virus support

[sludgeguts]

I have had virumonde trojan and have followed your process and attached is HJT log





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:03:57, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\PROGRA~1\FNTS~1\dexplore.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchFilter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=w...+FG+2NpdvkfFA=
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [54323f93] rundll32.exe "C:\WINDOWS\system32\yagwgcwy.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uvyi] C:\WINDOWS\system32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\YMBOLS~1\alg.exe" -vt mtx
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Opqjg] C:\WINDOWS\F?nts\j?vaw.exe
O4 - HKCU\..\Run: [Uvaiat] C:\WINDOWS\SYSTEM32\?ystem32\w?nlogon.exe
O4 - HKCU\..\Run: [Arwm] "C:\PROGRA~1\FNTS~1\dexplore.exe" -vt mtx
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm413YYGB
O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ29\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195318132796
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab
O20 - AppInit_DLLs: regsvr32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 12051 bytes

[__RiP_ChAiN_]

Hello sludgeguts,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[sludgeguts]

I have done as instructed please find attached the combi log in two parts

ComboFix 07-11-19.4 - max 2007-11-27 10:26:20.1 - NTFSx86
Running from: C:\Documents and Settings\max\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\mark\Favorites\Online Security Guide.lnk
C:\Documents and Settings\max\Application Data\ASEMBL~1
C:\Documents and Settings\max\Application Data\ASKS~1
C:\Documents and Settings\max\Application Data\CROSOF~1
C:\Documents and Settings\max\Application Data\DOBE~1
C:\Documents and Settings\max\Application Data\FNTS~1
C:\Documents and Settings\max\Application Data\ICROSO~1
C:\Documents and Settings\max\Application Data\ICROSO~1.NET
C:\Documents and Settings\max\Application Data\MANTEC~1
C:\Documents and Settings\max\Application Data\MCROSO~1
C:\Documents and Settings\max\Application Data\PPATCH~1
C:\Documents and Settings\max\Application Data\PPATCH~2
C:\Documents and Settings\max\Application Data\RACLE~1
C:\Documents and Settings\max\Application Data\SMBOLS~1
C:\Documents and Settings\max\Application Data\SSTEM~1
C:\Documents and Settings\max\Application Data\YSTEM3~1
C:\Documents and Settings\max\Favorites\Online Security Guide.lnk
C:\Documents and Settings\max\My Documents\CROSOF~1
C:\Documents and Settings\max\My Documents\DOBE~1
C:\Documents and Settings\max\My Documents\MANTEC~1
C:\Documents and Settings\max\My Documents\PPATCH~1
C:\Documents and Settings\max\My Documents\PPPATC~1
C:\Documents and Settings\max\My Documents\RACLE~1
C:\Documents and Settings\max\My Documents\RACLE~2
C:\Documents and Settings\max\My Documents\SCURIT~1
C:\Documents and Settings\max\My Documents\SEMBLY~1
C:\Documents and Settings\max\My Documents\SKS~1
C:\Documents and Settings\max\My Documents\SSTEM~1
C:\Documents and Settings\max\My Documents\SSTEM3~1
C:\Documents and Settings\max\My Documents\WNSXS~1
C:\Documents and Settings\max\My Documents\YSTEM3~1
C:\Documents and Settings\max\Start Menu\Programs\Outerinfo
C:\Documents and Settings\max\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\max\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\sue\Favorites\Online Security Guide.lnk
C:\Program Files\asembl~1
C:\Program Files\asks~1
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\sembly~1
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\smante~1
C:\Program Files\Common Files\smbols~1
C:\Program Files\Common Files\ssembl~1
C:\Program Files\Common Files\stem32~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\ymbols~1
C:\Program Files\fnts~1
C:\Program Files\fnts~1\dexplore.exe
C:\Program Files\fnts~1\W?nSxS\
C:\Program Files\icroso~1
C:\Program Files\mantec~1
C:\Program Files\mcroso~1
C:\Program Files\mcroso~1.net
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\racle~1
C:\Program Files\racle~2
C:\Program Files\sks~1
C:\Program Files\smante~1
C:\Program Files\sstem3~1
C:\Program Files\stem~1
C:\Program Files\wnsxs~1
C:\Program Files\ymbols~1
C:\Program Files\ystem~1
C:\Program Files\ystem3~1
C:\WINDOWS\asks~1
C:\WINDOWS\asks~2
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1.net
C:\WINDOWS\fnts~1
C:\WINDOWS\fnts~2
C:\WINDOWS\icroso~1
C:\WINDOWS\icroso~1.net
C:\WINDOWS\mantec~1
C:\WINDOWS\mbols~1
C:\WINDOWS\mcroso~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\pppatc~1
C:\WINDOWS\racle~1
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\awtqq.dll
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\SYSTEM32\ehhkj.ini
C:\WINDOWS\SYSTEM32\ehhkj.ini2
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\mantec~1
C:\WINDOWS\system32\mcroso~1
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\SYSTEM32\qqtwa.ini
C:\WINDOWS\SYSTEM32\qqtwa.ini2
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\regsvr32.dll
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\wnsintit.exe
C:\WINDOWS\system32\wnsintsv32.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\ystem3~1
C:\WINDOWS\ymbols~1
C:\WINDOWS\ymbols~1\alg.exe
C:\WINDOWS\ymbols~1\YMBOLS~1\ctxad-559.0000
C:\WINDOWS\ymbols~1\YMBOLS~1\ctxad-559.0001
C:\WINDOWS\ystem3~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 07:55 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-26 18:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-11-26 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 18:45 78,085 --a------ C:\WINDOWS\SYSTEM32\iuyghxtx.dll
2007-11-26 18:42 80,960 --a------ C:\WINDOWS\SYSTEM32\hkndpqyd.dll
2007-11-24 18:49 81,472 --a------ C:\WINDOWS\SYSTEM32\cqvohfdr.dll
2007-11-23 20:50 <DIR> d-------- C:\Program Files\Safer Networking
2007-11-23 18:44 83,520 --a------ C:\WINDOWS\SYSTEM32\tfhsanrg.dll
2007-11-23 18:41 75,620 --a------ C:\WINDOWS\SYSTEM32\tecewkof.dll
2007-11-22 19:39 28,288 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xjis.nls
2007-11-22 19:38 83,748 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\prcp.nls
2007-11-22 19:38 83,748 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\prc.nls
2007-11-22 19:38 57,856 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_scripto.dll
2007-11-22 19:38 26,112 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_seos.dll
2007-11-22 19:38 23,040 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_regtrace.exe
2007-11-22 19:38 12,288 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpctrs.dll
2007-11-22 19:38 7,168 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_snprfdll.dll
2007-11-22 19:37 482,304 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pintlgnt.ime
