Solve : pls help re: wma/trojandownloader.getcodec.gen?

Answer»

i downloaded a file from limewire but what i gotis this nasty trojan instead.
pls help m remove this threat before my wife throws me out of our house.

Norman Malware Cleaner
Copyright © 1990 - 2009, Norman ASA. Built 2009/04/24 09:14:41

Norman Scanner Engine Version: 6.00.06
Nvcbin.def Version: 6.00.00, Date: 2009/04/24 09:14:41, Variants: 3125455

Scan started: 25/04/2009 02:53:06

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode with network) Service Pack 2
Logged on user: YOUR-CAB733E7E9\Administrator

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "C:\WINDOWS\System32\iassdo32.dll" -> ""

Scanning running processes and process memory...

C:\WINDOWS\Explorer.EXE(1420) (C:\WINDOWS\system32\6D.tmp!0x033E0000) (Infected with W32/Agent.LFUR)
File marked for defered cleaning (reboot required)

Number of processes/threads found: 744
Number of processes/threads scanned: 744
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 16s

Scanning file system...

Scanning: C:\*.*

C:\WINDOWS\system32\6D.tmp (Infected with W32/Agent.LFUR)
File marked for defered cleaning (reboot required)

C:\WINDOWS\system32\NetworkService32\117.crack.zip/crack.by.ORiON/crack.exe (Infected with W32/DLoader.OFDJ)
Deleted file

C:\WINDOWS\system32\NetworkService32\118.keygen.zip/keygen.from.Black.X/keygen.exe (Infected with W32/DLoader.OFDK)
Deleted file

C:\WINDOWS\system32\NetworkService32\120.setup.zip/keygen_from_iFLUENCE/keygen.exe (Infected with W32/DLoader.OFDJ)
Deleted file

Running post-scan cleanup routine:
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "C:\WINDOWS\System32\iassdo32.dll" -> ""

Number of files found: 154289
Number of archives unpacked: 5711
Number of files scanned: 154280
Number of files not scanned: 9
Number of files skipped due to exclude list: 0
Number of infected files found: 4
Number of infected files repaired/deleted: 3
Number of infections removed: 3
Total scanning time: 23m 42s

------------------------------------------------------------------

here's my hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:21 AM, on 4/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PowerS.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\ManyCam 2.3\ManyCam.exe
C:\Program Files\SpeedItUpFree\SpeedItUp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://reg.vugames.com/home.do?sku=71608&src=WREG
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI
O4 - Startup: IMVU.lnk = C:\Documents and Settings\Steven\Application Data\IMVUClient\IMVUClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Steven\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112219676640
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA53CA55-AB2B-461B-BE08-2A9F2E770168}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\iassdo32.dll
O20 - Winlogon Notify: 2cab3e87579 - C:\WINDOWS\System32\iassdo32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\Program Files\websrv\websrv.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10572 bytes
Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.thanks a lot for the quick reply. here's the log from mbam:

Malwarebytes' Anti-Malware 1.36
Database version: 2036
Windows 5.1.2600 Service Pack 3

4/25/2009 6:52:50 AM
mbam-log-2009-04-25 (06-52-50).txt

Scan type: Quick Scan
Objects scanned: 86118
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 60

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\iassdo32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\2cab3e87579 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\iassdo32.dll -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\NetworkService32 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\iassdo32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\NetworkService32\117.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\117.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\118.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\118.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\119.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\119.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\120.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\120.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\121.music.mp3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\121.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\122.music.snd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\122.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\123.music.au (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\123.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\124.video.wmv (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NetworkService32\124.video.wmv.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gpkrsrc32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drmstor32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmdskmgr32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DHCPMON32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\glu3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imm3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmutil32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ImagX732.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eventcls32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fltlib32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\duser32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DGSETUP32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dimap32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmime32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmocx32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSERVER32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSYNTH32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DOCPROP32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcdll32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DPNADDR32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DPSERIAL32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DPVOICE32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DPWSOCKX32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DSOUND3D32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dssenh32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DINPUT832.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dswave32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drprov32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dplayx32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnmodem32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\encdec32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fsusd32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\els32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\f49f4daa.dat (Trojan.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iasads32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxdiagn32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxtmsft32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gcdef32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\es32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iasrad32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnhupnp32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dispex32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.dds

