Hi stretchy,

Welcome to Dell Community Malware Removal Forums,

Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.

Failure to reply in three (3) days will result in this topic being marked as inactive, in you need more time then that is fine, but please let me know.

I have made a personnel decision to not offer help to those with P2P programs or cracked software installed, if you have it installed please remove it now. If you have it installed and do not know how to remove it, let me know and will will remove it for you.

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

• Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:

• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

I need to see some additional information about what is happening in your machine.
Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• When done, DDS will open two (2) logs

• Save both reports to your desktop.
• The instructions here ask you to attach the Attach.txt.

• Instead of attaching, please copy/past both logs into your next reply.

• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE

Please COPY/PASTE your MBAM log and BOTH DDS logs.

Thankyou,
K27.

Attach.txt file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS

LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 23/08/2006 6:55:32 PM
System Uptime: 08/05/2010 6:52:46 AM (2186 hours

ago)

Motherboard: Dell Inc. |  | 0XD720
Processor: Genuine Intel(R) CPU           T2500  @

2.00GHz | Microprocessor | 1995/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 107 GiB total, 41.992 GiB

free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 298 GiB total, 7.064 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP911: 29/07/2010 1:02:53 PM - System Checkpoint
RP912: 30/07/2010 7:39:20 PM - System Checkpoint
RP913: 31/07/2010 9:42:34 PM - System Checkpoint
RP914: 02/08/2010 11:49:58 AM - System Checkpoint
RP915: 03/08/2010 1:12:43 PM - System Checkpoint
RP916: 03/08/2010 7:36:53 PM - Software

Distribution Service 3.0
RP917: 05/08/2010 7:50:22 AM - System Checkpoint
RP918: 06/08/2010 12:57:31 PM - System Checkpoint

==== Installed Programs ======================


µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.2
Adobe Shockwave Player 11
Any Video Converter 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Internet Security
Blair Witch Volume One - Rustin Parr
Bonjour
Broadcom Management Programs
CCleaner
CDRWIN 6.1
Cole2k Media - Codec Pack (Advanced) 6.1.0
Condition Zero
Condition Zero Deleted Scenes
Conexant HDA D110 MDC V.92 Modem
Counter-Strike
Critical Update for Windows Media Player 11

(KB959772)
Dell AIO 810
Dell ResourceCD
Dell Support 3.1
Dell System Restore
Diablo II
Direct Show Ogg Vorbis Filter (remove only)
DivX Connected
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Doom 3
E.M. DVD Copy 2.01
ffdshow [rev 1723] [2007-12-24]
Free Mp3 Wma Converter V 1.8.0
GameTap
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1

(KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1

(KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
LeapFrog Connect
LeapFrog Tag Plugin
LEGO Star Wars
Logitech Gaming Software
Malwarebytes' Anti-Malware
mCore
MCU
mDrWiFi
Media Library Management Wizard
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update

(KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows

XP
Microsoft Internationalized Domain Names Mitigation

APIs
Microsoft Kernel-Mode Driver Framework Feature Pack

1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Outlook Connector
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack

1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86

8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.4148
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (3.6.8)
mPfMgr
mPfWiz
mProSafe
mSSO
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mXML
mZConfig
Nero Suite
NVIDIA Drivers
OGA Notifier 2.0.0048.0
oggcodecs 0.71.0946
PDFCreator
Personal License Update Wizard for Windows Media

Player
Plus! MP3 Audio Converter LE
Prince of Persia The Sands of Time
QuickTime
RarZilla Free Unrar 2.53
RealPlayer
Security Update for Step By Step Interactive