2007-11-22 19:37 131,584 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pmxviceo.dll
2007-11-22 19:37 70,144 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pintlphr.exe
2007-11-22 19:37 67,584 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pmigrate.dll
2007-11-22 19:37 65,536 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_mailmsg.dll
2007-11-22 19:37 38,912 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_ntfsdrv.dll
2007-11-22 19:37 36,927 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\padrs411.dll
2007-11-22 19:37 14,336 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\padrs412.dll
2007-11-22 19:37 11,264 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pmxmcro.dll
2007-11-22 19:37 6,144 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pmxgl.dll
2007-11-22 19:36 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2007-11-22 19:36 10,129,408 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxkor.dll
2007-11-22 19:36 10,096,640 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxcht.dll
2007-11-22 19:36 173,602 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\c_20002.nls
2007-11-22 19:36 54,528 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\cap7146.sys
2007-11-22 19:36 43,520 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_fcachdll.dll
2007-11-22 19:36 24,632 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fpadmcgi.exe
2007-11-22 19:36 14,848 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\flattemp.exe
2007-11-22 19:36 7,168 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\f3ahvoas.dll
2007-11-22 19:35 188,480 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\cfgwiz.exe
2007-11-22 19:35 162,850 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\c_10001.nls
2007-11-22 19:35 45,056 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_aqadmin.dll
2007-11-22 19:35 5,632 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_adsiisex.dll
2007-11-22 19:30 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2007-11-22 19:30 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2007-11-22 19:30 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2007-11-22 19:28 214,528 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icwconn1.exe
2007-11-22 19:28 86,016 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icwconn2.exe
2007-11-22 19:28 32,768 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icwdl.dll
2007-11-22 19:28 20,480 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\inetwiz.exe
2007-11-22 18:11 34 --a------ C:\WINDOWS\SYSTEM\oeminfo.ini
2007-11-22 18:10 2,012,670 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5.CAT
2007-11-22 18:10 1,086,058 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NTPRINT.CAT
2007-11-22 18:10 1,042,903 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\SP2.CAT
2007-11-22 18:10 797,189 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5IIS.CAT
2007-11-22 18:10 399,645 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MAPIMIG.CAT
2007-11-22 18:10 382,952 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5INF.CAT
2007-11-22 18:10 37,484 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MW770.CAT
2007-11-22 18:10 31,281 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\FP4.CAT
2007-11-22 18:10 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2007-11-22 18:10 24,661 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2007-11-22 18:10 13,472 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\HPCRDP.CAT
2007-11-22 18:10 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2007-11-22 18:10 8,574 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\IASNT4.CAT
2007-11-22 18:10 7,710 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\OEMBIOS.CAT
2007-11-22 18:10 7,334 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wmerrenu.cat
2007-11-22 17:58 <DIR> d-------- C:\WINDOWS\dell
2007-11-22 17:55 79,936 --a------ C:\WINDOWS\SYSTEM32\otkjhtql.dll
2007-11-22 17:53 776,072 --ahs---- C:\WINDOWS\SYSTEM32\mcejqbyf.ini
2007-11-21 10:47 694,433 --ahs---- C:\WINDOWS\SYSTEM32\bdpaepvo.ini
2007-11-21 10:47 84,545 --a------ C:\WINDOWS\SYSTEM32\ovpeapdb.dll
2007-11-21 10:46 80,960 --a------ C:\WINDOWS\SYSTEM32\audofben.dll
2007-11-20 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-18 19:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\ZoneLabs
2007-11-18 19:51 350,920 --a------ C:\WINDOWS\SYSTEM32\vsconfig.xml
2007-11-18 19:50 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-18 19:06 <DIR> d-------- C:\Program Files\Registry Defender
2007-11-18 16:21 677,980 --ahs---- C:\WINDOWS\SYSTEM32\jtqpagun.ini
2007-11-18 16:20 84,545 --a------ C:\WINDOWS\SYSTEM32\nugapqtj.dll
2007-11-18 16:19 71,232 --a------ C:\WINDOWS\SYSTEM32\rxdnblub.exe
2007-11-18 13:24 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-11-18 13:24 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2007-11-17 17:38 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-17 15:32 8,625 --a------ C:\WINDOWS\SYSTEM32\gnrvuxtw.dll
2007-11-17 15:29 71,232 --a------ C:\WINDOWS\SYSTEM32\cnjvjtqk.exe
2007-11-16 15:51 675,260 --ahs---- C:\WINDOWS\SYSTEM32\rqxhrsoo.ini
2007-11-16 15:33 71,232 --a------ C:\WINDOWS\SYSTEM32\qpkvyobf.exe
2007-11-14 15:36 671,489 --ahs---- C:\WINDOWS\SYSTEM32\nptghvsf.ini
2007-11-14 15:33 79,424 --a------ C:\WINDOWS\SYSTEM32\jokpcjje.dll
2007-11-14 15:30 71,232 --a------ C:\WINDOWS\SYSTEM32\uansobhs.exe
2007-11-13 17:21 143 --a------ C:\WINDOWS\SYSTEM32\mcrh.tmp
2007-11-12 21:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\rMa01yy
2007-11-12 21:51 <DIR> d-------- C:\Temp\abW9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 11:07 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-11-17 17:37 --------- d-----w C:\Program Files\Logitech
2007-11-17 17:37 --------- d-----w C:\Program Files\Common Files\logishrd
2007-11-17 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-11-12 17:47 --------- d-----w C:\Documents and Settings\max\Application Data\HP
2007-11-07 15:19 --------- d-----w C:\Program Files\Dl_cats
2007-10-15 20:03 --------- d-----w C:\Program Files\Full Tilt Poker.Net
2007-10-11 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2007-10-06 09:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-06 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\soft chic meet great
2007-10-05 19:43 --------- d-----w C:\Documents and Settings\mark\Application Data\Motive
2007-10-05 19:39 --------- d-----w C:\Program Files\BT Broadband Desktop Help
2007-10-05 19:38 --------- d-----w C:\Program Files\Common Files\Motive
2007-10-05 19:37 --------- d-----w C:\Program Files\Motive
2007-10-05 19:36 --------- d-----w C:\Program Files\BT Home Hub
2005-05-02 12:42 374,279 --sh--w C:\WINDOWS\Help\litusm.bak1
.

