Browser redirect Issue

[sdex67]

 Hi! Had some weird happenings on my computer -ran the usual ad aware, spybot, sophos and it appeared to clean out some stuff including 3 supposed trojans. System seemed to be ok for about a day or two then started getting this pop up saying my system was infected & I should download their software and a wallpaper background that cannot be changed saying similiar message. I was able to get rid of the pop up but wallpaper remained and I'm unable to browse to change it. Now having issues with Firefox opening for no reason while in IE 8 and directing to other sites while in IE if you search you often are redirected to another site unless you select to open in new tab or window. Don't know what else to look for so I am asking for help. I believe I have included requested docs below:
 


DDS (Ver_09-12-01.01) - NTFSx86 
Run by Dexter_De Size at 21:27:11.07 on Thu 01/14/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.959.124 [GMT -5:00]

AV: Sophos Anti-Virus *On-access scanning disabled* (Updated)   {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: CA Anti-Virus *On-access scanning enabled* (Updated)   {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled*   {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\CA Internet Security Suite\casecuritycenter.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caav.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Documents and Settings\De Size\Desktop\dds.scr
C:\Program Files\Google\Google Updater\GoogleUpdater.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Search panel: {a29d8ec8-75b2-4fba-11a0-057a12cd4664} - c:\windows\system32\qebhbcaenavt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [<NO NAME>]
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
mExplorerRun: [RTHDBPL] c:\documents and settings\de size\application data\systemproc\lsass.exe
mExplorerRun: [Local Service] c:\documents and settings\de size\application data\microsoft\smss.exe
StartupFolder: c:\docume~1\desize~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://www.intravet.net/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: PCANotify - PCANotify.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\desize~1\applic~1\mozilla\firefox\profiles\je11r1gi.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\mozilla firefox\components\qebhbcaenavt.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Internal security: No Registry Reference - c:\program files\mozilla firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-24 64160]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 16984]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-4-21 10901]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-1-13 72992]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-1-10 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-1-10 35584]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-1-26 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-1-26 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-10-13 739696]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-1-26 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-1-26 32240]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2006-3-28 1078560]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-1-26 144960]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-3-15 98984]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-12-9 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-12-9 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2008-6-26 172032]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-1-26 238832]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2006-4-29 759050]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 133520]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2003-5-29 106496]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-1-10 14976]