DDS (Ver_09-03-16.01) - NTFSx86
Run by Steven at 7:06:50.92 on Sat 04/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.483 [GMT 8:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PowerS.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\ManyCam 2.3\ManyCam.exe
C:\Program Files\SpeedItUpFree\SpeedItUp.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Steven\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = https://reg.vugames.com/home.do?sku=71608&src=WREG
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ManyCam] "c:\program files\manycam 2.3\ManyCam.exe"
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SpeedItUpEX] c:\program files\speeditupfree\SpeedItUp.exe -MINI
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PowerS] c:\windows\PowerS.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [farstone]
mRun: [LTMSG] LTMSG.exe 7
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nod32upd] rundll32 "c:\program files\eset\fc_upd.dll",NOD32Ioctl
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
StartupFolder: c:\docume~1\steven\startm~1\programs\startup\imvu.lnk - c:\documents and settings\steven\application data\imvuclient\IMVUClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\steven\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\windows\system32\imon.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112219676640
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-28 97920]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-4-25 15424]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-4-25 552064]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 CXTuner;Conexant TVTuner;c:\windows\system32\drivers\CXTuner.sys [2005-3-31 28127]
R3 CXVideo;Conexant Capture;c:\windows\system32\drivers\CXVCap.sys [2005-3-31 100092]
R3 CXXBar;Conexant CROSSBAR;c:\windows\system32\drivers\CXXBar.sys [2005-3-31 8301]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [2004-7-24 46536]
S2 Network Location Awareness (NLA) (Nla) ;Network Location Awareness (NLA) (Nla) ;c:\program files\websrv\websrv.exe --> c:\program files\websrv\websrv.exe [?]
S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\system32\drivers\sunkfilt6.sys --> c:\windows\system32\drivers\sunkfilt6.sys [?]

