Still lot of Virus after running VundoFix: what to do?

[Taliu]

Ok!
Here the ComboFix


ComboFix 07-11-19.4 - Owner 2007-11-27 21:16:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1379 [GMT 1:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\bjajpkls.dll
C:\WINDOWS\system32\cjlvjoab.dll
C:\WINDOWS\system32\grnwrdso.dll
C:\WINDOWS\system32\hvttadyl.ini
C:\WINDOWS\system32\iifddcy.dll
C:\WINDOWS\system32\jhhnphvh.exe
C:\WINDOWS\system32\lkpycgpx.dll
C:\WINDOWS\system32\lydattvh.dll
C:\WINDOWS\system32\mmhagiat.ini
C:\WINDOWS\system32\ssqoolm.dll
C:\WINDOWS\system32\taigahmm.dll
C:\WINDOWS\system32\vhuqeseh.exe
C:\WINDOWS\system32\xpgcypkl.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\jyrmrmpi
C:\Program Files\jyrmrmpi\hyvyjgrq.dll
C:\Program Files\Ukrjzrly
C:\WINDOWS\system32\bjajpkls.dll
C:\WINDOWS\system32\cjlvjoab.dll
C:\WINDOWS\system32\grnwrdso.dll
C:\WINDOWS\system32\hvttadyl.ini
C:\WINDOWS\system32\iifddcy.dll
C:\WINDOWS\system32\jhhnphvh.exe
C:\WINDOWS\system32\lkpycgpx.dll
C:\WINDOWS\system32\lydattvh.dll
C:\WINDOWS\system32\mmhagiat.ini
C:\WINDOWS\system32\ssqoolm.dll
C:\WINDOWS\system32\taigahmm.dll
C:\WINDOWS\system32\vhuqeseh.exe
C:\WINDOWS\system32\xpgcypkl.ini

