Obfuscated.kp and possible Virtuamonde?

[ecidonex]

Hi

The winpfind3 logfile is too long for one post, so i'll split it into several:

part 1:
WinPFind3 logfile created on: 11/21/2007 10:23:16 AM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Shashi Kapadia\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1022.37 Mb Total Physical Memory | 435.74 Mb Available Physical Memory | 42.62% Memory free
2.40 Gb Paging File | 1.19 Gb Available in Paging File | 49.48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 10.21 Gb Free Space | 27.41% Space Free
Drive D: | 12.55 Gb Total Space | 3.18 Gb Free Space | 25.36% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Shashi Kapadia
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:28 PM | Attr = ]
aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 7:52:48 PM | Attr = ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 405504 bytes | Modified Date = 2/15/2006 11:33:12 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 405504 bytes | Modified Date = 2/15/2006 11:33:12 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 53408 bytes | Modified Date = 3/7/2006 12:02:14 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 192160 bytes | Modified Date = 3/7/2006 12:02:34 PM | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 169632 bytes | Modified Date = 3/7/2006 12:03:02 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 2:43:58 PM | Attr = ]
cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 2:43:58 PM | Attr = ]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (B) | Size = 1433616 bytes | Modified Date = 5/27/2004 12:49:44 PM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 30448 bytes | Modified Date = 3/17/2006 5:34:12 AM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = ]
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10, 1, 0, 79 | Size = 397381 bytes | Modified Date = 12/28/2005 11:52:32 AM | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 12/28/2005 11:45:02 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.8: 2007100816 | Size = 7648616 bytes | Modified Date = 10/25/2007 10:55:26 PM | Attr = ]
gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 4:48:34 PM | Attr = ]
hibwbtel.exe -> %System32%\hibwbtel.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/20/2007 2:08:14 PM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 9/16/2003 4:19:24 AM | Attr = ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10, 1, 0, 17 | Size = 602182 bytes | Modified Date = 12/28/2005 11:56:16 AM | Attr = ]
insider.exe -> %ProgramFiles%\Insider\Insider.exe -> [Ver = | Size = 136192 bytes | Modified Date = 11/20/2007 1:47:02 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 1:42:04 PM | Attr = ]
javaw.exe -> %ProgramFiles%\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe -> [Ver = | Size = 20549 bytes | Modified Date = 5/6/2001 10:14:22 AM | Attr = ]
kpf4gui.exe -> %ProgramFiles%\Sunbelt Software\Personal Firewall\kpf4gui.exe -> Sunbelt Software [Ver = 4.3.268.0 | Size = 1955352 bytes | Modified Date = 7/18/2006 11:02:56 AM | Attr = ]
kpf4gui.exe -> %ProgramFiles%\Sunbelt Software\Personal Firewall\kpf4gui.exe -> Sunbelt Software [Ver = 4.3.268.0 | Size = 1955352 bytes | Modified Date = 7/18/2006 11:02:56 AM | Attr = ]
kpf4ss.exe -> %ProgramFiles%\Sunbelt Software\Personal Firewall\kpf4ss.exe -> Sunbelt Software [Ver = 4.3.268.0 | Size = 1205784 bytes | Modified Date = 7/18/2006 11:02:58 AM | Attr = ]
motivesb.exe -> %ProgramFiles%\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 05.00.00.asst_classic.smartbridge.20020518_104000 | Size = 327680 bytes | Modified Date = 5/18/2002 11:04:06 AM | Attr = ]
mrofinu.exe -> %SystemRoot%\mrofinu.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Modified Date = 11/14/2007 12:20:10 AM | Attr = ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 2:57:54 PM | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 884736 bytes | Modified Date = 11/16/2006 6:58:32 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/28/2006 7:41:20 PM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 12/28/2005 11:44:24 AM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 12/28/2005 11:47:10 AM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.5 | Size = 1160848 bytes | Modified Date = 2/6/2006 11:50:24 AM | Attr = ]
ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 4.0.00.05080 | Size = 81920 bytes | Modified Date = 5/8/2006 5:17:56 AM | Attr = ]
statusclient.exe -> %ProgramFiles%\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe -> Hewlett-Packard [Ver = 00.00.13 | Size = 36864 bytes | Modified Date = 12/16/2002 3:51:24 PM | Attr = ]
stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 4:30:44 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 11:48:02 AM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:20 PM | Attr = ]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
webcomp.exe -> %CommonProgramFiles%\Mobipocket Shared\webcomp.exe -> Mobipocket.com [Ver = 4, 9, 0, 4901 | Size = 1859584 bytes | Modified Date = 7/13/2005 3:16:16 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10, 1, 0, 27 | Size = 262217 bytes | Modified Date = 12/28/2005 12:04:56 PM | Attr = ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 0, 42 | Size = 667718 bytes | Modified Date = 12/28/2005 11:55:40 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 12:28:18 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 405504 bytes | Modified Date = 2/15/2006 11:33:12 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 192160 bytes | Modified Date = 3/7/2006 12:02:34 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 103.0.3.8 | Size = 79472 bytes | Modified Date = 12/13/2004 3:30:08 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 169632 bytes | Modified Date = 3/7/2006 12:03:02 PM | Attr = ]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (B) | Size = 1433616 bytes | Modified Date = 5/27/2004 12:49:44 PM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 30448 bytes | Modified Date = 3/17/2006 5:34:12 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\hibwbtel.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/20/2007 2:08:14 PM | Attr = ]
(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 114753 bytes | Modified Date = 12/28/2005 11:45:02 AM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 9/26/2007 1:41:56 PM | Attr = ]
(KPF4) Sunbelt Kerio Personal Firewall 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\Sunbelt Software\Personal Firewall\kpf4ss.exe -> Sunbelt Software [Ver = 4.3.268.0 | Size = 1205784 bytes | Modified Date = 7/18/2006 11:02:58 AM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 10:41:04 AM | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.5.01.04270 | Size = 53337 bytes | Modified Date = 4/27/2006 5:35:16 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 2:57:54 PM | Attr = ]
(Norton Ghost) Norton Ghost [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Ghost\Agent\VProSvc.exe -> Symantec Corporation [Ver = 10.0.1.9528 | Size = 2066072 bytes | Modified Date = 12/7/2005 4:05:34 PM | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.5.01.04270 | Size = 49241 bytes | Modified Date = 4/27/2006 5:27:06 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\hpzipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 1/5/2004 2:27:32 AM | Attr = ]
(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10, 1, 0, 1 | Size = 217164 bytes | Modified Date = 12/28/2005 11:44:24 AM | Attr = ]
(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10, 1, 0, 33 | Size = 540745 bytes | Modified Date = 12/28/2005 11:47:10 AM | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 10.1.0.394 | Size = 115952 bytes | Modified Date = 3/17/2006 5:34:24 AM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.2.211 | Size = 214720 bytes | Modified Date = 1/24/2006 7:06:58 PM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 2.2.0.5 | Size = 1160848 bytes | Modified Date = 2/6/2006 11:50:24 AM | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.5.01.04270 | Size = 69718 bytes | Modified Date = 4/27/2006 5:16:28 PM | Attr = ]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 4.0.00.05080 | Size = 69632 bytes | Modified Date = 5/8/2006 4:24:54 AM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 10.1.0.394 | Size = 1799408 bytes | Modified Date = 3/17/2006 5:34:20 AM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 534 | Size = 822424 bytes | Modified Date = 6/23/2006 8:35:40 AM | Attr = ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:10 PM | Attr = ]
(WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10, 1, 0, 27 | Size = 262217 bytes | Modified Date = 12/28/2005 12:04:56 PM | Attr = ]