=============== Created Last 30 ================

2009-04-25 06:59512,096a-------c:\windows\system32\drivers\amon.sys
2009-04-25 06:59298,104a-------c:\windows\system32\imon.dll
2009-04-25 06:5915,424a-------c:\windows\system32\drivers\nod32drv.sys
2009-04-25 06:47--d-----c:\docume~1\steven\applic~1\Malwarebytes
2009-04-25 06:4715,504a-------c:\windows\system32\drivers\mbam.sys
2009-04-25 06:4638,496a-------c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 06:46--d-----c:\program files\Malwarebytes' Anti-Malware
2009-04-25 06:46--d-----c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-25 04:39--d-----c:\windows\system32\scripting
2009-04-25 04:39--d-----c:\windows\system32\en
2009-04-25 04:39--d-----c:\windows\l2schemas
2009-04-25 04:39--d-----c:\windows\system32\bits
2009-04-25 04:36--d-----c:\windows\ServicePackFiles
2009-04-25 04:30--d-----c:\windows\EHome
2009-04-25 04:30--d-----c:\program files\Trend Micro
2009-04-25 02:2514,123a-------c:\windows\GnuHashes.ini
2009-04-24 19:571,542a--sh---c:\windows\system32\GroupPolicy000.dat
2009-04-24 19:56615a-------c:\windows\system32\OiUCZVG.vbs
2009-04-24 19:56615a-------c:\windows\system32\GHz7U94BXB0tf.vbs
2009-04-24 19:53615a-------c:\windows\system32\q3RkZjT3pCdOpdK.vbs
2009-04-24 19:500a-------c:\windows\system32\iasnap32.dll
2009-04-24 19:480a-------c:\windows\system32\inetmib132.dll
2009-04-24 19:480a-------c:\windows\system32\inetcfg32.dll
2009-04-24 19:480a-------c:\windows\system32\imeshare32.dll
2009-04-24 19:480a-------c:\windows\system32\ImagXpr732.dll
2009-04-24 19:480a-------c:\windows\system32\imagr532.dll
2009-04-24 19:39615a-------c:\windows\system32\ontfZYW.vbs
2009-04-21 20:562,297,552a-------c:\windows\system32\d3dx9_26.dll
2009-04-21 20:55--d-----c:\windows\system32\AGEIA
2009-04-21 20:54--d-----c:\program files\common files\Wise Installation Wizard
2009-04-21 11:2549,152a----r--c:\windows\amcap.exe
2009-04-17 13:34284,160-c------c:\windows\system32\dllcache\pdh.dll
2009-04-17 13:34401,408-c------c:\windows\system32\dllcache\rpcss.dll
2009-04-17 13:34110,592-c------c:\windows\system32\dllcache\services.exe
2009-04-17 13:34473,600-c------c:\windows\system32\dllcache\fastprox.dll
2009-04-17 13:34729,088-c------c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 13:34453,120-c------c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 13:34227,840-c------c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 13:34714,752-c------c:\windows\system32\dllcache\ntdll.dll
2009-04-17 13:34617,472-c------c:\windows\system32\dllcache\advapi32.dll
2009-04-17 13:342,145,280-c------c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-17 13:342,189,056-c------c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-17 13:332,023,936-c------c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-17 13:112,560--------c:\windows\system32\xpsp4res.dll
2009-04-17 13:11215,552-c------c:\windows\system32\dllcache\wordpad.exe
2009-04-08 20:57--d-----c:\program files\Alcohol Soft
2009-04-07 22:1364,902a-------c:\windows\War3Unin.dat
2009-04-07 22:13139,264a-------c:\windows\War3Unin.exe
2009-04-07 22:132,829a-------c:\windows\War3Unin.pif
2009-04-07 21:182,036,576a-------c:\windows\system32\D3DCompiler_40.dll
2009-04-07 21:18452,440a-------c:\windows\system32\d3dx10_40.dll
2009-04-07 21:184,379,984a-------c:\windows\system32\D3DX9_40.dll
2009-04-07 21:181,358,192a-------c:\windows\system32\D3DCompiler_35.dll
2009-04-07 21:18444,776a-------c:\windows\system32\d3dx10_35.dll
2009-04-07 21:183,727,720a-------c:\windows\system32\d3dx9_35.dll
2009-04-07 21:18--d-----c:\windows\Logs
2009-04-05 21:36--dsh---c:\documents and settings\steven\IECompatCache

==================== Find3M ====================

2009-04-25 04:4176,487a-------c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-24 14:521,513a-------c:\windows\eReg.dat
2009-04-22 17:4890,112a-------c:\windows\DUMP68cc.tmp
2009-03-19 00:59724,992a-------c:\windows\iun6002.exe
2009-03-09 05:19410,984a-------c:\windows\system32\deploytk.dll
2009-03-08 04:34914,944a-------c:\windows\system32\wininet.dll
2009-03-08 04:3443,008a-------c:\windows\system32\licmgr10.dll
2009-03-08 04:3318,944a-------c:\windows\system32\corpol.dll
2009-03-08 04:33420,352a-------c:\windows\system32\vbscript.dll
2009-03-08 04:3272,704a-------c:\windows\system32\admparse.dll
2009-03-08 04:3271,680a-------c:\windows\system32\iesetup.dll
2009-03-08 04:3134,816a-------c:\windows\system32\imgutil.dll
2009-03-08 04:3148,128a-------c:\windows\system32\mshtmler.dll
2009-03-08 04:3145,568a-------c:\windows\system32\mshta.exe
2009-03-08 04:22156,160a-------c:\windows\system32\msls31.dll
2009-03-06 22:22284,160a-------c:\windows\system32\pdh.dll
2009-02-09 20:10729,088a-------c:\windows\system32\lsasrv.dll
2009-02-09 20:10714,752a-------c:\windows\system32\ntdll.dll
2009-02-09 20:10617,472a-------c:\windows\system32\advapi32.dll
2009-02-09 20:10401,408a-------c:\windows\system32\rpcss.dll
2009-02-09 19:131,846,784a-------c:\windows\system32\win32k.sys
2009-02-07 19:022,066,048a-------c:\windows\system32\ntkrnlpa.exe
2009-02-06 19:11110,592a-------c:\windows\system32\services.exe
2009-02-06 19:082,189,056a-------c:\windows\system32\ntoskrnl.exe
2009-02-06 18:3935,328a-------c:\windows\system32\sc.exe
2009-02-04 15:291,023a-------c:\windows\fonts\kamn____.PFM
2009-02-04 15:291,091a-------c:\windows\fonts\heln____.PFM
2009-02-04 03:5956,832a-------c:\windows\system32\secur32.dll
2009-01-28 20:1332,328a-------c:\docume~1\steven\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 7:07:19.21 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/7/2005 11:45:49 AM
System Uptime: 4/25/2009 7:02:12 AM (0 hours ago)