.
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 01:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-21 21:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-21 21:36 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-21 21:36 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-21 21:36 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-21 20:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-21 08:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-21 08:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-20 23:49 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-11-20 23:49 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-11-20 23:49 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-11-20 23:49 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-11-20 23:49 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-11-20 23:48 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-11-20 23:48 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-11-20 23:48 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-11-20 23:48 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-11-20 23:48 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-11-20 23:48 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-11-20 23:47 397,502 --a--c--- C:\WINDOWS\system32\dllcache\vpctcom.sys
2007-11-20 23:46 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-11-20 23:45 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2007-11-20 23:44 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2007-11-20 23:43 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2007-11-20 23:42 45,568 --a--c--- C:\WINDOWS\system32\dllcache\smb3w.dll
2007-11-20 23:41 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2007-11-20 23:39 210,496 --a--c--- C:\WINDOWS\system32\dllcache\s3mvirge.dll
2007-11-20 23:39 182,272 --a--c--- C:\WINDOWS\system32\dllcache\s3mt3d.dll
2007-11-20 23:39 179,264 --a--c--- C:\WINDOWS\system32\dllcache\s3sav3d.dll
2007-11-20 23:39 166,720 --a--c--- C:\WINDOWS\system32\dllcache\s3m.sys
2007-11-20 23:39 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2007-11-20 23:39 65,664 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.sys
2007-11-20 23:39 62,496 --a--c--- C:\WINDOWS\system32\dllcache\s3mtrio.dll
2007-11-20 23:39 61,504 --a--c--- C:\WINDOWS\system32\dllcache\s3sav3dm.sys
2007-11-20 23:39 41,216 --a--c--- C:\WINDOWS\system32\dllcache\s3mt3d.sys
2007-11-20 23:38 17,664 --a--c--- C:\WINDOWS\system32\dllcache\ppa3.sys
2007-11-20 23:37 30,495 --a--c--- C:\WINDOWS\system32\dllcache\pc100nds.sys
2007-11-20 23:36 180,360 --a--c--- C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2007-11-20 23:35 128,000 --a--c--- C:\WINDOWS\system32\dllcache\n100325.sys
2007-11-20 23:34 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2007-11-20 23:33 7,424 --a--c--- C:\WINDOWS\system32\dllcache\mammoth.sys
2007-11-20 23:32 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2007-11-20 23:31 16,000 --a--c--- C:\WINDOWS\system32\dllcache\ini910u.sys
2007-11-20 23:30 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2007-11-20 23:30 685,056 --a--c--- C:\WINDOWS\system32\dllcache\hsfcxts2.sys
2007-11-20 23:30 32,285 --a--c--- C:\WINDOWS\system32\dllcache\hsfcisp2.dll
2007-11-20 23:30 8,192 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2007-11-20 23:29 101,376 --a--c--- C:\WINDOWS\system32\dllcache\hpgt34.dll
2007-11-20 23:28 444,416 --a--c--- C:\WINDOWS\system32\dllcache\fpcibase.sys
2007-11-20 23:27 18,503 --a--c--- C:\WINDOWS\system32\dllcache\epro4.sys
2007-11-20 23:26 207,360 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys
2007-11-20 23:25 80,896 --a--c--- C:\WINDOWS\system32\dllcache\dc210usd.dll
2007-11-20 23:24 91,264 --a--c--- C:\WINDOWS\system32\dllcache\cirrus.dll
2007-11-20 23:23 164,923 --a--c--- C:\WINDOWS\system32\dllcache\diapi2.sys
2007-11-20 23:23 32,256 --a--c--- C:\WINDOWS\system32\dllcache\diapi2NT.dll
2007-11-20 23:23 5,120 --a--c--- C:\WINDOWS\system32\dllcache\brscnrsm.dll
2007-11-20 23:22 13,824 --a--c--- C:\WINDOWS\system32\dllcache\atinmdxx.sys
2007-11-20 23:21 46,112 --a--c--- C:\WINDOWS\system32\dllcache\adptsf50.sys
2007-11-20 23:19 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-11-19 22:47 <DIR> d-------- C:\Program Files\VID_0E8F&PID_1009
2007-11-19 21:45 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-19 21:42 <DIR> d-------- C:\Program Files\id Software
2007-11-18 18:10 <DIR> d-------- C:\Program Files\CODE Multimedia
2007-11-17 10:37 <DIR> d-------- C:\Program Files\Juice
2007-11-17 00:33 372 --a------ C:\Documents and Settings\Owner\Application Data\AsAlbum.dat
2007-11-13 00:37 <DIR> d-------- C:\Program Files\QuickTime
2007-11-11 14:44 <DIR> d-------- C:\Program Files\Allway Sync
2007-11-11 14:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sync App Settings
2007-11-11 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sync App Settings
2007-11-11 12:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-11 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-11 12:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\iPodder
2007-11-10 21:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2007-11-10 21:09 <DIR> d-------- C:\Program Files\IVT Corporation
2007-11-10 20:44 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-11-10 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2007-11-10 01:05 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-10 00:30 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-11-10 00:30 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-11-10 00:27 <DIR> d-------- C:\Program Files\Nokia
2007-11-10 00:27 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-11-09 23:50 <DIR> d-------- C:\Documents and Settings\Owner\Phone Browser
2007-11-09 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-11-09 22:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nokia
2007-11-09 22:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Suite
2007-11-09 22:42 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-11-09 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-11-03 15:18 <DIR> d-------- C:\Program Files\Core Security Technologies
2007-11-03 15:15 <DIR> d-------- C:\Program Files\Core Security Technologies(2)
2007-11-03 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Core Security Technologies
2007-11-03 13:30 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-03 13:30 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-11-03 13:30 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-03 13:30 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-03 13:30 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-02 20:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DassaultSystemes
2007-11-02 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2007-11-02 20:29 <DIR> d-------- C:\Documents and Settings\Owner\.comsol
2007-10-31 19:24 <DIR> d-------- C:\Program Files\OriginLab
2007-10-31 19:21 <DIR> d-------- C:\Program Files\Elaborate Bytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2007-11-27 20:14 --------- d-----w C:\Program Files\Java
2007-11-21 21:25 --------- d-----w C:\Program Files\Windows Defender
2007-11-21 21:20 --------- d-----w C:\Program Files\FreePOPs
2007-11-21 21:18 --------- d-----w C:\Program Files\AC3Filter
2007-11-21 20:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2007-11-21 07:59 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-20 20:21 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-19 21:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-19 21:42 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-19 07:02 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2007-11-15 16:37 --------- d-----w C:\Program Files\eMule
2007-11-10 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-09 21:45 --------- d-----w C:\Program Files\DIFX
2007-11-03 14:37 361,126 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-03 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-02 20:29 --------- d-----w C:\Program Files\uTorrent
2007-10-31 22:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-06 11:32 --------- d-----w C:\Program Files\MSBuild
2007-10-06 11:28 --------- d-----w C:\Program Files\Reference Assemblies
2007-10-06 07:22 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-06 07:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\TuneUp Software
2007-10-06 07:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-10-03 21:55 80,424 ----a-w C:\WINDOWS\system32\drivers\SI3132.sys
2007-10-03 21:55 19,240 ----a-w C:\WINDOWS\system32\drivers\SiWinAcc.sys
2007-10-03 21:55 15,400 ----a-w C:\WINDOWS\system32\drivers\SiRemFil.sys
2007-10-03 18:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\vlc
2007-10-03 18:05 --------- d-----w C:\Program Files\VideoLAN
2007-10-03 17:51 --------- d-----w C:\Program Files\Real
2007-10-03 17:51 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-03 17:51 --------- d-----w C:\Program Files\Common Files\Real
2007-10-03 11:29 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2007-09-30 16:39 --------- d-----w C:\Program Files\CCleaner
2007-09-30 12:49 --------- d-----w C:\Program Files\Look@LAN
2007-09-30 11:37 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-09-30 10:50 --------- d-----w C:\Program Files\NetMeter
2007-09-30 09:27 --------- d-----w C:\Program Files\Skype
2007-09-29 16:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Media Player Classic
2007-09-29 09:28 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-09-29 09:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\VID_0E8F&PID_1009 ----