Training (KB898458)
Security Update for Step By Step Interactive

Training (KB923723)
Security Update for Windows Internet Explorer 7

(KB928090)
Security Update for Windows Internet Explorer 7

(KB929969)
Security Update for Windows Internet Explorer 7

(KB931768)
Security Update for Windows Internet Explorer 7

(KB933566)
Security Update for Windows Internet Explorer 7

(KB937143)
Security Update for Windows Internet Explorer 7

(KB938127)
Security Update for Windows Internet Explorer 7

(KB939653)
Security Update for Windows Internet Explorer 7

(KB942615)
Security Update for Windows Internet Explorer 7

(KB944533)
Security Update for Windows Internet Explorer 7

(KB950759)
Security Update for Windows Internet Explorer 7

(KB953838)
Security Update for Windows Internet Explorer 7

(KB956390)
Security Update for Windows Internet Explorer 7

(KB958215)
Security Update for Windows Internet Explorer 7

(KB960714)
Security Update for Windows Internet Explorer 7

(KB961260)
Security Update for Windows Internet Explorer 8

(KB969897)
Security Update for Windows Internet Explorer 8

(KB971961)
Security Update for Windows Internet Explorer 8

(KB972260)
Security Update for Windows Internet Explorer 8

(KB974455)
Security Update for Windows Internet Explorer 8

(KB976325)
Security Update for Windows Internet Explorer 8

(KB978207)
Security Update for Windows Internet Explorer 8

(KB981332)
Security Update for Windows Internet Explorer 8

(KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10

(KB911565)
Security Update for Windows Media Player 10

(KB917734)
Security Update for Windows Media Player 11

(KB936782)
Security Update for Windows Media Player 11

(KB954154)
Security Update for Windows Media Player 6.4

(KB925398)
Security Update for Windows Media Player 9

(KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SoulSeek Client 156c
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product

Registration
Star Wars Galactic Battlegrounds: Saga
Star Wars Starfighter
Steam
Synaptics Pointing Device Driver
Tarzan
Update for Microsoft .NET Framework 3.5 SP1

(KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Use the entry named LeapFrog Connect to uninstall

(LeapFrog Tag Plugin)
VBA (2627.01)
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - LeapFrog (FlyUsb) USB 

(06/15/2007 1.0.0.6)
Windows Driver Package - LeapFrog (FlyUsb) USB 

(11/05/2008 1.1.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool

(KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Playlist Import to Excel

Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
WinRAR archiver
X-Men(TM) - The Official Game
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

03/08/2010 4:24:29 PM, error: Dhcp [1002]  - The IP

address lease 192.168.0.101 for the Network Card

with network address 001302E09858 has been denied

by the DHCP server 192.168.0.1 (The DHCP Server

sent a DHCPNACK message).
02/08/2010 9:26:52 PM, error: Service Control

Manager [7034]  - The Creative Labs Licensing

Service service terminated unexpectedly.  It has

done this 1 time(s).
02/08/2010 9:26:36 PM, error: Service Control

Manager [7031]  - The Apple Mobile Device service

terminated unexpectedly.  It has done this 4

time(s).  The following corrective action will be

taken in 60000 milliseconds: Restart the service.
02/08/2010 9:26:10 PM, error: Service Control

Manager [7034]  - The SeaPort service terminated

unexpectedly.  It has done this 1 time(s).
02/08/2010 9:25:52 PM, error: Service Control

Manager [7034]  - The iPod Service service

terminated unexpectedly.  It has done this 1

time(s).
02/08/2010 9:25:31 PM, error: Service Control

Manager [7031]  - The Apple Mobile Device service

terminated unexpectedly.  It has done this 3

time(s).  The following corrective action will be

taken in 60000 milliseconds: Restart the service.
02/08/2010 9:23:54 PM, error: Service Control

Manager [7031]  - The Apple Mobile Device service

terminated unexpectedly.  It has done this 2

time(s).  The following corrective action will be

taken in 60000 milliseconds: Restart the service.
02/08/2010 9:23:49 PM, error: Service Control

