Command Service Virus!? Help!

[Nagayo81]

I have been having pop-ups for about 2 weeks now and I can't get rid of it by using Spybot and Ad_Aware..Please help!! It seems the Command Service cannot be removed because it is in my memory. Also my computer has been running slow.
Here is my Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:01:57 AM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valued Customer\My Documents\aim\aim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Valued Customer\My Documents\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Valued Customer\My Documents\VundoFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Valued Customer\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Profiles\default\w5n9frqb.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\esusxfbf.dll",forkonce
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: BMA Interactive Desktop Calendar.lnk = ?
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Valued Customer\My Documents\aim\aim.exe
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loade...eUploader4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/photo/loade...eUploader3.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Please Help! Thanks!

[random/random]

Download the latest version of ComboFix from Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[Nagayo81]

Thanks for the reply and here is the log from Combofix:

"Valued Customer" - 2007-07-26 8:03:06 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\esusxfbf.dll
C:\WINDOWS\system32\xrsmwlfa.dll
C:\WINDOWS\system32\pskurfgt.dll
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mlkkj.tmp
C:\WINDOWS\system32\fbfxsuse.ini
C:\WINDOWS\system32\aflwmsrx.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\VALUED~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\F4A3LXJR\www.broadcaster.com
C:\DOCUME~1\VALUED~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\VALUED~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\n.exe
C:\temp\iee
C:\temp\tn3
C:\WINDOWS\b104.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\system32\B0
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\B1\wr730.exe
C:\WINDOWS\system32\B2
C:\WINDOWS\system32\B3
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\ppreaute.exe
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\tk58.exe
C:\WINDOWS\ymante~1


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-26 08:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 21:58 <DIR> d-------- C:\!KillBox
2007-07-25 10:35 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-25 10:35 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-25 10:35 3,352 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-25 10:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-23 21:40 <DIR> d-------- C:\Program Files\Jasc Software Inc
2007-07-18 13:21 <DIR> d-------- C:\DOCUME~1\VALUED~1\Shared
2007-07-18 13:21 <DIR> d-------- C:\DOCUME~1\VALUED~1\Incomplete
2007-07-18 13:21 <DIR> d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\LimeWire
2007-07-18 13:20 <DIR> d-------- C:\Program Files\LimeWire
2007-07-11 09:15 <DIR> d--hs---- C:\WINDOWS\VmFsdWVkIEN1c3RvbWVy
2007-07-11 09:11 <DIR> d-------- C:\TEMP\brr
2007-07-11 09:11 <DIR> d-------- C:\TEMP\0c2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 21:51:55 21,870 ----a-w C:\WINDOWS\mozver.dat
2007-07-24 23:16:22 -------- d-----w C:\Program Files\Napster
2007-07-24 04:51:46 -------- d-----w C:\DOCUME~1\VALUED~1\APPLIC~1\AdobeUM
2007-07-19 00:13:09 1,886 ----a-w C:\DOCUME~1\VALUED~1\APPLIC~1\wklnhst.dat
2007-07-11 17:03:47 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-12 17:55:29 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-09 07:08:32 -------- d-----w C:\DOCUME~1\VALUED~1\APPLIC~1\Yahoo!
2007-06-04 20:33:15 831 ----a-w C:\WINDOWS\checkip.dat
2007-05-31 01:47:42 -------- d-----w C:\Program Files\Shutterfly
2007-05-31 01:46:49 -------- d-----w C:\DOCUME~1\VALUED~1\APPLIC~1\Shutterfly
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\VmFsdWVkIEN1c3RvbWVy\pAIPxqp4KHhYwalSvqpV.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 04:20 C:\WINDOWS\AGRSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2006-10-14 00:05]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2006-10-14 00:05]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2006-10-14 00:05]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-10-14 00:05]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-10-14 00:05]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-10-14 00:05]
"PCLEPCI"="C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE" [2006-10-14 00:05]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-10-14 00:05]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 11:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-11 18:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\
BMA Interactive Desktop Calendar.lnk - C:\Program Files\BMA Interactive Desktop\BMA Interactive Desktop Calendar.exe [2006-01-21 02:13:56]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-02 10:07:31]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-02 22:57:54]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-04-26 11:38:04]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 11:04:38]

