I was downloading a plug-in for DivX and I just got the worst spyware of my life

Some programs I never installed started popping up that I think might be fake, I cannot open HijackThis, AVG anti spyware, Spybot, or Super anti spyware, these are the only applications I can't open, I have an icon in my windows tray that is a red circle with a white X in the middle that keeps telling me my computer is infected with spyware

Immediately after installing the plug-in I started getting spyware infection messages, then some weird security programs that I never installed started popping up, I already have windows security installed, a separate security system called XP Windows Security Center kept popping up to scan for spyware, the one I've always had is just called Windows Security Center without the XP, another program kept popping up called WinAnti spyware or something like that, both these programs started scanning for Spyware, they didn't let me remove the spyware, I had to pay for and register for the programs to remove the spyware

I didn't trust the programs so I tried to scan my computer with AVG, nothing happened when I double clicked on it, the hourglass appears next to the arrow for a split second like opening any other application but nothing happens, I tried all of my ant-spyware programs and HijackThis and they all did the same thing, these are the only applications that do not open, I uninstalled and deleted the two new programs, but when I click on the infection icon they still pop up

I thought the new programs might be stopping me from running any other anti-spyware programs, but I was still not able to run my anti-spyware programs after I deleted them, I tried reinstalling Spybot and it did not work

I APPRECIATE any help.Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

----------

Try to run a HijackThis scan now and post that log also.I was not able to disable my antispyware because I was not able to open those programs, I was also unable to run ComboFix because of the same problem, I apologize for not including ComboFix in my original list of programs that won't open, it seems ComboFix is affected by the same error.Right click ComboFix and rename it to Combo-Fix then try to run it.

If that doesn't work try restarting into Safe Mode and running it.It worked, here are the two logs;

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 5:13:19 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Christopher\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide
O4 - HKLM\..\Run: [buritos] buritos.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight All Hyperlinks - C:\Program Files\Game Accelerator\highlightlinks.htm
O8 - Extra context menu item: Highlight All Images - C:\Program Files\Game Accelerator\highlightimages.htm
O8 - Extra context menu item: Highlight All TABLES and Forms - C:\Program Files\Game Accelerator\highlighttable.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://www3.ca.com/securityadvisor/pest/ppctlcab.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exeComboFix:

