Solve : TDSSERV-Need help to remove?

1.	Solve : TDSSERV-Need help to remove?
Answer» I have the trojan tdsserv and need help to remove it from my system. My virus software cant delete it, but spyware doctor detects it (but i have the free version it cant delete it) and do not want to buy more virus software. So if anyone knows how to manually remove it please help. I have Hijack this. ps. i have had a string of trojans before this one and have deleted them(zlob and gaslide.b), although they could still be one the system.Welcome to CH. Please print these instructions as they will be needed later when Internet access is not available. Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/149534018/SDFix.exe.html When using this tool, you must use the Administrator's account or an account with Administrative rights Double click SDFix.exe and it will extract the files to %systemdrive% (this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet. Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Open the SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. Copy and paste the contents of the results file Report.txt in your next reply[/B]. Here is the report SDFix: Version 1.230 Run by User on Thu 02/10/2008 at 06:57 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Name : tdssserv Path : \systemroot\system32\drivers\TDSSserv.sys tdssserv - Deleted Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-02 19:22:32 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Mitch and Greg\Greg\Nero\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:9f,9c,2b,67,cc,da,2a,26,20,9b,cb,50,bf,77,10,ce,d4,8d,7b,37,ef,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,6b,25,44,a6,01,ae,01,20,6f,58,3b,36,6d,24,63,47,bd,.. "khjeh"=hex:63,6b,95,b6,1a,b1,a9,e9,ad,c9,fe,8f,be,a2,07,18,cc,0b,df,08,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:27,47,77,86,07,12,03,6f,b3,f4,02,a4,e6,60,9c,86,a9,67,02,7f,b9,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Mitch and Greg\Greg\Nero\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:9f,9c,2b,67,cc,da,2a,26,20,9b,cb,50,bf,77,10,ce,d4,8d,7b,37,ef,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,6b,25,44,a6,01,ae,01,20,6f,58,3b,36,6d,24,63,47,bd,.. "khjeh"=hex:63,6b,95,b6,1a,b1,a9,e9,ad,c9,fe,8f,be,a2,07,18,cc,0b,df,08,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:27,47,77,86,07,12,03,6f,b3,f4,02,a4,e6,60,9c,86,a9,67,02,7f,b9,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Games\\Battlefield 2\\BF2.exe"="C:\\Games\\Battlefield 2\\BF2.exe::Enabled:Battlefield 2" "C:\\Games\\Black and White\\runblack.exe"="C:\\Games\\Black and White\\runblack.exe::Enabled:lh" "C:\\Games\\Bet on Soldier Single Player Demo\\BoS.exe"="C:\\Games\\Bet on Soldier Single Player Demo\\BoS.exe::Disabled:BoS" "C:\\Demos\\Battlefield 2\\BF2.exe"="C:\\Demos\\Battlefield 2\\BF2.exe::Disabled:BF2" "C:\\Demos\\Steam\\SteamApps\\wolvf\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"="C:\\Demos\\Steam\\SteamApps\\wolvf\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe::Disabled:Rag_Doll_Kung_Fu_Steam" "C:\\Demos\\Bet on Soldier Single Player Demo\\BoS.exe"="C:\\Demos\\Bet on Soldier Single Player Demo\\BoS.exe::Disabled:BoS" "C:\\Games\\ragdoll\\SteamApps\\audio_stream\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"="C:\\Games\\ragdoll\\SteamApps\\audio_stream\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe::Enabled:Rag_Doll_Kung_Fu_Steam" "C:\\Games\\Game Spy\\Aphex.exe"="C:\\Games\\Game Spy\\Aphex.exe::Enabled:GAMESPY Arcade" "C:\\Demos\\Lord Of The Rings\\Rings.exe"="C:\\Demos\\Lord Of The Rings\\Rings.exe::Enabled:Rings" "C:\\Games\\Little Fighter\\LF2_v1.9c\\lf2.exe"="C:\\Games\\Little Fighter\\LF2_v1.9c\\lf2.exe::Enabled:lf2" "C:\\Demos\\Savage\\silverback.exe"="C:\\Demos\\Savage\\silverback.exe::Enabled:silverback" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE::Disabled:Internet Explorer" "C:\\Demos\\Battlefield 2\\Bf2_w32ded.exe"="C:\\Demos\\Battlefield 2\\Bf2_w32ded.exe::Enabled:Bf2_w32ded" "C:\\Demos\\Battlefield 2\\BF2VoipServer_w32ded.exe"="C:\\Demos\\Battlefield 2\\BF2VoipServer_w32ded.exe::Enabled:BF2VoipServer_w32ded" "C:\\Demos\\Battlefield 2\\BF2VoipServer.exe"="C:\\Demos\\Battlefield 2\\BF2VoipServer.exe::Enabled:BF2VoipServer" "C:\\Demos\\panzer\\PEA.exe"="C:\\Demos\\panzer\\PEA.exe::Disabled:PEA" "C:\\Games\\Steam\\SteamApps\\audio_stream\\counter-strike source\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\counter-strike source\\hl2.exe::Enabled:hl2" "C:\\Program Files\\Caplio Software\\RGateLXP.exe"="C:\\Program Files\\Caplio Software\\RGateLXP.exe::Enabled:RICOH Gate La for DSC" "C:\\Program Files\\Microsoft Games\\Rise Of Legends Demo\\legends.exe"="C:\\Program Files\\Microsoft Games\\Rise Of Legends Demo\\legends.exe::Enabled:Rise of Legends" "C:\\Demos\\Act of War High Treason Demo\\ActOfWar_HighTreason_Demo.exe"="C:\\Demos\\Act of War High Treason Demo\\ActOfWar_HighTreason_Demo.exe::Enabled:ActOfWar_HighTreason_Demo" "C:\\Games\\X Fire\\Xfire\\Xfire.exe"="C:\\Games\\X Fire\\Xfire\\Xfire.exe::Enabled:Xfire" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe::Enabled:LimeWire swarmed installer" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Enabled:LimeWire" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe::Enabled:DC++" "C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\133531VC\\WoW-Intro-enUS-downloader[1].exe"="C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\133531VC\\WoW-Intro-enUS-downloader[1].exe::Enabled:Blizzard Downloader" "C:\\Games\\Raikon\\Rakion\\Bin\\Rakion.bin"="C:\\Games\\Raikon\\Rakion\\Bin\\Rakion.bin::Enabled:Rakion" "C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2 deathmatch\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2 deathmatch\\hl2.exe::Enabled:hl2" "C:\\Demos\\LimeWire\\LimeWire.exe"="C:\\Demos\\LimeWire\\LimeWire.exe::Enabled:LimeWire" "C:\\Demos\\riseandfall\\Bin\\RiseAndFallDemo.exe"="C:\\Demos\\riseandfall\\Bin\\RiseAndFallDemo.exe::Disabled:Application" "C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2\\hl2.exe::Enabled:hl2" "C:\\Mitch and Greg\\Mitch\\LimeWire\\LimeWire.exe"="C:\\Mitch and Greg\\Mitch\\LimeWire\\LimeWire.exe::Enabled:LimeWire" "C:\\Games\\Warcraft III\\Warcraft III.exe"="C:\\Games\\Warcraft III\\Warcraft III.exe::Enabled:Warcraft III" "C:\\Demos\\firefox.exe"="C:\\Demos\\firefox.exe::Enabled:Firefox" "C:\\Games\\Trem\\tremulous.exe"="C:\\Games\\Trem\\tremulous.exe::Enabled:tremulous" "C:\\Demos\\Warhammer\\DarkCrusade.exe"="C:\\Demos\\Warhammer\\DarkCrusade.exe::Enabled:DarkCrusade" "C:\\Games\\Defcon\\defcon.exe"="C:\\Games\\Defcon\\defcon.exe::Enabled:Defcon" "C:\\Mitch and Greg\\Greg\\ChiChi\\Comet\\BitComet\\BitComet.exe"="C:\\Mitch and Greg\\Greg\\ChiChi\\Comet\\BitComet\\BitComet.exe::Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe::Enabled:Windows Media Player" "C:\\Games\\Warcraft III\\war3.exe"="C:\\Games\\Warcraft III\\war3.exe::Enabled:Warcraft III" "C:\\Games\\Never Winter Nights 2\\nwn2main.exe"="C:\\Games\\Never Winter Nights 2\\nwn2main.exe::Enabled:Neverwinter Nights 2 Main" "C:\\Games\\Never Winter Nights 2\\nwn2main_amdxp.exe"="C:\\Games\\Never Winter Nights 2\\nwn2main_amdxp.exe::Enabled:Neverwinter Nights 2 AMD" "C:\\Games\\Never Winter Nights 2\\nwupdate.exe"="C:\\Games\\Never Winter Nights 2\\nwupdate.exe::Enabled:Neverwinter Nights 2 Updater" "C:\\Games\\Never Winter Nights 2\\nwn2server.exe"="C:\\Games\\Never Winter Nights 2\\nwn2server.exe::Enabled:Neverwinter Nights 2 Server" "C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life deathmatch source\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life deathmatch source\\hl2.exe::Enabled:hl2" "C:\\Games\\MoC\\Warhammer.exe"="C:\\Games\\MoC\\Warhammer.exe::Enabled:Warhammer©: Mark of ChaosT" "C:\\Games\\Condition Zero\\czero.exe"="C:\\Games\\Condition Zero\\czero.exe::Enabled:Condition Zero Launcher" "C:\\Games\\Counter-Strike\\cstrike.exe"="C:\\Games\\Counter-Strike\\cstrike.exe::Enabled:CounterStrike Launcher" "C:\\Mitch and Greg\\Greg\\pics\\ImagineFX\\3dsMax8\\3dsmax.exe"="C:\\Mitch and Greg\\Greg\\pics\\ImagineFX\\3dsMax8\\3dsmax.exe::Enabled:Autodesk 3ds Max 8" "C:\\Program Files\\Autodesk\\backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\backburner\\monitor.exe::Enabled:backburner 2.3 monitor" "C:\\Program Files\\Autodesk\\backburner\\manager.exe"="C:\\Program Files\\Autodesk\\backburner\\manager.exe::Enabled:backburner 