2003-12-12 14:30 81920 --a------ C:\Program Files\VID_0E8F&PID_1009\LiteStar\Bullfrog\GAJoyPS.dll
2003-12-12 14:30 61440 --a------ C:\Program Files\VID_0E8F&PID_1009\LiteStar\Bullfrog\GAJoyFF.dll


((((((((((((((((((((((((((((( snapshot@2007-11-27_20.21.51.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 08:46:57 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_a0.dat
+ 2007-11-27 20:20:26 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"Personal Assistant"="C:\Program Files\Shelltoys\Personal Assistant\assistant.exe" [2003-03-07 12:47]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2007-07-02 12:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"Allway Sync"="C:\Program Files\Allway Sync\Bin\syncappw.exe" [2007-10-30 09:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 13:25]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12]
"ASUS ASAP USB"="C:\Program Files\ASUS\ASAP\asapusb.exe" [2007-01-10 10:55]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 16:23 C:\WINDOWS\StartupMonitor.exe]
"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-01-26 16:26]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2007-07-16 14:50]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"Ai Remote Help"="C:\Program Files\ASUS\AI Remote\AiRc.exe" [2007-03-22 19:17]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-26 17:58:02]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-25 19:16:29]
ScreenDUO.lnk - C:\Program Files\ASUS\ScreenDUO\AsG_Manager.exe [2007-08-25 10:38:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32]
winzzc32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 ft2kEnum;usb Card Device;C:\WINDOWS\system32\DRIVERS\ic2kenum.sys
R3 Reader_Device;SmartCard Reader Device ;C:\WINDOWS\system32\DRIVERS\usbic2k.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
S3 token;usb token Device Driver;C:\WINDOWS\system32\DRIVERS\eps2kt1.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b057daa-4ddb-11dc-81a4-806d6172696f}]
\Shell\AutoRun\command - D:\.\Bin\Assetup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 16:15:40 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-27 08:50:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-11-27 20:05:31 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA99C259-B28E-4AE5-9021-F78B9D4C8452}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 21:20:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 21:21:50 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-27 20:22
.
--- E O F ---

[Taliu]