R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\system32\drivers\Cdralw2k.sys
R1 eabfiltr;EABFiltr;\??\C:\WINDOWS\system32\drivers\EABFiltr.sys
R1 PCLEPCI;PCLEPCI;\??\C:\WINDOWS\system32\Drivers\PCLEPCI.SYS
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R3 ApfiltrService;Alps Pointing-device Filter Driver;C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
R3 ASAPIW2k;ASAPIW2K;C:\WINDOWS\system32\drivers\ASAPIW2k.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys
S3 61883;61883 Unit Device;C:\WINDOWS\system32\DRIVERS\61883.sys
S3 Avc;AVC Device;C:\WINDOWS\system32\DRIVERS\avc.sys
S3 BCM42RLY;BCM42RLY;\??\C:\WINDOWS\System32\drivers\BCM42RLY.SYS
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
S3 eabusb;eabusb;\??\C:\WINDOWS\system32\drivers\eabusb.sys
S3 Jukebox3;Jukebox3;C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
S3 MidiSyn;MidiSyn;C:\WINDOWS\system32\drivers\MidiSyn.sys
S3 mr7910;Photo Viewer;C:\WINDOWS\system32\DRIVERS\mr7910.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
S3 TnIDriver;TnIDriver;\??\C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\tni77.tmp
S3 vulfnths;VIA USB Host Controller Lower Filter;C:\WINDOWS\system32\Drivers\vulfnth.sys
S3 vulfntrs;VIA USB Roothub Lower Filter;C:\WINDOWS\system32\Drivers\vulfntr.sys
S3 wlluc48;Wireless LAN PC Card Driver;C:\WINDOWS\system32\DRIVERS\wlluc48.sys


Contents of the 'Scheduled Tasks' folder
2007-07-23 14:28:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-02-25 07:07:00 C:\WINDOWS\tasks\Easy Internet Sign-up.job
2007-07-11 01:00:00 C:\WINDOWS\tasks\Pareto UNS.job
2007-07-26 15:23:01 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 08:21:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 8:26:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-26 08:25

--- E O F ---
Here is the Log from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 8:27:35 AM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Valued Customer\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Profiles\default\w5n9frqb.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: BMA Interactive Desktop Calendar.lnk = ?
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Valued Customer\My Documents\aim\aim.exe
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loade...eUploader4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/photo/loade...eUploader3.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thanks for the help!

[random/random]

• Open a new notepad window (Start>All programs>accessories>notepad)
• Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
  
  Code:

  Folder::
  C:\WINDOWS\VmFsdWVkIEN1c3RvbWVy
  DirLook::
  C:\TEMP\brr
  C:\TEMP\0c2
  Driver::
  TnIDriver
  File::
  C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\tni77.tmp

• Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
• Save it to the desktop as CFscript.txt
• Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
  
• When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
  Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[Nagayo81]

Okay here is the new combofix log:

"Valued Customer" - 2007-07-26 9:13:56 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Valued Customer\Desktop\CFscript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\VmFsdWVkIEN1c3RvbWVy
C:\WINDOWS\VmFsdWVkIEN1c3RvbWVy\pAIPxqp4KHhYwalSvqpV.vbs


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_TNIDRIVER
-------\TnIDriver