2.3 manager" "C:\\Program Files\\Autodesk\\backburner\\server.exe"="C:\\Program Files\\Autodesk\\backburner\\server.exe::Enabled:backburner 2.3 server" "C:\\Games\\Steam\\Steam.exe"="C:\\Games\\Steam\\Steam.exe::Enabled:Steam" "C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe::Enabled:Update Counter-Strike" "C:\\Mitch and Greg\\Greg\\Miller Stuff\\weird al\\Weird\\CounterStrike2D.exe"="C:\\Mitch and Greg\\Greg\\Miller Stuff\\weird al\\Weird\\CounterStrike2D.exe::Enabled:CounterStrike2D" "C:\\Games\\Silver\\Silverfall Demo\\Silverfall.exe"="C:\\Games\\Silver\\Silverfall Demo\\Silverfall.exe::Enabled:Silverfall" "C:\\Games\\Mechcommander Gold\\MCX.EXE"="C:\\Games\\Mechcommander Gold\\MCX.EXE::Enabled:MechCommander Desperate Measures" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe::Enabled:Microsoft DirectPlay Helper" "C:\\Program Files\\MicroProse\\MCX\\MCX.EXE"="C:\\Program Files\\MicroProse\\MCX\\MCX.EXE::Enabled:MechCmdr Expansion" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe::Enabled:SmartFTP Client 2.5" "C:\\Games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe::Enabled:Blizzard Downloader" "C:\\Games\\World of Warcraft\\WoW.exe"="C:\\Games\\World of Warcraft\\WoW.exe::Enabled:World of Warcraft" "C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe::Enabled:Blizzard Downloader" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe::Disabled:xpsp2res.dll,-22019" "C:\\Games\\Soldat\\Soldat.exe"="C:\\Games\\Soldat\\Soldat.exe::Enabled:Soldat" "C:\\Mitch and Greg\\Greg\\ChiChi\\Torrent\\bittorrent.exe"="C:\\Mitch and Greg\\Greg\\ChiChi\\Torrent\\bittorrent.exe::Enabled:BitTorrent" "C:\\Mitch and Greg\\Greg\\Bittorent\\BitTorrent\\bittorrent.exe"="C:\\Mitch and Greg\\Greg\\Bittorent\\BitTorrent\\bittorrent.exe::Enabled:BitTorrent" "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe::Enabled:BitTorrent DNA" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Games\\Fury\\Binaries\\Fury.exe"="C:\\Games\\Fury\\Binaries\\Fury.exe::Enabled:Fury" "C:\\Games\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"="C:\\Games\\Fury\\Binaries\\DiamondWare\\dwTVC.exe::Enabled:Fury VOIP" "C:\\Games\\Warcraft III\\GG-Client\\GGclient.exe"="C:\\Games\\Warcraft III\\GG-Client\\GGclient.exe::Enabled:GG E-Sports Platform Client" "C:\\Games\\Ventrilo\\ventrilo_srv.exe"="C:\\Games\\Ventrilo\\ventrilo_srv.exe::Enabled:ventrilo_srv" "C:\\Mitch and Greg\\Greg\\Veoh\\VeohClient.exe"="C:\\Mitch and Greg\\Greg\\Veoh\\VeohClient.exe::Enabled:Veoh Client" "C:\\Games\\AOWSM\\Age of Wonders Shadow Magic\\AoWSM.exe"="C:\\Games\\AOWSM\\Age of Wonders Shadow Magic\\AoWSM.exe::Enabled:Age of Wonders: Shadow Magic" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe::Enabled:Microsoft DirectPlay8 Server" "C:\\Games\\MC2\\Mc2Rel.exe"="C:\\Games\\MC2\\Mc2Rel.exe::Enabled:MechCommander 2 Game EXECUTABLE" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 9 Nov 2006 1,649,152 A..H. --- "C:\Games\Jumper.exe" Wed 31 Jul 2002 104 ..SH. --- "C:\WINDOWS\WSYS049.SYS" Mon 29 Aug 2005 121,240 A..HR --- "C:\Games\DoW\Disk1CheckW40k.EXE" Fri 19 Aug 2005 121,237 A..HR --- "C:\Games\DoW\Disk1Check.EXE" Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Wed 4 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 16 Nov 2003 137,728 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL0221.tmp" Sun 16 Nov 2003 140,800 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL0248.tmp" Sat 15 Nov 2003 28,672 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL0461.tmp" Sat 15 Nov 2003 28,672 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1292.tmp" Sat 15 Nov 2003 26,112 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1463.tmp" Sat 15 Nov 2003 26,112 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1531.tmp" Mon 11 Nov 2002 71,680 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1674.tmp" Sat 15 Nov 2003 25,088 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1831.tmp" Sat 15 Nov 2003 28,672 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3070.tmp" Sat 19 Feb 2005 29,696 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3185.tmp" Sat 15 Nov 2003 29,184 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3309.tmp" Mon 11 Nov 2002 72,192 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3649.tmp" Mon 11 Nov 2002 75,264 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3799.tmp" Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll" Sun 4 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 9 Nov 2006 1,649,152 A..H. --- "C:\Documents and Settings\User\Desktop\Stuff on USB\Jumper.exe" Sat 3 Jun 2006 56,320 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL0707.tmp" Sat 3 Jun 2006 25,600 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL1009.tmp" Sat 3 Jun 2006 50,688 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL1453.tmp" Sat 3 Jun 2006 47,104 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL2735.tmp" Sat 3 Jun 2006 25,088 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL3719.tmp" Sat 3 Jun 2006 44,032 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL3918.tmp" Wed 17 May 2006 24,576 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL0003.tmp" Thu 18 May 2006 26,624 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL2813.tmp" Thu 18 May 2006 26,112 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL3638.tmp" Thu 18 May 2006 25,600 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL3722.tmp" Thu 16 Jun 2005 32,768 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\english\~WRL0001.tmp" Thu 16 Jun 2005 33,280 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\english\~WRL3862.tmp" Thu 16 Jun 2005 33,280 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\english\~WRL4052.tmp" Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe" Sat 19 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg" Sat 19 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg" Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT5.tmp" Sat 30 Aug 2008 1,390,120 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6d60af59b300e891ebe3b192b8cb9849\BIT6.tmp" Mon 1 Sep 2008 249,881 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak" Sat 3 Jun 2006 39,424 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0527.tmp" Sat 3 Nov 2007 1,745 ...HR --- "C:\Documents and Settings\User\Application Data\SecuROM\UserData\securom_v7_01.bak" Sun 18 May 2008 26,112 ...H. --- "C:\Mitch and Greg\Greg\School\Year 11\Physics\~WRL3103.tmp" Finished! Now go HERE and follow the steps and post the 3 logs when complete.Ok I will just paste them in that i dont want the attachment (the logs )to be corripted or something SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/03/2008 at 10:22 AM Application Version : 4.20.1046 Core Rules Database Version : 3584 Trace Rules Database Version: 1572 Scan type : Complete Scan Total Scan Time : 01:38:50 Memory items scanned : 519 Memory threats detected : 0 Registry items scanned : 6713 Registry threats detected : 0 File items scanned : 155158 File threats detected : 0 MALWARE BYTES SCAN************************ Malwarebytes' Anti-Malware 1.28 Database version: 1226 Windows 5.1.2600 Service Pack 2 3/10/2008 11:09:46 AM mbam-log-2008-10-03 (11-09-46).txt Scan type: Quick Scan Objects scanned: 48302 Time elapsed: 3 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No MALICIOUS items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:15:50 AM, on 3/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Profiler\lwemon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Demos\UltimateZip\uzqkst.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Documents and Settings\User\Desktop\HiJackThis.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Mitch and Greg\Greg\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Premier Edition\osCheck.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Veoh] "C:\Mitch and Greg\Greg\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Mitch and Greg\Greg\pics\ImagineFX\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 10470 bytes THANKS FOR THE HELP!! I ran a scan with spydoctor and it still detected tdsserv in the registry....Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.ComboFix 08-10-02.04 - User 2008-10-03 12:35:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.569 [GMT 10:00] Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MCHINJDRV -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 ))))))))))))))))))))))))))))))) . 