[ecidonex]

winpfind3 part 2:

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 4:48:34 PM | Attr = ]
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 8/12/2005 2:43:58 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 104.0.7.3 | Size = 53408 bytes | Modified Date = 3/7/2006 12:02:14 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 127035 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
DXDllRegExe -> dxdllreg.exe -> File not found
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10, 1, 0, 17 | Size = 602182 bytes | Modified Date = 12/28/2005 11:56:16 AM | Attr = ]
IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10, 1, 0, 42 | Size = 667718 bytes | Modified Date = 12/28/2005 11:55:40 AM | Attr = ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 9/26/2007 1:42:04 PM | Attr = ]
Motive SmartBridge -> %ProgramFiles%\Verizon Online\SupportCenter\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 05.00.00.asst_classic.smartbridge.20020518_104000 | Size = 327680 bytes | Modified Date = 5/18/2002 11:04:06 AM | Attr = ]
MSPY2002 -> %System32%\IME\PINTLGNT\IMSCINST.EXE -> [Ver = | Size = 59392 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 3:40:44 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 5:24:52 AM | Attr = ]
runner1 -> %SystemRoot%\mrofinu.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Modified Date = 11/14/2007 12:20:10 AM | Attr = ]
SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 4:30:44 PM | Attr = ]
StatusClient -> %ProgramFiles%\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe -> Hewlett-Packard [Ver = 00.00.13 | Size = 36864 bytes | Modified Date = 12/16/2002 3:51:24 PM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 11:48:02 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/28/2006 7:41:20 PM | Attr = ]
TomcatStartup -> %ProgramFiles%\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe -> Hewlett-Packard [Ver = 2, 0, 0, 3 | Size = 155648 bytes | Modified Date = 3/31/2003 6:28:28 PM | Attr = ]
UserFaultCheck -> -> File not found
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:28 PM | Attr = ]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr = ]
Insider -> %ProgramFiles%\Insider\Insider.exe -> [Ver = | Size = 136192 bytes | Modified Date = 11/20/2007 1:47:02 PM | Attr = ]
Mobipocket Web Companion -> %CommonProgramFiles%\Mobipocket Shared\webcomp.exe -> Mobipocket.com [Ver = 4, 9, 0, 4901 | Size = 1859584 bytes | Modified Date = 7/13/2005 3:16:16 PM | Attr = ]
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe -> [Ver = 4.0.00.05080 | Size = 81920 bytes | Modified Date = 5/8/2006 5:17:56 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 2/16/2004 7:13:54 PM | Attr = ]
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\Cisco Systems VPN Client.lnk -> %ProgramFiles%\Cisco Systems\VPN Client\vpngui.exe -> Cisco Systems, Inc. [Ver = 4.0.4 (B) | Size = 1466384 bytes | Modified Date = 5/27/2004 12:49:50 PM | Attr = ]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = ]
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 9/16/2003 4:19:24 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [Ver = | Size = 111616 bytes | Modified Date = 6/23/2006 8:42:38 AM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE} [HKLM] -> Reg Data - Key not found [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 61440 bytes | Modified Date = 2/15/2006 11:34:14 PM | Attr = ]
fgkcxyoh -> %System32%\fgkcxyoh.dll -> [Ver = | Size = 145984 bytes | Modified Date = 11/20/2007 2:10:12 PM | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 10.1.0.394 | Size = 43760 bytes | Modified Date = 3/17/2006 5:34:36 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.theme ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir...ie&ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> 127.0.0.1;<local> ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
online_musicmatch.com [https] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