Motherboard: | | RS480-M
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2199/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 183 GiB total, 155.343 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\FF2E43E00AE6
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\FF2E43E00AE6
Service: NIC1394

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

99 Slot Machine
A4 TECH USB PC Camera H
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11
AGEIA PhysX v7.05.17
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BearShare
Camfrog Video Chat 5.2
Command & Conquer Generals
Critical Update for Windows Media Player 11 (KB959772)
EarthLink MDAC
Font Creator Program 4.1
Google Toolbar for Internet Explorer
HangARoo v2.05
HijackThis 2.0.2
Horse Racing Fantasy Community Edition
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ImTOO 3GP Video Converter
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 13
LimeWire PRO 4.18.8
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Malwarebytes' Anti-Malware
ManyCam 2.3 (remove only)
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mighty Slots
MS Access 97 SP2
MSN
MSSoap
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Card Reader
Nero Media Player
Nero OEM
NeroVision Express 3
NOD32 antivirus system
NOD32 FiX v2.1
Octoshape add-in for Adobe Flash Player
PaperPort
Plenty Jackpot
PokerStars
Real Vegas Online
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SimCity 3000 Unlimited
Skype™ 3.8
Slot Nuts
Speeditup Free 4.01
Super Bounce Out! from GameHouse
Super Collapse! from GameHouse
Super TextTwist
Tom Clancy's Ghost Recon Advanced Warfighter® 2
TV Station
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIP Slots
Warcraft III: All Products
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinFast(R) Display Driver
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

4/25/2009 2:18:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips nod32drv Processor
4/25/2009 2:17:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/24/2009 10:39:20 AM, error: System Error [1003] - Error code 0000004e, parameter1 0000008f, parameter2 0002809d, parameter3 00019385, parameter4 00000000.
4/24/2009 10:39:17 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 eb4bc456.
4/24/2009 10:39:13 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf9fb70f, parameter3 eccf689c, parameter4 00000000.
4/21/2009 11:27:49 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 805200dc, parameter3 efb4ec34, parameter4 00000000.
4/21/2009 11:27:47 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 804f990b.
4/20/2009 12:02:08 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 8051e2f2.
4/20/2009 12:02:06 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000006, parameter3 00000001, parameter4 f7484857.
4/20/2009 12:02:05 AM, error: System Error [1003] - Error code 1000000a, parameter1 02080120, parameter2 00000002, parameter3 00000000, parameter4 805073a4.
4/20/2009 12:02:03 AM, error: System Error [1003] - Error code 100000d1, parameter1 00001000, parameter2 00000002, parameter3 00000001, parameter4 f7670ed6.
4/19/2009 11:59:50 PM, error: System Error [1003] - Error code 0000004e, parameter1 00000099, parameter2 00000000, parameter3 00000000, parameter4 00000000.

==== End Of File ===========================

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it YET!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

DDS::
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Download JavaRa

Unzip the file and open the JavaRa.exe
Click Remove Older Versions
JavaRa will search for and remove any outdated version of Java and remove any that are found.
Click Additional Tasks
Place a check next to Remove Useless JRE Files and click Go
Exit JavaRa
Delete the JavaRa files from the Desktop

am i finished after i removed the javara files? btw, what are the javara files in my desktop? are those the dds, combofix? thanks a lot for your help. you are heaven-sent to me You can delete the JavaRa files.