2008-10-03 12:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-10-03 12:24 . 2008-10-03 12:25 d-------- C:\Program Files\Java 2008-10-03 12:24 . 2008-10-03 12:24 d-------- C:\Program Files\Common Files\Java 2008-10-03 08:35 . 2008-10-03 08:35 d-------- C:\Program Files\CCleaner 2008-10-02 19:29 . 2008-10-02 19:58 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-10-02 18:54 . 2008-10-02 18:54 d-------- C:\WINDOWS\ERUNT 2008-10-02 18:30 . 2008-10-03 12:13 d-------- C:\SDFix 2008-10-02 11:32 . 2008-10-02 11:32 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files 2008-10-02 11:01 . 2008-10-02 12:10 d-------- C:\Documents and Settings\User\Application Data\Symantec 2008-10-02 10:59 . 2008-10-02 10:59 d-------- C:\Program Files\Windows Sidebar 2008-10-02 10:58 . 2008-10-02 11:39 d-------- C:\Program Files\Norton 360 Premier Edition 2008-10-02 10:57 . 2008-10-02 11:18 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-10-02 10:57 . 2008-10-02 11:18 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-10-02 10:57 . 2008-10-02 11:18 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-10-02 10:57 . 2008-10-02 11:18 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-10-02 10:56 . 2008-10-02 11:18 d-------- C:\Program Files\Symantec 2008-10-02 10:56 . 2008-10-02 13:42 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-02 10:55 . 2008-10-03 12:40 d-------- C:\Program Files\Common Files\Symantec Shared 2008-09-06 15:31 . 2008-09-06 15:31 d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest 2008-09-06 15:30 . 2008-09-06 15:30 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-09-06 15:29 . 2008-09-06 15:29 dr-hs---- C:\_Backup.RC 2008-09-06 15:29 . 2008-10-02 10:40 d--h----- C:\_Backup 2008-09-06 15:27 . 2008-09-06 15:27 d-------- C:\Program Files\Avanquest 2008-09-06 15:27 . 2008-09-06 15:27 d-------- C:\Documents and Settings\User\Application Data\Avanquest 2008-09-05 09:39 . 2008-09-05 09:39 d-------- C:\Documents and Settings\All Users\Application Data\f-secure 2008-09-05 08:50 . 2008-09-05 08:50 d-------- C:\Documents and Settings\Administrator 2008-09-05 07:57 . 2008-09-05 07:57 d-------- C:\Documents and Settings\All Users\Application Data\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-03 02:42 --------- d-----w C:\Documents and Settings\User\Application Data\Skype 2008-10-03 02:14 --------- d-----w C:\Documents and Settings\User\Application Data\skypePM 2008-10-02 22:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-02 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-02 09:39 --------- d-----w C:\Program Files\Spyware Doctor 2008-09-27 04:05 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll 2008-09-27 04:05 722,472 ----a-w C:\WINDOWS\system32\kdfmgr.exe 2008-09-27 04:05 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll 2008-09-27 04:05 192,512 ----a-w C:\WINDOWS\system32\kdfvmgr.exe 2008-09-27 01:14 81,288 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys 2008-09-27 01:14 66,952 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys 2008-09-27 01:14 40,840 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-09-27 01:14 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-09 14:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-09 14:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-09-06 05:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-01 11:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-01 11:17 --------- d-----w C:\Program Files\Lavasoft 2008-09-01 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-01 10:38 --------- d-----w C:\Program Files\RegFix Mantra 2008-09-01 10:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-09-01 06:29 --------- d-----w C:\Documents and Settings\User\Application Data\Malwarebytes 2008-09-01 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-31 06:41 --------- d-----w C:\Program Files\DNA 2008-08-31 02:12 --------- d-----w C:\Program Files\Exterminate It! 2008-08-31 01:59 --------- d-----w C:\Documents and Settings\User\Application Data\Sunbelt 2008-08-31 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sunbelt 2008-08-31 01:58 --------- d-----w C:\Program Files\Sunbelt Software 2008-08-30 13:54 --------- d-----w C:\Program Files\Enigma Software Group 2008-08-30 13:46 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-08-30 13:46 --------- d-----w C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com 2008-08-30 13:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-30 13:33 --------- d-----w C:\Documents and Settings\User\Application Data\PC Tools 2008-08-30 12:06 --------- d-----w C:\Documents and Settings\User\Application Data\Uniblue 2008-08-30 12:05 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2008-08-30 12:05 --------- d-----w C:\Program Files\Uniblue 2008-08-30 08:29 846,336 ----a-w C:\WINDOWS\system32\kdfinj.dll 2008-08-30 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-08-30 07:40 --------- d-----w C:\Program Files\Trend Micro 2008-08-26 07:20 59,176 ----a-w C:\WINDOWS\system32\sbbd.exe 2008-08-04 01:30 --------- d-----w C:\Documents and Settings\User\Application Data\SPORE Creature Creator 2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-14 08:35 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-04-15 03:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-01-06 05:33 1 ----a-w C:\Documents and Settings\User\SI.bin 2005-03-31 11:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] ="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-02-26 18:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] ="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-02-26 18:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] ="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-02-26 18:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208] "Steam"="c:\games\steam\steam.exe" [2008-03-28 1271032] "Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "Veoh"="C:\Mitch and Greg\Greg\Veoh\VeohClient.exe" [2008-02-22 3537968] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 21898024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 8466432] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-11 1397760] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "OpwareSE2"="C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe" [2003-05-08 49152] "VirtualCloneDrive"="C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208] "QuickTime Task"="C:\Mitch and Greg\Greg\Quick Time\qttask.exe" [2007-02-16 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 257088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 81920] "UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024] "SBAMTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-08-26 677160] "VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-10-12 173312] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-19 51048] "osCheck"="C:\Program Files\Norton 360 Premier Edition\osCheck.exe" [2008-02-27 988512] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "nwiz"="nwiz.exe" [2007-06-29 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\User\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] UltimateZip Quick Start.lnk - C:\Demos\UltimateZip\uzqkst.exe [2005-02-26 303616] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] ="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] ="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Demos\\Battlefield 2\\BF2.exe"= "C:\\Demos\\Bet on Soldier Single Player Demo\\BoS.exe"= "C:\\Games\\Game Spy\\Aphex.exe"= "C:\\Games\\Little Fighter\\LF2_v1.9c\\lf2.exe"= "C:\\Demos\\Battlefield 2\\Bf2_w32ded.exe"= "C:\\Demos\\Battlefield 2\\BF2VoipServer_w32ded.exe"= "C:\\Demos\\Battlefield 2\\BF2VoipServer.exe"= "C:\\Games\\Steam\\SteamApps\\audio_stream\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Caplio Software\\RGateLXP.exe"= "C:\\Games\\X Fire\\Xfire\\Xfire.exe"= "C:\\Demos\\LimeWire\\LimeWire.exe"= "C:\\Mitch and Greg\\Mitch\\LimeWire\\LimeWire.exe"= "C:\\Demos\\firefox.exe"= "C:\\Mitch and Greg\\Greg\\ChiChi\\Comet\\BitComet\\BitComet.exe"= "C:\\Program Files\\Windows Media Player\\wmplayer.exe"= "C:\\Games\\Never Winter Nights 2\\nwn2main.exe"= "C:\\Games\\Never Winter Nights 2\\nwn2main_amdxp.exe"= "C:\\Games\\Never Winter Nights 2\\nwupdate.exe"= "C:\\Games\\Never Winter Nights 2\\nwn2server.exe"= "C:\\Games\\Counter-Strike\\cstrike.exe"= "C:\\Mitch and Greg\\Greg\\pics\\ImagineFX\\3dsMax8\\3dsmax.exe"= "C:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "C:\\Program Files\\Autodesk\\backburner\\manager.exe"= "C:\\Program Files\\Autodesk\\backburner\\server.exe"= "C:\\Games\\Steam\\Steam.exe"= "C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"= "C:\\Mitch and Greg\\Greg\\Miller Stuff\\weird al\\Weird\\CounterStrike2D.exe"= "C:\\Games\\Mechcommander Gold\\MCX.EXE"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\MicroProse\\MCX\\MCX.