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-26 08:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 21:58 <DIR> d-------- C:\!KillBox
2007-07-25 10:35 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-25 10:35 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-25 10:35 3,352 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-25 10:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-23 21:40 <DIR> d-------- C:\Program Files\Jasc Software Inc
2007-07-18 13:21 <DIR> d-------- C:\DOCUME~1\VALUED~1\Shared
2007-07-18 13:21 <DIR> d-------- C:\DOCUME~1\VALUED~1\Incomplete
2007-07-18 13:21 <DIR> d-------- C:\DOCUME~1\VALUED~1\APPLIC~1\LimeWire
2007-07-18 13:20 <DIR> d-------- C:\Program Files\LimeWire
2007-07-11 09:11 <DIR> d-------- C:\TEMP\brr
2007-07-11 09:11 <DIR> d-------- C:\TEMP\0c2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 21:51:55 21,870 ----a-w C:\WINDOWS\mozver.dat
2007-07-24 23:16:22 -------- d-----w C:\Program Files\Napster
2007-07-24 04:51:46 -------- d-----w C:\DOCUME~1\VALUED~1\APPLIC~1\AdobeUM
2007-07-19 00:13:09 1,886 ----a-w C:\DOCUME~1\VALUED~1\APPLIC~1\wklnhst.dat
2007-07-11 17:03:47 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-12 17:55:29 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-09 07:08:32 -------- d-----w C:\DOCUME~1\VALUED~1\APPLIC~1\Yahoo!
2007-06-04 20:33:15 831 ----a-w C:\WINDOWS\checkip.dat
2007-05-31 01:47:42 -------- d-----w C:\Program Files\Shutterfly
2007-05-31 01:46:49 -------- d-----w C:\DOCUME~1\VALUED~1\APPLIC~1\Shutterfly
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\TEMP\brr ----

2007-07-11 09:11 930 --a------ C:\TEMP\brr\tmpZTF.log

---- Directory of C:\TEMP\0c2 ----

2007-04-24 09:21 9248 --a------ C:\TEMP\0c2\tmpRC.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 04:20 C:\WINDOWS\AGRSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2006-10-14 00:05]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 15:21]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2006-10-14 00:05]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2006-10-14 00:05]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2006-10-14 00:05]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-10-14 00:05]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-10-14 00:05]
"PCLEPCI"="C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE" [2006-10-14 00:05]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-10-14 00:05]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 11:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-01-11 18:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\
BMA Interactive Desktop Calendar.lnk - C:\Program Files\BMA Interactive Desktop\BMA Interactive Desktop Calendar.exe [2006-01-21 02:13:56]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-02 10:07:31]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-02 22:57:54]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-04-26 11:38:04]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 11:04:38]

R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\system32\drivers\Cdralw2k.sys
R1 eabfiltr;EABFiltr;\??\C:\WINDOWS\system32\drivers\EABFiltr.sys
R1 PCLEPCI;PCLEPCI;\??\C:\WINDOWS\system32\Drivers\PCLEPCI.SYS
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R3 ApfiltrService;Alps Pointing-device Filter Driver;C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
R3 ASAPIW2k;ASAPIW2K;C:\WINDOWS\system32\drivers\ASAPIW2k.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys
S3 61883;61883 Unit Device;C:\WINDOWS\system32\DRIVERS\61883.sys
S3 Avc;AVC Device;C:\WINDOWS\system32\DRIVERS\avc.sys
S3 BCM42RLY;BCM42RLY;\??\C:\WINDOWS\System32\drivers\BCM42RLY.SYS
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
S3 eabusb;eabusb;\??\C:\WINDOWS\system32\drivers\eabusb.sys
S3 Jukebox3;Jukebox3;C:\WINDOWS\system32\DRIVERS\ctpdusb.sys
S3 MidiSyn;MidiSyn;C:\WINDOWS\system32\drivers\MidiSyn.sys
S3 mr7910;Photo Viewer;C:\WINDOWS\system32\DRIVERS\mr7910.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
S3 vulfnths;VIA USB Host Controller Lower Filter;C:\WINDOWS\system32\Drivers\vulfnth.sys
S3 vulfntrs;VIA USB Roothub Lower Filter;C:\WINDOWS\system32\Drivers\vulfntr.sys
S3 wlluc48;Wireless LAN PC Card Driver;C:\WINDOWS\system32\DRIVERS\wlluc48.sys


Contents of the 'Scheduled Tasks' folder
2007-07-23 14:28:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2006-02-25 07:07:00 C:\WINDOWS\tasks\Easy Internet Sign-up.job
2007-07-11 01:00:00 C:\WINDOWS\tasks\Pareto UNS.job
2007-07-26 16:28:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 09:27:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 9:32:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-26 09:31
C:\ComboFix2.txt ... 2007-07-26 08:26

--- E O F ---

Here is the new Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 9:35:21 AM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Valued Customer\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Profiles\default\w5n9frqb.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: BMA Interactive Desktop Calendar.lnk = ?
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Valued Customer\My Documents\aim\aim.exe
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loade...eUploader4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/photo/loade...eUploader3.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thanks again!

