluable service!! You have well earned the donation (although small) it is with much pleasure that I give it!

Go ahead and keep the setting on, if you like.

Thanks for the kind comments.