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"= "C:\\Games\\World of Warcraft\\WoW.exe"= "C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Games\\Soldat\\Soldat.exe"= "C:\\Mitch and Greg\\Greg\\Bittorent\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\BitTorrent_DNA\\dna.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Games\\Warcraft III\\GG-Client\\GGclient.exe"= "C:\\Mitch and Greg\\Greg\\Veoh\\VeohClient.exe"= "C:\\Games\\AOWSM\\Age of Wonders Shadow Magic\\AoWSM.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Games\\MC2\\Mc2Rel.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8940:TCP"= 8940:TCP:BitComet 8940 TCP "8940:UDP"= 8940:UDP:BitComet 8940 UDP "6112:TCP"= 6112:TCP:Port 6112 TCP "6112:UDP"= 6112:UDP:warcraft3(1) "6113:TCP"= 6113:TCP:warcaft3 "6114:TCP"= 6114:TCP:warcaft3 "6115:TCP"= 6115:TCP:warcaft4 "6116:TCP"= 6116:TCP:warcaft3 "6117:TCP"= 6117:TCP:warcraft3 "6118:TCP"= 6118:TCP:warcraft3 "6119:TCP"= 6119:TCP:warcraft3 R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-19 149352] S2 SBAMSvc;Sunbelt VIPRE Antivirus Service;C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-08-26 869672] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888] S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2007-10-12 20496] S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [2007-11-06 87848] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdcb93cf-55f8-11dd-b276-0013d3635782}] \Shell\AutoRun\command - H:\LaunchU3.exe -a Newly Created Service - COMHOST . - - - - ORPHANS REMOVED - - - - HKCU-Run-PowerBar - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9icl1eap.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.au/ . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-03 12:41:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe . ********************************************************************** . Completion time: 2008-10-03 12:47:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-03 02:47:23 Pre-Run: 82,341,744,640 bytes free Post-Run: 82,276,352,000 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 280 --- E O F --- 2008-10-02 11:54:15 here is HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:59:58 AM, on 4/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Profiler\lwemon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Demos\UltimateZip\uzqkst.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\Demos\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Documents and Settings\User\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Mitch and Greg\Greg\Quick Time\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Premier Edition\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Mitch and Greg\Greg\pics\ImagineFX\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe Thank you very much! You don't know how much I owe you!!!Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: MCHINJDRV 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze ---------- Disable the System Restore Utility to flush infected restore points 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Download OTCleanIt.exe and save it to your Desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes*. The tool will delete itself once it finishes, if not delete it yourself. . ---------- Run CCleaner. ---------- Run this online scan. This scanner requires Internet Explorer* Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. ---------- How is everything now?I will have the results from your steps tomorrow or later today, I am hung up in arrangements. I appreciate you waiting. Also i will be UNABLE to run the ESET scan due to restrictions (dont ask why). Is there any other scan i could run that would not require the internet? Thankyou very much.You can run Dr Web instead. Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows: Double-click on drweb-cureit.exe and then click Start. An Express Scan of your PC notice will appear. Under Start the Express Scan Now Click OK to start. This is a short scan that will scan the files currently running in memory. If or when something is found, click the Yes button when it asks you if you want to cure it. Once the short scan has finished, Click Options > Change settings Choose the Scan tab and UNcheck Heuristic analysis and click OK Back at the main window, select the Complete scan button. Then click the Green Arrow Start Scanning button on the right and the scan will start. Click Yes to all if it asks if you want to cure/move any file(s). When the scan is done. In the Dr.Web CureIt menu on top left, click File and choose Save report list. Save the DrWeb.csv report to your Desktop. Exit Dr.Web Cureit. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. [/COLOR] After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad Copy and paste that log in the next reply Here is the Dr.Web scan. But before that, i did the Dr.Web scan first because i was unsure about the notepad script step. If you could explain what it does that would be great and then ill do it and the OTcleaner and CCleaner after. Anyway during the drweb scan i think it moved combofix and said combofix was a virus, will i be able to use it again or should i re download it to desktop? Yeah i checked combofix isnt on the desktop anymore....will i have to redownload it? Sorry for doing the last step first...i was unsure what the code stuff did. So sorry. If you could tell me how to redo the steps i skipped and what they do. Sorry. Thankyou for all your help. Here is the Dr.Web log. ComboFix.exe\32788R22FWJFW\List-C.bat;C:\Documents and Settings\User\Desktop\ComboFix.exe;Probably BATCH.Virus;; ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\User\Desktop\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\User\Desktop;Archive contains infected objects;Moved.; Dc4.exe\SDFix\apps\Process.exe;C:\RECYCLER\S-1-5-21-1614895754-507921405-725345543-1003\Dc4.exe;Tool.Prockill;; Dc4.exe;C:\RECYCLER\S-1-5-21-1614895754-507921405-725345543-1003;Archive contains infected objects;Moved.; Process.exe;C:\RECYCLER\S-1-5-21-1614895754-507921405-725345543-1003\Dc3\apps;Tool.Prockill;Moved.; A0000590.bat;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP5;Probably BATCH.Virus;Moved.; A0000602.EXE;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP5;Program.PsExec.170;Moved.; data007\data001;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001750.exe\data007;Adware.Shopper;; data007\data002;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001750.exe\data007;Adware.SaveNow.128;; data007;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001750.exe;Archive contains infected objects;; A0001750.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7;Archive contains infected objects;Moved.; A0001751.exe\32788R22FWJFW\List-C.bat;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001751.exe;Probably BATCH.Virus;; A0001751.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001751.exe;Program.PsExec.171;; A0001751.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7;Archive contains infected objects;Moved.; A0001752.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001752.exe;Tool.Prockill;; A0001752.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7;Archive contains infected objects;Moved.; Also i will have the next step you give done in the nest 4 four days some more arrangements have popped up and will slow me down in the things i can do on the computer. I appreciate you waiting.It doesn't look like anything new was found. How is the computer running now?My computers running great! Thankyou!!! I owe you a lot. Should i go back and do the combofix steps to delete that file or whatever it does, because i never did it? The notepad code step. If you think the computer is ok i wont bother but if you think it would be good ill do it. But the combofix files got quarantined and now i cant use them, should i redownload ? THANK for all your help!