mlb_mlb.com [http] -> ->
www_mlb.com [http] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 12/6/2004 1:05:00 AM | Attr = ]
{9DD07EF0-45BE-4D54-B94F-9ECBAE564E33} [HKLM] -> %System32%\jkhhh.dll [Reg Data - Value does not exist] -> [Ver = | Size = 329824 bytes | Modified Date = 11/18/2007 4:03:54 PM | Attr = ]
{A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\fgkcxyoh.dll [Reg Data - Value does not exist] -> [Ver = | Size = 145984 bytes | Modified Date = 11/20/2007 2:10:12 PM | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 7:05:30 PM | Attr = R ]
{B7672BAF-E9A3-49B6-86B2-C81719A18A4C} [HKLM] -> %System32%\kayqqplk.dll [Reg Data - Value does not exist] -> [Ver = | Size = 11840 bytes | Modified Date = 11/20/2007 2:13:48 PM | Attr = ]
{C0E59FFE-565A-4C77-B70E-3F19E33647F9} [HKLM] -> %ProgramFiles%\100% Free Rummy Toolbar\v3.2.0.0\100%_Free_Rummy_Toolbar.dll [100% Free Rummy Toolbar Helper] -> [Ver = 3,2,0,0 | Size = 798720 bytes | Modified Date = 9/29/2007 8:40:04 AM | Attr = ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 2/22/2006 12:00:30 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\fgkcxyoh.dll [Security Toolbar] -> [Ver = | Size = 145984 bytes | Modified Date = 11/20/2007 2:10:12 PM | Attr = ]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 7:05:30 PM | Attr = R ]
{8C550565-107B-4FEE-B2CC-9B6B12CE53F6} [HKLM] -> %ProgramFiles%\100% Free Rummy Toolbar\v3.2.0.0\100%_Free_Rummy_Toolbar.dll [100% Free Rummy Toolbar] -> [Ver = 3,2,0,0 | Size = 798720 bytes | Modified Date = 9/29/2007 8:40:04 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\fgkcxyoh.dll [Security Toolbar] -> [Ver = | Size = 145984 bytes | Modified Date = 11/20/2007 2:10:12 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 3, 0, 131, 0 | Size = 1191424 bytes | Modified Date = 2/14/2006 7:05:30 PM | Attr = R ]
WebBrowser\\{8C550565-107B-4FEE-B2CC-9B6B12CE53F6} [HKLM] -> %ProgramFiles%\100% Free Rummy Toolbar\v3.2.0.0\100%_Free_Rummy_Toolbar.dll [100% Free Rummy Toolbar] -> [Ver = 3,2,0,0 | Size = 798720 bytes | Modified Date = 9/29/2007 8:40:04 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 4:46:14 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Google Search -> %ProgramFiles%\google\GoogleToolbar2.dll\cmsearch.htm -> File not found
&Translate English Word -> %ProgramFiles%\google\GoogleToolbar2.dll\cmwordtrans.htm -> File not found
Backward Links -> %ProgramFiles%\google\GoogleToolbar2.dll\cmbacklinks.htm -> File not found
Cached Snapshot of Page -> %ProgramFiles%\google\GoogleToolbar2.dll\cmcache.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
Similar Pages -> %ProgramFiles%\google\GoogleToolbar2.dll\cmsimilar.htm -> File not found
Translate Page into English -> %ProgramFiles%\google\GoogleToolbar2.dll\cmtrans.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2BC3D25A-5856-4386-BC97-84972660E2F3} -> (Windows Mobile-based Device) ->
{8505CA9B-9629-47AC-BED0-F8C37D6EDC7F} -> (1394 Net Adapter) ->
{E2C8DD87-FAAE-452C-8C0E-FE8233D9EAA8} -> (Broadcom 440x 10/100 Integrated Controller) ->
{E2D76DF8-96BD-4389-8BB0-43E7089AD561} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) ->
{F7CC5FBF-7B24-418B-974E-5822F0862AE7} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 12/22/2003 7:38:40 AM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english...an_unicode.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -> - CodeBase = http://download.mcafee.com/molbin/sh...1/mcinsctl.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsu...?1152404323375 ->
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} -> DivXBrowserPlugin Object - CodeBase = http://download.divx.com/player/DivXBrowserPlugin.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/...ndows-i586.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/...ndows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get...nt/swflash.cab ->
Microsoft XML Parser for Java -> - CodeBase = file:///C:/WINDOWS/Java/classes/xmldso.cab ->