ComboFix 08-08-14.05 - Christopher 2008-08-15 16:55:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1077 [GMT -4:00]
Running from: C:\Documents and Settings\Christopher\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Christopher\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\Documents and Settings\Christopher\Cookies\axoti.db
C:\Documents and Settings\Christopher\Cookies\bapezoduw.lib
C:\Documents and Settings\Christopher\Cookies\busex._dl
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Christopher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Christopher\Cookies\codafogoqe.db
C:\Documents and Settings\Christopher\Cookies\coliqyry.exe
C:\Documents and Settings\Christopher\Cookies\elypefane.inf
C:\Documents and Settings\Christopher\Cookies\haqecycer._sy
C:\Documents and Settings\Christopher\Cookies\kuqyjys.ban
C:\Documents and Settings\Christopher\Cookies\mymemoki.inf
C:\Documents and Settings\Christopher\Cookies\utubicifu.sys
C:\Documents and Settings\Christopher\Cookies\xobaped.pif
C:\WINDOWS\buritos.exe
C:\WINDOWS\cdmxtras
C:\WINDOWS\cdmxtras\uninst.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\karina.dat
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\buritos.exe
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\cache329\B_329_0_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_0_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_1_0_449200.gif
C:\WINDOWS\system32\cache329\B_329_1_0_449600.gif
C:\WINDOWS\system32\cache329\B_329_1_0_454300.gif
C:\WINDOWS\system32\cache329\B_329_2_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_2_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_3_0_106800.htm
C:\WINDOWS\system32\cache329\B_329_3_0_107400.htm
C:\WINDOWS\system32\cache329\B_329_4_0_111600.htm
C:\WINDOWS\system32\cache329\B_329_4_0_152400.htm
C:\WINDOWS\system32\cache329\B_329_4_0_155300.htm
C:\WINDOWS\system32\cache329\B_329_4_0_164100.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_0_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_2_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_106800.htm
C:\WINDOWS\system32\cache329\t_B_329_3_0_107400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_111600.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_152400.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_155300.htm
C:\WINDOWS\system32\cache329\t_B_329_4_0_164100.htm
C:\WINDOWS\system32\karina.dat
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-15 14:50 . 2008-08-15 14:5017,165--a------C:\Documents and Settings\Christopher\Application Data\camyjasy.scr
2008-08-15 14:50 . 2008-08-15 14:5011,113--a------C:\Documents and Settings\Christopher\Application Data\ehakagugik.com
2008-08-15 14:40 . 2008-08-15 14:4019,488--a------C:\WINDOWS\system32\nidoviq.sys
2008-08-15 14:40 . 2008-08-15 14:4018,333--a------C:\Documents and Settings\All Users\Application Data\acid.sys
2008-08-15 14:40 . 2008-08-15 14:4018,020--a------C:\Documents and Settings\Christopher\Application Data\johoxi.vbs
2008-08-15 14:40 . 2008-08-15 14:4017,192--a------C:\WINDOWS\system32\nysozu.bin
2008-08-15 14:40 . 2008-08-15 14:4016,487--a------C:\WINDOWS\system32\etubaboh._dl
2008-08-15 14:40 . 2008-08-15 14:4013,609--a------C:\Program Files\Common Files\jocy.bat
2008-08-15 14:40 . 2008-08-15 14:4013,555--a------C:\WINDOWS\bavaxoqe.sys
2008-08-15 14:40 . 2008-08-15 14:4012,707--a------C:\WINDOWS\system32\izudab.vbs
2008-08-15 14:40 . 2008-08-15 14:4012,464--a------C:\Documents and Settings\All Users\Application Data\ukisysy.scr
2008-08-15 14:40 . 2008-08-15 14:4012,414--a------C:\Documents and Settings\All Users\Application Data\zyqukikej.reg
2008-08-15 14:40 . 2008-08-15 14:4010,121--a------C:\WINDOWS\qycuza.exe
2008-08-15 14:39 . 2008-08-12 01:58195,986--a------C:\WINDOWS\system32\_scui.cpl
2008-08-15 14:38 . 2008-08-15 15:27314,724--a------C:\WINDOWS\system32\winstra2.exe
2008-08-15 14:38 . 2008-08-15 15:2771,992--a------C:\WINDOWS\system32\winstra1.exe
2008-08-07 09:45 . 2008-08-07 09:45d--------C:\Program Files\Linkword Languages
2008-07-21 15:25 . 2008-07-21 15:25d----c---C:\Python25
2008-07-21 12:06 . 2008-07-21 12:06d--------C:\Program Files\Smith Micro
2008-07-21 09:24 . 2008-07-03 14:169,875,456--a------C:\WINDOWS\system32\dzcore.dll
2008-07-21 09:24 . 2008-07-03 14:036,131,712--a------C:\WINDOWS\system32\daz-qt-mt.dll
2008-07-21 09:24 . 2008-07-03 13:562,076,672--a------C:\WINDOWS\system32\dz3delight.dll
2008-07-21 09:24 . 2008-07-03 14:031,785,856--a------C:\WINDOWS\system32\daz-qsa.dll
2008-07-21 09:24 . 2008-07-03 14:1849,152--a------C:\WINDOWS\system32\dzcarrara.dll
2008-07-21 09:24 . 2008-07-03 14:1833,280--a------C:\WINDOWS\system32\dzbryce6.dll
2008-07-21 09:24 . 2008-07-03 14:1826,624--a------C:\WINDOWS\system32\dzwrapper.dll
2008-07-21 09:23 . 2008-07-21 09:23d--------C:\Program Files\DAZ
2008-07-19 13:50 . 2008-07-19 13:50d--------C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-19 13:43 . 2008-07-19 13:43d--------C:\Program Files\Bonjour
2008-07-19 13:29 . 2008-07-19 13:29d--------C:\Program Files\Common Files\Macrovision Shared
2008-07-18 17:59 . 2008-07-19 12:09156--a------C:\WINDOWS\Twunk001.MTX
2008-07-18 17:59 . 2008-07-19 12:093--a------C:\WINDOWS\Twain001.Mtx
2008-07-18 17:59 . 2008-07-18 17:590--a------C:\WINDOWS\Twunk002.MTX
2008-07-17 18:50 . 2008-07-17 18:55d--------C:\Documents and Settings\Christopher\Application Data\Queue Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 20:50---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 19:23---------d-----wC:\Program Files\Spybot - Search & Destroy
2008-08-15 18:5016,813----a-wC:\WINDOWS\myhawu.scr
2008-08-15 18:5015,818----a-wC:\WINDOWS\uvave.reg
2008-08-15 18:5014,688----a-wC:\Program Files\Common Files\ocucebo.inf
2008-08-15 18:5013,924----a-wC:\WINDOWS\ekiqe.vbs
2008-08-15 18:5013,844----a-wC:\Program Files\Common Files\dacyvuc._dl
2008-08-15 18:5011,980----a-wC:\Program Files\Common Files\eqycuzu._dl
2008-08-15 13:04---------d-----wC:\Documents and Settings\Christopher\Application Data\uTorrent
2008-08-14 01:15---------d--h--wC:\Program Files\InstallShield Installation Information
2008-08-13 05:45---------d-----wC:\Program Files\uTorrent
2008-07-21 19:22---------d-----wC:\Program Files\Common Files\DAZ
2008-07-19 23:01---------d-----wC:\Program Files\Common Files\Real
2008-07-19 22:55---------d-----wC:\Program Files\7-Zip
2008-07-19 17:43---------d-----wC:\Program Files\Common Files\Adobe
2008-07-17 20:34---------d-----wC:\Program Files\Java
2008-07-12 17:53---------d-----wC:\Program Files\Sims2Pack Clean Installer
2008-07-12 17:35---------d-----wC:\Program Files\Game Accelerator
2008-07-12 17:24---------d-----wC:\Program Files\CDisplay
2008-07-12 16:54---------d-----wC:\Program Files\CCleaner
2008-07-11 20:32---------d-----wC:\Program Files\GDS
2008-07-10 03:00---------d-----wC:\Program Files\DivX
2008-06-24 01:52---------d-----wC:\Documents and Settings\Christopher\Application Data\Apple Computer
2008-06-20 10:45360,320----a-wC:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44138,368----a-wC:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52225,920----a-wC:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-16 00:3248,448-c--a-wC:\Documents and Settings\Christopher\Application Data\GDIPFONTCACHEV1.DAT
2005-09-03 13:4920-c--a-wC:\Program Files\Sims2Pack Clean Installer.ini
2004-06-23 18:5520,480-c--a-wC:\Program Files\ProcManager.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 02:07 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 02:07 81920]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 14:46 255528]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 15:01 1037736]
"nwiz"="nwiz.exe" [2007-09-17 02:07 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2008-03-08 10:02 2476408 C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 12:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXL]
--a------ 2008-03-14 19:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2007-01-29 22:10 46632 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2007-01-29 22:12 30248 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2005-02-25 20:28 212992 C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-14 19:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
--a--c--- 2001-08-08 10:27 376352 C:\Program Files\CA\eTrust\Antivirus\REALMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-12-06 11:32]
R2 LogWatch;Event Log Watch;C:\WINDOWS\LogWatNT.exe [2000-06-08 14:15]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 03:01]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-12-12 12:28]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-09-03 10:53]
S3 idrmkl;idrmkl;C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\idrmkl.sys []
S3 pmxscan;USB ScanModule V5.1 Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 01:58]
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\AE21463891AAF74C.job
- c:\progra~1\jumpsi~1\Glue Team Itch.exe []