Did you work through the ComboFix instructions? I need the log it created.ComboFix 09-04-25.03 - Steven 04/25/2009 7:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.573 [GMT 8:00]
Running from: c:\documents and settings\Steven\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steven\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\020000002cc36e2c579C.manifest
c:\documents and settings\Administrator\Application Data\020000002cc36e2c579O.manifest
c:\documents and settings\Administrator\Application Data\020000002cc36e2c579P.manifest
c:\documents and settings\Administrator\Application Data\020000002cc36e2c579S.manifest
c:\documents and settings\Steven\Application Data\020000002cc36e2c579C.manifest
c:\documents and settings\Steven\Application Data\020000002cc36e2c579O.manifest
c:\documents and settings\Steven\Application Data\020000002cc36e2c579P.manifest
c:\documents and settings\Steven\Application Data\020000002cc36e2c579S.manifest
c:\program files\messenger\msmsgs.exe
c:\windows\GnuHashes.ini
c:\windows\system32\DIconLib32.dll
c:\windows\system32\dmconfig32.dll
c:\windows\system32\dsauth32.dll
c:\windows\system32\dsdmoprp32.dll
c:\windows\system32\dskquoui32.dll
c:\windows\system32\dsquery32.dll
c:\windows\system32\esent9732.dll
c:\windows\system32\expsrv32.dll
c:\windows\system32\faultrep32.dll
c:\windows\system32\filemgmt32.dll
c:\windows\system32\fmifs32.dll
c:\windows\system32\fontsub32.dll
c:\windows\system32\fwcfg32.dll
c:\windows\system32\getuname32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\hccoin32.dll
c:\windows\system32\hid32.dll
c:\windows\system32\HLINKPRX32.dll
c:\windows\system32\hnetmon32.dll
c:\windows\system32\hpicon32.dll
c:\windows\system32\hpzcoi0732.dll
c:\windows\system32\hticons32.dll
c:\windows\system32\hypertrm32.dll
c:\windows\system32\iasnap32.dll
c:\windows\system32\imagr532.dll
c:\windows\system32\ImagXpr732.dll
c:\windows\system32\imeshare32.dll
c:\windows\system32\inetcfg32.dll
c:\windows\system32\inetmib132.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_LOCATION_AWARENESS_(NLA)_(NLA)_
-------\Service_Network Location Awareness (NLA) (Nla)

((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.