[sludgeguts]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{040B7D23-99E1-BD14-BF1B-BFEE8A86EF9C}]
C:\WINDOWS\system32\xwsf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}]
C:\WINDOWS\system32\hggfgge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14DB7B51-B663-4BBA-9320-EB84949A098F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{197846A8-E57E-F0A4-16D4-8563E6C3B0FF}]
C:\WINDOWS\system32\bkmyaflh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1AD5FCBE-100B-4D8F-7871-3CB6094DF4C3}]
C:\WINDOWS\system32\xdtxgmnv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34877841-C4D0-C554-A648-E82B2CE6D8CC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42C76E27-D4E8-8A39-CF3D-AAEF3E7DA299}]
C:\WINDOWS\system32\gyo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{449FC5FC-81F2-4A4A-A7C6-3E42A88C62C9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{525EB293-5C57-76FC-05B0-7032D76FB69F}]
C:\WINDOWS\system32\rzibh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5645ED67-538B-0D5B-817D-7C129130E693}]
C:\WINDOWS\system32\nimn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{599D53DB-B54C-BD94-6604-9C3C6058E0C4}]
C:\WINDOWS\system32\hkunhu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A857019-91D0-9D02-A848-E82B2CE6D99E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88F78A1D-CD35-40F0-B3E5-946FB1BBF89A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A6B4D-6D6E-4843-891C-04439102F574}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a30783ae-366a-47ed-b4d5-31c0cefde678}]
2007-11-26 18:42 80960 --a------ C:\WINDOWS\system32\hkndpqyd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A56A934A-85F4-4388-A362-BEB546E8F73C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAEE8DC8-830F-496F-AE31-8D4A51C01914}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3FBAB34-16AC-4E79-DC2F-3EE600F60293}]
C:\WINDOWS\system32\pvmceqy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f1b580b4-b04c-470f-8e10-0b5224ebab90}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"Uvyi"="C:\WINDOWS\system32\WWEXEC~1.EXE" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Sen"="C:\WINDOWS\YMBOLS~1\alg.exe" []
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 10:14]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56]
"Opqjg"="C:\WINDOWS\F?nts\j?vaw.exe" []
"Uvaiat"="C:\WINDOWS\SYSTEM32\?ystem32\w?nlogon.exe" []
"Arwm"="C:\PROGRA~1\FNTS~1\dexplore.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-01-26 00:41]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 01:01]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 15:30]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 01:05]
"vptray"="C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [2004-02-12 11:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-12 13:55 C:\WINDOWS\SYSTEM32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-06 18:03]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 10:06]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 18:55]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-11-30 10:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 12:34]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"54323f93"="C:\WINDOWS\system32\yagwgcwy.dll" [2007-11-24 18:43]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-12 14:01 C:\WINDOWS\SYSTEM32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 05:00]