Manager [7034]  - The Machine Debug Manager service

terminated unexpectedly.  It has done this 1

time(s).
02/08/2010 9:23:32 PM, error: Service Control

Manager [7034]  - The Intel(R) PROSet/Wireless SSO

Service service terminated unexpectedly.  It has

done this 1 time(s).
02/08/2010 9:23:21 PM, error: Service Control

Manager [7034]  - The Bonjour Service service

terminated unexpectedly.  It has done this 1

time(s).
02/08/2010 9:23:16 PM, error: Service Control

Manager [7034]  - The Intel(R) PROSet/Wireless

Service service terminated unexpectedly.  It has

done this 1 time(s).
02/08/2010 9:22:59 PM, error: Service Control

Manager [7034]  - The SecuROM User Access Service

(V7) service terminated unexpectedly.  It has done

this 1 time(s).
02/08/2010 7:59:43 PM, error: Service Control

Manager [7000]  - The npkcrypt service failed to

start due to the following error:  The system

cannot find the path specified.
02/08/2010 7:54:38 PM, error: Service Control

Manager [7031]  - The Apple Mobile Device service

terminated unexpectedly.  It has done this 1

time(s).  The following corrective action will be

taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

Here is the Mbam log, moving on to the next step, downloading dds

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4402

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/08/2010 7:54:14 AM
mbam-log-2010-08-07 (07-54-14).txt

Scan type: Quick scan
Objects scanned: 143860
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86 
Run by Stretch at  8:14:48.59 on 07/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1276 [GMT -4:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)   {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Internet Security *On-access scanning enabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *enabled*   {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\DOCUME~1\Stretch\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\Imgtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DivX\DivX Connected\Bin\DivX Connected\DivXConnectedMonitor.exe
C:\Program Files\DivX\DivX Connected\Bin\DivX Connected\DivXConnectedScanner.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Stretch\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ca.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {32b44bb5-c0ff-4c3e-99df-b176f07a46d1} -
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a5a8a47d-bfea-4379-96eb-30749394493d} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [ImgTask] c:\windows\Imgtask.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189985240203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vturq.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet

explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stretch\applic~1\mozilla\firefox\profiles\0uo8ahti.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2341904&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com/
FF - plugin: c:\games\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2010-7-17 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2010-7-17 188168]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2010-7-17 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-7-17 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-15 165456]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-2-25 214664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-15 40384]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2010-7-17 119200]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-15 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-15 40384]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-12-27 18560]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-2-25 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-2-25 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-25 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-25 40552]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
S4 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2006-8-24 69120]

=============== Created Last 30 ================

2010-08-07 11:43:10    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-07 11:43:09    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-08-07 11:43:09    0    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-08-07 11:31:40    0    d-----w-    c:\program files\CCleaner
2010-07-23 11:05:46    0    d-----w-    c:\program files\iPod
2010-07-23 11:05:27    0    d-----w-    c:\program files\iTunes
2010-07-21 23:01:30    3272    ----a-w-    c:\windows\system32\wbem\Outlook_01cb2928a84a4964.mof
2010-07-19 23:45:43    20480    ----a-r-    c:\windows\Imgtask.exe
2010-07-17 20:23:39    312912    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2010-07-17 20:23:36    99280    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2010-07-17 20:23:18    188168    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2010-07-17 20:23:15    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2010-07-17 18:58:10    0    d-----w-    c:\program files\Trend Micro
2010-07-17 14:09:23    38848    ----a-w-    c:\windows\avastSS.scr
2010-07-14 01:55:46    744448    ------w-    c:\windows\system32\dllcache\helpsvc.exe
2010-07-11 12:20:17    0    d-----w-    c:\docume~1\stretch\applic~1\Tific

==================== Find3M  ====================

2010-07-27 06:30:35    8462336    ------w-    c:\windows\system32\dllcache\shell32.dll
2010-07-21 11:05:39    18023    ----a-w-    c:\windows\system32\nvModes.dat
2010-06-12 15:34:37    87    ----a-w-    c:\documents and settings\stretch\jagex_runescape_preferences2.dat
2010-06-12 15:33:37    45    ----a-w-    c:\documents and settings\stretch\jagex_runescape_preferences.dat
2010-06-03 01:23:54    0    ----a-w-    c:\documents and settings\stretch\jagex__preferences3.dat
2010-06-03 00:59:37    411368    ----a-w-    c:\windows\system32\deployJava1.dll
2010-05-18 20:35:16    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-05-18 20:35:16    75040    ----a-w-    c:\windows\system32\jdns_sd.dll
2010-05-18 20:35:16    197920    ----a-w-    c:\windows\system32\dnssdX.dll
2010-05-18 20:35:16    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2009-03-31 00:55:31    245760    -csha-w-    c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-08-31 13:19:25    32768    -csha-w-    c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083120080901\index.dat

============= FINISH:  8:15:38.53 ===============

Hi Stretchy,

In my opening post to you was this statement:

I have made a personnel decision to not offer help to those with P2P programs or cracked software installed, if you have it installed please remove it now. If you have it installed and do not know how to remove it, let me know and I will remove it for you.