2009-04-24 22:47 . 2009-04-24 22:47--------d-----wc:\documents and settings\Steven\Application Data\Malwarebytes
2009-04-24 22:47 . 2009-04-06 07:3215504----a-wc:\windows\system32\drivers\mbam.sys
2009-04-24 22:46 . 2009-04-06 07:3238496----a-wc:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 22:46 . 2009-04-24 22:46--------d-----wc:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-24 20:50 . 2009-04-24 20:50--------d-sh--wc:\windows\system32\config\systemprofile\IETldCache
2009-04-24 20:39 . 2009-04-24 20:39--------d-----wc:\windows\system32\scripting
2009-04-24 20:39 . 2009-04-24 20:39--------d-----wc:\windows\system32\en
2009-04-24 20:39 . 2009-04-24 20:39--------d-----wc:\windows\l2schemas
2009-04-24 20:39 . 2009-04-24 20:39--------d-----wc:\windows\system32\bits
2009-04-24 20:36 . 2009-04-24 20:36--------d-----wc:\windows\ServicePackFiles
2009-04-24 20:30 . 2009-04-24 20:30--------d-----wc:\windows\EHome
2009-04-24 18:18 . 2009-04-24 18:18--------d-sh--wc:\documents and settings\Administrator\PrivacIE
2009-04-24 11:56 . 2009-04-24 11:56615----a-wc:\windows\system32\OiUCZVG.vbs
2009-04-24 11:56 . 2009-04-24 11:56615----a-wc:\windows\system32\GHz7U94BXB0tf.vbs
2009-04-24 11:53 . 2009-04-24 11:53615----a-wc:\windows\system32\q3RkZjT3pCdOpdK.vbs
2009-04-24 11:39 . 2009-04-24 11:39615----a-wc:\windows\system32\ontfZYW.vbs
2009-04-21 12:56 . 2005-05-26 07:342297552----a-wc:\windows\system32\d3dx9_26.dll
2009-04-21 12:55 . 2009-04-21 12:55--------d-----wc:\windows\system32\AGEIA
2009-04-21 03:25 . 2005-12-22 06:1049152----a-rc:\windows\amcap.exe
2009-04-17 05:34 . 2009-03-06 14:22284160-c----wc:\windows\system32\dllcache\pdh.dll
2009-04-17 05:34 . 2009-02-09 12:10401408-c----wc:\windows\system32\dllcache\rpcss.dll
2009-04-17 05:34 . 2009-02-06 11:11110592-c----wc:\windows\system32\dllcache\services.exe
2009-04-17 05:34 . 2009-02-09 12:10473600-c----wc:\windows\system32\dllcache\fastprox.dll
2009-04-17 05:34 . 2009-02-09 12:10729088-c----wc:\windows\system32\dllcache\lsasrv.dll
2009-04-17 05:34 . 2009-02-09 12:10453120-c----wc:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 05:34 . 2009-02-06 10:10227840-c----wc:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 05:34 . 2009-02-09 12:10714752-c----wc:\windows\system32\dllcache\ntdll.dll
2009-04-17 05:34 . 2009-02-09 12:10617472-c----wc:\windows\system32\dllcache\advapi32.dll
2009-04-17 05:34 . 2009-02-06 11:062145280-c----wc:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-17 05:34 . 2009-02-06 11:082189056-c----wc:\windows\system32\dllcache\ntoskrnl.exe
2009-04-17 05:33 . 2009-02-06 10:322023936-c----wc:\windows\system32\dllcache\ntkrpamp.exe
2009-04-17 05:11 . 2008-05-03 11:552560------wc:\windows\system32\xpsp4res.dll
2009-04-17 05:11 . 2008-04-21 12:08215552-c----wc:\windows\system32\dllcache\wordpad.exe
2009-04-07 14:13 . 2009-04-07 14:2164902----a-wc:\windows\War3Unin.dat
2009-04-07 14:13 . 2009-04-07 14:202829----a-wc:\windows\War3Unin.pif
2009-04-07 14:13 . 2009-04-07 14:20139264----a-wc:\windows\War3Unin.exe
2009-04-07 13:18 . 2008-10-09 20:522036576----a-wc:\windows\system32\D3DCompiler_40.dll
2009-04-07 13:18 . 2008-10-09 20:52452440----a-wc:\windows\system32\d3dx10_40.dll
2009-04-07 13:18 . 2008-10-09 20:524379984----a-wc:\windows\system32\D3DX9_40.dll
2009-04-07 13:18 . 2007-07-19 10:14444776----a-wc:\windows\system32\d3dx10_35.dll
2009-04-07 13:18 . 2007-07-19 10:141358192----a-wc:\windows\system32\D3DCompiler_35.dll
2009-04-07 13:18 . 2007-07-19 10:143727720----a-wc:\windows\system32\d3dx9_35.dll
2009-04-07 13:18 . 2009-04-07 13:18--------d-----wc:\windows\Logs
2009-04-05 13:36 . 2009-04-05 13:36--------d-sh--wc:\documents and settings\Steven\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 23:34 . 2008-12-01 08:33--------d-----wc:\program files\Eset
2009-04-24 22:47 . 2009-04-24 22:46--------d-----wc:\program files\Malwarebytes' Anti-Malware
2009-04-24 21:53 . 2006-09-16 00:00896216----a-wc:\documents and settings\Steven\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 20:41 . 2005-03-30 21:1276487----a-wc:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-24 20:35 . 2005-03-31 20:04250048--sha-rC:\ntldr
2009-04-24 20:30 . 2009-04-24 20:30--------d-----wc:\program files\Trend Micro
2009-04-24 17:37 . 2008-11-30 11:18--------d-----wc:\program files\PokerStars
2009-04-24 12:46 . 2009-01-17 06:46--------d-----wc:\program files\Slot Nuts
2009-04-24 12:45 . 2009-01-17 06:26--------d-----wc:\program files\Plenty Jackpot
2009-04-24 12:45 . 2009-01-17 06:35--------d-----wc:\program files\Mighty Slots
2009-04-24 12:36 . 2009-01-12 06:34--------d-----wc:\program files\99 Slot Machine
2009-04-24 11:59 . 2008-12-01 08:25--------d-----wc:\program files\LimeWire
2009-04-24 11:58 . 2008-12-01 08:25--------d-----wc:\documents and settings\Steven\Application Data\LimeWire
2009-04-24 06:52 . 2005-03-30 21:17--------d--h--wc:\program files\InstallShield Installation Information