C:\Documents and Settings\sam\Start Menu\Programs\Startup\
eTomi Pro On Startup.lnk - C:\Program Files\eTomiPro\Gui\etomipro.exe [2005-02-08 14:15:28]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-03-16 14:24:02]
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-10-05 19:37:10]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2005-02-07 18:53:16]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-28 18:35:59]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 17:10:04]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}"= C:\WINDOWS\system32\hggfgge.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfgge]
hggfgge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loctmiga]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msutil]
C:\WINDOWS\Help\msutil.dll
C:\WINDOWS\system32\NavLogon.dll 2004-02-12 11:38 45172 C:\WINDOWS\SYSTEM32\NavLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\req]
C:\WINDOWS\system32\req.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhe.dll

S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
S3 ewdmaudn;ewdmaudn;\??\C:\DOCUME~1\max\LOCALS~1\Temp\ewdmaudn.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20452f93-714b-11d9-a746-806d6172696f}]
\Shell\AutoRun\command - D:\Start.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 14:32:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 11:28:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 11:40:05 - machine was rebooted
.
--- E O F ---


The HJT did not produce a txt file at least not one I could find thankyou for your kind help

[sludgeguts]

Tried the uninstall HJT again and this what was produced



ABBYY FineReader 5.0 Sprint Plus
Adobe Acrobat Reader 3.02
Adobe Flash Player 9
Adobe Reader 7.0.9
Apple Software Update
Application name
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ATI Control Panel
ATI Display Driver
BAMZOOKi v3.1 (build 115.158)
Bikinicom_Groups_SS1 Screen Saver
BitLord 1.1
BlueSoleil
Broadcom Management Programs
BroadJump Client Foundation
BT Broadband Desktop Help
BT Yahoo! Applications
Caesar 3
ConvertXtoDVD 2.2.3.258
Cossacks - The Art Of War
Cossacks II
CP210x USB to UART Bridge Controller
Dell Color Printer 725
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Photo AIO Printer 922
DellSupport
eTomi Pro(remove only)
FileAlyzer
Full Tilt Poker.Net
GameShadow
HijackThis 2.0.2
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
Image Transfer
ImageMixer for Sony
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) 537EP V9x DF PCI Modem
Internet Explorer Default Page
iPod for Windows 2005-10-12
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
Key Design Center 3D 1.1
Learn2 Player (Uninstall Only)
LiveUpdate 1.80 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Shockwave Player
MAP
Match-Up!
MEDION-Navigator
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft ActiveSync 3.7
Microsoft Midtown Madness
Microsoft Monster Truck Madness 2
Microsoft Office PowerPoint Viewer 2003
Microsoft Works 7.0
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSN Search Toolbar
Network Play System (Patching)
OLYMPUS Master
PB-WC100 USB Camera
PowerDVD 5.3
QuickTime
RealPlayer Basic
RegAlyzer
RunAlyzer
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Science Explorer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
SHARP GSM GPRS Driver Ver1.1.1
Shockwave
Sierra Utilities
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy
Star Wars Galactic Battlegrounds
Starsiege
Symantec AntiVirus Client
The Battle for Middle-earth (tm) II
The Sims 2
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims Livin' it up
The Sims Unleashed
Theme Hospital
Theory Interactive
Victor Chandler Poker
Viewpoint Media Player
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
WinRAR archiver
XP Codec Pack
Yahoo! Address AutoComplete
ZoneAlarm Anti-Spyware

[__RiP_ChAiN_]

Hello sludgeguts,

Please post back with a new HijackThis log, as well.

