Spware infection persists even after FULL/DEEP antivirus/antispyware scans!

Alright well thaught I'd be able to get myself out of this one on my own but find myself fed up with this so I decided to come to you guys for help. First off for security I have Bitdefender 10 Internet Security full suite (antivirus, firewall, etc) and I am also running the newest Spysweeper version which picked up alot more than Bitdefender did. I have also installed another usefull tool called Super System Helper which I can use to view running processes and completely block my system from ever running then again.

Alright so my problem is that BD and SS arn't picking up any more spyware that remains on my HDD but they do pick up new threats. The things that are happening include: IE popups (most of the time with error 404 cuz I have the IP blacklisted), GUI windows leading to URLs, ocasionally tray icon saying my system is infected leading to fake antispyware sites, google is shot always re-directing.

I have been using Super System Helper whenever I would see the tray icon come up and here are the processes I have blocked:
~.exe
0.exe
ie_updates3r.exe
ieupdr2.exe
kb9253318.exe

I have also have a DEP (data execution prevention) for Generic host process for Win32 Services. I dont know if this is due to infection but presuming it is. This message keeps going in a loop so it cant be close I just push it to the far side of the screen.

Thansk alot for anyones help hopefully you can help me work this out. Lastly here is my HiJackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 1:58:32 AM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\_svchost.exe
C:\WINDOWS\system32\_svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
F:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\CTHELPER.EXE
F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
F:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
F:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\SetPoint\kem.exe
C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE
F:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Super System Helper\SystemTool.exe
F:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Cody\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {57FF4DE6-3B38-494E-8B8C-E4629ADE9E60} - C:\WINDOWS\system32\chtbrk.dll
O2 - BHO: Microsoft copyright - {5DF6AFEE-2291-4041-9A74-354624861746} - ronods.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b0476a04-3949-4c71-ac9a-192000837c8a} - C:\WINDOWS\system32\gpeddem.dll (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NVTray] "C:\NVIDIA\NVTray\NVTray.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogonUIBootRandomizer] "C:\Program Files\TGTSoft\logonuibootrandomizer\RandomScreens.exe" /RandomizeLogon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BDMCon] f:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series (Copy 1)] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" /P35 "EPSON Stylus CX4200 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4200 Series on HOME] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" /P39 "Auto EPSON Stylus CX4200 Series on HOME" /O19 "\\HOME\EPSON_CX4200" /M "Stylus CX4200"
O4 - HKLM\..\Run: [\\HOME\EPSON Stylus CX4200 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" /P33 "\\HOME\EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SpySweeper] "F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] "F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12D1AED2-17F7-46DC-8896-DCE073A28FB9}: NameServer = 85.255.115.34,85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{19FCD510-9BE6-4B1C-ACA5-EC640A2B7EEC}: NameServer = 85.255.115.34,85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{55AA1419-588D-40F3-835D-A2C8A8B2CFBE}: NameServer = 85.255.115.34,85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B318D00-7590-496C-B114-9B8BD1E7C629}: NameServer = 85.255.115.34,85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CDB8DB8-BD99-4232-BFD3-053350529545}: NameServer = 85.255.115.34,85.255.112.99
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.99
O17 - HKLM\System\CS1\Services\Tcpip\..\{12D1AED2-17F7-46DC-8896-DCE073A28FB9}: NameServer = 85.255.115.34,85.255.112.99
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.99
O17 - HKLM\System\CS2\Services\Tcpip\..\{12D1AED2-17F7-46DC-8896-DCE073A28FB9}: NameServer = 85.255.115.34,85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.99
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gpeddem - gpeddem.dll (file missing)
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ClipBook ClipSrvhelpsvc (ClipSrvhelpsvc) - Unknown owner - C:\WINDOWS\system32\A8N-SLIc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft I Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe
O23 - Service: Microsoft Int Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

Pretty good mess! Disable or uninstall Super System Helper for now.
Reboot into Safe Mode. Open HJK. Click, Do a scan only. place ticks (check marks) next to all the items listed below. Click, "Fix Checked" Click, Yes. Reboot into normal Mode.

F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\ntos.exe,

O2 - BHO: (no name) - {57FF4DE6-3B38-494E-8B8C-E4629ADE9E60} - C:\WINDOWS\system32\chtbrk.dll

O2 - BHO: Microsoft copyright - {5DF6AFEE-2291-4041-9A74-354624861746} - ronods.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {b0476a04-3949-4c71-ac9a-192000837c8a} - C:\WINDOWS\system32\gpeddem.dll (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{12D1AED2-17F7-46DC-8896-DCE073A28FB9}: NameServer = 85.255.115.34,85.255.112.99

O17 - HKLM\System\CCS\Services\Tcpip\..\{19FCD510-9BE6-4B1C-ACA5-EC640A2B7EEC}: NameServer = 85.255.115.34,85.255.112.99

O17 - HKLM\System\CCS\Services\Tcpip\..\{55AA1419-588D-40F3-835D-A2C8A8B2CFBE}: NameServer = 85.255.115.34,85.255.112.99

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B318D00-7590-496C-B114-9B8BD1E7C629}: NameServer = 85.255.115.34,85.255.112.99

O17 - HKLM\System\CCS\Services\Tcpip\..\{9CDB8DB8-BD99-4232-BFD3-053350529545}: NameServer = 85.255.115.34,85.255.112.99

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.99

O17 - HKLM\System\CS1\Services\Tcpip\..\{12D1AED2-17F7-46DC-8896-DCE073A28FB9}: NameServer = 85.255.115.34,85.255.112.99

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.99

O17 - HKLM\System\CS2\Services\Tcpip\..\{12D1AED2-17F7-46DC-8896-DCE073A28FB9}: NameServer = 85.255.115.34,85.255.112.99

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34 85.255.112.99

O20 - Winlogon Notify: gpeddem - gpeddem.dll (file missing)

O23 - Service: ClipBook ClipSrvhelpsvc (ClipSrvhelpsvc) - Unknown owner - C:\WINDOWS\system32\A8N-SLIc.exe

O23 - Service: Microsoft I Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe

O23 - Service: Microsoft Int Service - Unknown owner - C:\WINDOWS\system32\_svchost.exe

Download ComboFix. Safe it to the desktop. Run comboFix. Post log.
http://forums.majorgeeks.com/showthread.php?t=134965

Run HJK and post a new log.

 

K so this is what is happening now. Ever since I posted last night and shutdown my PC, whenever I try to reboot into normal mode I get a BSOD before the tray programs/icons load in. Here is what the BSOD says: DRIVER_IRQL_NOT_LESS_OR_EQUAL (I am posting on another PC) I was able to get into safe mode just fine, I disabled all of the blocked processes in Super Sytem Helper, ran HJK and fixed all of the keys I was recommended to fix/remove. The only line that wasnt there when I did a scan in HJK is:

O23 - Service: ClipBook ClipSrvhelpsvc (ClipSrvhelpsvc) - Unknown owner - C:\WINDOWS\system32\A8N-SLIc.exe

(My mobo is an Asus A8N-SLI Premium so that may not be infectuous but not sure) After the HJK fix same problem persists (BSOD) unable to check if spyware problem still remains. Thanks for any help that may be available.

 

OK, well I kinda fingured out the problem with the BSOD it seems to be a problem with my NVidia LAN driver. My OS starts up fine if I remove the ethernet cable at startup then replace it after full system boot. I was able to run ComboFix and it did remove quite a bit so here is my ComboFix log followed by my HJK log made immediatly after CF reboot. Please give me a shout if there is anything left that seems suspicious thanks.


ComboFix 08-01-17.3 - Cody 2008-01-16 22:57:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1309 [GMT -7:00]
Running from: C:\Documents and Settings\Cody\Desktop\ComboFix.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0.exe
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Cody\~tmp1174.exe
C:\Documents and Settings\Cody\Application Data\install.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\fccyyv.dll
C:\WINDOWS\mlkklj.dll
C:\WINDOWS\nwan.dat
C:\WINDOWS\opmlij.dll
C:\WINDOWS\system32\_svchost.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\9253021841.dll
C:\WINDOWS\system32\chtbrk.dll
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\Ip6Fw.sys
C:\WINDOWS\system32\drivers\Jpv52.sys
C:\WINDOWS\system32\drivers\kepugtvb.dat
C:\WINDOWS\system32\drivers\Kqw17.sys
C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\kb9253230.exe
C:\WINDOWS\system32\kb9253246.exe
C:\WINDOWS\system32\kb9253250.exe
C:\WINDOWS\system32\kb9253277.exe
C:\WINDOWS\system32\kb9253289.exe
C:\WINDOWS\system32\kb9253295.exe
C:\WINDOWS\system32\kb9253303.exe
C:\WINDOWS\system32\kb9253304.exe
C:\WINDOWS\system32\kb9253307.exe
C:\WINDOWS\system32\kb9253309.exe
C:\WINDOWS\system32\kb9253312.exe
C:\WINDOWS\system32\kb9253313.exe
C:\WINDOWS\system32\kb9253321.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\newmaxxsv234.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\rt25.exe
C:\WINDOWS\system32\shift.exe.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\syssrv.sys
C:\WINDOWS\system32\tmp511B.tmp.dll
C:\WINDOWS\system32\tmp565C.tmp.dll
C:\WINDOWS\system32\tmp5863.tmp.dll
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga5me3.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\windxs32.dll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\urssqp.dll
C:\WINDOWS\vyyccf.ini
C:\WINDOWS\vyyccf.ini2
C:\WINDOWS\vyyccf.tmp
C:\windows\xpupdate.exe
.
---- Previous Run -------
.
C:\0.exe
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Cody\~tmp1174.exe
C:\Documents and Settings\Cody\Application Data\Install.dat
C:\Documents and Settings\Cody\Application Data\macromedia\Flash Player\#SharedObjects\2T5RMK83\www.broadcaster.com
C:\Documents and Settings\Cody\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\fccyyv.dll
C:\WINDOWS\mlkklj.dll
C:\WINDOWS\nwan.dat
C:\WINDOWS\opmlij.dll
C:\WINDOWS\system32\_svchost.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\9253021841.dll
C:\WINDOWS\system32\cookie.dat
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\Ip6Fw.sys
C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\kb9253230.exe
C:\WINDOWS\system32\kb9253246.exe
C:\WINDOWS\system32\kb9253250.exe
C:\WINDOWS\system32\kb9253277.exe
C:\WINDOWS\system32\kb9253289.exe
C:\WINDOWS\system32\kb9253295.exe
C:\WINDOWS\system32\kb9253303.exe
C:\WINDOWS\system32\kb9253304.exe
C:\WINDOWS\system32\kb9253307.exe
C:\WINDOWS\system32\kb9253309.exe
C:\WINDOWS\system32\kb9253312.exe
C:\WINDOWS\system32\kb9253313.exe
C:\WINDOWS\system32\kb9253321.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\newmaxxsv234.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\rt25.exe
C:\WINDOWS\system32\shift.exe.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\syssrv.sys
C:\WINDOWS\system32\tmp511B.tmp.dll
C:\WINDOWS\system32\tmp565C.tmp.dll
C:\WINDOWS\system32\tmp5863.tmp.dll
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxg6ame4.exe
C:\WINDOWS\system32\vedxga1me4t1.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga5me3.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\windxs32.dll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\urssqp.dll
C:\WINDOWS\vyyccf.ini
C:\WINDOWS\vyyccf.ini2
C:\WINDOWS\vyyccf.tmp
C:\windows\xpupdate.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_JPV52
-------\LEGACY_KQW17
-------\LEGACY_NDISWON
-------\LEGACY_RUNTIME
-------\LEGACY_SMTPDRV
-------\LEGACY_XPMWTWSY
-------\Jpv52
-------\Kqw17
-------\NdisWon
-------\runtime
-------\smtpdrv
-------\xpmwtwsy


-------\xpmwtwsy


((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-16 23:12 . 2004-08-03 17:00 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-01-16 22:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 21:37 . 2008-01-16 21:37 17,920 --ahs---- C:\WINDOWS\system32\actmovieo.dll
2008-01-16 15:31 . 2008-01-16 15:31 21,504 --a------ C:\WINDOWS\system32\test12.exe
2008-01-16 03:10 . 2008-01-16 03:10 10,240 --a------ C:\WINDOWS\system\bfdtsc32.dll
2008-01-16 02:51 . 2008-01-16 02:51 4,608 --a------ C:\winperd.exe
2008-01-16 02:51 . 2008-01-16 02:51 0 --a------ C:\WINDOWS\system32\MI72B0.tmp
2008-01-16 02:38 . 2008-01-16 02:38 4,608 --a------ C:\winczsl.exe
2008-01-16 02:38 . 2008-01-16 02:38 0 --a------ C:\WINDOWS\system32\MI6D5D.tmp
2008-01-16 02:25 . 2008-01-16 02:25 4,608 --a------ C:\winxphz.exe
2008-01-16 02:25 . 2008-01-16 02:25 0 --a------ C:\WINDOWS\system32\MI69F2.tmp
2008-01-16 02:13 . 2008-01-16 02:13 4,608 --a------ C:\winnzhf.exe
2008-01-16 02:13 . 2008-01-16 02:13 0 --a------ C:\WINDOWS\system32\MI689E.tmp
2008-01-16 02:00 . 2008-01-16 02:00 4,608 --a------ C:\winsywy.exe
2008-01-16 02:00 . 2008-01-16 02:00 0 --a------ C:\WINDOWS\system32\MI673F.tmp
2008-01-16 01:22 . 2008-01-16 01:22 4,608 --a------ C:\winhzih.exe
2008-01-16 01:22 . 2008-01-16 01:22 0 --a------ C:\WINDOWS\system32\MI6178.tmp
2008-01-16 01:09 . 2008-01-16 01:09 4,608 --a------ C:\winkysz.exe
2008-01-16 01:09 . 2008-01-16 01:09 0 --a------ C:\WINDOWS\system32\MI5E5B.tmp
2008-01-16 00:55 . 2008-01-16 00:55 4,608 --a------ C:\winobom.exe
2008-01-16 00:55 . 2008-01-16 00:55 0 --a------ C:\WINDOWS\system32\MI57A7.tmp
2008-01-16 00:43 . 2008-01-16 00:43 4,608 --a------ C:\winbzsq.exe
2008-01-16 00:43 . 2008-01-16 00:43 0 --a------ C:\WINDOWS\system32\MI5657.tmp
2008-01-15 04:45 . 2008-01-15 04:45 17,920 --ahs---- C:\WINDOWS\system32\acelpdecy.dll
2008-01-15 04:44 . 2008-01-15 04:44 42,496 -r-hs---- C:\WINDOWS\system32\A8N-SLIc.exe
2008-01-15 04:44 . 2008-01-16 22:00 362 --a-s---- C:\WINDOWS\system32\3836821685.dat
2008-01-15 04:33 . 2008-01-15 04:33 17,948 --a------ C:\WINDOWS\system32\mssrv32.exe
2008-01-14 03:42 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-01-14 02:24 . 2008-01-14 02:25 112,128 --a------ C:\WINDOWS\system32\runtime.exe
2008-01-14 02:24 . 2008-01-14 02:24 62,464 --a------ C:\WINDOWS\taskmon.exe
2008-01-14 02:18 . 2008-01-14 02:18 4,608 --a------ C:\winyiar.exe
2008-01-14 02:18 . 2008-01-14 02:18 0 --a------ C:\WINDOWS\system32\MI6AF6.tmp
2008-01-14 02:18 . 2008-01-14 02:18 0 --a------ C:\WINDOWS\system32\MI6ABC.tmp
2008-01-14 02:14 . 2008-01-14 02:14 21,504 --a------ C:\WINDOWS\system32\kernelwind64.exe
2008-01-14 02:14 . 2008-01-14 02:14 21,504 --a------ C:\sysvawg.exe
2008-01-13 21:28 . 2008-01-13 21:28 4,608 --a------ C:\winfnov.exe
2008-01-13 21:28 . 2008-01-13 21:28 0 --a------ C:\WINDOWS\system32\MI5BEA.tmp
2008-01-13 21:28 . 2008-01-13 21:28 0 --a------ C:\WINDOWS\system32\MI5BE8.tmp
2008-01-13 21:15 . 2008-01-13 21:15 4,608 --a------ C:\winvovk.exe
2008-01-13 21:15 . 2008-01-13 21:15 0 --a------ C:\WINDOWS\system32\MI56CA.tmp
2008-01-13 21:15 . 2008-01-13 21:15 0 --a------ C:\WINDOWS\system32\MI56C8.tmp
2008-01-13 18:09 . 2008-01-13 18:09 4,608 --a------ C:\winmdld.exe
2008-01-13 18:09 . 2008-01-13 18:09 0 --a------ C:\WINDOWS\system32\MI5283.tmp
2008-01-13 18:09 . 2008-01-13 18:09 0 --a------ C:\WINDOWS\system32\MI5281.tmp
2008-01-13 17:57 . 2008-01-13 17:57 4,608 --a------ C:\winpodh.exe
2008-01-13 17:57 . 2008-01-13 17:57 0 --a------ C:\WINDOWS\system32\MI5176.tmp
2008-01-13 17:57 . 2008-01-13 17:57 0 --a------ C:\WINDOWS\system32\MI5173.tmp
2008-01-13 17:44 . 2008-01-13 17:44 4,608 --a------ C:\winorwr.exe
2008-01-13 17:44 . 2008-01-13 17:44 0 --a------ C:\WINDOWS\system32\MIBDE.tmp
2008-01-13 17:44 . 2008-01-13 17:44 0 --a------ C:\WINDOWS\system32\MIBDC.tmp
2008-01-13 17:31 . 2008-01-13 17:31 4,608 --a------ C:\winrnip.exe
2008-01-13 17:31 . 2008-01-13 17:31 0 --a------ C:\WINDOWS\system32\MI36A.tmp
2008-01-13 17:31 . 2008-01-13 17:31 0 --a------ C:\WINDOWS\system32\MI360.tmp
2008-01-11 15:02 . 2008-01-11 15:02 25,600 --a------ C:\WINDOWS\system32\ronods.dll
2008-01-11 12:50 . 2008-01-11 12:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-11 12:50 . 2008-01-11 12:50 <DIR> d-------- C:\Documents and Settings\Cody\Application Data\Webroot
2008-01-11 12:50 . 2008-01-11 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-11 12:50 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-01-11 12:50 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-11 12:50 . 2007-10-01 16:24 23,864 --------- C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-11 12:50 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-11 12:50 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-11 10:24 . 2008-01-11 10:24 32,256 --a------ C:\WINDOWS\system32\sysrest32.exe
2008-01-11 10:24 . 2008-01-11 10:24 13,760 --a------ C:\WINDOWS\system32\sysrest.sys
2008-01-09 16:13 . 2008-01-09 16:13 29 --a------ C:\WINDOWS\system32\diooufee.tmp
2008-01-09 05:05 . 2008-01-09 05:05 4,608 --a------ C:\winzxut.exe
2008-01-09 05:05 . 2008-01-09 05:05 0 --a------ C:\WINDOWS\system32\MI51EE.tmp
2008-01-09 04:50 . 2008-01-11 12:36 13 --a------ C:\autoexec.ba_
2008-01-08 15:38 . 2008-01-08 15:38 441,856 --a------ C:\autoexes.dll
2008-01-08 05:34 . 2008-01-08 05:34 4,608 --a------ C:\winvbig.exe
2008-01-08 05:34 . 2008-01-08 05:34 4,608 --a------ C:\winexov.exe
2008-01-08 05:34 . 2008-01-08 05:34 0 --a------ C:\WINDOWS\system32\MI54E3.tmp
2008-01-08 05:34 . 2008-01-08 05:34 0 --a------ C:\WINDOWS\system32\MI54E1.tmp
2008-01-07 15:50 . 2008-01-07 15:50 441,856 --a------ C:\autoexec.dll
2008-01-07 15:49 . 2008-01-16 15:41 371 --a------ C:\WINDOWS\system32\svchost.tmp
2008-01-07 15:49 . 2008-01-16 15:31 84 --a------ C:\WINDOWS\system32\svchost.t__
2008-01-07 15:45 . 2008-01-16 00:57 6,144 --a------ C:\Documents and Settings\Cody\ie_updates3r.exe
2008-01-07 15:32 . 2008-01-07 15:32 25,600 --a------ C:\WINDOWS\system32\judgemq.dll
2008-01-07 15:32 . 2008-01-13 18:19 5,591 --a------ C:\WINDOWS\system32\sft.res
2008-01-07 02:42 . 2008-01-09 05:22 21,760 --a------ C:\WINDOWS\Kqw17.sys
2007-12-26 01:13 . 2007-12-26 01:13 268 --ah----- C:\sqmdata06.sqm
2007-12-26 01:13 . 2007-12-26 01:13 244 --ah----- C:\sqmnoopt06.sqm
2007-12-22 14:01 . 2007-10-08 17:36 139,850 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-12-18 14:04 . 2007-12-18 14:04 <DIR> d-------- C:\Program Files\AC3Filter
2007-12-18 14:04 . 2007-08-18 00:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2007-12-18 12:14 . 2007-12-18 15:46 <DIR> d-------- C:\Documents and Settings\Cody\Application Data\DivX
2007-12-18 12:11 . 2007-12-18 12:12 <DIR> d-------- C:\Program Files\DivX6.6
2007-12-18 12:11 . 2007-07-09 12:07 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-12-18 12:11 . 2007-07-09 12:07 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-18 12:11 . 2007-07-09 12:07 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 06:10 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-01-17 04:23 1,952 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-01-14 10:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 09:25 --------- d-----w C:\Documents and Settings\Cody\Application Data\ContentGuard
2008-01-11 21:58 --------- d-----w C:\Program Files\Windows XP Home-Pro-2003 SP2 Crack
2008-01-08 11:54 --------- d-----w C:\Documents and Settings\Cody\Application Data\Bioshock
2007-12-18 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-18 20:44 --------- d-----w C:\Documents and Settings\Cody\Application Data\Azureus
2007-12-18 19:11 --------- d-----w C:\Program Files\DivX
2007-12-16 22:05 --------- d-----w C:\Program Files\Common Files\Zinio
2007-12-10 08:13 45,568 ----a-w C:\systwbt.exe
2006-08-15 20:04 1,060 ----a-w C:\Program Files\INSTALL.LOG
2007-08-28 07:59 2 --shatr C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 17,920 2006-12-19 04:32:32 C:\bak\YASU.exe

----a-w 327,680 2006-01-16 21:02:10 C:\NVIDIA\NVTray\bak\NVTray.exe

----a-w 3,627,520 2005-06-16 20:36:16 C:\Program Files\ASUS\Ai Booster\bak\OverClk.exe

----a-w 155,648 2006-01-12 21:40:44 C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe

----a-w 180,269 2006-03-02 00:00:00 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 139,264 2003-10-08 21:35:42 C:\Program Files\Creative\MediaSource\RemoteControl\bak\RCMan.EXE

----a-w 45,056 2002-12-03 23:06:52 C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe

----a-w 45,056 2003-06-18 06:00:00 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDet.EXE

----a-w 57,344 2003-09-17 15:43:36 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\bak\CTSysVol.exe

----a-w 75,520 2006-12-15 09:23:27 C:\Program Files\Java\jre1.5.0_11\bin\bak\jusched.exe

----a-w 532,480 2004-11-10 00:00:00 C:\Program Files\NVIDIA Corporation\nTune\bak\nTune.exe

----a-w 249,856 2005-05-30 01:01:54 C:\Program Files\TGTSoft\logonuibootrandomizer\bak\RandomScreens.exe

----a-w 1,359,872 2005-08-19 00:00:00 C:\Program Files\TGTSoft\StyleXP\bak\StyleXP.exe

----a-w 90,112 2000-05-11 06:00:00 C:\WINDOWS\bak\UpdReg.EXE

----a-w 59,392 2004-08-10 00:00:00 C:\WINDOWS\ehome\bak\ehtray.exe

----a-w 620,152 2006-10-23 05:24:02 F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\bak\Acrotray.exe
----a-w 620,152 2006-10-23 04:24:02 F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\acrotray.exe

----a-w 157,592 2006-11-12 10:48:46 F:\Program Files\DAEMON Tools\bak\daemon.exe
----a-w 157,592 2006-11-12 10:48:46 F:\Program Files\DAEMON Tools\daemon.exe

----a-w 155,648 2006-02-08 00:05:45 F:\Program Files\QuickTime\bak\qttask.exe
----a-w 286,720 2007-06-29 12:24:52 F:\Program Files\QuickTime\QTTask.exe

----a-w 470,016 2006-08-02 15:15:32 F:\Program Files\SlySoft\AnyDVD\bak\AnyDVD.exe
----a-w 1,465,280 2007-08-24 01:11:57 F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

----a-w 49,152 2006-10-12 00:22:18 F:\Program Files\Softwin\BitDefender10\bak\bdagent.exe
----a-w 69,632 2007-06-14 15:32:56 F:\Program Files\Softwin\BitDefender10\bdagent.exe

----a-w 282,624 2006-09-28 23:31:52 F:\Program Files\Softwin\BitDefender10\bak\bdmcon.exe
----a-w 290,816 2007-06-14 15:33:01 F:\Program Files\Softwin\BitDefender10\bdmcon.exe

----a-w 369,664 2006-09-28 14:46:35 Y:\Local Disk [D] BACKUP\Program Files\Grisoft\AVG Free\bak\avgcc.exe
----a-w 411,648 2007-02-08 16:36:23 Y:\Local Disk [D] BACKUP\Program Files\Grisoft\AVG Free\avgcc.exe

----a-w 434,176 2005-09-07 12:33:20 Y:\Local Disk [D] BACKUP\Program Files\Logitech\Video\bak\CameraAssistant.exe
----a-w 434,176 2005-09-07 12:33:20 Y:\Local Disk [D] BACKUP\Program Files\Logitech\Video\CameraAssistant.exe

----a-w 73,728 2005-09-07 12:39:44 Y:\Local Disk [D] BACKUP\Program Files\Logitech\Video\bak\InstallHelper.exe
----a-w 73,728 2005-09-07 12:39:44 Y:\Local Disk [D] BACKUP\Program Files\Logitech\Video\InstallHelper.exe

----a-w 77,824 2006-10-04 00:15:02 Y:\Local Disk [D] BACKUP\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-09-01 21:57:48 Y:\Local Disk [D] BACKUP\Program Files\QuickTime\qttask.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AECB328C-AD19-A18C-386F-35A24BB56081}]
2008-01-16 03:10 10240 --a------ C:\WINDOWS\system\bfdtsc32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [ ]
"SB Audigy 2 Startup Menu"="C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE" [ ]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"DAEMON Tools"="F:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 03:48 157592]
"AnyDVD"="F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-08-23 18:11 1465280]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:32 81920]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="F:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]

C:\Documents and Settings\Cody\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-16 16:48:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTServ]
C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll 2003-10-08 17:00 1064960 C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=C:\Documents and Settings\Cody\Desktop\del.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jpv52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kqw17.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Venturi 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Venturi 2.lnk
backup=C:\WINDOWS\pss\Venturi 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Cody^Start Menu^Programs^Startup^RAR Password Cracker.lnk]
path=C:\Documents and Settings\Cody\Start Menu\Programs\Startup\RAR Password Cracker.lnk
backup=C:\WINDOWS\pss\RAR Password Cracker.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 21:24 620152 F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-06-12 21:16 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-07-25 13:55 1043968 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-31 17:44 271672 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
C:\Program Files\ASUS\Ai Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maplom]
--a------ 2005-12-27 23:47 869888 F:\Program Files\Maplom\Maplom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Phone Suite]
--a------ 2003-09-26 17:00 952131 C:\Program Files\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:00 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 F:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\system32\dxdll\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCDEmuApp.exe]
--a------ 2005-10-15 18:15 167936 F:\Program Files\PowerISO\SCDEmuApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
C:\WINDOWS\fccyyv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit]
-ra------ 2006-01-01 17:00 137216 C:\WINDOWS\system32\ntos.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
--a------ 2007-05-04 13:52 3756102 F:\Program Files\Zinio\ZinioReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PhotoshopElementsDeviceConnect"=2 (0x2)
"Oracletxdbserver92TNSListener"=2 (0x2)
"Oracletxdbserver92SNMPPeerMasterAgent"=3 (0x3)
"Oracletxdbserver92SNMPPeerEncapsulator"=3 (0x3)
"Oracletxdbserver92ClientCache"=3 (0x3)
"Oracletxdbserver92Agent"=2 (0x2)
"OracleServiceTOXIK"=2 (0x2)
"OracleMTSRecoveryService"=2 (0x2)
"Venturi2"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"Autodesk License Server"=2 (0x2)
"usnjsvc"=3 (0x3)
"Pixar License Server"=2 (0x2)
"Pixar Alfred Server 12.0"=2 (0x2)
"mi-raysat_3dsmax8"=2 (0x2)
"maya70docserver"=2 (0x2)
"LIVESRV"=2 (0x2)
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-07-22 17:00]
R1 bdftdif;BitDefender Firewall TDI Filter;C:\Program Files\Common Files\Softwin\BitDefender Firewall\bdftdif.sys [2007-04-07 13:38]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 03:47]
R2 LF30FS;LF30FS;F:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 17:07]
R2 PfDetNT;PfDetNT;C:\WINDOWS\system32\drivers\PfModNT.sys [2003-03-05 10:19]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-04-07 13:39]
R3 LHidPPKE;Logitech SetPoint HID Function Driver;C:\WINDOWS\system32\DRIVERS\LHidPPKE.Sys [2003-10-07 17:00]
S2 ClipSrvhelpsvc;ClipBook ClipSrvhelpsvc;C:\WINDOWS\system32\A8N-SLIc.exe srv []
S2 Windows IPSEC Monitor;Windows IPSEC Monitor;"C:\WINDOWS\system32\test12.exe" [2008-01-16 15:31]
S3 CrystalCpuInfo;CrystalCpuInfo;F:\Program Files\OverClocking Utils\OCCT\CpuInfo.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 14:10]
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2007-08-28 01:17]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 01:53]
S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys [2008-01-11 10:24]
S4 Autodesk License Server;Autodesk License Server;F:\Program Files\Autodesk\Autodesk License Server\bin\lmgrd.exe [2005-06-09 12:43]
S4 Microsoft I Service;Microsoft I Service;C:\WINDOWS\system32\_svchost.exe []
S4 Microsoft Int Service;Microsoft Int Service;C:\WINDOWS\system32\_svchost.exe []
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"F:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 05:01]
S4 OracleServiceTOXIK;OracleServiceTOXIK;f:\oracle\txdbserver92\bin\ORACLE.EXE TOXIK []
S4 Oracletxdbserver92Agent;Oracletxdbserver92Agent;F:\Oracle\txdbserver92\bin\agntsrvc.exe [2006-09-06 21:10]
S4 Oracletxdbserver92ClientCache;Oracletxdbserver92ClientCache;F:\Oracle\txdbserver92\BIN\ONRSD.EXE [2006-09-06 21:10]
S4 Oracletxdbserver92SNMPPeerEncapsulator;Oracletxdbserver92SNMPPeerEncapsulator;F:\Oracle\txdbserver92\BIN\ENCSVC.EXE [2006-09-06 21:10]
S4 Oracletxdbserver92SNMPPeerMasterAgent;Oracletxdbserver92SNMPPeerMasterAgent;F:\Oracle\txdbserver92\BIN\AGNTSVC.EXE [2006-09-06 21:10]
S4 Oracletxdbserver92TNSListener;Oracletxdbserver92TNSListener;F:\Oracle\txdbserver92\BIN\TNSLSNR []
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 02:40]
S4 Pixar Alfred Server 12.0;Pixar Alfred Server 12.0;F:\Program Files\Autodesk\Pixar\RenderManProServer-12.0\bin\alfserver.exe [2006-05-16 18:03]
S4 Pixar License Server;Pixar License Server;C:\FLEXLM\license-3.0\lmgrd.exe [2004-05-26 13:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92728442-8156-11da-a52c-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92728443-8156-11da-a52c-806d6172696f}]
\Shell\AutoRun\command - E:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb1aa1da-4e9e-11dc-a997-0013d450a53b}]
\Shell\AutoRun\command - L:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-20 18:09:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 23:13:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\wsnpoem

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\sockspy.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\sockspy.dll
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2008-01-16 23:20:02 - machine was rebooted [Cody]
ComboFix-quarantined-files.txt 2008-01-17 06:19:57




Logfile of HijackThis v1.99.1
Scan saved at 11:28:04 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
F:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
F:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Logitech\SetPoint\kem.exe
C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\WINDOWS\system32\notepad.exe
F:\Program Files\Softwin\BitDefender10\bdmcon.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Cody\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Macromedia Movie - {AECB328C-AD19-A18C-386F-35A24BB56081} - C:\WINDOWS\system\bfdtsc32.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SpySweeper] F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] "F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ClipBook ClipSrvhelpsvc (ClipSrvhelpsvc) - Unknown owner - C:\WINDOWS\system32\A8N-SLIc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows IPSEC Monitor - Unknown owner - C:\WINDOWS\system32\test12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

BSOD! Well, that's not good. Looks like a driver conflict. DRIVER_IRQL_NOT_LESS_OR_EQUAL What are the error code numbers following this? Will look something like this. 0x000000D1 (0x0000003c, 0x00000002, 0x00000000, 0xB6CF761F) ...
Go into Device Manager and check for Red X's, Yellow Exclamation marks. Let me know what you find.

Removing viruses can sometimes cause unpredictable results. I wouldn't worry too much about it just yet. I'm sure theres a fix. Hey, and if all else fails, there's alway the Windows installation CD. But, we will try to fix it first, before throwing in the towl. Just depends on how much time it will take to solve.

The ComboFix log still shows some problems. One is a hidden infection. Hopefully, it won't be too stubborn to remove. OK, let's unhide the protected folders. To Show Hidden Files And Folders. Start>My Computer>Tools>Folder Options>View>Select, Show Hidden Files and Folder. Untick, Hide Extensions For Known File Types. Untick, Hide Protected Operating System Files. Click, Apply. Run another ComboFix scan. When done look at the bottom of the Combofix report for any hidden files. Right now, there is one showing. C:\WINDOWS\system32\wsnpoem If it's still there...

Download and run this Rootkit removal tool.
http://free.grisoft.com/doc/download-free-anti-rootkit/us/frt/0

Run Combofix, check to see if the hidden file is gone yet? Let me know.

Reboot into Safe Mode. Open HJK. Click, Do a scan only. Place ticks next to the items listed below. Click, "Fix Checked" Click, yes. Reboot normal. Run HJK and post as new log.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

O2 - BHO: Macromedia Movie - {AECB328C-AD19-A18C-386F-35A24BB56081} - C:\WINDOWS\system\bfdtsc32.dll

Not sure about this one. Do you know what this is?
O23 - Service: ClipBook ClipSrvhelpsvc (ClipSrvhelpsvc) - Unknown owner - C:\WINDOWS\system32\A8N-SLIc.exe

 

Everything seems to be running alot better now. For some reason im not getting the BSOD. Before I could only boot up if my LAN cable was disconected so I thought it had to do with my nvidia lan drivers because I have dual Lan, one runs off of an independent marvell chip the other runs off the nforce4 chipset. Im still goin to keep an eye on this situation and check the interupt request addressing but it seems fine for now. Anyway I was able to remove the rootkit and I rebooted into safe mode but none of these entries were there:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

O2 - BHO: Macromedia Movie - {AECB328C-AD19-A18C-386F-35A24BB56081} - C:\WINDOWS\system\bfdtsc32.dll

O23 - Service: ClipBook ClipSrvhelpsvc (ClipSrvhelpsvc) - Unknown owner - C:\WINDOWS\system32\A8N-SLIc.exe

All for the better I guess, but the thing is, the last line (O23) does not appear in safe mode, only in normal mode and when I try to HJK fix that line I just reappears. I am not sure what this is, I have heard of this ClipSrvhelpsvc being realted to spyware and I know that A8N-SLI is the model of my mobo thats all I know about this entry. Thanks for the help, here is an updated HJK log:

Logfile of HijackThis v1.99.1
Scan saved at 6:18:59 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
F:\Program Files\QuickTime\QTTask.exe
F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\kem.exe
C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE
F:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Webroot\Spy Sweeper\SSU.EXE
F:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Documents and Settings\Cody\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.98.238.8:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] F:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] "F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat Pro 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LBTServ - C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ClipBook ClipSrvhelpsvc (ClipSrvhelpsvc) - Unknown owner - C:\WINDOWS\system32\A8N-SLIc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - F:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows IPSEC Monitor - Unknown owner - C:\WINDOWS\system32\test12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

HJK log is clean!
I believe the reboots took care of the driver issue after the infections were removed.
You can run ComboFix again and make sure the Rootkit has been removed.
Follow up with CCleaner, Disc Cleanup and Disc Defragmenter.

Take care...

 

Thanks alot for all the help, really appreciate it. Cheers!! See ya around