Answer»

I have the trojan tdsserv and need help to remove it from my system. My virus software cant delete it, but spyware doctor detects it (but i have the free version it cant delete it) and do not want to buy more virus software.

So if anyone knows how to manually remove it please help. I have Hijack this.

ps. i have had a string of trojans before this one and have deleted them(zlob and gaslide.b), although they could still be one the system.Welcome to CH.

Please print these instructions as they will be needed later when Internet access is not available.

Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/149534018/SDFix.exe.html

When using this tool, you must use the Administrator's account or an account with Administrative rights

Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix).
DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Copy and paste the contents of the results file Report.txt in your next reply[/B].

Here is the report

SDFix: Version 1.230
Run by User on Thu 02/10/2008 at 06:57 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
tdssserv

Path :
\systemroot\system32\drivers\TDSSserv.sys

tdssserv - Deleted

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 19:22:32
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Mitch and Greg\Greg\Nero\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9f,9c,2b,67,cc,da,2a,26,20,9b,cb,50,bf,77,10,ce,d4,8d,7b,37,ef,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,25,44,a6,01,ae,01,20,6f,58,3b,36,6d,24,63,47,bd,..
"khjeh"=hex:63,6b,95,b6,1a,b1,a9,e9,ad,c9,fe,8f,be,a2,07,18,cc,0b,df,08,01,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:27,47,77,86,07,12,03,6f,b3,f4,02,a4,e6,60,9c,86,a9,67,02,7f,b9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Mitch and Greg\Greg\Nero\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:9f,9c,2b,67,cc,da,2a,26,20,9b,cb,50,bf,77,10,ce,d4,8d,7b,37,ef,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6b,25,44,a6,01,ae,01,20,6f,58,3b,36,6d,24,63,47,bd,..
"khjeh"=hex:63,6b,95,b6,1a,b1,a9,e9,ad,c9,fe,8f,be,a2,07,18,cc,0b,df,08,01,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:27,47,77,86,07,12,03,6f,b3,f4,02,a4,e6,60,9c,86,a9,67,02,7f,b9,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Games\\Battlefield 2\\BF2.exe"="C:\\Games\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Games\\Black and White\\runblack.exe"="C:\\Games\\Black and White\\runblack.exe:*:Enabled:lh"
"C:\\Games\\Bet on Soldier Single Player Demo\\BoS.exe"="C:\\Games\\Bet on Soldier Single Player Demo\\BoS.exe:*:Disabled:BoS"
"C:\\Demos\\Battlefield 2\\BF2.exe"="C:\\Demos\\Battlefield 2\\BF2.exe:*:Disabled:BF2"
"C:\\Demos\\Steam\\SteamApps\\wolvf\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"="C:\\Demos\\Steam\\SteamApps\\wolvf\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe:*:Disabled:Rag_Doll_Kung_Fu_Steam"
"C:\\Demos\\Bet on Soldier Single Player Demo\\BoS.exe"="C:\\Demos\\Bet on Soldier Single Player Demo\\BoS.exe:*:Disabled:BoS"
"C:\\Games\\ragdoll\\SteamApps\\audio_stream\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"="C:\\Games\\ragdoll\\SteamApps\\audio_stream\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe:*:Enabled:Rag_Doll_Kung_Fu_Steam"
"C:\\Games\\Game Spy\\Aphex.exe"="C:\\Games\\Game Spy\\Aphex.exe:*:Enabled:GAMESPY Arcade"
"C:\\Demos\\Lord Of The Rings\\Rings.exe"="C:\\Demos\\Lord Of The Rings\\Rings.exe:*:Enabled:Rings"
"C:\\Games\\Little Fighter\\LF2_v1.9c\\lf2.exe"="C:\\Games\\Little Fighter\\LF2_v1.9c\\lf2.exe:*:Enabled:lf2"
"C:\\Demos\\Savage\\silverback.exe"="C:\\Demos\\Savage\\silverback.exe:*:Enabled:silverback"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Demos\\Battlefield 2\\Bf2_w32ded.exe"="C:\\Demos\\Battlefield 2\\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded"
"C:\\Demos\\Battlefield 2\\BF2VoipServer_w32ded.exe"="C:\\Demos\\Battlefield 2\\BF2VoipServer_w32ded.exe:*:Enabled:BF2VoipServer_w32ded"
"C:\\Demos\\Battlefield 2\\BF2VoipServer.exe"="C:\\Demos\\Battlefield 2\\BF2VoipServer.exe:*:Enabled:BF2VoipServer"
"C:\\Demos\\panzer\\PEA.exe"="C:\\Demos\\panzer\\PEA.exe:*:Disabled:PEA"
"C:\\Games\\Steam\\SteamApps\\audio_stream\\counter-strike source\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Caplio Software\\RGateLXP.exe"="C:\\Program Files\\Caplio Software\\RGateLXP.exe:*:Enabled:RICOH Gate La for DSC"
"C:\\Program Files\\Microsoft Games\\Rise Of Legends Demo\\legends.exe"="C:\\Program Files\\Microsoft Games\\Rise Of Legends Demo\\legends.exe:*:Enabled:Rise of Legends"
"C:\\Demos\\Act of War High Treason Demo\\ActOfWar_HighTreason_Demo.exe"="C:\\Demos\\Act of War High Treason Demo\\ActOfWar_HighTreason_Demo.exe:*:Enabled:ActOfWar_HighTreason_Demo"
"C:\\Games\\X Fire\\Xfire\\Xfire.exe"="C:\\Games\\X Fire\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\133531VC\\WoW-Intro-enUS-downloader[1].exe"="C:\\Documents and Settings\\User\\Local Settings\\Temporary Internet Files\\Content.IE5\\133531VC\\WoW-Intro-enUS-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Games\\Raikon\\Rakion\\Bin\\Rakion.bin"="C:\\Games\\Raikon\\Rakion\\Bin\\Rakion.bin:*:Enabled:Rakion"
"C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2 deathmatch\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Demos\\LimeWire\\LimeWire.exe"="C:\\Demos\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Demos\\riseandfall\\Bin\\RiseAndFallDemo.exe"="C:\\Demos\\riseandfall\\Bin\\RiseAndFallDemo.exe:*:Disabled:Application"
"C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Mitch and Greg\\Mitch\\LimeWire\\LimeWire.exe"="C:\\Mitch and Greg\\Mitch\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Games\\Warcraft III\\Warcraft III.exe"="C:\\Games\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Demos\\firefox.exe"="C:\\Demos\\firefox.exe:*:Enabled:Firefox"
"C:\\Games\\Trem\\tremulous.exe"="C:\\Games\\Trem\\tremulous.exe:*:Enabled:tremulous"
"C:\\Demos\\Warhammer\\DarkCrusade.exe"="C:\\Demos\\Warhammer\\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\\Games\\Defcon\\defcon.exe"="C:\\Games\\Defcon\\defcon.exe:*:Enabled:Defcon"
"C:\\Mitch and Greg\\Greg\\ChiChi\\Comet\\BitComet\\BitComet.exe"="C:\\Mitch and Greg\\Greg\\ChiChi\\Comet\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Games\\Warcraft III\\war3.exe"="C:\\Games\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Games\\Never Winter Nights 2\\nwn2main.exe"="C:\\Games\\Never Winter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Games\\Never Winter Nights 2\\nwn2main_amdxp.exe"="C:\\Games\\Never Winter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Games\\Never Winter Nights 2\\nwupdate.exe"="C:\\Games\\Never Winter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Games\\Never Winter Nights 2\\nwn2server.exe"="C:\\Games\\Never Winter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life deathmatch source\\hl2.exe"="C:\\Games\\Steam\\SteamApps\\audio_stream\\half-life deathmatch source\\hl2.exe:*:Enabled:hl2"