[sludgeguts]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:38, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=w...+FG+2NpdvkfFA=
O2 - BHO: (no name) - {040B7D23-99E1-BD14-BF1B-BFEE8A86EF9C} - C:\WINDOWS\system32\xwsf.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE} - C:\WINDOWS\system32\hggfgge.dll (file missing)
O2 - BHO: (no name) - {14DB7B51-B663-4BBA-9320-EB84949A098F} - (no file)
O2 - BHO: (no name) - {197846A8-E57E-F0A4-16D4-8563E6C3B0FF} - C:\WINDOWS\system32\bkmyaflh.dll (file missing)
O2 - BHO: (no name) - {1AD5FCBE-100B-4D8F-7871-3CB6094DF4C3} - C:\WINDOWS\system32\xdtxgmnv.dll (file missing)
O2 - BHO: (no name) - {34877841-C4D0-C554-A648-E82B2CE6D8CC} - (no file)
O2 - BHO: (no name) - {42C76E27-D4E8-8A39-CF3D-AAEF3E7DA299} - C:\WINDOWS\system32\gyo.dll (file missing)
O2 - BHO: (no name) - {449FC5FC-81F2-4A4A-A7C6-3E42A88C62C9} - (no file)
O2 - BHO: (no name) - {525EB293-5C57-76FC-05B0-7032D76FB69F} - C:\WINDOWS\system32\rzibh.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5645ED67-538B-0D5B-817D-7C129130E693} - C:\WINDOWS\system32\nimn.dll (file missing)
O2 - BHO: (no name) - {599D53DB-B54C-BD94-6604-9C3C6058E0C4} - C:\WINDOWS\system32\hkunhu.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6A857019-91D0-9D02-A848-E82B2CE6D99E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {88F78A1D-CD35-40F0-B3E5-946FB1BBF89A} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C8A6B4D-6D6E-4843-891C-04439102F574} - (no file)
O2 - BHO: {876edfec-0c13-5d4b-de74-a663ea38703a} - {a30783ae-366a-47ed-b4d5-31c0cefde678} - C:\WINDOWS\system32\hkndpqyd.dll
O2 - BHO: (no name) - {A56A934A-85F4-4388-A362-BEB546E8F73C} - (no file)
O2 - BHO: (no name) - {AAEE8DC8-830F-496F-AE31-8D4A51C01914} - (no file)
O2 - BHO: (no name) - {B3FBAB34-16AC-4E79-DC2F-3EE600F60293} - C:\WINDOWS\system32\pvmceqy.dll (file missing)
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: (no name) - {f1b580b4-b04c-470f-8e10-0b5224ebab90} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [54323f93] rundll32.exe "C:\WINDOWS\system32\yagwgcwy.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uvyi] C:\WINDOWS\system32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\YMBOLS~1\alg.exe" -vt mtx
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Opqjg] C:\WINDOWS\F?nts\j?vaw.exe
O4 - HKCU\..\Run: [Uvaiat] C:\WINDOWS\SYSTEM32\?ystem32\w?nlogon.exe
O4 - HKCU\..\Run: [Arwm] "C:\PROGRA~1\FNTS~1\dexplore.exe" -vt mtx
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm413YYGB
O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ29\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195318132796
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab
O20 - Winlogon Notify: hggfgge - hggfgge.dll (file missing)
O20 - Winlogon Notify: loctmiga - C:\WINDOWS\
O20 - Winlogon Notify: msutil - C:\WINDOWS\Help\msutil.dll (file missing)
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 13967 bytes

[__RiP_ChAiN_]

Hello sludgeguts,


Using Add Or Remove Programs remove the following entries (if present): (To get into add Or Remove Programs press the START button > Control Panel > Add Or Remove Programs.)

