[zack11742]

Heres the log after combofix finished my flash drives started working again so it definitely fixed some if not all of the problems.

ComboFix 09-04-27.04 - zack 04/29/2009 8:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.706 [GMT -4:00]
Running from: c:\documents and settings\zack.ZACK-5EAFDA744C\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\zack.ZACK-5EAFDA744C\protect.dll
c:\documents and settings\zack.ZACK-5EAFDA744C\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\zack.ZACK-5EAFDA744C\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\__c00B6020.dat
c:\windows\system32\1000.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthqjxbrvrvpgudyipolnioygltfqxoirms.sys
c:\windows\system32\ovfsthfwknoofybibnptojnadpkpedqrhquqff.dll
c:\windows\system32\ovfsthhxuijdujtekgkoxwcoiotdwqjjaqdhtp.dll
c:\windows\system32\ovfsthmrahypnvmprvlqbrnhldquhikjrvrqdm.dll
c:\windows\system32\ovfsthoojvausqjmnkdvkphrtcqbkvjcljoyhb.dat
c:\windows\system32\ovfsthyvrnebttlwkpfbimrwwlxwmgapvmywft.dat
c:\windows\system32\p2hhr.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthvmyqoltxehswnskbgoxumqwuyxwskdai


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-29 12:31 . 2009-04-29 12:31 -------- d-sh--w c:\documents and settings\zack.ZACK-5EAFDA744C\IETldCache
2009-04-29 08:28 . 2004-08-04 00:56 24576 ----a-w c:\windows\system32\userinit.exe
2009-04-28 20:54 . 2009-04-28 20:54 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.000\IETldCache
2009-04-28 16:28 . 2009-04-28 16:30 -------- dc-h--w c:\windows\ie8
2009-04-04 16:28 . 2009-04-04 16:28 -------- d-----w c:\program files\MSBuild
2009-04-04 16:27 . 2009-04-04 16:27 89856 ----a-w c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-04 16:22 . 2009-04-04 16:22 -------- d-----w c:\windows\system32\XPSViewer
2009-04-04 16:21 . 2009-04-04 16:21 -------- d-----w c:\program files\Reference Assemblies
2009-04-04 16:20 . 2006-06-29 20:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-04 16:16 . 2008-03-05 22:56 1420824 ----a-w c:\windows\system32\D3DCompiler_37.dll
2009-04-04 16:16 . 2008-02-06 06:07 462864 ----a-w c:\windows\system32\d3dx10_37.dll
2009-04-04 16:15 . 2008-03-05 22:56 3786760 ----a-w c:\windows\system32\D3DX9_37.dll
2009-04-04 16:15 . 2007-04-05 01:53 81768 ----a-w c:\windows\system32\xinput1_3.dll
2009-04-04 16:15 . 2009-04-04 16:15 -------- d-----w c:\windows\system32\xlive
2009-04-04 16:15 . 2009-04-04 16:16 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-04-04 16:11 . 2008-04-04 17:41 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Microsoft Games
2009-04-04 15:38 . 2008-04-05 03:38 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Skype
2009-04-04 15:38 . 2007-07-20 01:14 444776 ----a-w c:\windows\system32\d3dx10_35.dll
2009-04-04 15:38 . 2007-07-20 01:14 1358192 ----a-w c:\windows\system32\D3DCompiler_35.dll
2009-04-04 15:38 . 2007-07-20 01:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll
2009-04-04 15:38 . 2007-03-12 23:42 3495784 ----a-w c:\windows\system32\d3dx9_33.dll
2009-04-04 15:37 . 2006-09-28 23:05 237848 ----a-w c:\windows\system32\xactengine2_4.dll
2009-04-04 15:37 . 2006-09-28 23:03 15128 ----a-w c:\windows\system32\x3daudio1_1.dll
2009-04-04 15:37 . 2009-04-04 15:37 -------- d-----r c:\program files\Skype
2009-04-04 15:36 . 2009-04-04 15:37 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-04-04 14:27 . 2009-04-04 14:27 -------- d-----w c:\program files\Elaborate Bytes
2009-04-04 14:10 . 2009-04-04 14:10 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\LightScribe
2009-04-03 21:06 . 2008-04-05 04:09 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\BitZipper
2009-04-03 21:05 . 2008-04-07 10:20 -------- d-----w c:\program files\BitZipper
2009-04-03 16:56 . 2009-04-03 16:56 -------- d-----w c:\program files\Pcsx2
2009-04-03 14:43 . 2008-04-25 15:58 -------- d-----w c:\program files\PeerGuardian2
2009-04-03 14:29 . 2008-05-06 06:01 45056 ----a-w c:\windows\system32\WNASPI32.DLL
2009-04-03 14:29 . 2008-05-06 06:01 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS
2009-04-03 14:22 . 2009-04-03 14:22 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Azureus
2009-04-03 14:22 . 2008-04-24 11:59 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Azureus
2009-04-03 14:20 . 2008-04-15 01:59 -------- d-----w c:\program files\Vuze
2009-04-03 13:56 . 2008-04-08 20:40 -------- d-----w c:\program files\Xilisoft
2009-04-02 13:35 . 2008-04-04 18:18 28616 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-02 01:39 . 2009-04-02 01:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-02 01:39 . 2009-04-02 01:39 -------- d-----w c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 19:32 . 2008-04-17 14:36 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-04-17 14:36 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 16:33 . 2009-03-04 01:15 4456 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-04 16:23 . 2009-03-03 02:25 28664 ----a-w c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 14:30 . 2009-01-13 16:57 -------- d-----w c:\program files\Microsoft Games
2009-04-03 14:26 . 2009-03-20 10:46 -------- d-----w c:\program files\Cool Free Music Converter
2009-03-26 16:43 . 2009-01-21 00:50 -------- d-----w c:\program files\iTunes
2009-03-26 16:39 . 2009-01-08 23:39 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-26 04:13 . 2009-03-25 08:21 -------- d-----w c:\program files\EPSON
2009-03-25 07:47 . 2009-03-23 05:51 -------- d-----w c:\program files\Any Video Converter
2009-03-23 05:49 . 2009-03-23 05:48 -------- d-----w c:\program files\AIM6
2009-03-23 05:34 . 2009-03-23 05:34 -------- d-----w c:\program files\Opera
2009-03-21 14:24 . 2009-01-13 04:11 -------- d-----w c:\program files\Common Files\Adobe
2009-03-20 10:46 . 2009-03-20 10:46 34 ---ha-w c:\windows\system32\Converter_sysquict.dat
2009-03-20 10:45 . 2009-03-20 10:45 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-19 19:22 . 2009-01-21 00:50 -------- d-----w c:\program files\iPod
2009-03-19 18:58 . 2009-03-19 18:58 -------- d-----w c:\program files\Safari
2009-03-19 18:56 . 2009-01-21 00:50 -------- d-----w c:\program files\Bonjour
2009-03-18 20:52 . 2009-01-21 01:24 -------- d-----w c:\program files\iDump
2009-03-18 19:46 . 2009-03-18 19:46 -------- d-----w c:\program files\Microsoft Works
2009-03-18 19:18 . 2009-03-18 19:18 -------- d-----w c:\program files\Microsoft.NET
2009-03-18 14:13 . 2009-03-18 14:13 225 ----a-w c:\windows\PowerReg.dat
2009-03-18 14:12 . 2009-03-18 14:12 -------- d-----w c:\program files\Atari
2009-03-16 13:36 . 2009-03-16 13:36 -------- d-----w c:\program files\MSXML 4.0
2009-03-11 15:52 . 2009-01-08 19:26 -------- d-----w c:\program files\Common Files\LightScribe
2009-03-08 08:34 . 2006-03-04 03:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-04 10:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-04 10:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-04 10:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-04 10:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-04 10:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-04 10:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-04 10:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-04 10:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-04 10:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 16:37 . 2009-03-07 16:37 -------- d-----w c:\program files\LG Electronics
2009-03-07 14:30 . 2009-03-07 14:30 -------- d-----w c:\program files\BitPim
2009-03-06 15:38 . 2009-03-04 23:00 -------- d-----w c:\program files\SearchSpy
2009-03-06 06:59 . 2009-03-19 19:04 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2009-03-03 16:21 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 18:50 . 2009-03-05 18:49 -------- d-----w c:\program files\ManyCam 2.3
2009-03-05 17:30 . 2004-08-04 10:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-03-04 22:26 . 2009-03-04 22:26 -------- d-----w c:\program files\Common Files\AOL
2009-03-04 00:56 . 2009-03-04 00:56 0 ----a-w c:\windows\nsreg.dat
2009-03-04 00:41 . 2009-03-03 23:44 -------- d-----w c:\program files\ATI Technologies
2009-03-03 14:46 . 2009-03-03 02:17 77423 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 02:18 . 2004-08-04 10:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-03 02:15 . 2009-03-03 02:15 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-03 01:47 . 2009-03-03 01:47 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-03 00:15 . 2009-03-03 00:15 -------- d-----w c:\program files\Avira
2009-03-02 11:41 . 2009-03-02 11:41 29184 ----a-w c:\windows\system32\drivers\VClone.sys
2009-02-25 19:36 . 2009-01-21 00:36 13104 ----a-w c:\documents and settings\Zack.ZACK-16DDB60A75\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
2008-04-28 12:12 . 2008-04-28 11:57 24064 --sha-w c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 149040]
"Google Update"="c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-04-04 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-27 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
ChkDisk.dll [2008-4-28 24064]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-21 113664]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=

R1 86413a42;86413a42; [x]
S2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{9ff50e4e-0745-11de-ad02-806d6172696f}]
\Shell\AutoRun\command - D:\TT.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{9ff50e4f-0745-11de-ad02-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-839522115-1004.job
- c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-04-04 18:18]

2009-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
HKLM-Run-autochk - c:\windows\system32\autochk.dll
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\356622860.exe
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\nwbvgev2.exe
HKU-Default-Run-A00F303C52E.exe - c:\windows\TEMP\_A00F303C52E.exe
HKU-Default-Run-A00FE779D.exe - c:\windows\TEMP\_A00FE779D.exe
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll
Notify-__c00B6020 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 08:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-29 8:44
ComboFix-quarantined-files.txt 2009-04-29 12:43

Pre-Run: 179,138,781,184 bytes free
Post-Run: 184,913,555,456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

235 --- E O F --- 2009-03-20 10:12

[zack11742]

Heres the log. The files i said above were deleted by combofix and my computer recognizes flash drives again and it also can start the background intelligence server and automatic update. So some if not all of the problems are fixed.

ComboFix 09-04-27.04 - zack 04/29/2009 8:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.706 [GMT -4:00]
Running from: c:\documents and settings\zack.ZACK-5EAFDA744C\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\zack.ZACK-5EAFDA744C\protect.dll
c:\documents and settings\zack.ZACK-5EAFDA744C\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\zack.ZACK-5EAFDA744C\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\__c00B6020.dat
c:\windows\system32\1000.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthqjxbrvrvpgudyipolnioygltfqxoirms.sys
c:\windows\system32\ovfsthfwknoofybibnptojnadpkpedqrhquqff.dll
c:\windows\system32\ovfsthhxuijdujtekgkoxwcoiotdwqjjaqdhtp.dll
c:\windows\system32\ovfsthmrahypnvmprvlqbrnhldquhikjrvrqdm.dll
c:\windows\system32\ovfsthoojvausqjmnkdvkphrtcqbkvjcljoyhb.dat
c:\windows\system32\ovfsthyvrnebttlwkpfbimrwwlxwmgapvmywft.dat
c:\windows\system32\p2hhr.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthvmyqoltxehswnskbgoxumqwuyxwskdai


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-29 12:31 . 2009-04-29 12:31 -------- d-sh--w c:\documents and settings\zack.ZACK-5EAFDA744C\IETldCache
2009-04-29 08:28 . 2004-08-04 00:56 24576 ----a-w c:\windows\system32\userinit.exe
2009-04-28 20:54 . 2009-04-28 20:54 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.000\IETldCache
2009-04-28 16:28 . 2009-04-28 16:30 -------- dc-h--w c:\windows\ie8
2009-04-04 16:28 . 2009-04-04 16:28 -------- d-----w c:\program files\MSBuild
2009-04-04 16:27 . 2009-04-04 16:27 89856 ----a-w c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-04 16:22 . 2009-04-04 16:22 -------- d-----w c:\windows\system32\XPSViewer
2009-04-04 16:21 . 2009-04-04 16:21 -------- d-----w c:\program files\Reference Assemblies
2009-04-04 16:20 . 2006-06-29 20:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-04 16:16 . 2008-03-05 22:56 1420824 ----a-w c:\windows\system32\D3DCompiler_37.dll
2009-04-04 16:16 . 2008-02-06 06:07 462864 ----a-w c:\windows\system32\d3dx10_37.dll
2009-04-04 16:15 . 2008-03-05 22:56 3786760 ----a-w c:\windows\system32\D3DX9_37.dll
2009-04-04 16:15 . 2007-04-05 01:53 81768 ----a-w c:\windows\system32\xinput1_3.dll
2009-04-04 16:15 . 2009-04-04 16:15 -------- d-----w c:\windows\system32\xlive
2009-04-04 16:15 . 2009-04-04 16:16 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-04-04 16:11 . 2008-04-04 17:41 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Microsoft Games
2009-04-04 15:38 . 2008-04-05 03:38 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Skype
2009-04-04 15:38 . 2007-07-20 01:14 444776 ----a-w c:\windows\system32\d3dx10_35.dll
2009-04-04 15:38 . 2007-07-20 01:14 1358192 ----a-w c:\windows\system32\D3DCompiler_35.dll
2009-04-04 15:38 . 2007-07-20 01:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll
2009-04-04 15:38 . 2007-03-12 23:42 3495784 ----a-w c:\windows\system32\d3dx9_33.dll
2009-04-04 15:37 . 2006-09-28 23:05 237848 ----a-w c:\windows\system32\xactengine2_4.dll
2009-04-04 15:37 . 2006-09-28 23:03 15128 ----a-w c:\windows\system32\x3daudio1_1.dll
2009-04-04 15:37 . 2009-04-04 15:37 -------- d-----r c:\program files\Skype
2009-04-04 15:36 . 2009-04-04 15:37 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-04-04 14:27 . 2009-04-04 14:27 -------- d-----w c:\program files\Elaborate Bytes
2009-04-04 14:10 . 2009-04-04 14:10 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\LightScribe
2009-04-03 21:06 . 2008-04-05 04:09 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\BitZipper
2009-04-03 21:05 . 2008-04-07 10:20 -------- d-----w c:\program files\BitZipper
2009-04-03 16:56 . 2009-04-03 16:56 -------- d-----w c:\program files\Pcsx2
2009-04-03 14:43 . 2008-04-25 15:58 -------- d-----w c:\program files\PeerGuardian2
2009-04-03 14:29 . 2008-05-06 06:01 45056 ----a-w c:\windows\system32\WNASPI32.DLL
2009-04-03 14:29 . 2008-05-06 06:01 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS
2009-04-03 14:22 . 2009-04-03 14:22 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Azureus
2009-04-03 14:22 . 2008-04-24 11:59 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Azureus
2009-04-03 14:20 . 2008-04-15 01:59 -------- d-----w c:\program files\Vuze
2009-04-03 13:56 . 2008-04-08 20:40 -------- d-----w c:\program files\Xilisoft
2009-04-02 13:35 . 2008-04-04 18:18 28616 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-02 01:39 . 2009-04-02 01:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-02 01:39 . 2009-04-02 01:39 -------- d-----w c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 19:32 . 2008-04-17 14:36 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-04-17 14:36 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 16:33 . 2009-03-04 01:15 4456 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-04 16:23 . 2009-03-03 02:25 28664 ----a-w c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 14:30 . 2009-01-13 16:57 -------- d-----w c:\program files\Microsoft Games
2009-04-03 14:26 . 2009-03-20 10:46 -------- d-----w c:\program files\Cool Free Music Converter
2009-03-26 16:43 . 2009-01-21 00:50 -------- d-----w c:\program files\iTunes
2009-03-26 16:39 . 2009-01-08 23:39 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-26 04:13 . 2009-03-25 08:21 -------- d-----w c:\program files\EPSON
2009-03-25 07:47 . 2009-03-23 05:51 -------- d-----w c:\program files\Any Video Converter
2009-03-23 05:49 . 2009-03-23 05:48 -------- d-----w c:\program files\AIM6
2009-03-23 05:34 . 2009-03-23 05:34 -------- d-----w c:\program files\Opera
2009-03-21 14:24 . 2009-01-13 04:11 -------- d-----w c:\program files\Common Files\Adobe
2009-03-20 10:46 . 2009-03-20 10:46 34 ---ha-w c:\windows\system32\Converter_sysquict.dat
2009-03-20 10:45 . 2009-03-20 10:45 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-19 19:22 . 2009-01-21 00:50 -------- d-----w c:\program files\iPod
2009-03-19 18:58 . 2009-03-19 18:58 -------- d-----w c:\program files\Safari
2009-03-19 18:56 . 2009-01-21 00:50 -------- d-----w c:\program files\Bonjour
2009-03-18 20:52 . 2009-01-21 01:24 -------- d-----w c:\program files\iDump
2009-03-18 19:46 . 2009-03-18 19:46 -------- d-----w c:\program files\Microsoft Works
2009-03-18 19:18 . 2009-03-18 19:18 -------- d-----w c:\program files\Microsoft.NET
2009-03-18 14:13 . 2009-03-18 14:13 225 ----a-w c:\windows\PowerReg.dat
2009-03-18 14:12 . 2009-03-18 14:12 -------- d-----w c:\program files\Atari
2009-03-16 13:36 . 2009-03-16 13:36 -------- d-----w c:\program files\MSXML 4.0
2009-03-11 15:52 . 2009-01-08 19:26 -------- d-----w c:\program files\Common Files\LightScribe
2009-03-08 08:34 . 2006-03-04 03:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-04 10:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-04 10:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-04 10:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-04 10:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-04 10:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-04 10:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-04 10:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-04 10:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-04 10:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 16:37 . 2009-03-07 16:37 -------- d-----w c:\program files\LG Electronics
2009-03-07 14:30 . 2009-03-07 14:30 -------- d-----w c:\program files\BitPim
2009-03-06 15:38 . 2009-03-04 23:00 -------- d-----w c:\program files\SearchSpy
2009-03-06 06:59 . 2009-03-19 19:04 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2009-03-03 16:21 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 18:50 . 2009-03-05 18:49 -------- d-----w c:\program files\ManyCam 2.3
2009-03-05 17:30 . 2004-08-04 10:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-03-04 22:26 . 2009-03-04 22:26 -------- d-----w c:\program files\Common Files\AOL
2009-03-04 00:56 . 2009-03-04 00:56 0 ----a-w c:\windows\nsreg.dat
2009-03-04 00:41 . 2009-03-03 23:44 -------- d-----w c:\program files\ATI Technologies
2009-03-03 14:46 . 2009-03-03 02:17 77423 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 02:18 . 2004-08-04 10:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-03 02:15 . 2009-03-03 02:15 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-03 01:47 . 2009-03-03 01:47 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-03 00:15 . 2009-03-03 00:15 -------- d-----w c:\program files\Avira
2009-03-02 11:41 . 2009-03-02 11:41 29184 ----a-w c:\windows\system32\drivers\VClone.sys
2009-02-25 19:36 . 2009-01-21 00:36 13104 ----a-w c:\documents and settings\Zack.ZACK-16DDB60A75\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
2008-04-28 12:12 . 2008-04-28 11:57 24064 --sha-w c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 149040]
"Google Update"="c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-04-04 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-27 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
ChkDisk.dll [2008-4-28 24064]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-4 33280]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-21 113664]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=

R1 86413a42;86413a42; [x]
S2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{9ff50e4e-0745-11de-ad02-806d6172696f}]
\Shell\AutoRun\command - D:\TT.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{9ff50e4f-0745-11de-ad02-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-839522115-1004.job
- c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-04-04 18:18]

2009-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
HKLM-Run-autochk - c:\windows\system32\autochk.dll
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\356622860.exe
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\nwbvgev2.exe
HKU-Default-Run-A00F303C52E.exe - c:\windows\TEMP\_A00F303C52E.exe
HKU-Default-Run-A00FE779D.exe - c:\windows\TEMP\_A00FE779D.exe
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll
Notify-__c00B6020 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ph/intl/en/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 08:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-29 8:44
ComboFix-quarantined-files.txt 2009-04-29 12:43

Pre-Run: 179,138,781,184 bytes free
Post-Run: 184,913,555,456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

235 --- E O F --- 2009-03-20 10:12

[dvk01]

a little bit more cleaning up to do

Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.







This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like [38]-Submit_2008-01-17@17.50.zip

at the end it will pop up an alert & open your browser and ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file inside C:\QooBox\quarantine created by combofix named something like [38]-Submit_2008-01-17@17.50.zip

or to
http://www.bleepingcomputer.com/subm...php?channel=38

[zack11742]

Heres the combofix log I didn't see anything about a zip file?

ComboFix 09-04-29.01 - zack 04/29/2009 16:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.593 [GMT -4:00]
Running from: c:\documents and settings\zack.ZACK-5EAFDA744C\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\zack.ZACK-5EAFDA744C\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\winglsetup.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-29 19:16 . 2009-04-29 19:17 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 13:25 . 2009-04-29 19:17 -------- d-----w c:\windows\LastGood
2009-04-29 13:06 . 2009-04-29 13:06 -------- d-sh--w c:\documents and settings\zack.ZACK-5EAFDA744C\IECompatCache
2009-04-29 13:05 . 2009-04-29 13:05 -------- d-sh--w c:\documents and settings\zack.ZACK-5EAFDA744C\PrivacIE
2009-04-29 12:31 . 2009-04-29 12:31 -------- d-sh--w c:\documents and settings\zack.ZACK-5EAFDA744C\IETldCache
2009-04-29 08:28 . 2004-08-04 00:56 24576 ----a-w c:\windows\system32\userinit.exe
2009-04-28 20:54 . 2009-04-28 20:54 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY.000\IETldCache
2009-04-28 16:28 . 2009-04-28 16:30 -------- dc-h--w c:\windows\ie8
2009-04-04 16:28 . 2009-04-04 16:28 -------- d-----w c:\program files\MSBuild
2009-04-04 16:27 . 2009-04-04 16:27 89856 ----a-w c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-04 16:22 . 2009-04-04 16:22 -------- d-----w c:\windows\system32\XPSViewer
2009-04-04 16:21 . 2009-04-04 16:21 -------- d-----w c:\program files\Reference Assemblies
2009-04-04 16:20 . 2006-06-29 20:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-04 16:16 . 2008-03-05 22:56 1420824 ----a-w c:\windows\system32\D3DCompiler_37.dll
2009-04-04 16:16 . 2008-02-06 06:07 462864 ----a-w c:\windows\system32\d3dx10_37.dll
2009-04-04 16:15 . 2008-03-05 22:56 3786760 ----a-w c:\windows\system32\D3DX9_37.dll
2009-04-04 16:15 . 2007-04-05 01:53 81768 ----a-w c:\windows\system32\xinput1_3.dll
2009-04-04 16:15 . 2009-04-04 16:15 -------- d-----w c:\windows\system32\xlive
2009-04-04 16:15 . 2009-04-04 16:16 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-04-04 16:11 . 2008-04-04 17:41 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Microsoft Games
2009-04-04 15:38 . 2008-04-05 03:38 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Skype
2009-04-04 15:38 . 2007-07-20 01:14 444776 ----a-w c:\windows\system32\d3dx10_35.dll
2009-04-04 15:38 . 2007-07-20 01:14 1358192 ----a-w c:\windows\system32\D3DCompiler_35.dll
2009-04-04 15:38 . 2007-07-20 01:14 3727720 ----a-w c:\windows\system32\d3dx9_35.dll
2009-04-04 15:38 . 2007-03-12 23:42 3495784 ----a-w c:\windows\system32\d3dx9_33.dll
2009-04-04 15:37 . 2006-09-28 23:05 237848 ----a-w c:\windows\system32\xactengine2_4.dll
2009-04-04 15:37 . 2006-09-28 23:03 15128 ----a-w c:\windows\system32\x3daudio1_1.dll
2009-04-04 15:37 . 2009-04-04 15:37 -------- d-----r c:\program files\Skype
2009-04-04 15:36 . 2009-04-04 15:37 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-04-04 14:27 . 2009-04-04 14:27 -------- d-----w c:\program files\Elaborate Bytes
2009-04-04 14:10 . 2009-04-04 14:10 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\LightScribe
2009-04-03 21:06 . 2008-04-05 04:09 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\BitZipper
2009-04-03 21:05 . 2008-04-07 10:20 -------- d-----w c:\program files\BitZipper
2009-04-03 16:56 . 2009-04-03 16:56 -------- d-----w c:\program files\Pcsx2
2009-04-03 14:43 . 2008-04-25 15:58 -------- d-----w c:\program files\PeerGuardian2
2009-04-03 14:29 . 2008-05-06 06:01 45056 ----a-w c:\windows\system32\WNASPI32.DLL
2009-04-03 14:29 . 2008-05-06 06:01 16512 ----a-w c:\windows\system32\drivers\ASPI32.SYS
2009-04-03 14:22 . 2009-04-03 14:22 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Azureus
2009-04-03 14:22 . 2008-04-24 11:59 -------- d-----w c:\documents and settings\zack.ZACK-5EAFDA744C\Application Data\Azureus
2009-04-03 14:20 . 2008-04-15 01:59 -------- d-----w c:\program files\Vuze
2009-04-03 13:56 . 2008-04-08 20:40 -------- d-----w c:\program files\Xilisoft
2009-04-02 13:35 . 2008-04-04 18:18 28616 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-02 01:39 . 2009-04-02 01:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-02 01:39 . 2009-04-02 01:39 -------- d-----w c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 19:17 . 2009-01-21 00:50 -------- d-----w c:\program files\iTunes
2009-04-29 19:17 . 2009-01-21 00:50 -------- d-----w c:\program files\iPod
2009-04-29 19:15 . 2009-01-21 00:49 -------- d-----w c:\program files\QuickTime
2009-04-29 14:16 . 2008-04-05 04:05 -------- d-----w c:\program files\ViStart
2009-04-29 13:33 . 2009-02-24 19:39 -------- d--h--w c:\program files\BearShare
2009-04-06 19:32 . 2008-04-17 14:36 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-04-17 14:36 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 16:33 . 2009-03-04 01:15 4456 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-04 16:23 . 2009-03-03 02:25 28664 ----a-w c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-04 14:30 . 2009-01-13 16:57 -------- d-----w c:\program files\Microsoft Games
2009-04-03 14:26 . 2009-03-20 10:46 -------- d-----w c:\program files\Cool Free Music Converter
2009-03-26 16:39 . 2009-01-08 23:39 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-26 04:13 . 2009-03-25 08:21 -------- d-----w c:\program files\EPSON
2009-03-25 07:47 . 2009-03-23 05:51 -------- d-----w c:\program files\Any Video Converter
2009-03-23 05:49 . 2009-03-23 05:48 -------- d-----w c:\program files\AIM6
2009-03-23 05:34 . 2009-03-23 05:34 -------- d-----w c:\program files\Opera
2009-03-21 14:24 . 2009-01-13 04:11 -------- d-----w c:\program files\Common Files\Adobe
2009-03-20 10:46 . 2009-03-20 10:46 34 ---ha-w c:\windows\system32\Converter_sysquict.dat
2009-03-20 10:45 . 2009-03-20 10:45 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-19 20:32 . 2009-03-03 16:23 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 18:58 . 2009-03-19 18:58 -------- d-----w c:\program files\Safari
2009-03-19 18:56 . 2009-01-21 00:50 -------- d-----w c:\program files\Bonjour
2009-03-18 20:52 . 2009-01-21 01:24 -------- d-----w c:\program files\iDump
2009-03-18 19:46 . 2009-03-18 19:46 -------- d-----w c:\program files\Microsoft Works
2009-03-18 19:18 . 2009-03-18 19:18 -------- d-----w c:\program files\Microsoft.NET
2009-03-18 14:13 . 2009-03-18 14:13 225 ----a-w c:\windows\PowerReg.dat
2009-03-18 14:12 . 2009-03-18 14:12 -------- d-----w c:\program files\Atari
2009-03-16 13:36 . 2009-03-16 13:36 -------- d-----w c:\program files\MSXML 4.0
2009-03-11 15:52 . 2009-01-08 19:26 -------- d-----w c:\program files\Common Files\LightScribe
2009-03-08 08:34 . 2006-03-04 03:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-04 10:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-04 10:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-04 10:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-04 10:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-04 10:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-04 10:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-04 10:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-04 10:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-04 10:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 16:37 . 2009-03-07 16:37 -------- d-----w c:\program files\LG Electronics
2009-03-07 14:30 . 2009-03-07 14:30 -------- d-----w c:\program files\BitPim
2009-03-06 15:38 . 2009-03-04 23:00 -------- d-----w c:\program files\SearchSpy
2009-03-06 06:59 . 2009-03-19 19:04 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2009-03-03 16:21 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-05 18:50 . 2009-03-05 18:49 -------- d-----w c:\program files\ManyCam 2.3
2009-03-05 17:30 . 2004-08-04 10:00 218624 ----a-w c:\windows\system32\uxtheme.dll
2009-03-04 22:26 . 2009-03-04 22:26 -------- d-----w c:\program files\Common Files\AOL
2009-03-04 00:56 . 2009-03-04 00:56 0 ----a-w c:\windows\nsreg.dat
2009-03-04 00:41 . 2009-03-03 23:44 -------- d-----w c:\program files\ATI Technologies
2009-03-03 14:46 . 2009-03-03 02:17 77423 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-03 02:18 . 2004-08-04 10:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-03 02:15 . 2009-03-03 02:15 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-03 01:47 . 2009-03-03 01:47 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-03 00:15 . 2009-03-03 00:15 -------- d-----w c:\program files\Avira
2009-03-02 11:41 . 2009-03-02 11:41 29184 ----a-w c:\windows\system32\drivers\VClone.sys
2009-02-25 19:36 . 2009-01-21 00:36 13104 ----a-w c:\documents and settings\Zack.ZACK-16DDB60A75\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_12.42.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 19:17 . 2009-03-19 20:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661F F3FFD\x86\GEARAspiWDM.sys
+ 2009-04-29 19:17 . 2009-01-15 19:19 23848 c:\windows\LastGood\system32\DRIVERS\GEARAspiWDM.sys
+ 2009-03-03 16:23 . 2008-04-17 16:12 107368 c:\windows\system32\GEARAspi.dll
- 2009-03-03 16:23 . 2008-04-17 19:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-04-29 19:17 . 2008-04-17 16:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661F F3FFD\x86\GEARAspi.dll
+ 2009-04-29 19:17 . 2008-04-17 19:12 107368 c:\windows\LastGood\system32\GEARAspi.dll
+ 2009-04-29 19:17 . 2009-04-29 19:17 102400 c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 149040]
"Google Update"="c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-04-04 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-27 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-21 113664]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 86413a42;86413a42; [x]
S2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPOD_SERVICE
*Deregistered* - PROCEXP113

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{aa78490c-04ef-11dd-9c0b-0011437e697f}]
\Shell\AutoRun\command - Z:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-839522115-1004.job
- c:\documents and settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-04-04 18:18]

2009-04-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-04-29 c:\windows\Tasks\User_Feed_Synchronization-{6FBEDDAF-A5DE-4513-901E-44E9D0306577}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 16:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-29 16:41
ComboFix-quarantined-files.txt 2009-04-29 20:41
ComboFix2.txt 2009-04-29 12:44

Pre-Run: 184,943,308,800 bytes free
Post-Run: 185,034,113,024 bytes free

224 --- E O F --- 2009-04-29 13:25


and heres the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:55 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10RN1.EXE
C:\Documents and Settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\zack.ZACK-5EAFDA744C\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5483.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7023 bytes

[dvk01]

The file wasn't there is why it didn't create a zip file

how is it now

are there any problems with it still

[zack11742]

I don't think so. I ran an avira anitivir scan and it found 38 trojans but deleted them all. I enabled background intelligence service and automatic updates which work again, and I reinstalled windows defender.

[dvk01]

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then *RUN*
* Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.



then
Turn off system restore by following instructions here
for XP http://www.thespykiller.co.uk/index.php?page=8
or for Vista http://www.bleepingcomputer.com/tuto...torial143.html

That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable system restore & create a new restore point. Now Empty Recycle bin on desktop

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place

[zack11742]

thank you so much I definitely owe you one =] lol