"C:\\Games\\MoC\\Warhammer.exe"="C:\\Games\\MoC\\Warhammer.exe:*:Enabled:Warhammer©: Mark of ChaosT"
"C:\\Games\\Condition Zero\\czero.exe"="C:\\Games\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\\Games\\Counter-Strike\\cstrike.exe"="C:\\Games\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher"
"C:\\Mitch and Greg\\Greg\\pics\\ImagineFX\\3dsMax8\\3dsmax.exe"="C:\\Mitch and Greg\\Greg\\pics\\ImagineFX\\3dsMax8\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"="C:\\Program Files\\Autodesk\\backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\backburner\\server.exe"="C:\\Program Files\\Autodesk\\backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Games\\Steam\\Steam.exe"="C:\\Games\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"="C:\\Program Files\\Sierra On-Line\\SIGSPat.exe:*:Enabled:Update Counter-Strike"
"C:\\Mitch and Greg\\Greg\\Miller Stuff\\weird al\\Weird\\CounterStrike2D.exe"="C:\\Mitch and Greg\\Greg\\Miller Stuff\\weird al\\Weird\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\Games\\Silver\\Silverfall Demo\\Silverfall.exe"="C:\\Games\\Silver\\Silverfall Demo\\Silverfall.exe:*:Enabled:Silverfall"
"C:\\Games\\Mechcommander Gold\\MCX.EXE"="C:\\Games\\Mechcommander Gold\\MCX.EXE:*:Enabled:MechCommander Desperate Measures"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\MicroProse\\MCX\\MCX.EXE"="C:\\Program Files\\MicroProse\\MCX\\MCX.EXE:*:Enabled:MechCmdr Expansion"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Games\\World of Warcraft\\WoW.exe"="C:\\Games\\World of Warcraft\\WoW.exe:*:Enabled:World of Warcraft"
"C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:xpsp2res.dll,-22019"
"C:\\Games\\Soldat\\Soldat.exe"="C:\\Games\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Mitch and Greg\\Greg\\ChiChi\\Torrent\\bittorrent.exe"="C:\\Mitch and Greg\\Greg\\ChiChi\\Torrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Mitch and Greg\\Greg\\Bittorent\\BitTorrent\\bittorrent.exe"="C:\\Mitch and Greg\\Greg\\Bittorent\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Games\\Fury\\Binaries\\Fury.exe"="C:\\Games\\Fury\\Binaries\\Fury.exe:*:Enabled:Fury"
"C:\\Games\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"="C:\\Games\\Fury\\Binaries\\DiamondWare\\dwTVC.exe:*:Enabled:Fury VOIP"
"C:\\Games\\Warcraft III\\GG-Client\\GGclient.exe"="C:\\Games\\Warcraft III\\GG-Client\\GGclient.exe:*:Enabled:GG E-Sports Platform Client"
"C:\\Games\\Ventrilo\\ventrilo_srv.exe"="C:\\Games\\Ventrilo\\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\\Mitch and Greg\\Greg\\Veoh\\VeohClient.exe"="C:\\Mitch and Greg\\Greg\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Games\\AOWSM\\Age of Wonders Shadow Magic\\AoWSM.exe"="C:\\Games\\AOWSM\\Age of Wonders Shadow Magic\\AoWSM.exe:*:Enabled:Age of Wonders: Shadow Magic"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Games\\MC2\\Mc2Rel.exe"="C:\\Games\\MC2\\Mc2Rel.exe:*:Enabled:MechCommander 2 Game EXECUTABLE"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 9 Nov 2006 1,649,152 A..H. --- "C:\Games\Jumper.exe"
Wed 31 Jul 2002 104 ..SH. --- "C:\WINDOWS\WSYS049.SYS"
Mon 29 Aug 2005 121,240 A..HR --- "C:\Games\DoW\Disk1CheckW40k.EXE"
Fri 19 Aug 2005 121,237 A..HR --- "C:\Games\DoW\Disk1Check.EXE"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 4 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 16 Nov 2003 137,728 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL0221.tmp"
Sun 16 Nov 2003 140,800 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL0248.tmp"
Sat 15 Nov 2003 28,672 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL0461.tmp"
Sat 15 Nov 2003 28,672 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1292.tmp"
Sat 15 Nov 2003 26,112 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1463.tmp"
Sat 15 Nov 2003 26,112 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1531.tmp"
Mon 11 Nov 2002 71,680 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1674.tmp"
Sat 15 Nov 2003 25,088 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL1831.tmp"
Sat 15 Nov 2003 28,672 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3070.tmp"
Sat 19 Feb 2005 29,696 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3185.tmp"
Sat 15 Nov 2003 29,184 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3309.tmp"
Mon 11 Nov 2002 72,192 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3649.tmp"
Mon 11 Nov 2002 75,264 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\~WRL3799.tmp"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Sun 4 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 9 Nov 2006 1,649,152 A..H. --- "C:\Documents and Settings\User\Desktop\Stuff on USB\Jumper.exe"
Sat 3 Jun 2006 56,320 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL0707.tmp"
Sat 3 Jun 2006 25,600 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL1009.tmp"
Sat 3 Jun 2006 50,688 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL1453.tmp"
Sat 3 Jun 2006 47,104 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL2735.tmp"
Sat 3 Jun 2006 25,088 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL3719.tmp"
Sat 3 Jun 2006 44,032 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\Chemistry\~WRL3918.tmp"
Wed 17 May 2006 24,576 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL0003.tmp"
Thu 18 May 2006 26,624 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL2813.tmp"
Thu 18 May 2006 26,112 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL3638.tmp"
Thu 18 May 2006 25,600 ...H. --- "C:\Mitch and Greg\Mitch\Year 12\SOR2U\~WRL3722.tmp"
Thu 16 Jun 2005 32,768 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\english\~WRL0001.tmp"
Thu 16 Jun 2005 33,280 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\english\~WRL3862.tmp"
Thu 16 Jun 2005 33,280 A..H. --- "C:\Previous Computer\Mitch & Greg\mitch\english\~WRL4052.tmp"
Sat 13 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sat 19 Jan 2008 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Sat 19 Jan 2008 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT5.tmp"
Sat 30 Aug 2008 1,390,120 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6d60af59b300e891ebe3b192b8cb9849\BIT6.tmp"
Mon 1 Sep 2008 249,881 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Sat 3 Jun 2006 39,424 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0527.tmp"
Sat 3 Nov 2007 1,745 ...HR --- "C:\Documents and Settings\User\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 18 May 2008 26,112 ...H. --- "C:\Mitch and Greg\Greg\School\Year 11\Physics\~WRL3103.tmp"

Finished!