BitLord 1.1
Viewpoint Media Player

A. Please RUN HijackThis

1. Click the SCAN button to produce a log.
   
   
2. Place a check mark beside each one of the following items:
   
   R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=w...+FG+2NpdvkfFA=
   O2 - BHO: (no name) - {040B7D23-99E1-BD14-BF1B-BFEE8A86EF9C} - C:\WINDOWS\system32\xwsf.dll (file missing)
   O2 - BHO: (no name) - {0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE} - C:\WINDOWS\system32\hggfgge.dll (file missing)
   O2 - BHO: (no name) - {14DB7B51-B663-4BBA-9320-EB84949A098F} - (no file)
   O2 - BHO: (no name) - {197846A8-E57E-F0A4-16D4-8563E6C3B0FF} - C:\WINDOWS\system32\bkmyaflh.dll (file missing)
   O2 - BHO: (no name) - {1AD5FCBE-100B-4D8F-7871-3CB6094DF4C3} - C:\WINDOWS\system32\xdtxgmnv.dll (file missing)
   O2 - BHO: (no name) - {34877841-C4D0-C554-A648-E82B2CE6D8CC} - (no file)
   O2 - BHO: (no name) - {42C76E27-D4E8-8A39-CF3D-AAEF3E7DA299} - C:\WINDOWS\system32\gyo.dll (file missing)
   O2 - BHO: (no name) - {449FC5FC-81F2-4A4A-A7C6-3E42A88C62C9} - (no file)
   O2 - BHO: (no name) - {525EB293-5C57-76FC-05B0-7032D76FB69F} - C:\WINDOWS\system32\rzibh.dll (file missing)
   O2 - BHO: (no name) - {5645ED67-538B-0D5B-817D-7C129130E693} - C:\WINDOWS\system32\nimn.dll (file missing)
   O2 - BHO: (no name) - {599D53DB-B54C-BD94-6604-9C3C6058E0C4} - C:\WINDOWS\system32\hkunhu.dll (file missing)
   O2 - BHO: (no name) - {6A857019-91D0-9D02-A848-E82B2CE6D99E} - (no file)
   O2 - BHO: (no name) - {88F78A1D-CD35-40F0-B3E5-946FB1BBF89A} - (no file)
   O2 - BHO: (no name) - {9C8A6B4D-6D6E-4843-891C-04439102F574} - (no file)
   O2 - BHO: {876edfec-0c13-5d4b-de74-a663ea38703a} - {a30783ae-366a-47ed-b4d5-31c0cefde678} - C:\WINDOWS\system32\hkndpqyd.dll
   O2 - BHO: (no name) - {A56A934A-85F4-4388-A362-BEB546E8F73C} - (no file)
   O2 - BHO: (no name) - {AAEE8DC8-830F-496F-AE31-8D4A51C01914} - (no file)
   O2 - BHO: (no name) - {B3FBAB34-16AC-4E79-DC2F-3EE600F60293} - C:\WINDOWS\system32\pvmceqy.dll (file missing)
   O2 - BHO: (no name) - {f1b580b4-b04c-470f-8e10-0b5224ebab90} - (no file)
   O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\YMBOLS~1\alg.exe" -vt mtx
   O4 - HKCU\..\Run: [Opqjg] C:\WINDOWS\F?nts\j?vaw.exe
   O4 - HKCU\..\Run: [Uvaiat] C:\WINDOWS\SYSTEM32\?ystem32\w?nlogon.exe
   O4 - HKCU\..\Run: [Arwm] "C:\PROGRA~1\FNTS~1\dexplore.exe" -vt mtx
   O20 - Winlogon Notify: hggfgge - hggfgge.dll (file missing)
   O20 - Winlogon Notify: loctmiga - C:\WINDOWS\
   O20 - Winlogon Notify: msutil - C:\WINDOWS\Help\msutil.dll (file missing)
   O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)
   
   
   
3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

B. 1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\SYSTEM32\iuyghxtx.dll
C:\WINDOWS\SYSTEM32\hkndpqyd.dll
C:\WINDOWS\SYSTEM32\cqvohfdr.dll
C:\WINDOWS\SYSTEM32\tfhsanrg.dll
C:\WINDOWS\SYSTEM32\tecewkof.dll
C:\WINDOWS\SYSTEM32\otkjhtql.dll
C:\WINDOWS\SYSTEM32\mcejqbyf.ini
C:\WINDOWS\SYSTEM32\bdpaepvo.ini
C:\WINDOWS\SYSTEM32\ovpeapdb.dll
C:\WINDOWS\SYSTEM32\audofben.dll
C:\WINDOWS\SYSTEM32\jtqpagun.ini
C:\WINDOWS\SYSTEM32\nugapqtj.dll
C:\WINDOWS\SYSTEM32\rxdnblub.exe
C:\WINDOWS\SYSTEM32\gnrvuxtw.dll
C:\WINDOWS\SYSTEM32\cnjvjtqk.exe
C:\WINDOWS\SYSTEM32\rqxhrsoo.ini
C:\WINDOWS\SYSTEM32\qpkvyobf.exe
C:\WINDOWS\SYSTEM32\nptghvsf.ini
C:\WINDOWS\SYSTEM32\jokpcjje.dll
C:\WINDOWS\SYSTEM32\uansobhs.exe
C:\WINDOWS\SYSTEM32\mcrh.tmp
C:\WINDOWS\system32\drivers\lvuvc.hs

Folder::
C:\WINDOWS\SYSTEM32\rMa01yy
C:\Temp\abW9
C:\Documents and Settings\All Users\Application Data\soft chic meet great

Driver::
ewdmaudn

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

[sludgeguts]