[ecidonex]

part 3:

[Files/Folders - Created Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 11/20/2007 1:50:04 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072103424 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr = HS]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 11/18/2007 11:48:49 AM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 11/18/2007 11:18:20 AM | Attr = ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 11/14/2007 3:05:30 AM | Attr = H ]
b147.exe -> %SystemRoot%\b147.exe -> [Ver = | Size = 97280 bytes | Created Date = 10/30/2007 1:53:32 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 11/18/2007 11:48:11 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 11/18/2007 3:33:10 PM | Attr = ]
mrofinu.exe -> %SystemRoot%\mrofinu.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Created Date = 11/14/2007 12:20:08 AM | Attr = ]
mrofinu572.exe.tmp -> %SystemRoot%\mrofinu572.exe.tmp -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Created Date = 11/14/2007 12:15:23 AM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 11/18/2007 11:48:11 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 11/18/2007 3:57:35 PM | Attr = ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 2, 0 | Size = 376832 bytes | Created Date = 11/20/2007 12:32:59 AM | Attr = ]
DGPNorm.ocx -> %System32%\DGPNorm.ocx -> DGP [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Created Date = 11/20/2007 12:32:59 AM | Attr = ]
fgkcxyoh.dll -> %System32%\fgkcxyoh.dll -> [Ver = | Size = 145984 bytes | Created Date = 11/20/2007 2:10:10 PM | Attr = ]
fgkcxyoh.dllbox -> %System32%\fgkcxyoh.dllbox -> [Ver = | Size = 20810 bytes | Created Date = 11/20/2007 2:10:11 PM | Attr = HS]
hhhkj.ini -> %System32%\hhhkj.ini -> [Ver = | Size = 441629 bytes | Created Date = 11/18/2007 4:03:53 PM | Attr = HS]
hhhkj.ini2 -> %System32%\hhhkj.ini2 -> [Ver = | Size = 441402 bytes | Created Date = 11/18/2007 4:03:53 PM | Attr = HS]
hibwbtel.exe -> %System32%\hibwbtel.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/20/2007 2:08:12 PM | Attr = ]
hjbmrcsp.dll -> %System32%\hjbmrcsp.dll -> [Ver = | Size = 145984 bytes | Created Date = 11/20/2007 2:09:49 PM | Attr = ]
jkhhh.dll -> %System32%\jkhhh.dll -> [Ver = | Size = 329824 bytes | Created Date = 11/18/2007 4:03:45 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 11/14/2007 5:20:56 PM | Attr = ]
kayqqplk.dll -> %System32%\kayqqplk.dll -> [Ver = | Size = 11840 bytes | Created Date = 11/20/2007 2:13:46 PM | Attr = ]
lame_enc.dll -> %System32%\lame_enc.dll -> [Ver = | Size = 233472 bytes | Created Date = 11/20/2007 12:32:59 AM | Attr = ]
ldddvgph.ini -> %System32%\ldddvgph.ini -> [Ver = | Size = 679701 bytes | Created Date = 11/16/2007 12:17:32 AM | Attr = HS]
mcibsdkf.ini -> %System32%\mcibsdkf.ini -> [Ver = | Size = 669357 bytes | Created Date = 11/14/2007 12:46:08 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 11/14/2007 10:22:35 AM | Attr = ]
NCTAudioFile.dll -> %System32%\NCTAudioFile.dll -> NCT Company [Ver = 1, 7, 4, 1 | Size = 1703936 bytes | Created Date = 11/20/2007 12:33:00 AM | Attr = ]
NCTWMAFile.dll -> %System32%\NCTWMAFile.dll -> NCT Company [Ver = 1, 7, 2, 0 | Size = 360448 bytes | Created Date = 11/20/2007 12:33:00 AM | Attr = ]
sqkoffwf.ini -> %System32%\sqkoffwf.ini -> [Ver = | Size = 679503 bytes | Created Date = 11/17/2007 10:55:14 PM | Attr = HS]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 11/18/2007 11:48:11 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 11/18/2007 11:48:11 AM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 11/18/2007 11:48:11 AM | Attr = ]
sysmwwod.dll -> %System32%\sysmwwod.dll -> [Ver = | Size = 23 bytes | Created Date = 11/20/2007 12:37:45 AM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 11/18/2007 11:48:11 AM | Attr = ]
xrlkywwt.ini -> %System32%\xrlkywwt.ini -> [Ver = | Size = 1092409 bytes | Created Date = 11/17/2007 11:58:16 PM | Attr = HS]

[Files/Folders - Modified Within 30 days]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 11/20/2007 1:50:06 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072103424 bytes | Modified Date = 11/21/2007 10:04:40 AM | Attr = HS]
My Music -> %SystemDrive%\My Music -> [Folder | Modified Date = 12/3/2007 10:44:24 AM | Attr = ]
palmapps -> %SystemDrive%\palmapps -> [Folder | Modified Date = 11/18/2007 11:39:26 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/20/2007 3:00:40 PM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 11/18/2007 3:57:16 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 11/18/2007 11:48:28 AM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 11/20/2007 1:46:46 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 11/20/2007 2:31:12 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/21/2007 10:09:16 AM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 11/14/2007 3:04:52 AM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 11/14/2007 3:05:32 AM | Attr = H ]
b147.exe -> %SystemRoot%\b147.exe -> [Ver = | Size = 97280 bytes | Modified Date = 10/30/2007 11:53:32 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/21/2007 10:04:48 AM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/29/2007 6:56:20 PM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 11/20/2007 2:37:20 PM | Attr = HS]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 11/15/2007 6:21:34 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 11/20/2007 1:53:08 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 11/20/2007 1:51:36 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/15/2007 6:07:24 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/20/2007 12:35:30 AM | Attr = HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 1072136192 bytes | Modified Date = 11/20/2007 2:37:02 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 11/15/2007 6:21:34 PM | Attr = ]
mrofinu.exe -> %SystemRoot%\mrofinu.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Modified Date = 11/14/2007 12:20:10 AM | Attr = ]
mrofinu572.exe.tmp -> %SystemRoot%\mrofinu572.exe.tmp -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Modified Date = 11/14/2007 12:15:24 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 11/19/2007 4:45:44 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/21/2007 10:22:06 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/21/2007 10:07:46 AM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 11/21/2007 10:05:46 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 11/20/2007 2:13:48 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 11/21/2007 10:10:30 AM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 326 bytes | Modified Date = 11/14/2007 5:15:32 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 10/30/2007 4:55:04 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/21/2007 10:05:10 AM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/20/2007 2:34:40 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 11/18/2007 3:33:34 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 11/14/2007 3:13:58 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/18/2007 3:51:42 PM | Attr = ]
fgkcxyoh.dll -> %System32%\fgkcxyoh.dll -> [Ver = | Size = 145984 bytes | Modified Date = 11/20/2007 2:10:12 PM | Attr = ]
fgkcxyoh.dllbox -> %System32%\fgkcxyoh.dllbox -> [Ver = | Size = 20810 bytes | Modified Date = 11/21/2007 10:23:24 AM | Attr = HS]
hhhkj.ini -> %System32%\hhhkj.ini -> [Ver = | Size = 441629 bytes | Modified Date = 11/21/2007 10:23:32 AM | Attr = HS]
hhhkj.ini2 -> %System32%\hhhkj.ini2 -> [Ver = | Size = 441402 bytes | Modified Date = 11/21/2007 10:22:12 AM | Attr = HS]
hibwbtel.exe -> %System32%\hibwbtel.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/20/2007 2:08:14 PM | Attr = ]
hjbmrcsp.dll -> %System32%\hjbmrcsp.dll -> [Ver = | Size = 145984 bytes | Modified Date = 11/20/2007 2:09:52 PM | Attr = ]
jkhhh.dll -> %System32%\jkhhh.dll -> [Ver = | Size = 329824 bytes | Modified Date = 11/18/2007 4:03:54 PM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 11/14/2007 5:20:58 PM | Attr = ]
kayqqplk.dll -> %System32%\kayqqplk.dll -> [Ver = | Size = 11840 bytes | Modified Date = 11/20/2007 2:13:48 PM | Attr = ]
ldddvgph.ini -> %System32%\ldddvgph.ini -> [Ver = | Size = 679701 bytes | Modified Date = 11/17/2007 10:44:28 PM | Attr = HS]
mcibsdkf.ini -> %System32%\mcibsdkf.ini -> [Ver = | Size = 669357 bytes | Modified Date = 11/16/2007 12:09:02 AM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 11/14/2007 12:21:28 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 64262 bytes | Modified Date = 11/6/2007 11:41:00 AM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405878 bytes | Modified Date = 11/6/2007 11:41:00 AM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 477404 bytes | Modified Date = 11/6/2007 11:41:00 AM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 11/18/2007 11:48:28 AM | Attr = ]
sqkoffwf.ini -> %System32%\sqkoffwf.ini -> [Ver = | Size = 679503 bytes | Modified Date = 11/17/2007 11:03:06 PM | Attr = HS]
sysmwwod.dll -> %System32%\sysmwwod.dll -> [Ver = | Size = 23 bytes | Modified Date = 11/20/2007 12:42:08 AM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 11/21/2007 10:06:38 AM | Attr = ]
xrlkywwt.ini -> %System32%\xrlkywwt.ini -> [Ver = | Size = 1092409 bytes | Modified Date = 11/20/2007 8:39:24 AM | Attr = HS]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 11/18/2007 3:35:34 PM | Attr = ]
fwdrv.err -> %System32%\drivers\fwdrv.err -> [Ver = | Size = 332 bytes | Modified Date = 11/14/2007 1:05:48 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\aakar-medium.ttf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\freedom-guj.ttf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\gujafont.ttf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\Gujarati-Fonts.tar:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\gujarati-fonts.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\GujPad.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\gujradh.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\Jaina_Convention_-_Flyer_Front_copy.jpg:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\office-guj.ttf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\Package.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\personal-guj.ttf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\ttf-gujarati-fonts_0.4.7.3_all.deb:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\ttf-indic-fonts_0.4.4.tar.GZ:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemDrive%\win_xp_2k3_32-8.48e.zip:Zone.Identifier ->
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (1072136192 bytes) ->
UPX! , -> %SystemRoot%\mrofinu.exe -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Modified Date = 11/14/2007 12:20:10 AM | Attr = ]
UPX! , -> %SystemRoot%\mrofinu572.exe.tmp -> [Ver = 0, 0, 0, 0 | Size = 35840 bytes | Modified Date = 11/14/2007 12:15:24 AM | Attr = ]
Thawte Consulting , -> %System32%\CSGina.dll -> [Ver = | Size = 139280 bytes | Modified Date = 5/27/2004 12:49:42 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\divx.dll -> DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Modified Date = 7/3/2006 10:40:50 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 7/22/2007 6:39:28 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/10/2004 5:00:00 AM | Attr = ]

< End of report >

[Shaba]

Hi

• Open a new notepad window
• Paste the list of files from the quote box below into the notepad window.
  

  C:\b147.exe
  C:\mrofinu.exe
  C:\mrofinu572.exe.tmp
  C:\windows\system32\fgkcxyoh.dll
  C:\windows\system32\fgkcxyoh.dllbox
  C:\windows\system32\hhhkj.ini
  C:\windows\system32\hhhkj.ini2
  C:\windows\system32\hibwbtel.exe
  C:\windows\system32\hjbmrcsp.dll
  C:\windows\system32\jkhhh.dll
  C:\windows\system32\kayqqplk.dll
  C:\windows\system32\ldddvgph.ini
  C:\windows\system32\mcibsdkf.ini
  C:\windows\system32\sqkoffwf.ini
  C:\windows\system32\xrlkywwt.ini

• Save this as vundofix.vft and Save as type "all files" (*.*).
• Double-click VundoFix.exe to run it.
• Drag vundofix.vft onto the listbox (white box) of VundoFix like in picture below:
  
• Click the "Remove Vundo" button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting

[ecidonex]

Hi

Used vundofix on those files as specified. here are the results:
VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 2:20:35 PM 11/20/2007

Listing files found while scanning....

C:\windows\system32\fgkcxyoh.dll
C:\windows\system32\fgkcxyoh.dllbox
C:\windows\system32\hjbmrcsp.dll
C:\WINDOWS\system32\kayqqplk.dll

Beginning removal...

Attempting to delete C:\windows\system32\fgkcxyoh.dll
C:\windows\system32\fgkcxyoh.dll Has been deleted!

Attempting to delete C:\windows\system32\fgkcxyoh.dllbox
C:\windows\system32\fgkcxyoh.dllbox Has been deleted!

Attempting to delete C:\windows\system32\hhhkj.ini
C:\windows\system32\hhhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\hhhkj.ini2
C:\windows\system32\hhhkj.ini2 Has been deleted!

Attempting to delete C:\windows\system32\hibwbtel.exe
C:\windows\system32\hibwbtel.exe Could not be deleted.

Attempting to delete C:\windows\system32\hjbmrcsp.dll
C:\windows\system32\hjbmrcsp.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhhh.dll
C:\windows\system32\jkhhh.dll Has been deleted!

Attempting to delete C:\windows\system32\kayqqplk.dll
C:\windows\system32\kayqqplk.dll Has been deleted!

Attempting to delete C:\windows\system32\ldddvgph.ini
C:\windows\system32\ldddvgph.ini Has been deleted!

Attempting to delete C:\windows\system32\mcibsdkf.ini
C:\windows\system32\mcibsdkf.ini Has been deleted!

Attempting to delete C:\windows\system32\sqkoffwf.ini
C:\windows\system32\sqkoffwf.ini Has been deleted!

Attempting to delete C:\windows\system32\xrlkywwt.ini
C:\windows\system32\xrlkywwt.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

Attempting to delete C:\windows\system32\hibwbtel.exe
C:\windows\system32\hibwbtel.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...



Tried twice to fix hibwbtel.exe without success.

Below is an updated HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:44 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\hibwbtel.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\ecidonex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: 100% Free Rummy Toolbar Helper - {C0E59FFE-565A-4C77-B70E-3F19E33647F9} - C:\Program Files\100% Free Rummy Toolbar\v3.2.0.0\100%_Free_Rummy_Toolbar.dll (disabled by BHODemon)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {DFA0761D-6B54-4134-A2E2-7EB44EC3CDB0} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 100% Free Rummy Toolbar - {8C550565-107B-4FEE-B2CC-9B6B12CE53F6} - C:\Program Files\100% Free Rummy Toolbar\v3.2.0.0\100%_Free_Rummy_Toolbar.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mlb.mlb.com
O15 - Trusted Zone: http://www.mlb.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152404323375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\hibwbtel.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14905 bytes


Finally, I forgot to mention last time but 100% Free Rummy Toolbar came with a rummy game i had. I've since uninstalled the game but I guess the toolbar is still around. I don't need it anymore if you think it's causing a problem.

Thanks

[Shaba]

Hi

"
Finally, I forgot to mention last time but 100% Free Rummy Toolbar came with a rummy game i had. I've since uninstalled the game but I guess the toolbar is still around. I don't need it anymore if you think it's causing a problem."

Well I only asked because I didn't recognize it.
You can uninstall it via add/remove programs if it's there.

First delete your copy of combofix.

After that:

1. Download combofix from one of these links and save it to Desktop:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report

[ecidonex]

Okay, the ComboFix report is here:

ComboFix 07-11-19.3 - Shashi Kapadia 2007-11-22 8:44:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.403 [GMT -5:00]
Running from: C:\Documents and Settings\Shashi Kapadia\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Shashi Kapadia\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Shashi Kapadia\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Shashi Kapadia\Favorites\Online Security Guide.lnk
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\WINDOWS\b147.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
.

2007-11-20 00:51 <DIR> d-------- C:\Program Files\LitexMedia
2007-11-20 00:37 23 --a------ C:\WINDOWS\system32\sysmwwod.dll
2007-11-20 00:33 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-11-20 00:33 360,448 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2007-11-20 00:32 376,832 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-20 00:32 233,472 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-11-20 00:32 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
2007-11-18 11:18 <DIR> d-------- C:\VundoFix Backups
2007-11-15 18:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-15 18:12 <DIR> d-------- C:\Program Files\CCleaner
2007-11-14 17:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-14 10:22 143 --a------ C:\WINDOWS\system32\mcrh.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 13:42 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-11-20 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 18:05 332 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-14 14:32 --------- d-----w C:\Documents and Settings\Shashi Kapadia\Application Data\uTorrent
2007-11-14 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-19 21:48 --------- d-----w C:\Program Files\TallStick
2007-10-19 21:48 --------- d-----w C:\Program Files\RingTonEditor
2007-10-19 16:21 --------- d-----w C:\Documents and Settings\Shashi Kapadia\Application Data\Anvil Studio
2007-10-19 16:16 --------- d-----w C:\Program Files\Anvil Studio
2007-10-17 23:19 --------- d-----w C:\Program Files\iTunes
2007-10-17 23:18 --------- d-----w C:\Program Files\iPod
2007-10-17 22:55 --------- d-----w C:\Program Files\Apple Software Update
2007-10-17 03:23 --------- d-----w C:\Documents and Settings\Shashi Kapadia\Application Data\OpenOffice.org2
2007-10-15 20:09 --------- d-----w C:\Program Files\FLV Player
2007-10-12 19:39 --------- d-----w C:\Documents and Settings\Shashi Kapadia\Application Data\dvdcss
2007-10-08 14:19 --------- d-----w C:\Program Files\AIM
2007-10-07 23:29 --------- d-----w C:\Program Files\BlazeVideo
2007-09-29 13:40 --------- d-----w C:\Program Files\100% Free Rummy Toolbar
2007-07-30 02:44 76,888 ----a-w C:\Documents and Settings\Shashi Kapadia\Application Data\GDIPFONTCACHEV1.DAT
2007-01-07 00:58 81,920 ----a-w C:\Documents and Settings\Shashi Kapadia\Application Data\ezpinst.exe
2007-01-07 00:58 47,360 ----a-w C:\Documents and Settings\Shashi Kapadia\Application Data\pcouffin.sys
2006-07-20 05:07 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((( snapshot@2007-11-18_15.56.06.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0E59FFE-565A-4C77-B70E-3F19E33647F9}]
C:\Program Files\100% Free Rummy Toolbar\v3.2.0.0\100%_Free_Rummy_Toolbar.dll__BHODemonDisabled

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFA0761D-6B54-4134-A2E2-7EB44EC3CDB0}]
C:\WINDOWS\system32\jkhhh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8C550565-107B-4FEE-B2CC-9B6B12CE53F6}"= C:\Program Files\100% Free Rummy Toolbar\v3.2.0.0\100%_Free_Rummy_Toolbar.dll [2007-09-29 08:40 798720]

[HKEY_CLASSES_ROOT\clsid\{8c550565-107b-4fee-b2cc-9b6b12ce53f6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8C550565-107B-4FEE-B2CC-9B6B12CE53F6}"= C:\Program Files\100% Free Rummy Toolbar\v3.2.0.0\100%_Free_Rummy_Toolbar.dll [2007-09-29 08:40 798720]

[HKEY_CLASSES_ROOT\clsid\{8c550565-107b-4fee-b2cc-9b6b12ce53f6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 05:17]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 21:36]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 12:02]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 15:51]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 18:28]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe" [2002-05-18 11:04]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-28 19:41]
"DXDllRegExe"="dxdllreg.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 05:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 05:00]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-01 20:18:14]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2006-08-31 13:27:02]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-23 08:26:52]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
C:\WINDOWS\system32\NavLogon.dll 2006-03-17 05:34 43760 C:\WINDOWS\system32\NavLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFP]
C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe
"EA Core"="C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RegistryMechanic"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\E:\INSTAL~E\Core\BVRPMPR5.SYS
S3 dump_wmimmc;dump_wmimmc;\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-30 21:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-07-06 14:47:30 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 08:49:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-22 8:51:44
C:\ComboFix2.txt ... 2007-11-18 15:57
.
--- E O F ---

[ecidonex]

and here's a fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:22 AM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\ecidonex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: 100% Free Rummy Toolbar Helper - {C0E59FFE-565A-4C77-B70E-3F19E33647F9} - C:\Program Files\100% Free Rummy Toolbar\v3.2.0.0\100%_Free_Rummy_Toolbar.dll (disabled by BHODemon)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {DFA0761D-6B54-4134-A2E2-7EB44EC3CDB0} - C:\WINDOWS\system32\jkhhh.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 100% Free Rummy Toolbar - {8C550565-107B-4FEE-B2CC-9B6B12CE53F6} - C:\Program Files\100% Free Rummy Toolbar\v3.2.0.0\100%_Free_Rummy_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mlb.mlb.com
O15 - Trusted Zone: http://www.mlb.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1152404323375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14172 bytes


Thanks

[ecidonex]

Also, I should mention that yesterday night Symantec Antivirus's autoprotect caught and quarantined
C:\Windows\System32\hibwbtel.exe
C:\Program Files\Insider\Uninstall.exe

and caught and automatically deleted:
C:\Program Files\Insider\Insider.exe

Also, since running VundoFix again yesterday the malware popups have subsided.

[Shaba]

Hi

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\sysmwwod.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/