Now go HERE and follow the steps and post the 3 logs when complete.Ok I will just paste them in that i dont want the attachment (the logs )to be corripted or something

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/03/2008 at 10:22 AM

Application Version : 4.20.1046

Core Rules Database Version : 3584
Trace Rules Database Version: 1572

Scan type : Complete Scan
Total Scan Time : 01:38:50

Memory items scanned : 519
Memory threats detected : 0
Registry items scanned : 6713
Registry threats detected : 0
File items scanned : 155158
File threats detected : 0

MALWARE BYTES SCAN**************************

Malwarebytes' Anti-Malware 1.28
Database version: 1226
Windows 5.1.2600 Service Pack 2

3/10/2008 11:09:46 AM
mbam-log-2008-10-03 (11-09-46).txt

Scan type: Quick Scan
Objects scanned: 48302
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No MALICIOUS items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:50 AM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe
C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Demos\UltimateZip\uzqkst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Mitch and Greg\Greg\Quick Time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Premier Edition\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Mitch and Greg\Greg\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Mitch and Greg\Greg\pics\ImagineFX\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10470 bytes

THANKS FOR THE HELP!!
I ran a scan with spydoctor and it still detected tdsserv in the registry....Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.ComboFix 08-10-02.04 - User 2008-10-03 12:35:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.569 [GMT 10:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-10-03 12:25 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-10-03 12:24 . 2008-10-03 12:25      d--------   C:\Program Files\Java
2008-10-03 12:24 . 2008-10-03 12:24      d--------   C:\Program Files\Common Files\Java
2008-10-03 08:35 . 2008-10-03 08:35      d--------   C:\Program Files\CCleaner
2008-10-02 19:29 . 2008-10-02 19:58      d--------   C:\WINDOWS\system32\CatRoot_bak
2008-10-02 18:54 . 2008-10-02 18:54      d--------   C:\WINDOWS\ERUNT
2008-10-02 18:30 . 2008-10-03 12:13      d--------   C:\SDFix
2008-10-02 11:32 . 2008-10-02 11:32      d--------   C:\Documents and Settings\All Users\Symantec Temporary Files
2008-10-02 11:01 . 2008-10-02 12:10      d--------   C:\Documents and Settings\User\Application Data\Symantec
2008-10-02 10:59 . 2008-10-02 10:59      d--------   C:\Program Files\Windows Sidebar
2008-10-02 10:58 . 2008-10-02 11:39      d--------   C:\Program Files\Norton 360 Premier Edition
2008-10-02 10:57 . 2008-10-02 11:18   123,952   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-02 10:57 . 2008-10-02 11:18   60,800   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-02 10:57 . 2008-10-02 11:18   10,671   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-02 10:57 . 2008-10-02 11:18   805   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-02 10:56 . 2008-10-02 11:18      d--------   C:\Program Files\Symantec
2008-10-02 10:56 . 2008-10-02 13:42      d--------   C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-02 10:55 . 2008-10-03 12:40      d--------   C:\Program Files\Common Files\Symantec Shared
2008-09-06 15:31 . 2008-09-06 15:31      d--------   C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-09-06 15:30 . 2008-09-06 15:30      d--------   C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-06 15:29 . 2008-09-06 15:29      dr-hs----   C:\_Backup.RC
2008-09-06 15:29 . 2008-10-02 10:40      d--h-----   C:\_Backup
2008-09-06 15:27 . 2008-09-06 15:27      d--------   C:\Program Files\Avanquest
2008-09-06 15:27 . 2008-09-06 15:27      d--------   C:\Documents and Settings\User\Application Data\Avanquest
2008-09-05 09:39 . 2008-09-05 09:39      d--------   C:\Documents and Settings\All Users\Application Data\f-secure
2008-09-05 08:50 . 2008-09-05 08:50      d--------   C:\Documents and Settings\Administrator
2008-09-05 07:57 . 2008-09-05 07:57      d--------   C:\Documents and Settings\All Users\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 02:42   ---------   d-----w   C:\Documents and Settings\User\Application Data\Skype
2008-10-03 02:14   ---------   d-----w   C:\Documents and Settings\User\Application Data\skypePM
2008-10-02 22:46   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-02 22:39   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-02 09:39   ---------   d-----w   C:\Program Files\Spyware Doctor
2008-09-27 04:05   77,824   ----a-w   C:\WINDOWS\system32\kdfapi.dll
2008-09-27 04:05   722,472   ----a-w   C:\WINDOWS\system32\kdfmgr.exe
2008-09-27 04:05   53,248   ----a-w   C:\WINDOWS\system32\Kdfhok.dll
2008-09-27 04:05   192,512   ----a-w   C:\WINDOWS\system32\kdfvmgr.exe
2008-09-27 01:14   81,288   ----a-w   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-27 01:14   66,952   ----a-w   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-27 01:14   40,840   ----a-w   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-27 01:14   ---------   d-----w   C:\Program Files\Malwarebytes' Anti-Malware
2008-09-09 14:04   38,528   ----a-w   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-09 14:03   17,200   ----a-w   C:\WINDOWS\system32\drivers\mbam.sys
2008-09-06 05:23   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-09-01 11:54   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-09-01 11:17   ---------   d-----w   C:\Program Files\Lavasoft
2008-09-01 11:17   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-01 10:38   ---------   d-----w   C:\Program Files\RegFix Mantra
2008-09-01 10:35   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-01 06:29   ---------   d-----w   C:\Documents and Settings\User\Application Data\Malwarebytes
2008-09-01 06:29   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-31 06:41   ---------   d-----w   C:\Program Files\DNA
2008-08-31 02:12   ---------   d-----w   C:\Program Files\Exterminate It!
2008-08-31 01:59   ---------   d-----w   C:\Documents and Settings\User\Application Data\Sunbelt
2008-08-31 01:59   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-08-31 01:58   ---------   d-----w   C:\Program Files\Sunbelt Software
2008-08-30 13:54   ---------   d-----w   C:\Program Files\Enigma Software Group
2008-08-30 13:46   ---------   d-----w   C:\Program Files\SUPERAntiSpyware
2008-08-30 13:46   ---------   d-----w   C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2008-08-30 13:46   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-30 13:33   ---------   d-----w   C:\Documents and Settings\User\Application Data\PC Tools
2008-08-30 12:06   ---------   d-----w   C:\Documents and Settings\User\Application Data\Uniblue
2008-08-30 12:05   ---------   dc-h--w   C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-08-30 12:05   ---------   d-----w   C:\Program Files\Uniblue
2008-08-30 08:29   846,336   ----a-w   C:\WINDOWS\system32\kdfinj.dll
2008-08-30 07:46   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-08-30 07:40   ---------   d-----w   C:\Program Files\Trend Micro
2008-08-26 07:20   59,176   ----a-w   C:\WINDOWS\system32\sbbd.exe
2008-08-04 01:30   ---------   d-----w   C:\Documents and Settings\User\Application Data\SPORE Creature Creator
2008-07-18 12:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 12:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-14 08:35   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-04-15 03:20   32   ----a-w   C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-06 05:33   1   ----a-w   C:\Documents and Settings\User\SI.bin
2005-03-31 11:17   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 18:34   576352   --a------   C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 18:34   576352   --a------   C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 18:34   576352   --a------   C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"Steam"="c:\games\steam\steam.exe" [2008-03-28 1271032]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2004-04-23 77824]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Veoh"="C:\Mitch and Greg\Greg\Veoh\VeohClient.exe" [2008-02-22 3537968]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 8466432]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-11 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"OpwareSE2"="C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe" [2003-05-08 49152]
"VirtualCloneDrive"="C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"QuickTime Task"="C:\Mitch and Greg\Greg\Quick Time\qttask.exe" [2007-02-16 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 257088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 81920]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"SBAMTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-08-26 677160]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-10-12 173312]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-19 51048]
"osCheck"="C:\Program Files\Norton 360 Premier Edition\osCheck.exe" [2008-02-27 988512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2007-06-29 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
UltimateZip Quick Start.lnk - C:\Demos\UltimateZip\uzqkst.exe [2005-02-26 303616]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Demos\\Battlefield 2\\BF2.exe"=
"C:\\Demos\\Bet on Soldier Single Player Demo\\BoS.exe"=
"C:\\Games\\Game Spy\\Aphex.exe"=
"C:\\Games\\Little Fighter\\LF2_v1.9c\\lf2.exe"=
"C:\\Demos\\Battlefield 2\\Bf2_w32ded.exe"=
"C:\\Demos\\Battlefield 2\\BF2VoipServer_w32ded.exe"=
"C:\\Demos\\Battlefield 2\\BF2VoipServer.exe"=
"C:\\Games\\Steam\\SteamApps\\audio_stream\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Caplio Software\\RGateLXP.exe"=
"C:\\Games\\X Fire\\Xfire\\Xfire.exe"=
"C:\\Demos\\LimeWire\\LimeWire.exe"=
"C:\\Mitch and Greg\\Mitch\\LimeWire\\LimeWire.exe"=
"C:\\Demos\\firefox.exe"=
"C:\\Mitch and Greg\\Greg\\ChiChi\\Comet\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Games\\Never Winter Nights 2\\nwn2main.exe"=
"C:\\Games\\Never Winter Nights 2\\nwn2main_amdxp.exe"=
"C:\\Games\\Never Winter Nights 2\\nwupdate.exe"=
"C:\\Games\\Never Winter Nights 2\\nwn2server.exe"=
"C:\\Games\\Counter-Strike\\cstrike.exe"=
"C:\\Mitch and Greg\\Greg\\pics\\ImagineFX\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Games\\Steam\\Steam.exe"=
"C:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"C:\\Mitch and Greg\\Greg\\Miller Stuff\\weird al\\Weird\\CounterStrike2D.exe"=
"C:\\Games\\Mechcommander Gold\\MCX.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\MicroProse\\MCX\\MCX.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Games\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Games\\World of Warcraft\\WoW.exe"=
"C:\\Games\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Games\\Soldat\\Soldat.exe"=
"C:\\Mitch and Greg\\Greg\\Bittorent\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Games\\Warcraft III\\GG-Client\\GGclient.exe"=
"C:\\Mitch and Greg\\Greg\\Veoh\\VeohClient.exe"=
"C:\\Games\\AOWSM\\Age of Wonders Shadow Magic\\AoWSM.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Games\\MC2\\Mc2Rel.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8940:TCP"= 8940:TCP:BitComet 8940 TCP
"8940:UDP"= 8940:UDP:BitComet 8940 UDP
"6112:TCP"= 6112:TCP:Port 6112 TCP
"6112:UDP"= 6112:UDP:warcraft3(1)
"6113:TCP"= 6113:TCP:warcaft3
"6114:TCP"= 6114:TCP:warcaft3
"6115:TCP"= 6115:TCP:warcaft4
"6116:TCP"= 6116:TCP:warcaft3
"6117:TCP"= 6117:TCP:warcraft3
"6118:TCP"= 6118:TCP:warcraft3
"6119:TCP"= 6119:TCP:warcraft3