[random/random]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 .
• Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

Acrobat reader is outdated, uninstall the one you have installed and install the latest one from here:

http://www.adobe.com/products/acrobat/readstep2.html

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

Then close all windows except HijackThis and click Fix Checked

Go here to run an online scannner from Kaspersky.

• Click on "Kaspersky Online Scanner"
• A new smaller window will pop up. Press on "Accept". After reading the contents.
• Now Kaspersky will update the anti-virus database. Let it run.
• Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
• Then click on "My Computer", and the scan will start.
• Once finished, save the log as "KAV.txt" to the desktop.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the Kaspersky log, a new HijackThis log & let me know of any remaining problems

[Nagayo81]

The Command Service virus I had seems to be gone but now my computer has been running slow (since Monday). When I try to use my musicmatch program the music has loading problems and lags. This also happens to other medial type files such as Windows Media Player,etc. No other programs are running and it seems like it is loading something.

Here is the Kspersky log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 27, 2007 12:23:57 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 27/07/2007
Kaspersky Anti-Virus database records: 368356
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 120273
Number of viruses found: 22
Number of infected objects: 69
Number of suspicious objects: 0
Duration of the scan process: 06:57:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0310\values Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Valued Customer\Application Data\MySpace\IM\Logs\MySpaceIM-Network-20070726-234729.log Object is locked skipped
C:\Documents and Settings\Valued Customer\Application Data\MySpace\IM\Logs\MySpaceIm_07-26-2007-23-47-00-0312.log Object is locked skipped
C:\Documents and Settings\Valued Customer\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Temp\JET493A.tmp Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Temp\~DFCAB8.tmp Object is locked skipped
C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Valued Customer\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Valued Customer\ntuser.dat.LOG Object is locked skipped
C:\Downloads\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Downloads\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Downloads\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Apoint2K\Apoint.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\HPQ\Default Settings\cpqset.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Napster\napster.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\Pinnacle Systems\PPE\PPE.EXE Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\Program Files\WinBudget\bin\crap.1168965912.old/EXE-file Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\Program Files\WinBudget\bin\crap.1168965912.old Embedded EXE: infected - 1 skipped
C:\Program Files\WinBudget\bin\matrix.dll Infected: not-a-virus:AdWare.Win32.BHO.by skipped
C:\QooBox\Quarantine\C\n.exe.vir Infected: Trojan-Downloader.Win32.Small.cdo skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\b02FdUe\b02FdUe1065.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\B1\wr730.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkklm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ppreaute.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xrsmwlfa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP371\A0088843.exe Infected: Trojan-Downloader.Win32.PurityScan.af skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP373\A0093979.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP373\A0094034.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP373\A0094035.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP373\A0094036.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP373\A0094037.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP373\A0094045.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP397\A0097504.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP397\A0097512.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP398\A0097542.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP398\A0097543.exe/data0004/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP398\A0097543.exe/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP398\A0097543.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP398\A0097544.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP398\A0097544.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP398\A0097545.exe Infected: Trojan-Downloader.Win32.VB.axa skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP398\A0097546.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103028.exe Infected: Trojan-Downloader.Win32.Small.cdo skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103030.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103030.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103030.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103030.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103031.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103032.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103033.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103035.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103036.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP408\A0103038.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP413\A0103400.rbf Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP413\change.log Object is locked skipped
C:\VundoFix Backups\awtqp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\encpjgjq.exe.bad Infected: Trojan.Win32.Agent.anr skipped
C:\VundoFix Backups\hgghihh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\nnnomki.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\pmnno.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\VundoFix Backups\xitpitcb.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{10595087-81DB-4503-B564-82661AF719FE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hkcmd.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\WINDOWS\system32\igfxtray.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\WINDOWS\system32\PSDrvCheck.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


**The text is too long (over 20000) so I will post the HijackThis log next**

[Nagayo81]

Here is the HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:29:53 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Valued Customer\My Documents\ewido\security suite\SecuritySuite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Valued Customer\My Documents\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Profiles\default\w5n9frqb.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: BMA Interactive Desktop Calendar.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Valued Customer\My Documents\aim\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loade...eUploader4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.winkflash.com/photo/loade...eUploader3.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe



Let me know what you think and other options I have.

[random/random]

You're not clean yet

Please download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please provide Find AWF report in your reply.

[Nagayo81]

Here is the FindAWF report:


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\APOINT2K\BAK

02/08/2005 09:38 AM 159,744 Apoint.exe
1 File(s) 159,744 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

02/23/2006 04:45 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 09:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

01/24/2006 11:37 AM 7,094,272 MsnMsgr.Exe
1 File(s) 7,094,272 bytes

Directory of C:\PROGRA~1\NAPSTER\BAK

06/29/2006 02:17 PM 319,488 napster.exe
1 File(s) 319,488 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

03/07/2006 09:17 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

12/13/2004 07:38 AM 126,976 hkcmd.exe
12/13/2004 07:43 AM 155,648 igfxtray.exe
03/10/2004 05:26 PM 406,016 PSDrvCheck.exe
3 File(s) 688,640 bytes

Directory of C:\HP\DRIVERS\HPLSBW~1\BAK

10/14/2004 01:54 PM 253,952 lsburnwatcher.exe
1 File(s) 253,952 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

08/06/2004 08:27 AM 860,160 Smax4.exe
07/27/2004 01:48 PM 1,388,544 SMax4PNP.exe
2 File(s) 2,248,704 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/16/2005 11:11 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HPQ\DEFAUL~1\BAK

09/07/2004 04:28 PM 213,054 cpqset.exe
1 File(s) 213,054 bytes

Directory of C:\PROGRA~1\HPQ\HPWIRE~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HPQ\QUICKL~1\BAK

12/03/2004 01:24 PM 290,816 EabServr.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK

01/19/2006 11:06 AM 11,776 mimboot.exe
01/19/2006 11:06 AM 110,592 mm_tray.exe
2 File(s) 122,368 bytes

Directory of C:\PROGRA~1\PINNAC~1\PPE\BAK

09/23/2003 12:04 PM 32,768 PPE.EXE
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\CREATIVE\MEDIAS~1\DETECTOR\BAK

10/05/2004 10:52 AM 98,304 CTDetect.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

03/04/2005 03:36 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\ULEADS~1\ULEADV~1.0\PLAYER\UVS8~1.0_O\RUNTIM~1.BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

