My computer has something

[indiancexi]

This mess my computer has started with what I listed in the first post. Then later scans with AGV showed this

C:\Documents and Settings\user\Local Settings\Temp\npftmhow.exe Deleted
Trojan horse backdoor.Agent.PTA
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4SEPU7FR\hctp[1] Moved to Vault
Virus found LOP
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4SEPU7FR\ptch[1] Moved to Vault
Virus found LOP
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\G2HP8B9G\ptch[1] Moved to Vault
Virus found LOP
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\IWSCQPKL\gamadril20071203[1] Deleted
Trojan horse backdoor.Agent.PTA
C:\Program Files\Grisoft\AVG7\avgcc.exe Moved to Vault
Virus identified WIN32/Prepender.C
C:\System Volume Information\_restore{DE8EA6E1-509B-4F6A-9F86-CE15892ADC67}\RP3\A0000129.exe Moved to Vault
Virus identified WIN32/Prepender.C
C:\System Volume Information\_restore{DE8EA6E1-509B-4F6A-9F86-CE15892ADC67}\RP3\A0000138.exe Moved to Vault
Virus identified WIN32/Prepender.C
C:\WINDOWS\system32\mljif.exe Moved to Vault
Virus identified WIN32/Prepender.C
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe Deleted
Virus identified WIN32/Prepender.C

Every scan I run wether it be spybot or AVG or ad-aware come up with these files

TrackingCookie.2o7 Family TrackingCookie.2o7 Spyware Family
TrackingCookie.Advertising Family TrackingCookie.Advertising Spyware Family
TrackingCookie.Tacoda Family TrackingCookie.Tacoda Spyware Family
TrackingCookie.Ru4 Family TrackingCookie.Ru4 Spyware Family
TrackingCookie.Revsci Family TrackingCookie.Revsci Spyware Family
C:\Documents and Settings\user\Local Settings\Temp\TMP33A0.tmp Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Local Settings\Temp\TMP33A3.tmp Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@2o7[2].txt Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@advertising[2].txt Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@anad.tacoda[1].txt Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@edge.ru4[2].txt Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@revsci[1].txt Potentially Unwanted Program, Moved to Vault
C:\Documents and Settings\user\Cookies\user@tacoda[1].txt

I even had it set so every cookie prompted me to accept it or not and told all first and third party NO and these still appeared.

[shelf life]

hi,

ok thanks for the info. we can continue on.

Copy the entire contents of the Code Box below to Notepad.

Name the file as Log.txt (overwrite the existing one)
Change the Save as Type to: All Files
and Save it on your desktop

Code:

C:\Program Files\AOL 9.0a\AOL .EXE
C:\Program Files\Common Files\AOL\1137963347\EE\AOLSoftware .exe
C:\Program Files\Grisoft\AVG7\avgcc .exe
C:\Program Files\Messenger\msmsgs .exe

drag the Log.txt you just saved right onto the RenV.exe icon
RenV will run:
it will produce another log, post the new RenV log in next reply.
next rerun combofix and post that log as well as a new hjt log please

shelf life

[indiancexi]

RenV log

Code:

Ran on Mon 01/14/2008 -  8:34:09.24

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0

ComboFix 08-01-13.1 - user 2008-01-14 8:40:04.2 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 10:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 22:54 . 2008-01-13 09:48 <DIR> d-------- C:\VundoFix Backups
2008-01-12 22:00 . 2008-01-12 22:00 3,584 --a------ C:\WINDOWS\system32\mljif.exe
2008-01-12 12:00 . 2008-01-12 12:28 <DIR> d-------- C:\Documents and Settings\user\Application Data\AVG7
2008-01-12 11:58 . 2008-01-12 11:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 11:57 . 2008-01-12 11:57 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-01-12 11:56 . 2008-01-12 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 11:56 . 2008-01-12 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-10 09:27 . 2008-01-10 09:38 196,608 -ra------ C:\icei5_12_05use this.QBW.TLG
2008-01-09 16:50 . 2008-01-09 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-06 14:18 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-03 08:37 . 2008-01-07 07:01 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-03 08:27 . 2008-01-03 08:34 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-30 20:58 . 2007-12-30 20:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 12:59 . 2008-01-02 13:48 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-30 12:13 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-30 12:13 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-30 12:13 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-30 12:13 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-30 12:13 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-30 12:13 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-30 12:13 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-30 12:13 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-30 12:13 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-29 20:49 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1c
2007-12-27 09:53 . 2007-12-28 12:01 <DIR> d-------- C:\Program Files\AOL 9.1b
2007-12-26 09:35 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1a
2007-12-25 09:57 . 2007-12-25 09:57 <DIR> d-------- C:\WINDOWS\aolshare
2007-12-25 09:56 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1
2007-12-24 23:25 . 2008-01-13 10:39 33,205 --a------ C:\logfile
2007-12-24 23:00 . 2007-12-24 23:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-24 22:59 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-24 22:59 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-24 22:58 . 2007-12-24 22:58 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-12-24 22:41 . 2007-12-24 23:00 <DIR> d-------- C:\Program Files\Kodak
2007-12-24 22:38 . 2007-12-24 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-24 15:51 . 2007-12-24 15:51 <DIR> d-------- C:\Program Files\Legacy Interactive
2007-12-19 16:07 . 2007-12-19 16:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\Snapfish
2007-12-16 21:14 . 2007-12-16 21:14 <DIR> d-------- C:\Program Files\Disney
2007-12-15 15:40 . 2007-12-15 15:40 <DIR> d-------- C:\Program Files\Simple Star

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 13:34 --------- d-----w C:\Program Files\AOL 9.0a
2008-01-11 22:11 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-01-05 08:01 --------- d-----w C:\Program Files\LimeWire
2007-12-31 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 02:05 --------- d-----w C:\Documents and Settings\user\Application Data\AOL
2007-12-30 01:55 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-30 01:51 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-30 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-29 16:37 --------- d-----w C:\Program Files\AOL Games
2007-12-26 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 08:29 --------- d-----w C:\Program Files\QuickTime
2007-12-24 04:54 --------- d-----w C:\Program Files\John Deere American Farmer
2007-12-15 21:05 --------- d-----w C:\Documents and Settings\user\Application Data\Simple Star
2007-12-15 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star
2007-12-15 20:53 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2007-12-14 14:14 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-11-30 08:54 --------- d-----w C:\Program Files\iTunes
2007-11-18 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2007-11-16 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-27 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-07-13 03:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-03-26 00:47 45,240 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_10.45.21.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-26 15:15:10 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:47 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:10 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:47 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:17 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:01 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:10 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:48 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:18 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:02 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:11 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:48 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:18 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:03 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:11 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:49 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:18 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:03 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:19 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:04 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:11 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:50 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:19 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:04 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:12 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:51 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:20 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:05 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:12 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:51 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:20 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:05 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:12 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:52 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:20 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:06 49,152 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:21 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:06 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:13 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:52 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:13 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:54 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:21 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:07 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:13 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:54 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:14 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2008-01-13 15:39:56 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-03-26 15:15:21 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2008-01-13 15:40:08 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-03-26 15:15:15 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2008-01-13 15:39:57 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-03-26 15:15:22 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2008-01-13 15:40:08 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-03-26 15:15:15 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:57 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:22 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:09 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:16 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:58 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:22 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:09 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:16 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:58 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:23 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:09 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:23 40,960 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2008-01-13 15:40:10 40,960 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
- 2007-03-26 15:15:16 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:39:59 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:23 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:10 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:17 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:00 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:24 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:11 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:17 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:01 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-03-26 15:15:24 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-01-13 15:40:12 65,536 ----a-r C:\WINDOWS\Installer\{688A3383-3CE7-4094-9188-9C39D1E4FCB6}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
.