And the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:31, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\FreePOPs\freepopsservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\FreePOPs\freepopsd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\ASUS\AI Remote\AiRc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Program Files\Allway Sync\Bin\syncappw.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ASUS\ScreenDUO\AsG_Manager.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ASUS\ScreenDUO\Gadgets\LaunchApplication\AsG_LaunchApplication.exe
C:\Program Files\Asus\ScreenDuo\Gadgets\RSS\ASG_RSS.exe
C:\Program Files\ASUS\ScreenDUO\Gadgets\HardwareMonitoring\AsG_HardwareMonitor.exe
C:\Program Files\Asus\ScreenDuo\Gadgets\MediaPlayer\ASG_MpCtrl.exe
C:\Program Files\ASUS\ScreenDUO\Gadgets\EventViewer\AsG_EventViewer.exe
C:\Program Files\ASUS\ScreenDUO\Gadgets\Note\AsG_Note.exe
C:\Program Files\Asus\ScreenDuo\Gadgets\PhotoFrame\ASG_Photoframe.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Asus\ScreenDUO\Gadgets\PhotoSlideShow\ASG_SlideShow.exe
C:\Program Files\Asus\ScreenDUO\Gadgets\Time\AsG_Time.exe
C:\Program Files\ASUS\ScreenDUO\Gadgets\VolumeControl\AsG_VolumeControl.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ASUS ASAP USB] C:\Program Files\ASUS\ASAP\asapusb.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Ai Remote Help] "C:\Program Files\ASUS\AI Remote\AiRc.exe" -r
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Personal Assistant] C:\Program Files\Shelltoys\Personal Assistant\assistant.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ScreenDUO.lnk = ?
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3E7190B-3F58-4BDF-B820-090F0C65835D}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 8977 bytes


I got an error from my bluetooth driver:
Protection Error
Error:45

Shall I install the driver again?

Another question: I have a router, do I still need a firewall? The one I was using (Kerio) conflict with the router causing very very slow internet explorer.

Thanks.
What to do now? Run KasperSky again?

[Simon V.]

Hi

Shall I install the driver again?

If the error occurred only once, you can leave it at that. If it's a frequent error however, you can reinstall the driver. If the error doesn't go away by reinstalling the driver, let me know.

Another question: I have a router, do I still need a firewall? The one I was using (Kerio) conflict with the router causing very very slow internet explorer.

A router only checks incoming traffic, so a software firewall is needed. Here are a few suggestions:

• ZoneAlarm
• Kerio Personall Firewall
• Comodo Free Firewall

What to do now? Run KasperSky again?

No need for that actually, how is your computer running at the moment?

[Taliu]

Hi ,
The computer is running ok. Actually my main concern was the virus found by kaspersky after I run vundofix.
What the CFScript.txt script has actually done?

Thanks

[Simon V.]

What the CFScript.txt script has actually done?

Current Vundo variants are very stubborn. Vundofix and Combofix often fail to delete every file left behind; that's why Kaspersky reported those viruses. The CFScript was created to delete the remaining Vundo files that were present on your computer, along with the registry entries that loaded them.

Please advise of any problems you are still experiencing, or follow these simple steps to keep your computer clean in the future:

Click Start then Run....

• Type Combofix /u in the runbox and click OK. (Note: The space between the x and the /u needs to be there)
  
  
  
• When shown the disclaimer, select 2.

Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

Step 1: Turn off System Restore:

• On the desktop, right-click My Computer
• Click Properties
• Click the System Restore tab
• Check Turn off System Restore
• Click Apply, and then click OK

Step 2: Reboot your computer.

Step 3: Turn on System Restore:

• On the desktop, right-click My Computer
• Click Properties
• Click the System Restore tab
• Uncheck Turn off System Restore
• Click Apply, and then click OK

Note: Only do this once, NOT on a regular basis!

Make your Internet Explorer More Secure

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab.
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
  
  
  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

• Next press the Apply button and then the OK to exit the Internet Properties page.

Update your Anti-Virus Software - It is very imprtant that you update your anti-virus software at least once a week (even more if you wish). If you do not update your anti-virus software then it will not be able to catch any of the new variants that will come out.

Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted! - Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. You have to be registered to post. After registering just find your country room and register your complaint. The infection you had was Vundo (Virtumundo).

[Taliu]

Many many Thanks!

I'll keep you posted.

Regards,