2009-04-24 06:52 . 2005-06-07 04:021513----a-wc:\windows\eReg.dat
2009-04-24 06:46 . 2005-06-07 03:56--------d-----wc:\program files\EA Games
2009-04-24 06:33 . 2009-03-18 16:59--------d-----wc:\program files\SpeedItUpFree
2009-04-24 05:59 . 2008-11-15 13:12--------d-----wc:\documents and settings\Steven\Application Data\Skype
2009-04-24 02:45 . 2008-11-16 07:51--------d-----wc:\documents and settings\Steven\Application Data\skypePM
2009-04-23 06:58 . 2008-11-15 14:27398----a-wC:\Shortcut to My Documents.lnk
2009-04-22 09:48 . 2005-03-30 13:0290112----a-wc:\windows\DUMP68cc.tmp
2009-04-22 09:29 . 2009-04-07 14:11--------d-----wc:\program files\Warcraft III
2009-04-21 12:55 . 2009-04-21 12:55--------d-----wc:\program files\AGEIA Technologies
2009-04-21 12:54 . 2009-04-21 12:54--------d-----wc:\program files\Common Files\Wise Installation Wizard
2009-04-21 12:47 . 2009-04-21 12:47--------d-----wc:\program files\UBISOFT
2009-04-19 15:27 . 2009-04-19 15:201119----a-wC:\aoeWVlog.txt
2009-04-19 15:26 . 2009-04-19 15:206006----a-wC:\aoedoppl.txt
2009-04-08 12:57 . 2009-04-08 12:57--------d-----wc:\program files\Alcohol Soft
2009-03-29 10:21 . 2006-07-06 22:50--------d-----wc:\program files\Java
2009-03-23 17:54 . 2006-06-29 01:00--------d-----wc:\program files\Common Files\Adobe
2009-03-21 17:20 . 2008-11-16 08:08--------d-----wc:\documents and settings\All Users\Application Data\Yahoo!
2009-03-21 17:20 . 2006-10-22 03:55--------d-----wc:\program files\Yahoo!
2009-03-21 17:20 . 2008-11-16 08:14--------d-----wc:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-18 16:59 . 2009-03-18 16:59724992----a-wc:\windows\iun6002.exe
2009-03-18 07:02 . 2009-03-18 07:02--------d-----wc:\documents and settings\Steven\Application Data\Uniblue
2009-03-08 21:19 . 2009-02-02 05:26410984----a-wc:\windows\system32\deploytk.dll
2009-03-08 03:03 . 2008-11-15 13:08--------d-----wc:\documents and settings\Steven\Application Data\BearShare
2009-03-07 20:34 . 2005-03-31 20:04914944----a-wc:\windows\system32\wininet.dll
2009-03-07 20:34 . 2005-03-31 20:0443008----a-wc:\windows\system32\licmgr10.dll
2009-03-07 20:33 . 2005-03-31 20:0418944----a-wc:\windows\system32\corpol.dll
2009-03-07 20:33 . 2005-03-31 20:04420352----a-wc:\windows\system32\vbscript.dll
2009-03-07 20:32 . 2005-03-31 20:0472704----a-wc:\windows\system32\admparse.dll
2009-03-07 20:32 . 2005-03-31 20:0471680----a-wc:\windows\system32\iesetup.dll
2009-03-07 20:31 . 2005-03-31 20:0434816----a-wc:\windows\system32\imgutil.dll
2009-03-07 20:31 . 2005-03-31 20:0448128----a-wc:\windows\system32\mshtmler.dll
2009-03-07 20:31 . 2005-03-31 20:0445568----a-wc:\windows\system32\mshta.exe
2009-03-07 20:22 . 2005-03-31 20:04156160----a-wc:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-03-31 20:04284160----a-wc:\windows\system32\pdh.dll
2009-03-03 15:59 . 2009-03-02 01:29--------d-----wc:\program files\Common Files\Logitech
2009-03-02 03:04 . 2009-03-02 03:04--------d-----wc:\program files\Common Files\LogiShrd
2009-03-02 03:04 . 2009-03-02 03:04--------d-----wc:\documents and settings\All Users\Application Data\Logishrd
2009-03-02 03:04 . 2009-03-02 03:04--------d-----wc:\documents and settings\All Users\Application Data\Logitech
2009-03-02 03:04 . 2009-03-02 01:27--------d-----wc:\program files\Logitech
2009-03-02 01:50 . 2009-03-02 01:28183----a-wC:\LogiSetup.log
2009-03-02 01:29 . 2009-03-02 01:29--------d-----wc:\program files\Windows Media Components
2009-02-09 12:10 . 2005-03-31 20:04729088----a-wc:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-03-31 20:04401408----a-wc:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-03-31 20:04714752----a-wc:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-03-31 20:04617472----a-wc:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-03-31 20:041846784----a-wc:\windows\system32\win32k.sys
2009-02-07 11:02 . 2004-08-03 22:592066048----a-wc:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2005-03-31 20:04110592----a-wc:\windows\system32\services.exe
2009-02-06 11:08 . 2005-03-31 20:042189056----a-wc:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-03-31 20:0435328----a-wc:\windows\system32\sc.exe
2009-02-03 19:59 . 2005-03-31 20:0456832----a-wc:\windows\system32\secur32.dll
2009-01-28 12:13 . 2009-01-28 12:1332328----a-wc:\documents and settings\Steven\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"ManyCam"="c:\program files\ManyCam 2.3\ManyCam.exe" [2008-10-14 1791272]
"SpeedItUpEX"="c:\program files\SpeedItUpFree\SpeedItUp.exe" [2009-04-24 2274816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-01 344064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PowerS"="c:\windows\PowerS.exe" [2001-08-04 159800]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"nod32upd"="c:\program files\Eset\fc_upd.dll" [2009-04-24 3584]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-14 40960]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-10-29 921600]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=