2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]

2008-08-15 C:\WINDOWS\Tasks\E7896B29962B2C8D.job
- c:\progra~1\jumpsi~1\Glue Team Itch.exe []

2008-08-15 C:\WINDOWS\Tasks\xcv.job
- C:\Documents and Settings\Christopher\My Documents\xcv.bmp []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-XP SecurityCenter - C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
HKLM-Run-buritos - buritos.exe
MSConfigStartUp-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-Ultimate Popup Blocker - C:\Program Files\Ultimate Pop-up Blocker\Ultimate Pop-up Blocker.exe
MSConfigStartUp-p2p networking - p2pnetworking.exe.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\ieqb9zx2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 17:01:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust\Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust\Antivirus\INORT.EXE
C:\Program Files\CA\eTrust\Antivirus\InoTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2008-08-15 17:10:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-15 21:09:38
ComboFix2.txt 2007-07-31 00:54:24

Pre-Run: 6,357,168,128 bytes free
Post-Run: 6,409,986,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

307--- E O F ---2008-08-15 07:07:46Was ComboFix run from Safe Mode or did renaming it work?

Please delete the version of HijackThis you have and install the new version and run a new scan with it and post the log.

Download and rename TrendMicro HijackThis.exe (HJT)

• Double-click on HJTInstall.
• Click on the Install button.
  
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  
• Upon install, HijackThis should open for you.

• Close HijackThis and rename it.
  
• Go to C:\Program Files\Trend Micro\HijackThis.exe
  
• Right click on HijackThis.exe and select Rename.
  
• Type in sniper.exe and press Enter.
  
• Right-click on sniper.exe and select Send To > Desktop (create shortcut)

• From the desktop open HijackThis.
• Important! If using Windows Vista, Right-click and Run As Administrator
  
• Click on the Do a system scan and save a log file button
  
• HijackThis will scan and then a log will open in notepad.
• COPY and then paste the entire contents of the log in your post.
  
• Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

• Click Start , then Run
  
• Type notepad.exe in the Run Box.
  

• NoLop.exe

• Close any programs you have running since a reboot is required
• Double click NoLop.exe to run it
  
• Next, click the button labeled: Search and Destroy
  • Your computer will now be scanned for infected files
• When the scan finishes, if infected, you are prompted to reboot
• Click OK
• Now click: REBOOT
  
• A Message should popup from NoLop. If not, double click the program again and it will finish.
• Post the contents of C:\NoLop.log in the next reply.

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

• Click START then RUN
  
• Now type Combo-Fix /u in the runbox
  
• Make sure there's a space between Combo-Fix and /u
• Then hit Enter.
.

----------

Download OTMoveIt2 by OldTimer

• When finished exit out of OTMoveIt2

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save