25600 Oct 14 2006 "C:\Program Files\Apoint2K\Apoint.exe"
159744 Feb 8 2005 "C:\SWSetup\Touchpad\Apoint.exe"
159744 Feb 8 2005 "C:\Program Files\Apoint2K\bak\Apoint.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Feb 23 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Feb 3 2007 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Oct 30 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
1667584 Aug 3 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
7094272 Jan 24 2006 "C:\Program Files\MSN Messenger\bak\MsnMsgr.Exe"
25600 Oct 14 2006 "C:\Program Files\Napster\napster.exe"
319488 Jun 29 2006 "C:\Program Files\Napster\bak\napster.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\qttask.exe"
155648 Mar 7 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
126976 Dec 13 2004 "C:\SWSetup\Video\hkcmd.exe"
25600 Oct 14 2006 "C:\WINDOWS\system32\hkcmd.exe"
126976 Dec 13 2004 "C:\SWSetup\Video\Win2000\hkcmd.exe"
126976 Dec 13 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
155648 Dec 13 2004 "C:\SWSetup\Video\igfxtray.exe"
25600 Oct 14 2006 "C:\WINDOWS\system32\igfxtray.exe"
155648 Dec 13 2004 "C:\SWSetup\Video\Win2000\igfxtray.exe"
155648 Dec 13 2004 "C:\WINDOWS\system32\bak\igfxtray.exe"
25600 Oct 14 2006 "C:\WINDOWS\system32\PSDrvCheck.exe"
406016 Mar 10 2004 "C:\WINDOWS\system32\bak\PSDrvCheck.exe"
25600 Oct 14 2006 "C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
253952 Oct 14 2004 "C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe"
25600 Oct 14 2006 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
860160 Aug 6 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
860160 Aug 6 2004 "C:\SWSetup\Audio\SM_Panel\Sys\SMax4.exe"
25600 Oct 14 2006 "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
1388544 Jul 27 2004 "C:\Program Files\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
1388544 Jul 27 2004 "C:\SWSetup\Audio\SM_PNP\Sys\SMax4PNP.exe"
25600 Oct 14 2006 "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
49152 Feb 16 2005 "C:\Program Files\Hp\HP Software Update\bak\HPWuSchd2.exe"
25600 Oct 14 2006 "C:\Program Files\HPQ\Default Settings\cpqset.exe"
213054 Sep 7 2004 "C:\Program Files\HPQ\Default Settings\bak\cpqset.exe"
25600 Oct 14 2006 "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe"
290816 Dec 3 2004 "C:\Program Files\HPQ\Quick Launch Buttons\bak\EabServr.exe"
25600 Oct 14 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe"
11776 Feb 15 2006 "C:\Program Files\Musicmatch\Musicmatch Update\MMJB\mimboot.exe"
11776 Jan 19 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mimboot.exe"
25600 Oct 14 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
110592 Feb 15 2006 "C:\Program Files\Musicmatch\Musicmatch Update\MMJB\mm_tray.exe"
110592 Jan 19 2006 "C:\Program Files\Musicmatch\Musicmatch Jukebox\bak\mm_tray.exe"
25600 Oct 14 2006 "C:\Program Files\Pinnacle Systems\PPE\PPE.EXE"
32768 Sep 23 2003 "C:\Program Files\Pinnacle Systems\PPE\bak\PPE.EXE"
25600 Oct 14 2006 "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe"
98304 Oct 5 2004 "C:\Program Files\Creative\MediaSource\Detector\bak\CTDetect.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
77824 May 23 2007 "C:\Program Files\MemoryMixer\jre\bin\jusched.exe"
77824 May 24 2007 "C:\Program Files\Common Files\i4j_jres\1.6.0\bin\jusched.exe"
126976 Jul 12 2007 "C:\Program Files\Java\jdk1.6.0_02\jre\bin\jusched.exe"
36975 Mar 4 2005 "C:\Program Files\Java\jre1.5.0_02\bin\bak\jusched.exe"
77824 Dec 11 2006 "C:\Program Files\MemoryMixer\Components\CDFiles\jre\bin\jusched.exe"
52 Jan 18 2005 "C:\SWSetup\Btooth\Autorun.inf"
45 Mar 2 1999 "C:\SWSetup\DVD\autorun.inf"
25 Aug 29 2003 "C:\SWSetup\Video\autorun.inf"
51 Apr 8 2004 "C:\Program Files\Online Services\PeoplePC\Autorun.inf"
52 Jan 18 2005 "C:\SWSetup\Btooth\TZ\Autorun.inf"
27 Feb 8 2005 "C:\SWSetup\SonicDMP\MYDVD_61\AUTORUN.INF"
123 Oct 29 2004 "C:\SWSetup\SYMIS\US\AUTORUN.INF"
62 Mar 22 2007 "C:\Program Files\MemoryMixer\Components\CDFiles\AutoRun.inf"
31 Mar 15 2004 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\AUTORUN.INF"
184 Aug 14 2003 "C:\SWSetup\Preload\Off03Tri\US\AUTORUN.INF"
31 Mar 15 2004 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\RunTimePlayer2.0\AUTORUN.INF"
49 Sep 19 2003 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\UVS8.0_Other_BakUp\RunTimePlayer2.0.20040309\AUTORUN.INF"
49 Sep 19 2003 "C:\Program Files\Ulead Systems\Ulead VideoStudio 8.0\Player\UVS8.0_Other_BakUp\RunTimePlayer2.0.bak\ALL\AUTORUN.INF"


end of report