[indiancexi]

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 11:56 219136]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-26 15:59:44]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-06-05 20:35:54]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00]
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2006-01-20 14:28:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-12 11:57 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuspon]
vtuspon.dll

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
S3 DCamUSBSTK016;STK016 Camera;C:\WINDOWS\system32\DRIVERS\STK016W2.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 03:39:19 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-01-14 06:37:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 08:45:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 8:46:55
ComboFix-quarantined-files.txt 2008-01-14 13:46:27
ComboFix2.txt 2008-01-13 15:47:17
.
2008-01-14 08:02:26 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:42 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roanoke.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://games.bigfishgames.com/en_mys...eb.1.0.0.8.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://games.bigfishgames.com/en_ric...GameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152448988654
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/gh...ball/abxgh.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/fr...esLauncher.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_big...GamePlayer.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/so...tched/main.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/di...h.1.0.0.72.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: vtuspon - vtuspon.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10445 bytes

[shelf life]

hi,

thanks for the info. please refrain from using limewire for now disable it from running at start up.

we will use combofix now.

Click Start > Run and type Notepad and click OK.
Open notepad
Copy/paste the text in the code box below into notepad:

Code:

File::
C:\WINDOWS\system32\mljif.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuspon]
vtuspon.dll

Name the Notepad file CFScript.txt and Save it to your desktop.

locate both the file you just saved and the combofix icon. using your mouse drag the txt file right on top of the combofix icon and release. combofix will run (and may reboot your machine)
and produce a new log. please post the new log and a new hjt log also.

last do a online scan here:

ESET online scanner:

http://www.eset.com/onlinescan/
uses Internet Explorer only

check "YES" to accept terms

click start button

allow the ActiveX component to install

click the start button. the Scanner will update.

Do not check either of : "Remove found threats" and "Scan unwanted applications"

click scan

when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt

please copy/paste that log in next reply. along with the new combofix and the new hjt log.

shelf life

[indiancexi]

Here is the new combofix log. Will post the hijackthis log and results of the scan in next log

ComboFix 08-01-13.1 - user 2008-01-14 18:23:18.3 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\mljif.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mljif.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 10:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 22:54 . 2008-01-13 09:48 <DIR> d-------- C:\VundoFix Backups
2008-01-12 12:00 . 2008-01-12 12:28 <DIR> d-------- C:\Documents and Settings\user\Application Data\AVG7
2008-01-12 11:58 . 2008-01-12 11:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-12 11:57 . 2008-01-12 11:57 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2008-01-12 11:56 . 2008-01-12 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 11:56 . 2008-01-12 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-10 09:27 . 2008-01-10 09:38 196,608 -ra------ C:\icei5_12_05use this.QBW.TLG
2008-01-09 16:50 . 2008-01-09 16:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-06 14:18 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-03 08:37 . 2008-01-07 07:01 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-03 08:27 . 2008-01-03 08:34 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-30 20:58 . 2007-12-30 20:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-30 12:59 . 2008-01-02 13:48 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-30 12:13 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-30 12:13 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-30 12:13 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-30 12:13 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-30 12:13 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-30 12:13 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-30 12:13 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-30 12:13 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-30 12:13 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-29 20:49 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1c
2007-12-27 09:53 . 2007-12-28 12:01 <DIR> d-------- C:\Program Files\AOL 9.1b
2007-12-26 09:35 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1a
2007-12-25 09:57 . 2007-12-25 09:57 <DIR> d-------- C:\WINDOWS\aolshare
2007-12-25 09:56 . 2007-12-30 01:08 <DIR> d-------- C:\Program Files\AOL 9.1
2007-12-24 23:25 . 2008-01-14 17:49 34,794 --a------ C:\logfile
2007-12-24 23:00 . 2007-12-24 23:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-24 22:59 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-24 22:59 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-24 22:58 . 2007-12-24 22:58 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-12-24 22:41 . 2007-12-24 23:00 <DIR> d-------- C:\Program Files\Kodak
2007-12-24 22:38 . 2007-12-24 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-24 15:51 . 2007-12-24 15:51 <DIR> d-------- C:\Program Files\Legacy Interactive
2007-12-19 16:07 . 2007-12-19 16:07 <DIR> d-------- C:\Documents and Settings\user\Application Data\Snapfish
2007-12-16 21:14 . 2007-12-16 21:14 <DIR> d-------- C:\Program Files\Disney
2007-12-15 15:40 . 2007-12-15 15:40 <DIR> d-------- C:\Program Files\Simple Star