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-19 149352]
S2 SBAMSvc;Sunbelt VIPRE Antivirus Service;C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-08-26 869672]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys [2007-10-12 20496]
S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys [2007-11-06 87848]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdcb93cf-55f8-11dd-b276-0013d3635782}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PowerBar - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9icl1eap.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.au/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 12:41:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-03 12:47:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 02:47:23

Pre-Run: 82,341,744,640 bytes free
Post-Run: 82,276,352,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

280   --- E O F ---   2008-10-02 11:54:15

here is HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:58 AM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe
C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Demos\UltimateZip\uzqkst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Demos\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\Cannon MF5700\Software 1\OpwareSE2.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Games\Mechcommander Gold\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Mitch and Greg\Greg\Quick Time\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360 Premier Edition\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Demos\UltimateZip\uzqkst.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Mitch and Greg\Greg\pics\ImagineFX\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt VIPRE Antivirus Service (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Thank you very much! You don't know how much I owe you!!!Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Driver::
MCHINJDRV
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Disable the System Restore Utility to flush infected restore points

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.

Now re-enable System Restore

To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.

----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
----------

Run CCleaner.

----------

Run this online scan.

This scanner requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

----------

How is everything now?I will have the results from your steps tomorrow or later today, I am hung up in arrangements. I appreciate you waiting. Also i will be UNABLE to run the ESET scan due to restrictions (dont ask why). Is there any other scan i could run that would not require the internet?

Thankyou very much.You can run Dr Web instead.

Download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe and then click Start.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now Click OK to start.
- This is a short scan that will scan the files currently running in memory.
- If or when something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis and click OK
Back at the main window, select the Complete scan button.
Then click the Green Arrow Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
When the scan is done.
In the Dr.Web CureIt menu on top left, click File and choose Save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

[/COLOR]

After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
Copy and paste that log in the next reply

Here is the Dr.Web scan. But before that, i did the Dr.Web scan first because i was unsure about the notepad script step. If you could explain what it does that would be great and then ill do it and the OTcleaner and CCleaner after. Anyway during the drweb scan i think it moved combofix and said combofix was a virus, will i be able to use it again or should i re download it to desktop? Yeah i checked combofix isnt on the desktop anymore....will i have to redownload it? Sorry for doing the last step first...i was unsure what the code stuff did.

So sorry. If you could tell me how to redo the steps i skipped and what they do. Sorry.

Thankyou for all your help. Here is the Dr.Web log.

ComboFix.exe\32788R22FWJFW\List-C.bat;C:\Documents and Settings\User\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\User\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\User\Desktop;Archive contains infected objects;Moved.;
Dc4.exe\SDFix\apps\Process.exe;C:\RECYCLER\S-1-5-21-1614895754-507921405-725345543-1003\Dc4.exe;Tool.Prockill;;
Dc4.exe;C:\RECYCLER\S-1-5-21-1614895754-507921405-725345543-1003;Archive contains infected objects;Moved.;
Process.exe;C:\RECYCLER\S-1-5-21-1614895754-507921405-725345543-1003\Dc3\apps;Tool.Prockill;Moved.;
A0000590.bat;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP5;Probably BATCH.Virus;Moved.;
A0000602.EXE;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP5;Program.PsExec.170;Moved.;
data007\data001;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001750.exe\data007;Adware.Shopper;;
data007\data002;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001750.exe\data007;Adware.SaveNow.128;;
data007;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001750.exe;Archive contains infected objects;;
A0001750.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7;Archive contains infected objects;Moved.;
A0001751.exe\32788R22FWJFW\List-C.bat;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001751.exe;Probably BATCH.Virus;;
A0001751.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001751.exe;Program.PsExec.171;;
A0001751.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7;Archive contains infected objects;Moved.;
A0001752.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7\A0001752.exe;Tool.Prockill;;
A0001752.exe;C:\System Volume Information\_restore{1BBABAE2-E34D-48CE-9DCA-81B84E7BDC7E}\RP7;Archive contains infected objects;Moved.;

Also i will have the next step you give done in the nest 4 four days some more arrangements have popped up and will slow me down in the things i can do on the computer. I appreciate you waiting.It doesn't look like anything new was found. How is the computer running now?My computers running great! Thankyou!!! I owe you a lot.

Should i go back and do the combofix steps to delete that file or whatever it does, because i never did it? The notepad code step. If you think the computer is ok i wont bother but if you think it would be good ill do it. But the combofix files got quarantined and now i cant use them, should i redownload ?

THANK for all your help!

Solve : TDSSERV-Need help to remove?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment