My logs for inspection

[El loco]

So my comp had been slow for the past couple of days, and yesterday it just randomly shut down and when I started it back up it froze. Anyways, I had some time today and went through Osiris's guide. Through the scannings I found a couple of Trojans in win32 and I think I deleted them, but just in case could you guys take a look at my logs? Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:18, on 2/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1201108691495
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1201111902218
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FA321D1-4CEB-4ACA-A79E-90901D650B46}: NameServer = 167.206.245.130,167.206.245.129
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6225 bytes

ComboFix 09-02-28.01 - mike 2009-02-28 21:20:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.426 [GMT -5:00]
Running from: c:\documents and settings\mike\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090228-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\mm.BOT
c:\program files\mm.BOT\Config\mm.LifeCheck.ini
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.CH
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.ID
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.PK
c:\program files\mm.BOT\Copy of Config\Config.ini
c:\program files\mm.BOT\Copy of Config\CSZonSequence.txt
c:\program files\mm.BOT\Copy of Config\HammerdinSequence.txt
c:\program files\mm.BOT\Copy of Config\mm.BOT.ini
c:\program files\mm.BOT\Copy of Config\mm.BOT.Sequences.ini
c:\program files\mm.BOT\Copy of Config\mm.BotState.ini
c:\program files\mm.BOT\Copy of Config\mm.LifeCheck.ini
c:\program files\mm.BOT\Copy of Config\mm.MultiKeys.ini
c:\program files\mm.BOT\Copy of Config\mm.PKID.ini
c:\program files\mm.BOT\Copy of Config\mm.PlayKeys.ini
c:\program files\mm.BOT\Copy of Config\mmcl.PKID.Compiler.exe
c:\program files\mm.BOT\Copy of Config\NecroSequence.txt
c:\program files\mm.BOT\Copy of Config\SorcSequence.txt
c:\program files\mm.BOT\Copy of Config\System\d2-cdkey.exe
c:\program files\mm.BOT\Copy of Config\System\listfile.dat
c:\program files\mm.BOT\Copy of Config\System\LMPQAPI.DLL
c:\program files\mm.BOT\Copy of Config\System\mm.Boxes.Ref.ini
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Ref
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Usr.CH
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Usr.ID
c:\program files\mm.BOT\Copy of Config\System\mm.PKID.Usr.PK
c:\program files\mm.BOT\Copy of Config\System\MPQ2K.exe
c:\program files\mm.BOT\Copy of Config\System\OrbReference.ini
c:\program files\mm.BOT\Copy of Config\System\Process.exe
c:\program files\mm.BOT\Copy of Config\System\SFmpq.dll
c:\program files\mm.BOT\Copy of Config\System\staredit.exe
c:\program files\mm.BOT\Copy of Config\System\Storm.dll
c:\program files\mm.BOT\Copy of Config\WindDruidSequence.txt
c:\program files\mm.BOT\Logs\Compiler.txt
c:\program files\mm.BOT\Logs\Good_Items.txt
c:\program files\mm.BOT\Logs\LifeCheck.txt
c:\program files\mm.BOT\Logs\Picked_Items.txt
c:\program files\mm.BOT\Logs\ScanDrop_Items.txt
c:\program files\mm.BOT\Logs\Sold_Items.txt
c:\program files\mm.BOT\Scripts\ACT1_5NEWEST.log
c:\program files\mm.BOT\Scripts\Andy\Andy.au3
c:\program files\mm.BOT\Scripts\Andy\Andy_WP.au3
c:\program files\mm.BOT\Scripts\Andy\AndyFocus.au3
c:\program files\mm.BOT\Scripts\Andy\KukBot.log
c:\program files\mm.BOT\Scripts\Andy\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\Bot.log
c:\program files\mm.BOT\Scripts\Config.ini
c:\program files\mm.BOT\Scripts\CTA.au3
c:\program files\mm.BOT\Scripts\Meph\KukBot.log
c:\program files\mm.BOT\Scripts\Meph\Meph.au3
c:\program files\mm.BOT\Scripts\Meph\Meph_WP.au3
c:\program files\mm.BOT\Scripts\Meph\MephFocus.au3
c:\program files\mm.BOT\Scripts\Meph\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\PotBot.exe
c:\program files\mm.BOT\Scripts\PotThread.exe
c:\program files\mm.BOT\Scripts\RECOVER_NEWST_SCR.exe
c:\program files\mm.BOT\Scripts\safe_seq.ini
c:\program files\mm.BOT\Scripts\SafeMainSeq.ini
c:\program files\mm.BOT\Scripts\safestarter.au3
c:\program files\mm.BOT\Scripts\safestarter.ini
c:\program files\mm.BOT\Scripts\Shenk\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\Shenk\ShenkFocus.au3
c:\program files\mm.BOT\Scripts\StartPotthread.exe
c:\program files\mm.BOT\Scripts\Trav\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\Trav\TravFocus.au3
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-02-01 to 2009-03-01 )))))))))))))))))))))))))))))))
.

2009-02-28 20:02 . 2009-02-28 20:02 <DIR> d-------- c:\documents and settings\mike\Application Data\Malwarebytes
2009-02-28 20:02 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-28 20:01 . 2009-02-28 20:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-28 20:01 . 2009-02-28 20:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 20:01 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 19:30 . 2009-02-28 19:30 <DIR> d-------- C:\VundoFix Backups
2009-02-28 19:09 . 2009-02-28 19:09 <DIR> d-------- c:\program files\Trend Micro
2009-02-28 19:01 . 2009-02-28 19:01 <DIR> d-------- c:\program files\CCleaner
2009-02-28 18:55 . 2009-02-28 18:55 <DIR> d-------- c:\program files\CleanUp!
2009-02-28 18:48 . 2009-02-28 18:48 <DIR> d-------- c:\program files\MSConfig CleanUp
2009-02-27 19:23 . 2009-02-27 19:35 <DIR> d-------- c:\program files\Diablo II 3
2009-02-27 11:07 . 2009-02-27 11:07 <DIR> d-------- c:\program files\Alwil Software
2009-02-24 21:49 . 2009-02-24 21:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-24 21:27 . 2009-02-24 21:27 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-02-17 00:33 . 2009-02-17 00:33 268 --ah----- C:\sqmdata07.sqm
2009-02-17 00:33 . 2009-02-17 00:33 244 --ah----- C:\sqmnoopt07.sqm
2009-02-16 22:15 . 2008-11-02 01:06 847,360 --a------ c:\windows\system32\JS32.dll
2009-02-16 22:07 . 2009-02-16 22:10 <DIR> d-------- c:\program files\Diablo II bot
2009-02-13 23:42 . 2009-02-13 23:42 <DIR> d-------- C:\Sandbox
2009-02-13 23:41 . 2009-02-13 23:41 <DIR> d-------- c:\program files\Sandboxie
2009-02-13 23:41 . 2009-02-27 20:13 1,374 --a------ c:\windows\Sandboxie.ini
2009-02-13 23:27 . 2009-02-27 21:12 <DIR> d-------- c:\program files\Diablo II 2
2009-02-13 20:58 . 2009-02-13 20:58 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-13 20:26 . 2009-02-27 20:43 <DIR> d-------- c:\program files\mIRC
2009-02-13 20:26 . 2009-02-27 23:38 <DIR> d-------- c:\documents and settings\mike\Application Data\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 23:51 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-28 23:51 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-28 23:19 --------- d-----w c:\program files\Sierra On-Line
2009-02-28 23:06 --------- d-----w c:\documents and settings\mike\Application Data\OpenOffice.org2
2009-02-28 04:38 --------- d-----w c:\program files\Diablo II
2009-02-27 16:02 --------- d-----w c:\program files\a-squared Anti-Malware
2009-02-23 00:32 --------- d-----w c:\program files\MediaCoder
2009-02-21 17:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-21 03:10 --------- d-----w c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-02-21 03:10 --------- d-----w c:\program files\Digital Guitar Tuner 2.3
2009-02-19 16:02 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-16 19:17 --------- d-----w c:\documents and settings\Yosley\Application Data\Apple Computer
2009-02-14 01:57 --------- d-----w c:\program files\Java
2009-02-09 02:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 02:32 --------- d-----w c:\program files\EA GAMES
2009-02-08 19:33 --------- d-----w c:\documents and settings\mike\Application Data\uTorrent
2009-01-25 03:37 --------- d-----w c:\program files\Paradox Interactive
2009-01-24 04:30 --------- d-----w c:\documents and settings\mike\Application Data\U3
2009-01-20 00:44 --------- d-----w c:\program files\Common Files\3DO Shared
2009-01-20 00:44 --------- d-----w c:\program files\3DO
2009-01-19 06:22 --------- d-----w c:\program files\uTorrent
2009-01-11 02:14 --------- d-----w c:\documents and settings\mike\Application Data\Gearbox Software
2008-09-15 22:38 0 ----a-w c:\documents and settings\mike\ck-purge.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\Bf2_w32ded.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"c:\\Program Files\\Strategy First\\Europa Universalis 2\\EU2.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\mike\\Desktop\\New Folder (2)\\System\\EiB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-27 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-27 20560]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2008-01-23 41025]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-01-05 103936]
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\mike\Application Data\Mozilla\Firefox\Profiles\en8u1vpy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 21:26:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-28 21:30:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-01 02:30:09

Pre-Run: 68,662,644,736 bytes free
Post-Run: 68,545,720,320 bytes free

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
223 --- E O F --- 2008-06-11 02:39:17

 

[El loco]

SmitFraudFix v2.398

Scan done at 19:24:13.64, Sat 02/28/2009
Run from C:\Documents and Settings\mike\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0FA321D1-4CEB-4ACA-A79E-90901D650B46}: DhcpNameServer=167.206.245.129 167.206.245.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0FA321D1-4CEB-4ACA-A79E-90901D650B46}: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0FA321D1-4CEB-4ACA-A79E-90901D650B46}: NameServer=167.206.245.130,167.206.245.129
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0FA321D1-4CEB-4ACA-A79E-90901D650B46}: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.129 167.206.245.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.130 167.206.245.129
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=167.206.245.130 167.206.245.129


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[Osiris]

Remove

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Is this IP legit?

O17 - HKLM\System\CS2\Services\Tcpip\..\{0FA321D1-4CEB-4ACA-A79E-90901D650B46}: NameServer = 167.206.245.130,167.206.245.129

If not then remove it

 

[El loco]

removed
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


How do I know if the ip is legit?

2 other comps connect to the network, so... I'm a noob at this kind of stuff lol.

 

[jambab]

well then ask the owners of the other 2 comps and ask them if they are using that IP if not, then remove it.

 

[Osiris]

Start, run type cmd and press enter

type in ipconfig /all and see if those IP address show up. If they do its usually good