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 23:16 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-01-14 13:34 --------- d-----w C:\Program Files\AOL 9.0a
2008-01-05 08:01 --------- d-----w C:\Program Files\LimeWire
2007-12-31 14:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 02:05 --------- d-----w C:\Documents and Settings\user\Application Data\AOL
2007-12-30 01:55 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-30 01:51 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-30 01:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-30 01:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-29 16:37 --------- d-----w C:\Program Files\AOL Games
2007-12-26 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 08:29 --------- d-----w C:\Program Files\QuickTime
2007-12-24 04:54 --------- d-----w C:\Program Files\John Deere American Farmer
2007-12-15 21:05 --------- d-----w C:\Documents and Settings\user\Application Data\Simple Star
2007-12-15 20:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star
2007-12-15 20:53 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
2007-12-14 14:14 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-11-30 08:54 --------- d-----w C:\Program Files\iTunes
2007-11-18 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2007-11-16 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-27 17:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-07-13 03:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-03-26 00:47 45,240 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-01-14_ 8.45.47.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 15:04:59 1,196,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 23:23:06 1,196,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 15:04:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 23:23:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 15:05:01 5,861,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-14 23:23:06 1,196,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 15:05:01 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 23:23:06 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 15:05:01 1,196,032 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 23:23:07 5,873,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-13 15:05:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 23:23:07 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-12 11:56 219136]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-26 15:59:44]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-06-05 20:35:54]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 14:21:00]
Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2006-01-20 14:28:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-12 11:57 9216 C:\WINDOWS\system32\avgwlntf.dll

R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 22:28]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 16:01]
S2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [2003-11-13 13:29]
S3 DCamUSBSTK016;STK016 Camera;C:\WINDOWS\system32\DRIVERS\STK016W2.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 03:39:19 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-01-14 06:37:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 18:33:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 18:34:34
ComboFix-quarantined-files.txt 2008-01-14 23:34:00
ComboFix2.txt 2008-01-14 13:46:55
ComboFix3.txt 2008-01-13 15:47:17
.
2008-01-14 08:02:26 --- E O F ---

[shelf life]

hi,

ok thanks, you forgot the online scan log?

shelf life

[indiancexi]

here is the hjt log and the esetonline scan log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:48 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.roanoke.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://games.bigfishgames.com/en_mys...eb.1.0.0.8.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://games.bigfishgames.com/en_ric...GameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1152448988654
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} (Abx(gh) Control) - http://aolsvc.aol.com/onlinegames/gh...ball/abxgh.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/fr...esLauncher.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_big...GamePlayer.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} (BewitchedGameClass Control) - http://aolsvc.aol.com/onlinegames/so...tched/main.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/di...h.1.0.0.72.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10311 bytes


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2791 (20080114)
# vers_arch_module=1.061 (20080110)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=3137351cdc8f6f4586fd05247c380f69
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-01-15 02:12:17
# local_time=2008-01-14 09:12:17 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=306215
# found=1
# scan_time=8306
C:\QooBox\Quarantine\C\WINDOWS\system32\mljif.exe.vir Win32/Adware.Virtumonde.CLI application 15E6D8768CD05D6F6160648ACEC29FF0

[shelf life]

hi,

ok thanks, hows it looking on your end now?

[indiancexi]

There doesn't seem to be any pop ups what scans do you want me to run. Do I need to reinstall AVG. or is it fine.