;

Before we continue can I ask you to please read all the information in the link below as it contain information for Peer2Peer programs,
Not only is it illegal to download from P2P and torrent sites it is also a breeding ground for malware and more than likely the reason you were infected.
It would be futile to try and remove any infection on your system all the time P2P programs are installed.

Perils of P2P File Sharing

Then i need you to go to:

• Start (windows icon bottom left corner of screen)
• Control panel
• Add/Remove programs
• look for

uTorrent

• Uninstall
• Reboot PC

Then please uninstalll anything else running on the machine that may relate to P2P files sharing or cracked Software.

Post back once everything relating to P2P programs or Cracked software is removed so we may continue.
Thanks,
K27

My apologies,

I've currently removed Utorrent and verifying all questionable programs be removed!

I do believe I've already taken care of this but I want to make sure!

I will also be away for the next several days and will be away from my computer!

I will reply when I've returned, I'm anxious to solve this problem!

Stretchy

Stretchy,

Do you still require assistance?

Yes please, I've just returned from a few day away and was checking mail, etc and suddenly my cpu mem went to 100% while sitting idle for a few minutes as I stepped away from my computer.

Hi Stretchy,

PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBO-FIX, SO THAT COMBO-FIX IS NOT HINDERED IN ITS REMOVAL PROCESS

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

• Anti Virus
• Anti Spyware
• Firewall

Please download ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:

Combo-fix MUST be save to your desktop before running the tool

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When prompted to install the recovery console please make sure to do so as the is a VERY IMPORTANT backup of Combo-fix XP only

You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run Combo-Fix,
Post back and we will install it manually.

DO NOT mouse click when Combo-Fix is running as this will cause Combo-Fix to Stall and it will not work as it should

Please include the C:\ComboFix.txt in your next reply for further review.

Thanks,
K27.

Hello K27,

 I disabled avast anti-virus, my firewall and started to install combo-fix but during the installation process it told me to disable norton anti-virus.  The problem is I had uninstalled norton quite some time ago, why is it still showing as it's running!

Stretchy

Hi,

Unfortunately, when uninstalling some applications, things get left behind. Although there are left over components on the system, they are not active and are no problem to remove. We will take them out a bit later. As an side note, there are a few bits of McAfee left on the system also, we will also remove them a bit later.

Please re-run Combofix again and when you get a warning message that Norton is installed, please click OK and allow the tool to run.

Thanks.

Well, I'm not sure how this went.  I couldn't stop the program once I had started it. 

I hope everything worked out anyways but I have a BAD feeling, here's the log

ComboFix 10-08-12.03 - Stretch 13/08/2010  16:19:56.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1647 [GMT -4:00]
Running from: c:\documents and settings\Stretch\Desktop\ComboFix.exe
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1131041416
c:\program files\ppatch~1
c:\windows\admintxt.txt
c:\windows\Imgtask.exe
c:\windows\racle~1
c:\windows\system32\civhwggo.ini
c:\windows\system32\cuubetbw.ini
c:\windows\system32\Data
c:\windows\system32\eeogxgsf.ini
c:\windows\system32\fnjdjlql.ini
c:\windows\system32\inbensrn.ini
c:\windows\system32\jgiqgbvp.ini
c:\windows\system32\jyylcnmu.ini
c:\windows\system32\kakehwia.ini
c:\windows\system32\kgicpybn.ini
c:\windows\system32\ksgshspu.ini
c:\windows\system32\logs
c:\windows\system32\logs\{8E3DA1F3-4E31-4F60-8B3E-D9EBEC30DDFD}.log
c:\windows\system32\miabxgjs.ini
c:\windows\system32\mnlycnee.ini
c:\windows\system32\pboidwki.ini
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
c:\windows\system32\uhmsynlh.ini
c:\windows\system32\urqkjarg.ini
c:\windows\system32\vlnplgks.ini
c:\windows\system32\wtmaarvw.ini
c:\windows\system32\ystem~1
c:\windows\system32\ywqbcxfr.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


(((((((((((((((((((((((((   Files Created from 2010-07-13 to 2010-08-13  )))))))))))))))))))))))))))))))
.

2010-08-07 11:43 . 2010-08-13 20:06    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-08-07 11:31 . 2010-08-07 11:31    --------    d-----w-    c:\program files\CCleaner
2010-07-23 11:05 . 2010-07-23 11:05    --------    d-----w-    c:\program files\iPod
2010-07-23 11:05 . 2010-07-23 11:07    --------    d-----w-    c:\program files\iTunes
2010-07-17 20:23 . 2010-06-28 20:39    312912    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2010-07-17 20:23 . 2010-06-28 20:39    99280    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2010-07-17 20:23 . 2010-06-28 20:38    188168    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2010-07-17 20:23 . 2010-06-28 20:10    12112    ----a-w-    c:\windows\system32\drivers\aswNdis.sys
2010-07-17 18:58 . 2010-07-17 18:58    --------    d-----w-    c:\program files\Trend Micro
2010-07-17 14:09 . 2010-06-28 20:57    38848    ----a-w-    c:\windows\avastSS.scr
2010-07-16 01:50 . 2010-06-28 20:32    17744    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-07-16 01:50 . 2010-06-28 20:37    165456    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-07-16 01:49 . 2010-06-28 20:33    23376    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-07-16 01:49 . 2010-06-28 20:37    46672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-07-16 01:49 . 2010-06-28 20:32    100176    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2010-07-16 01:49 . 2010-06-28 20:32    94544    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2010-07-16 01:49 . 2010-06-28 20:32    28880    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2010-07-16 01:43 . 2010-06-28 20:57    165032    ----a-w-    c:\windows\system32\aswBoot.exe
2010-07-14 22:33 . 2010-07-14 22:33    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 22:17 . 2006-08-18 01:28    --------    d-----w-    c:\program files\Common Files\Java
2010-08-11 22:17 . 2006-08-18 01:29    --------    d-----w-    c:\program files\Java
2010-08-08 12:18 . 2006-12-01 02:11    --------    d-----w-    c:\program files\Soulseek
2010-08-08 00:42 . 2006-08-18 01:32    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-08-07 00:25 . 2009-08-08 12:29    --------    d-----w-    c:\documents and settings\Stretch\Application Data\uTorrent
2010-07-23 22:21 . 2006-12-02 21:33    --------    d-----w-    c:\program files\Dl_cats
2010-07-23 11:05 . 2007-12-26 14:55    --------    d-----w-    c:\program files\Common Files\Apple
2010-07-21 11:05 . 2006-08-18 01:17    18023    ----a-w-    c:\windows\system32\nvModes.dat
2010-07-17 13:40 . 2010-06-27 19:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\Norton
2010-07-17 09:00 . 2010-06-03 01:00    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-07-16 01:34 . 2010-02-05 03:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Alwil Software
2010-07-13 01:13 . 2007-02-03 23:48    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-07-13 01:09 . 2009-07-29 23:38    --------    d-----w-    c:\program files\SUPERAntiSpyware
2010-07-11 12:20 . 2010-07-11 12:20    --------    d-----w-    c:\documents and settings\Stretch\Application Data\Tific
2010-07-10 23:07 . 2010-05-29 01:33    --------    d-----w-    c:\documents and settings\Stretch\Application Data\Codemonster
2010-06-30 12:31 . 2004-08-11 22:00    149504    ----a-w-    c:\windows\system32\schannel.dll
2010-06-27 19:20 . 2010-06-27 19:20    --------    d-----w-    c:\program files\Windows Sidebar
2010-06-27 18:57 . 2010-06-27 18:57    --------    d-----w-    c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-24 12:22 . 2004-08-11 22:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-11 22:00    1851904    ----a-w-    c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-11 22:00    354304    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-06-19 00:26 . 2010-06-19 00:26    --------    d-----w-    c:\documents and settings\Stretch\Application Data\Malwarebytes
2010-06-19 00:26 . 2010-06-19 00:26    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-18 10:53 . 2010-06-18 10:52    --------    d-----w-    c:\program files\Bonjour
2010-06-17 14:03 . 2004-08-11 22:00    80384    ----a-w-    c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2004-08-11 22:00    1172480    ----a-w-    c:\windows\system32\msxml3.dll
2010-06-12 15:34 . 2010-06-03 01:23    87    ----a-w-    c:\documents and settings\Stretch\jagex_runescape_preferences2.dat
2010-06-12 15:33 . 2010-06-03 01:20    45    ----a-w-    c:\documents and settings\Stretch\jagex_runescape_preferences.dat
2010-06-03 01:23 . 2010-06-03 01:23    0    ----a-w-    c:\documents and settings\Stretch\jagex__preferences3.dat
2010-05-18 20:35 . 2010-05-18 20:35    91424    ----a-w-    c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35    75040    ----a-w-    c:\windows\system32\jdns_sd.dll
2010-05-18 20:35 . 2010-05-18 20:35    197920    ----a-w-    c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35    107808    ----a-w-    c:\windows\system32\dns-sd.exe
2008-03-03 21:39 . 2008-03-03 21:39    1243783    -csh--w-    c:\windows\system32\miabxgjs.tmp
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"nwiz"="nwiz.exe" [2006-03-21 1519616]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dlcgcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcgpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds Saga\\Game\\Battlegrounds.exe"=
"c:\\Program Files\\Steam\\steamapps\\stretch669\\counter-strike\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DivX\\DivX Connected\\Bin\\DivX Connected\\DivXConnected.exe"=
"e:\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [17/07/2010 4:23 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [17/07/2010 4:23 PM 188168]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [17/07/2010 4:23 PM 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17/07/2010 4:23 PM 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15/07/2010 9:50 PM 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/07/2010 9:50 PM 17744]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [17/07/2010 4:23 PM 119200]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [27/12/2008 10:04 AM 18560]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09/09/2007 7:03 PM 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32    128512    ----a-w-    c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-11 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com/?fr=fp-yie8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Stretch\Application Data\Mozilla\Firefox\Profiles\0uo8ahti.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2341904&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com/
FF - plugin: c:\games\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{32B44BB5-C0FF-4C3E-99DF-B176F07A46D1} - (no file)
BHO-{a5a8a47d-bfea-4379-96eb-30749394493d} - (no file)
ShellIconOverlayIdentifiers-{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ImgTask - c:\windows\Imgtask.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 16:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1314015853-3449716407-228989814-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17D271D7-75A5-4410-BD39-E3993715FEE9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1314015853-3449716407-228989814-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DCBAE151-ECC4-83F3-E441-8C60E573CAA2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abbnhmchplgmfgglfgoepjpmmemgoejpgg"=hex:61,61,00,00
"bbbnhmchplgmfgglfghfojegjdohheejiico"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2724)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\windows\system32\UAService7.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\stsystra.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\rundll32.exe
c:\docume~1\Stretch\LOCALS~1\Temp\clclean.0001
c:\windows\system32\dlcgcoms.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2010-08-13  17:06:53 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-13 21:06

Pre-Run: 46,938,767,360 bytes free
Post-Run: 46,781,894,656 bytes free

- - End Of File - - EB10379C0648ECF76145A4CA5E8E7A22

Hi Stretchy,

We need to get the recovery console installed before we can continue.

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.

---------------------------------------------------------------------

Make sure the file you just downloaded is saved to the Desktop.

--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

• Drag the setup package onto ComboFix.exe and drop it.
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

   

  

   

• At the next prompt, click 'Yes' to run the full ComboFix scan.
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply.

NOTE: PLEASE DO NOT MOUSE CLICK WHILE COMBOFIX IS RUNNING AS THIS MAY CAUSE IT TO STALL OR FREEZE AND IT WILL NOT WORK AS IT SHOULD

Please post me the new Combofix log.

Thanks.

Hi stretchy,

Please let me know if you still require assistance.

Thanks.