=============== Created Last 30 ================

2010-01-14 02:57:04   0   d-----w-   c:\program files\Trend Micro
2010-01-13 02:37:25   471552   -c----w-   c:\windows\system32\dllcache\aclayers.dll
2010-01-10 20:32:16   130088   ----a-w-   c:\windows\system32\sdccoinstaller.dll
2010-01-10 20:28:59   0   d-----w-   c:\program files\common files\Cisco Systems
2010-01-10 20:13:54   23552   ----a-w-   c:\windows\system32\SophosBootTasks.exe
2010-01-10 20:13:42   0   d-----w-   c:\program files\Sophos
2010-01-10 20:13:42   0   d-----w-   c:\docume~1\alluse~1\applic~1\Sophos
2010-01-10 20:12:32   14976   ----a-w-   c:\windows\system32\drivers\SophosBootDriver.sys
2010-01-10 20:12:31   35584   ----a-w-   c:\windows\system32\drivers\savonaccessfilter.sys
2010-01-10 20:12:31   104704   ----a-w-   c:\windows\system32\drivers\savonaccesscontrol.sys
2010-01-10 20:12:25   0   d-----w-   C:\stdtsa
2010-01-10 05:03:40   33792   ----a-w-   c:\windows\system32\smss32.exe
2010-01-08 10:57:06   0   ----a-w-   c:\windows\system32\13931.exe
2010-01-08 10:36:45   0   ----a-w-   c:\windows\system32\7376.exe
2010-01-08 10:16:24   0   ----a-w-   c:\windows\system32\4966.exe
2010-01-08 09:56:03   0   ----a-w-   c:\windows\system32\11840.exe
2010-01-08 09:35:42   0   ----a-w-   c:\windows\system32\18756.exe
2010-01-08 09:15:21   0   ----a-w-   c:\windows\system32\19954.exe
2010-01-08 08:55:00   0   ----a-w-   c:\windows\system32\24084.exe
2010-01-08 08:34:39   0   ----a-w-   c:\windows\system32\12623.exe
2010-01-08 08:14:18   0   ----a-w-   c:\windows\system32\19629.exe
2010-01-08 07:53:57   0   ----a-w-   c:\windows\system32\3548.exe
2010-01-08 07:33:36   0   ----a-w-   c:\windows\system32\24393.exe
2010-01-08 07:13:14   0   ----a-w-   c:\windows\system32\31101.exe
2010-01-08 06:52:53   0   ----a-w-   c:\windows\system32\15006.exe
2010-01-08 06:32:32   0   ----a-w-   c:\windows\system32\15350.exe
2010-01-08 06:12:11   0   ----a-w-   c:\windows\system32\24370.exe
2010-01-08 05:51:50   0   ----a-w-   c:\windows\system32\6729.exe
2010-01-08 05:31:29   0   ----a-w-   c:\windows\system32\15890.exe
2010-01-08 05:11:08   0   ----a-w-   c:\windows\system32\23805.exe
2010-01-08 04:50:47   0   ----a-w-   c:\windows\system32\27446.exe
2010-01-08 04:30:26   0   ----a-w-   c:\windows\system32\22648.exe
2010-01-08 04:10:05   0   ----a-w-   c:\windows\system32\19264.exe
2010-01-08 03:49:44   0   ----a-w-   c:\windows\system32\8942.exe
2010-01-08 03:29:23   0   ----a-w-   c:\windows\system32\9040.exe
2010-01-08 03:09:01   0   ----a-w-   c:\windows\system32\30106.exe
2010-01-08 02:48:39   0   ----a-w-   c:\windows\system32\288.exe
2010-01-08 02:28:18   0   ----a-w-   c:\windows\system32\1842.exe
2010-01-08 02:07:57   0   ----a-w-   c:\windows\system32\22190.exe
2010-01-08 01:47:36   0   ----a-w-   c:\windows\system32\3035.exe
2010-01-08 01:27:15   0   ----a-w-   c:\windows\system32\12316.exe
2010-01-08 01:06:54   0   ----a-w-   c:\windows\system32\778.exe
2010-01-08 00:46:33   0   ----a-w-   c:\windows\system32\27529.exe
2010-01-08 00:26:12   0   ----a-w-   c:\windows\system32\9741.exe
2010-01-08 00:05:51   0   ----a-w-   c:\windows\system32\8723.exe
2010-01-07 23:45:30   0   ----a-w-   c:\windows\system32\12859.exe
2010-01-07 23:25:09   0   ----a-w-   c:\windows\system32\20037.exe
2010-01-07 23:04:48   0   ----a-w-   c:\windows\system32\32757.exe
2010-01-07 22:44:27   0   ----a-w-   c:\windows\system32\32662.exe
2010-01-07 22:24:06   0   ----a-w-   c:\windows\system32\27644.exe
2010-01-07 22:03:45   0   ----a-w-   c:\windows\system32\25547.exe
2010-01-07 21:43:21   0   ----a-w-   c:\windows\system32\6868.exe
2010-01-07 21:23:00   0   ----a-w-   c:\windows\system32\28253.exe
2010-01-07 21:02:39   0   ----a-w-   c:\windows\system32\7711.exe
2010-01-07 20:42:18   0   ----a-w-   c:\windows\system32\15141.exe
2010-01-07 20:21:57   0   ----a-w-   c:\windows\system32\4664.exe
2010-01-07 20:01:36   0   ----a-w-   c:\windows\system32\17673.exe
2010-01-07 19:41:15   0   ----a-w-   c:\windows\system32\30333.exe
2010-01-07 19:20:54   0   ----a-w-   c:\windows\system32\31322.exe
2010-01-07 19:00:33   0   ----a-w-   c:\windows\system32\23811.exe
2010-01-07 18:40:12   0   ----a-w-   c:\windows\system32\28703.exe
2010-01-07 18:19:51   0   ----a-w-   c:\windows\system32\9894.exe
2010-01-07 17:59:29   0   ----a-w-   c:\windows\system32\17035.exe
2010-01-07 17:39:08   0   ----a-w-   c:\windows\system32\26299.exe
2010-01-07 17:18:47   0   ----a-w-   c:\windows\system32\25667.exe
2010-01-07 16:58:26   0   ----a-w-   c:\windows\system32\19912.exe
2010-01-07 16:38:05   0   ----a-w-   c:\windows\system32\1869.exe
2010-01-07 16:17:44   0   ----a-w-   c:\windows\system32\11538.exe
2010-01-07 15:57:23   0   ----a-w-   c:\windows\system32\14771.exe
2010-01-07 15:37:02   0   ----a-w-   c:\windows\system32\21726.exe
2010-01-07 15:16:41   0   ----a-w-   c:\windows\system32\5447.exe
2010-01-07 14:56:19   0   ----a-w-   c:\windows\system32\19895.exe
2010-01-07 14:35:58   0   ----a-w-   c:\windows\system32\19718.exe
2010-01-07 14:15:37   0   ----a-w-   c:\windows\system32\18716.exe
2010-01-07 13:55:16   0   ----a-w-   c:\windows\system32\17421.exe
2010-01-07 13:34:55   0   ----a-w-   c:\windows\system32\12382.exe
2010-01-07 13:14:34   0   ----a-w-   c:\windows\system32\292.exe
2010-01-07 12:54:13   0   ----a-w-   c:\windows\system32\153.exe
2010-01-07 12:33:52   0   ----a-w-   c:\windows\system32\3902.exe
2010-01-07 12:13:31   0   ----a-w-   c:\windows\system32\14604.exe
2010-01-07 11:53:10   0   ----a-w-   c:\windows\system32\32391.exe
2010-01-07 11:32:49   0   ----a-w-   c:\windows\system32\5436.exe
2010-01-07 11:12:28   0   ----a-w-   c:\windows\system32\4827.exe
2010-01-07 10:52:07   0   ----a-w-   c:\windows\system32\11942.exe
2010-01-07 10:31:46   0   ----a-w-   c:\windows\system32\2995.exe
2010-01-07 10:11:25   0   ----a-w-   c:\windows\system32\491.exe
2010-01-07 09:51:04   0   ----a-w-   c:\windows\system32\9961.exe
2010-01-07 09:30:42   0   ----a-w-   c:\windows\system32\16827.exe
2010-01-07 09:10:21   0   ----a-w-   c:\windows\system32\23281.exe
2010-01-07 08:50:00   0   ----a-w-   c:\windows\system32\28145.exe
2010-01-07 08:29:39   0   ----a-w-   c:\windows\system32\5705.exe
2010-01-07 08:09:18   0   ----a-w-   c:\windows\system32\24464.exe
2010-01-07 07:48:57   0   ----a-w-   c:\windows\system32\26962.exe
2010-01-07 07:28:36   0   ----a-w-   c:\windows\system32\29358.exe
2010-01-07 07:08:15   0   ----a-w-   c:\windows\system32\11478.exe
2010-01-07 06:47:54   0   ----a-w-   c:\windows\system32\15724.exe
2010-01-07 06:27:33   0   ----a-w-   c:\windows\system32\19169.exe
2010-01-07 06:07:12   0   ----a-w-   c:\windows\system32\26500.exe
2010-01-07 05:46:51   0   ----a-w-   c:\windows\system32\6334.exe
2010-01-07 05:26:30   0   ----a-w-   c:\windows\system32\18467.exe
2010-01-07 05:06:09   0   ----a-w-   c:\windows\system32\41.exe
2010-01-07 05:05:48   0   ----a-w-   c:\windows\system32\IS15.exe
2010-01-07 05:05:26   0   ----a-w-   c:\windows\system32\helper32.dll
2010-01-07 05:04:38   2931   ----a-w-   c:\windows\system32\warning.html
2010-01-04 04:18:55   3377858   ----a-w-   C:\FedEx bill.pdf
2009-12-30 12:29:29   309   ----a-w-   C:\confin.sys
2009-12-30 12:29:12   0   d-sh--w-   c:\docume~1\desize~1\applic~1\SystemProc
2009-12-22 05:09:42   5921   ----a-w-   c:\documents and settings\de size\kirkadd
2009-12-22 04:14:11   171235   ----a-w-   C:\http___elfyourself.jibjab.pdf
2009-12-18 12:23:45   0   d-----w-   c:\program files\iPod
2009-12-18 12:23:26   0   d-----w-   c:\program files\iTunes

==================== Find3M  ====================

2010-01-13 18:21:49   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k7
2010-01-13 18:21:49   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k6
2010-01-13 18:21:49   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k5
2010-01-13 18:21:49   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k4
2010-01-13 18:21:49   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k3
2010-01-13 18:21:49   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k2
2010-01-13 18:21:49   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k1
2010-01-13 18:21:49   199906   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k0
2009-12-06 04:56:32   739696   ----a-w-   c:\windows\system32\drivers\vetefile.sys
2009-12-06 04:56:32   32240   ----a-w-   c:\windows\system32\drivers\vetmonnt.sys
2009-12-06 04:56:32   26352   ----a-w-   c:\windows\system32\drivers\vet-filt.sys
2009-12-06 04:56:32   21488   ----a-w-   c:\windows\system32\drivers\vetfddnt.sys
2009-12-06 04:56:32   21104   ----a-w-   c:\windows\system32\drivers\vet-rec.sys
2009-12-06 04:56:32   133520   ----a-w-   c:\windows\system32\drivers\veteboot.sys
2009-10-29 07:45:38   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-10-21 05:38:36   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36   25088   ----a-w-   c:\windows\system32\httpapi.dll

============= FINISH: 21:28:35.71 ===============

[Derek]

Delete any existing version of ComboFix you have sitting on your desktop

Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note:  It is important that it is saved directly to your desktop  and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus and  anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
• Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  
• Remember to re enable the protection again after combofix has finished
  

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you. 
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. 

[sdex67]

Thank you for the help!

ComboFix 10-01-16.02 - Dexter_De Size 01/17/2010   0:01.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.959.442 [GMT -5:00]
Running from: c:\documents and settings\De Size\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\De Size\Application Data\0200000019e4ec51660C.manifest
c:\documents and settings\De Size\Application Data\0200000019e4ec51660O.manifest
c:\documents and settings\De Size\Application Data\0200000019e4ec51660P.manifest
c:\documents and settings\De Size\Application Data\0200000019e4ec51660S.manifest
c:\documents and settings\De Size\Application Data\0200000019e4ec51724C.manifest
c:\documents and settings\De Size\Application Data\0200000019e4ec51724O.manifest
c:\documents and settings\De Size\Application Data\0200000019e4ec51724P.manifest
c:\documents and settings\De Size\Application Data\0200000019e4ec51724S.manifest
c:\documents and settings\De Size\Application Data\Mozilla\Firefox\Profiles\je11r1gi.default\extensions\{b74240e2-9974-44da-b327-24aab6bdd94b}
c:\documents and settings\De Size\Application Data\Mozilla\Firefox\Profiles\je11r1gi.default\extensions\{b74240e2-9974-44da-b327-24aab6bdd94b}\chrome.manifest
c:\documents and settings\De Size\Application Data\Mozilla\Firefox\Profiles\je11r1gi.default\extensions\{b74240e2-9974-44da-b327-24aab6bdd94b}\chrome\xulcache.jar
c:\documents and settings\De Size\Application Data\Mozilla\Firefox\Profiles\je11r1gi.default\extensions\{b74240e2-9974-44da-b327-24aab6bdd94b}\defaults\preferences\xulcache.js
c:\documents and settings\De Size\Application Data\Mozilla\Firefox\Profiles\je11r1gi.default\extensions\{b74240e2-9974-44da-b327-24aab6bdd94b}\install.rdf
c:\documents and settings\De Size\Application Data\SystemProc
c:\documents and settings\De Size\Application Data\SystemProc\lsass.exe
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\qqbs34k1.default\extensions\{b74240e2-9974-44da-b327-24aab6bdd94b}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\qqbs34k1.default\extensions\{b74240e2-9974-44da-b327-24aab6bdd94b}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\qqbs34k1.default\extensions\{b74240e2-9974-44da-b327-24aab6bdd94b}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\qqbs34k1.default\extensions\{b74240e2-9974-44da-b327-24aab6bdd94b}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\qqbs34k1.default\extensions\{b74240e2-9974-44da-b327-24aab6bdd94b}\install.rdf
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\recycler\NPROTECT
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11840.exe
c:\windows\system32\11942.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12623.exe
c:\windows\system32\12859.exe
c:\windows\system32\13931.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\15006.exe
c:\windows\system32\15141.exe
c:\windows\system32\153.exe
c:\windows\system32\15350.exe
c:\windows\system32\15724.exe
c:\windows\system32\15890.exe
c:\windows\system32\16827.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\17673.exe
c:\windows\system32\1842.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\18756.exe
c:\windows\system32\19169.exe
c:\windows\system32\19264.exe
c:\windows\system32\19629.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\19954.exe
c:\windows\system32\20037.exe
c:\windows\system32\21726.exe
c:\windows\system32\22190.exe
c:\windows\system32\22648.exe
c:\windows\system32\23281.exe
c:\windows\system32\23805.exe
c:\windows\system32\23811.exe
c:\windows\system32\24084.exe
c:\windows\system32\24370.exe
c:\windows\system32\24393.exe
c:\windows\system32\24464.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\27446.exe
c:\windows\system32\27529.exe
c:\windows\system32\27644.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28703.exe
c:\windows\system32\288.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\30106.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\31101.exe
c:\windows\system32\31322.exe
c:\windows\system32\32391.exe
c:\windows\system32\32662.exe
c:\windows\system32\32757.exe
c:\windows\system32\3548.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4664.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\4966.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6729.exe
c:\windows\system32\6868.exe
c:\windows\system32\7376.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\8723.exe
c:\windows\system32\8942.exe
c:\windows\system32\9040.exe
c:\windows\system32\9741.exe
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\system32\ntSVc.ocx
c:\windows\system32\smss32.exe
c:\windows\system32\warning.html

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
(((((((((((((((((((((((((   Files Created from 2009-12-17 to 2010-01-17  )))))))))))))))))))))))))))))))
.

2010-01-14 02:57 . 2010-01-14 02:57   --------   d-----w-   c:\program files\Trend Micro
2010-01-13 02:37 . 2009-11-21 15:51   471552   -c----w-   c:\windows\system32\dllcache\aclayers.dll
2010-01-10 20:32 . 2008-12-10 08:21   130088   ----a-w-   c:\windows\system32\sdccoinstaller.dll
2010-01-10 20:28 . 2010-01-10 20:28   --------   d-----w-   c:\program files\Common Files\Cisco Systems
2010-01-10 20:13 . 2008-12-09 16:10   23552   ----a-w-   c:\windows\system32\SophosBootTasks.exe
2010-01-10 20:13 . 2010-01-10 20:35   --------   d-----w-   c:\program files\Sophos
2010-01-10 20:13 . 2010-01-10 20:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sophos
2010-01-10 20:12 . 2008-05-23 13:38   14976   ----a-w-   c:\windows\system32\drivers\SophosBootDriver.sys
2010-01-10 20:12 . 2008-07-18 16:49   104704   ----a-w-   c:\windows\system32\drivers\savonaccesscontrol.sys
2010-01-10 20:12 . 2008-07-18 16:49   35584   ----a-w-   c:\windows\system32\drivers\savonaccessfilter.sys
2010-01-10 20:12 . 2010-01-10 20:12   --------   d-----w-   C:\stdtsa
2010-01-03 00:21 . 2010-01-03 00:21   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-30 12:29 . 2009-12-30 12:29   309   ----a-w-   C:\confin.sys
2009-12-25 00:12 . 2009-12-25 00:12   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-25 00:11 . 2010-01-06 23:16   --------   d-----w-   c:\documents and settings\De Size\Local Settings\Application Data\Temp
2009-12-18 12:23 . 2009-12-18 12:23   --------   d-----w-   c:\program files\iPod
2009-12-18 12:23 . 2009-12-18 12:24   --------   d-----w-   c:\program files\iTunes

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 05:27 . 2006-09-01 01:58   --------   d-----w-   c:\program files\Blue Coat K9 Web Protection
2010-01-17 05:26 . 2008-11-21 01:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2010-01-17 05:24 . 2009-01-30 01:22   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k7
2010-01-17 05:24 . 2009-01-30 01:22   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k6
2010-01-17 05:24 . 2009-01-30 01:22   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k5
2010-01-17 05:24 . 2009-01-30 01:22   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k4
2010-01-17 05:24 . 2009-01-30 01:22   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k3
2010-01-17 05:24 . 2009-01-30 01:22   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k2
2010-01-17 05:24 . 2009-01-30 01:22   64   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k1
2010-01-17 05:24 . 2009-01-30 01:22   204466   ----a-w-   c:\windows\system32\drivers\kmxcfg.u2k0
2010-01-16 13:45 . 2009-04-30 18:00   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-01-13 18:03 . 2008-10-19 12:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-11 02:25 . 2007-12-02 13:10   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-01-06 23:19 . 2008-06-26 04:29   --------   d-----w-   c:\program files\Google
2010-01-03 00:20 . 2009-06-11 23:59   --------   d-----w-   c:\program files\QuickTime
2010-01-03 00:19 . 2008-11-16 03:12   --------   d-----w-   c:\documents and settings\De Size\Application Data\LimeWire
2009-12-31 14:58 . 2008-11-16 03:12   --------   d-----w-   c:\program files\LimeWire
2009-12-18 12:23 . 2008-07-31 19:05   --------   d-----w-   c:\program files\Common Files\Apple
2009-12-11 01:57 . 2009-12-11 01:56   --------   d-----w-   c:\program files\PC Inspector File Recovery
2009-12-11 01:56 . 2006-04-10 21:39   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-12-10 12:32 . 2006-04-10 21:14   75776   ----a-w-   c:\documents and settings\De Size\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-06 04:56 . 2009-10-13 17:11   739696   ----a-w-   c:\windows\system32\drivers\vetefile.sys
2009-12-06 04:56 . 2009-10-13 17:11   133520   ----a-w-   c:\windows\system32\drivers\veteboot.sys
2009-12-06 04:56 . 2009-01-26 21:43   32240   ----a-w-   c:\windows\system32\drivers\vetmonnt.sys
2009-12-06 04:56 . 2009-01-26 21:43   26352   ----a-w-   c:\windows\system32\drivers\vet-filt.sys
2009-12-06 04:56 . 2009-01-26 21:43   21488   ----a-w-   c:\windows\system32\drivers\vetfddnt.sys
2009-12-06 04:56 . 2009-01-26 21:43   21104   ----a-w-   c:\windows\system32\drivers\vet-rec.sys
2009-11-26 10:49 . 2008-10-19 12:36   --------   d-----w-   c:\program files\Microsoft Works
2009-10-29 07:45 . 2004-08-04 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00   265728   ----a-w-   c:\windows\system32\drivers\http.sys
2009-08-19 15:29 . 2009-08-19 15:29   356352   ----a-w-   c:\program files\mozilla firefox\components\qebhbcaenavt.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-08-12 126464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-18 185896]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-08-10 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2009-01-26 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-06 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2009-01-26 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2009-01-26 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2009-01-26 259312]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Local Service"="c:\documents and settings\De Size\Application Data\Microsoft\smss.exe" [2010-01-05 66560]

c:\documents and settings\De Size\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-6-21 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-10-31 15:01   8704   ------w-   c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30   79368   ----a-w-   c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^De Size^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\De Size\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^De Size^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\De Size\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58   611712   ----a-w-   c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2005-03-17 00:16   970752   ----a-w-   c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BHR]
2006-10-25 02:14   9375744   ----a-w-   c:\program files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44   31072   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 19:21   61952   ------w-   c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33   141600   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnamon]
2008-03-27 15:13   16040   ----a-w-   c:\program files\Lexmark 2600 Series\lxdnamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
2007-04-08 16:44   303104   ----a-w-   c:\program files\Essentials Codec Pack\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59   4347120   ----a-w-   c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08   417792   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 14:11   925696   ----a-r-   c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 08:25   144784   ----a-w-   c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-21 01:56   39408   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31   85160   ----a-w-   c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnamon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 7:08 PM 93712]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/24/2009 7:51 PM 64160]
R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [1/13/2009 6:39 PM 72992]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 7:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 7:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 7:08 PM 115216]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [1/10/2010 3:12 PM 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [1/10/2010 3:12 PM 35584]
R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [3/28/2006 10:29 AM 1078560]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 7:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 7:08 PM 66576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1028432]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [3/15/2009 4:45 PM 98984]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [12/9/2008 4:46 PM 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [12/9/2008 4:44 PM 98304]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 10:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 10:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 7:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 7:08 PM 88816]
R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [4/29/2006 2:25 PM 759050]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 9:10 PM 189704]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2009 7:11 PM 135664]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [1/10/2010 3:12 PM 14976]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32   128512   ----a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-01-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 00:50]

2010-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-12-22 c:\windows\Tasks\CAAntiSpywareScan_Daily as Dexter_De Size at 4 42 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 02:10]

2010-01-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-26 07:43]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 00:10]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 00:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\De Size\Application Data\Mozilla\Firefox\Profiles\je11r1gi.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\Mozilla Firefox\components\qebhbcaenavt.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\De Size\Application Data\SystemProc\lsass.exe
MSConfigStartUp-Lexmark X74-X75 - c:\program files\Lexmark X74-X75\lxbbbmgr.exe
MSConfigStartUp-Yapta Tracker - c:\program files\Yapta\YaptaClient.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 00:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  RTHDBPL = c:\documents and settings\De Size\Application Data\SystemProc\lsass.exe???
  Local Service = c:\documents and settings\De Size\Application Data\Microsoft\smss.exe?#?0???

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-790525478-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*d%é*_*]
@Class="Shell"

[HKEY_USERS\S-1-5-21-790525478-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*d%é*_*\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\software\Classes\ë*_%d*_*a*u*t*o*_*f*i*l*e*\shell\Edit with Fireworks\Command]
@="\"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe\" %1"

[HKEY_LOCAL_MACHINE\software\Classes\ë*_%d*_*a*u*t*o*_*f*i*l*e*\shell\open]
"MuiVerb"="@shimgvw.dll,-550"

[HKEY_LOCAL_MACHINE\software\Classes\ë*_%d*_*a*u*t*o*_*f*i*l*e*\shell\open\Command]
@="\"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe\" %1"

[HKEY_LOCAL_MACHINE\software\Classes\ë*_%d*_*a*u*t*o*_*f*i*l*e*\shell\open\DropTarget]
"Clsid"="{E84FDA7C-1D6A-45F6-B725-CB260C236066}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2280)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-01-17  00:42:00 - machine was rebooted
ComboFix-quarantined-files.txt  2010-01-17 05:41

Pre-Run: 19,051,347,968 bytes free
Post-Run: 19,847,729,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1794BC6DCA74B2BD4D9D73C9F5142A98

[Derek]

Download the attached CFScript.txt  and save it to your  desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop  in the list of selections in that window & press save)
Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
Close any open browsers
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

 



 

This will start ComboFix again.  It may ask to reboot.  Post the contents of Combofix.txt in your next reply


Note: these instructions and script were created specifically for this user.  If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

This will create a zip file inside C:\QooBox\quarantine named something like  [38]-Submit_2008-01-17@17.50.zip 

at the end it will pop up an alert  & open your browser and  ask you to send the zip file

please follow those instructions. We need to see the zip file before we can carry on with the fix

If there is no pop up alert or open browser then

please go to  http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to  upload the files ( do not post HJT logs there as they will not get dealt with)

Files to submit:
the zip file  inside C:\QooBox\quarantine created by combofix named something like  [38]-Submit_2008-01-17@17.50.zip 

or to
http://www.bleepingcomputer.com/submit-malware.php?channel=38

[Would you do all this for nothing?]

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts

[Information]

  
  Information
   Security & Protection Blog
   Prevention
   Using Autoruns
     System Restore
  Rss feeds
     Microsoft at Home
     MSRC
     Malware blog

Take the Kaspersky Challenge: See what your current antivirus is missing. Our free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one.

Kaspersky Online Scanner

Most importantly, you can see what viruses your current antivirus software let slip through! Now works with ANY Java enabled browser