ComboFix 07-11-19.4 - max 2007-11-29 9:17:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.134 [GMT 0:00]
Running from: C:\Documents and Settings\max\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\max\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\audofben.dll
C:\WINDOWS\SYSTEM32\bdpaepvo.ini
C:\WINDOWS\SYSTEM32\cnjvjtqk.exe
C:\WINDOWS\SYSTEM32\cqvohfdr.dll
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\SYSTEM32\gnrvuxtw.dll
C:\WINDOWS\SYSTEM32\hkndpqyd.dll
C:\WINDOWS\SYSTEM32\iuyghxtx.dll
C:\WINDOWS\SYSTEM32\jokpcjje.dll
C:\WINDOWS\SYSTEM32\jtqpagun.ini
C:\WINDOWS\SYSTEM32\mcejqbyf.ini
C:\WINDOWS\SYSTEM32\mcrh.tmp
C:\WINDOWS\SYSTEM32\nptghvsf.ini
C:\WINDOWS\SYSTEM32\nugapqtj.dll
C:\WINDOWS\SYSTEM32\otkjhtql.dll
C:\WINDOWS\SYSTEM32\ovpeapdb.dll
C:\WINDOWS\SYSTEM32\qpkvyobf.exe
C:\WINDOWS\SYSTEM32\rqxhrsoo.ini
C:\WINDOWS\SYSTEM32\rxdnblub.exe
C:\WINDOWS\SYSTEM32\tecewkof.dll
C:\WINDOWS\SYSTEM32\tfhsanrg.dll
C:\WINDOWS\SYSTEM32\uansobhs.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\soft chic meet great
C:\Temp\abW9
C:\WINDOWS\cookies.ini
C:\WINDOWS\SYSTEM32\audofben.dll
C:\WINDOWS\SYSTEM32\bdpaepvo.ini
C:\WINDOWS\SYSTEM32\cnjvjtqk.exe
C:\WINDOWS\SYSTEM32\cqvohfdr.dll
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\SYSTEM32\gnrvuxtw.dll
C:\WINDOWS\SYSTEM32\iuyghxtx.dll
C:\WINDOWS\SYSTEM32\jokpcjje.dll
C:\WINDOWS\SYSTEM32\jtqpagun.ini
C:\WINDOWS\SYSTEM32\mcejqbyf.ini
C:\WINDOWS\SYSTEM32\mcrh.tmp
C:\WINDOWS\SYSTEM32\nptghvsf.ini
C:\WINDOWS\SYSTEM32\nugapqtj.dll
C:\WINDOWS\SYSTEM32\otkjhtql.dll
C:\WINDOWS\SYSTEM32\ovpeapdb.dll
C:\WINDOWS\SYSTEM32\qpkvyobf.exe
C:\WINDOWS\SYSTEM32\rMa01yy
C:\WINDOWS\SYSTEM32\rqxhrsoo.ini
C:\WINDOWS\SYSTEM32\rxdnblub.exe
C:\WINDOWS\SYSTEM32\tecewkof.dll
C:\WINDOWS\SYSTEM32\tfhsanrg.dll
C:\WINDOWS\SYSTEM32\uansobhs.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\ewdmaudn


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-29 09:29 <DIR> d-------- C:\WINDOWS\LastGood
2007-11-27 07:55 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-26 18:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-11-26 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-23 20:50 <DIR> d-------- C:\Program Files\Safer Networking
2007-11-22 19:39 28,288 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\xjis.nls
2007-11-22 19:38 83,748 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\prcp.nls
2007-11-22 19:38 83,748 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\prc.nls
2007-11-22 19:38 57,856 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_scripto.dll
2007-11-22 19:38 26,112 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_seos.dll
2007-11-22 19:38 23,040 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_regtrace.exe
2007-11-22 19:38 12,288 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_smtpctrs.dll
2007-11-22 19:38 7,168 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_snprfdll.dll
2007-11-22 19:37 482,304 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pintlgnt.ime
2007-11-22 19:37 131,584 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pmxviceo.dll
2007-11-22 19:37 70,144 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pintlphr.exe
2007-11-22 19:37 67,584 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pmigrate.dll
2007-11-22 19:37 65,536 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_mailmsg.dll
2007-11-22 19:37 38,912 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_ntfsdrv.dll
2007-11-22 19:37 36,927 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\padrs411.dll
2007-11-22 19:37 14,336 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\padrs412.dll
2007-11-22 19:37 11,264 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pmxmcro.dll
2007-11-22 19:37 6,144 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\pmxgl.dll
2007-11-22 19:36 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2007-11-22 19:36 10,129,408 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxkor.dll
2007-11-22 19:36 10,096,640 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxcht.dll
2007-11-22 19:36 173,602 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\c_20002.nls
2007-11-22 19:36 54,528 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\cap7146.sys
2007-11-22 19:36 43,520 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_fcachdll.dll
2007-11-22 19:36 24,632 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fpadmcgi.exe
2007-11-22 19:36 14,848 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\flattemp.exe
2007-11-22 19:36 7,168 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\f3ahvoas.dll
2007-11-22 19:35 188,480 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\cfgwiz.exe
2007-11-22 19:35 162,850 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\c_10001.nls
2007-11-22 19:35 45,056 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_aqadmin.dll
2007-11-22 19:35 5,632 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_adsiisex.dll
2007-11-22 19:30 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2007-11-22 19:30 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2007-11-22 19:30 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2007-11-22 19:28 214,528 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icwconn1.exe
2007-11-22 19:28 86,016 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icwconn2.exe
2007-11-22 19:28 32,768 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icwdl.dll
2007-11-22 19:28 20,480 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\inetwiz.exe
2007-11-22 18:11 34 --a------ C:\WINDOWS\SYSTEM\oeminfo.ini
2007-11-22 18:10 2,012,670 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5.CAT
2007-11-22 18:10 1,086,058 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NTPRINT.CAT
2007-11-22 18:10 1,042,903 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\SP2.CAT
2007-11-22 18:10 797,189 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5IIS.CAT
2007-11-22 18:10 399,645 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MAPIMIG.CAT
2007-11-22 18:10 382,952 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\NT5INF.CAT
2007-11-22 18:10 37,484 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\MW770.CAT
2007-11-22 18:10 31,281 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\FP4.CAT
2007-11-22 18:10 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2007-11-22 18:10 24,661 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\spxcoins.dll
2007-11-22 18:10 13,472 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\HPCRDP.CAT
2007-11-22 18:10 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2007-11-22 18:10 8,574 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\IASNT4.CAT
2007-11-22 18:10 7,710 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\OEMBIOS.CAT
2007-11-22 18:10 7,334 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wmerrenu.cat
2007-11-22 17:58 <DIR> d-------- C:\WINDOWS\dell
2007-11-20 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-11-18 19:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\ZoneLabs
2007-11-18 19:51 350,920 --a------ C:\WINDOWS\SYSTEM32\vsconfig.xml
2007-11-18 19:50 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-18 19:06 <DIR> d-------- C:\Program Files\Registry Defender
2007-11-18 13:24 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-11-18 13:24 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2007-11-17 17:38 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 09:03 --------- d-----w C:\Program Files\BitLord
2007-11-17 17:37 --------- d-----w C:\Program Files\Logitech
2007-11-17 17:37 --------- d-----w C:\Program Files\Common Files\logishrd
2007-11-17 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-11-12 17:47 --------- d-----w C:\Documents and Settings\max\Application Data\HP
2007-11-07 15:19 --------- d-----w C:\Program Files\Dl_cats
2007-10-15 20:03 --------- d-----w C:\Program Files\Full Tilt Poker.Net
2007-10-11 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2007-10-06 09:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-05 19:43 --------- d-----w C:\Documents and Settings\mark\Application Data\Motive
2007-10-05 19:39 --------- d-----w C:\Program Files\BT Broadband Desktop Help
2007-10-05 19:38 --------- d-----w C:\Program Files\Common Files\Motive
2007-10-05 19:37 --------- d-----w C:\Program Files\Motive
2007-10-05 19:36 --------- d-----w C:\Program Files\BT Home Hub
2005-05-02 12:42 374,279 --sh--w C:\WINDOWS\Help\litusm.bak1
.

((((((((((((((((((((((((((((( snapshot@2007-11-27_11.31.21.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 07:39:12 4,212 ---ha-w C:\WINDOWS\SYSTEM32\zllictbl.dat
+ 2007-11-29 09:28:06 4,212 ---h--w C:\WINDOWS\SYSTEM32\zllictbl.dat
- 2007-11-26 18:13:50 6,878,638 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\spyware.dat
+ 2007-11-27 15:00:30 6,896,533 ----a-w C:\WINDOWS\SYSTEM32\ZoneLabs\spyware.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"Uvyi"="C:\WINDOWS\system32\WWEXEC~1.EXE" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 10:14]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 13:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-01-26 00:41]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 01:01]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 15:30]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-16 01:05]
"vptray"="C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe" [2004-02-12 11:49]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-12 13:55 C:\WINDOWS\SYSTEM32\bthprops.cpl]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-06 18:03]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 10:06]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 18:55]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-11-30 10:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 12:34]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"54323f93"="C:\WINDOWS\system32\yagwgcwy.dll" [2007-11-24 18:43]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 13:56]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-12 14:01 C:\WINDOWS\SYSTEM32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 05:00]

C:\Documents and Settings\sam\Start Menu\Programs\Startup\
eTomi Pro On Startup.lnk - C:\Program Files\eTomiPro\Gui\etomipro.exe [2005-02-08 14:15:28]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-03-16 14:24:02]
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-10-05 19:37:10]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe [2005-02-07 18:53:16]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-28 18:35:59]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [2005-09-20 17:10:04]
C:\WINDOWS\system32\NavLogon.dll 2004-02-12 11:38 45172 C:\WINDOWS\SYSTEM32\NavLogon.dll

S3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys
S3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys
S3 CSRBC01;%CSRBC01.SvcDesc%;C:\WINDOWS\system32\Drivers\csrbc01.sys
S3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20452f93-714b-11d9-a746-806d6172696f}]
\Shell\AutoRun\command - D:\Start.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-21 14:32:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 17:09:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 17:12:36 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-27 11:40
.
--- E O F ---

[sludgeguts]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:47, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [54323f93] rundll32.exe "C:\WINDOWS\system32\yagwgcwy.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Uvyi] C:\WINDOWS\system32\WWEXEC~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm413YYGB
O8 - Extra context menu item: Grip.com - file://C:\Program Files\GRIPCZ29\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195318132796
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/preq...ivePreQual.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 11409 bytes