R3 SunkFilt6;Alcor Micro Corp - 6360;

S0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2004-08-28 97920]
S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 CXTuner;Conexant TVTuner;c:\windows\system32\drivers\CXTuner.sys [2004-04-07 28127]
S3 CXVideo;Conexant Capture;c:\windows\system32\drivers\CXVCap.sys [2004-04-07 100092]
S3 CXXBar;Conexant Crossbar;c:\windows\system32\drivers\CXXBar.sys [2004-04-07 8301]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{7E8807C1-9A2A-4268-91BD-AD92DAF46F7A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
HKLM-Run-farstone - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = https://reg.vugames.com/home.do?sku=71608&src=WREG
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Steven\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 07:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)?0?[emailprotected]??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6920)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
COMPLETION time: 2009-04-24 7:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-24 23:38

Pre-Run: 166,826,389,504 bytes free
Post-Run: 167,150,800,896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

305--- E O F ---2009-04-24 21:41
Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
.
Locate fixme.reg on your Desktop and double-click it.

Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

How is the computer running now?everything is WORKING fine now, and a little faster may i add. thanks a lot for your help. at least my wife wont be angry why i stayed up all night! Sounds good.

Torrents/P2P/Warez...whatever you call it is always a big risk. You could be giving away your identity by using them. Then I'm sure she would really be mad!

Final suggestions.

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Solve : pls help re: wma/trojandownloader.getcodec.gen?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment