[drone235]

Everytime i boot up my computer i get an error dll message. it says that it cannot access C:/windows/xccdf16_090305a.dll. its most likely a virrus of some sort but i cannot get ride of it or properly identifi it.

CAN ANYONE HELP?
Thx in advance.

[sjpritch25]

Welcome to TSG

We need to see some additional information about what is happening in your machine.
Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• When done, DDS will open two (2) logs
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.
• The instructions here ask you to attach the Attach.txt.
  
  
• Instead of attaching, please copy/past both logs into your next reply.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

[drone235]

DDS (Ver_09-10-26.01) - NTFSx86
Run by Zeus at 0:20:26.46 on 06/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3582.3002 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Sunbelt VIPRE *On-access scanning enabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\libusbd-nt.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\DOCUME~1\Zeus\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Documents and Settings\Zeus\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Taskman=c:\recycler\s-1-5-21-1809297849-6127788716-720268975-8616\rundll32.exe
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ZPLED] c:\program files\wireless\rf keyboard\1.0\ZPKBDLED.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AntiLogger] "c:\program files\antilogger\AntiLogger.exe" /minimized
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe
mRun: [Ezojewu] rundll32.exe "c:\windows\osexiwakevad.dll",Startup
mExplorerRun: [xccinit] c:\windows\system32\inf\rundll33.exe c:\windows\xccdf16_090305a.dll xccd16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\slim multimedia keyboard.lnk - c:\program files\slim multimedia keyboard\MagicKey.exe
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: Antivirus-ashDisp.exe - c:\windows\system32\alg.exe
IFEO: Antivirus-ashserv.exe - c:\windows\system32\alg.exe
IFEO: Antivirus-ashSimpl.exe - c:\windows\system32\alg.exe
IFEO: avesvc.exe - c:\windows\system32\alg.exe
IFEO: bdnagent.exe - c:\windows\system32\alg.exe

Note: multiple IFEO entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zeus\applic~1\mozilla\firefox\profiles\t9eipz5a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\zeus\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {A5709F9F-E0EB-490F-BD99-F7A87AF1ED57} - c:\documents and settings\zeus\local settings\application data\{A5709F9F-E0EB-490F-BD99-F7A87AF1ED57}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{1B8CBADF-3C3C-4C80-B067-CDF033B135D4}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{30E0237D-57F5-4A32-B85C-F4CC8BD319E3}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{3D79CEA5-2FA0-498D-A44D-F52E9F0D5654}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{912875CB-0B47-4442-8D04-172691F0813C}
FF - HiddenExtension: XUL Cache: No Registry Reference - c:\program files\mozilla firefox\extensions\{C7A7B940-2357-472F-8140-10802D890D5E}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-13 64160]
R1 AntiLog32;AntiLog32;c:\program files\antilogger\AntiLog32.sys [2008-6-30 107376]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-10-29 13360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-10-29 203056]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2009-9-7 1012040]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-10-29 69936]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-5-1 33792]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-10-24 24544]
R3 VKeyboard;Virtual Keyboard Device;c:\windows\system32\drivers\VKeyboard.sys [2009-5-1 302080]
R3 VMouse;Virtual Mouse;c:\windows\system32\drivers\VMouse.sys [2009-5-1 303104]
S2 Ias;Ias;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 softyinforwow1;.Freame Micer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 ap1394;ap1394;c:\windows\system32\ap1394.sys [2004-8-4 2304]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-8-5 93872]

=============== Created Last 30 ================

2009-11-02 18:25:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Last.fm
2009-11-02 18:25:05 0 d-----w- c:\program files\Last.fm
2009-10-29 21:40:59 57344 ----a-w- C:\2.exe.back
2009-10-29 19:51:49 0 ----a-w- c:\windows\Khojamikagoxu.bin
2009-10-29 19:51:48 120 ----a-w- c:\windows\Wfetaho.dat
2009-10-29 10:56:37 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2009-10-29 10:56:36 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2009-10-29 10:45:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-10-29 10:45:20 0 d-----w- c:\docume~1\zeus\applic~1\Sunbelt
2009-10-29 10:44:01 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys
2009-10-08 18:29:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Blizzard
2009-10-08 18:14:44 0 d-----w- c:\program files\common files\Blizzard Entertainment

==================== Find3M ====================

2009-10-13 22:03:55 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-10-13 22:03:52 88 --sh--r- c:\docume~1\alluse~1\applic~1\E7288C6BB2.sys
2009-09-29 18:22:48 87608 ----a-w- c:\docume~1\zeus\applic~1\inst.exe
2009-09-29 18:22:47 47360 ----a-w- c:\docume~1\zeus\applic~1\pcouffin.sys
2009-09-29 18:13:42 106 ----a-w- c:\docume~1\zeus\applic~1\netstat.bat
2009-09-09 22:13:58 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-09-07 14:02:46 27944 ----a-w- c:\windows\system32\sbbd.exe
2009-08-28 18:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-17 02:04:24 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-17 02:04:08 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-08-17 02:03:44 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-08-17 02:03:38 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-08-17 02:03:28 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-08-17 02:03:28 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-08-17 02:03:22 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-08-17 02:03:02 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-08-17 02:03:00 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-17 02:03:00 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-08-17 02:03:00 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-08-17 02:03:00 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-08-17 02:02:52 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 23:57:00 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 23:57:00 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-08-16 23:57:00 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-16 23:57:00 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 23:57:00 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 23:57:00 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 23:57:00 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 23:57:00 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 23:57:00 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 23:57:00 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-11 11:35:08 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-02-28 10:53:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022820090301\index.dat
2009-03-01 22:00:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030120090302\index.dat
2009-04-23 21:23:01 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-04-23 21:23:01 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-04-23 21:23:01 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 0:21:11.67 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 25/02/2009 19:16:47
System Uptime: 11/06/2009 00:00:32 (3552 hours ago)

Motherboard: Dell Inc. | | 0YC523
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 699 GiB total, 350.387 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01D11028&REV_01\3&172E68DD&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01D11028&REV_01\3&172E68DD&0&FB
Service:

==== System Restore Points ===================

RP159: 08/08/2009 12:56:40 - System Checkpoint
RP160: 09/08/2009 13:13:12 - System Checkpoint
RP161: 10/08/2009 13:56:32 - Software Distribution Service 3.0
RP162: 13/08/2009 22:47:08 - System Checkpoint
RP163: 13/08/2009 23:01:52 - Software Distribution Service 3.0
RP164: 16/08/2009 09:55:14 - System Checkpoint
RP165: 19/08/2009 00:17:53 - System Checkpoint
RP166: 22/08/2009 01:14:09 - System Checkpoint
RP167: 22/08/2009 13:33:22 - Uniblue RegistryBooster 2009
RP168: 23/08/2009 13:24:59 - Installed The Sims 3
RP169: 25/08/2009 18:26:11 - System Checkpoint
RP170: 26/08/2009 00:21:01 - DriverScanner install: Microsoft USB Wireless Mouse

(IntelliPoint)
RP171: 26/08/2009 12:54:54 - Software Distribution Service 3.0
RP172: 26/08/2009 23:52:34 - VIPRE clean action
RP173: 28/08/2009 14:05:53 - System Checkpoint
RP174: 30/08/2009 03:09:29 - System Checkpoint
RP175: 02/09/2009 14:24:15 - System Checkpoint
RP176: 03/09/2009 00:55:44 - Software Distribution Service 3.0
RP177: 04/09/2009 21:03:57 - System Checkpoint
RP178: 05/09/2009 17:48:42 - Removed The Sims 3
RP179: 05/09/2009 17:50:30 - Installed The Sims 3
RP180: 05/09/2009 18:00:24 - Installed The Sims 3
RP181: 07/09/2009 20:59:42 - System Checkpoint
RP182: 08/09/2009 21:42:53 - System Checkpoint
RP183: 10/09/2009 00:25:03 - Software Distribution Service 3.0
RP184: 11/09/2009 12:06:43 - System Checkpoint
RP185: 12/09/2009 10:16:46 - Removed VIPRE Antivirus + Antispyware.
RP186: 12/09/2009 10:17:06 - Installed VIPRE Antivirus + Antispyware.
RP187: 14/09/2009 01:56:41 - System Checkpoint
RP188: 16/09/2009 01:10:31 - System Checkpoint
RP189: 21/09/2009 19:32:04 - System Checkpoint
RP190: 22/09/2009 20:34:39 - System Checkpoint
RP191: 25/09/2009 00:54:11 - System Checkpoint
RP192: 26/09/2009 01:05:43 - System Checkpoint
RP193: 27/09/2009 03:33:04 - System Checkpoint
RP194: 29/09/2009 16:00:08 - System Checkpoint
RP195: 30/09/2009 19:41:37 - System Checkpoint
RP196: 02/10/2009 12:35:50 - Software Distribution Service 3.0
RP197: 04/10/2009 13:46:12 - System Checkpoint
RP198: 09/10/2009 16:52:45 - System Checkpoint
RP199: 11/10/2009 11:17:53 - System Checkpoint
RP200: 13/10/2009 00:36:29 - System Checkpoint
RP201: 15/10/2009 16:24:17 - System Checkpoint
RP202: 18/10/2009 15:29:40 - System Checkpoint
RP203: 23/10/2009 20:56:31 - System Checkpoint
RP204: 25/10/2009 03:27:15 - System Checkpoint
RP205: 25/10/2009 23:16:15 - VIPRE clean action
RP206: 29/10/2009 10:41:07 - Removed VIPRE Antivirus + Antispyware.
RP207: 29/10/2009 10:43:44 - Installed VIPRE Antivirus + Antispyware.
RP208: 30/10/2009 10:57:32 - System Checkpoint
RP209: 31/10/2009 13:53:14 - System Checkpoint
RP210: 03/11/2009 17:18:32 - System Checkpoint
RP211: 04/11/2009 17:31:18 - System Checkpoint

==== Image File Execution Options ============

IFEO: Antivirus-ashDisp.exe - C:\WINDOWS\system32\alg.exe
IFEO: Antivirus-ashserv.exe - C:\WINDOWS\system32\alg.exe
IFEO: Antivirus-ashSimpl.exe - C:\WINDOWS\system32\alg.exe
IFEO: avesvc.exe - C:\WINDOWS\system32\alg.exe
IFEO: bdnagent.exe - C:\WINDOWS\system32\alg.exe
IFEO: bdswitch.exe - C:\WINDOWS\system32\alg.exe
IFEO: DefWatch.exe - C:\WINDOWS\system32\alg.exe

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.65
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11
Advanced SystemCare 3
Allok 3GP PSP MP4 iPod Video Converter 5.2.0202
Andrea VoiceCenter
AntiLogger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
Callipygian2.9
Command & Conquer 3
Command & Conquer™ Red Alert™ 3
Content
Corel Painter 11
Corel Painter 11 - ICA
Corel Painter 11 - IPM
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Dell ResourceCD
Diablo
DivX Web Player
DVD Shrink 3.2
Game Booster
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
HP My Display
IconHandler 32 bit
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Download Manager
iTunes
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Full)
Langauge
Last.fm 1.5.4.24567
LibUSB-Win32-0.1.10.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile - PREVIEW
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
PowerISO
QuickTime
RealPlayer
Reason 4.0
RF Keyboard 1.0
Rosetta Stone Version 3
SDK
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SigmaTel Audio
Slim Multimedia Keyboard
SmartDefrag Beta6.00
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Test My Hardware 2.3
The Sims™ 3
Uniblue DriverScanner 2009
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpyEraser
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VIPRE Antivirus + Antispyware
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Zoo Tycoon 2 - Zookeeper Collection

==== Event Viewer Messages From Past Week ========

03/11/2009 17:31:07, error: Service Control Manager [7011] - Timeout (30000 milliseconds)

waiting for a transaction response from the libusbd service.
01/11/2009 18:51:48, error: DCOM [10005] - DCOM got error "%1058" attempting to start the

service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-

00B0D0118B56}
01/11/2009 18:02:01, error: Service Control Manager [7023] - The Ias service terminated with

the following error: The system cannot find the file specified.
01/11/2009 18:02:01, error: Service Control Manager [7023] - The .Freame Micer service

terminated with the following error: The system cannot find the file specified.

==== End Of File ===========================

[sjpritch25]

Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:



If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[drone235]

Malwarebytes' Anti-Malware 1.41
Database version: 3118
Windows 5.1.2600 Service Pack 3

07/11/2009 20:02:55
mbam-log-2009-11-07 (20-02-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 219101
Time elapsed: 1 hour(s), 1 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 11
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Applications\nxtepad.exe (Hijack.Notepad) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus-ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus-ashserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus-ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avesvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdnAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdswitch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OKME\softyinforwow1 (Trojan.PWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\softyinforwow1 (Trojan.PWS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.

[drone235]

That fixed the problem thank you very much for the help it was extreamly helpful

[sjpritch25]

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

• Once the update is complete, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases
• Click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View report... at the bottom.
• Click the Save report... button.
  
  
  
  
• Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

[sjpritch25]

okay if your satified then please mark thread as solved.