It actually found a file called removalfile.bat. It removes it but the file keeps coming back.

This problem is linked to MSN Messenger. When I click MSN Messenger to open it I get a warning that my CA found Chisyne!generic, but did not delete it. When open MSN Messenger will go crazy when opened and send messages to every person in my list who is online. It repeats itself, I have shut PC off to stop it.



My HJT log is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:01 AM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
h:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\HPZipm12.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
H:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
H:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\QuickTime\qttask.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
H:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
H:\Program Files\Logitech\QuickCam10\QuickCam10.exe
H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
H:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
H:\Program Files\MySpace\IM\MySpaceIM.exe
H:\Program Files\AIM6\aim6.exe
H:\Program Files\Steam\Steam.exe
H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
H:\Program Files\AIM6\aolsoftware.exe
H:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
H:\WINDOWS\system32\HPZinw12.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] H:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AIMPro] "H:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "H:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "H:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "H:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [PCLEUSBTip] H:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [cctray] "H:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] H:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "H:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "H:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] H:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] H:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] H:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZSzim029YYUS
O8 - Extra context menu item: &Windows Live Search - res://H:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://H:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?9a3a582cd2e4433aaeca4532c41c939e
O8 - Extra context menu item: Open in new foreground tab - res://H:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?9a3a582cd2e4433aaeca4532c41c939e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - H:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CaCCProvSP - CA, Inc. - H:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - h:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - H:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - H:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ventrilo - Unknown owner - H:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - H:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9517 bytes


ComboFix found nothing

VundoFix found nothing

Kasperesky Online scan found nothing

FxVMonde found nothing

Any help appreciated.

hi RoyalWapiti,

rerun combofix and post the log please. msn messenger sending out msg's is the only symptom you have?

I did a few things while waiting for a response.

I figured Kaspersky didn't scan the right thing so I rescanned and found a bunch of Websearch and WebFun Products crap. I deleted it all, I have a list from Kaspersky if you would like to see it. Problem seems to have disappeared.

Here is Combofix

ComboFix 07-08-09.3 - "Hogie" 2007-08-12 16:11:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.856 [GMT -5:00]


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-12 09:16 <DIR> d-------- H:\WINDOWS\SxsCaPendDel
2007-08-12 00:39 <DIR> d-------- H:\HJT
2007-08-11 23:39 51,200 --a------ H:\WINDOWS\nircmd.exe
2007-08-11 23:31 <DIR> d-------- H:\WINDOWS\system32\Kaspersky Lab
2007-08-11 23:31 <DIR> d-------- H:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-11 22:50 <DIR> d-------- H:\VundoFix Backups
2007-08-11 22:40 28,672 --a------ H:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-11 22:40 <DIR> d-------- H:\DOCUME~1\Hogie\APPLIC~1\WholeSecurity
2007-08-11 21:22 <DIR> d-------- H:\DOCUME~1\Hogie\APPLIC~1\Uniblue
2007-08-11 20:56 <DIR> d-------- H:\Program Files\Trend Micro
2007-08-11 20:14 3,840 --a------ H:\WINDOWS\system32\drivers\BANTExt.sys
2007-08-11 20:14 <DIR> d-------- H:\Program Files\Belarc
2007-08-11 20:07 <DIR> d-------- H:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-11 18:58 <DIR> d-------- H:\Program Files\Enigma Software Group
2007-08-11 17:52 <DIR> d-------- H:\Program Files\Lavasoft
2007-08-11 17:52 <DIR> d-------- H:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-11 16:17 <DIR> d-------- H:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-08 17:36 <DIR> d-------- H:\Program Files\Steam
2007-07-28 17:05 94,208 --a------ H:\WINDOWS\DIIUnin.exe
2007-07-28 17:05 35,158 --a------ H:\WINDOWS\DIIUnin.dat
2007-07-28 17:05 2,829 --a------ H:\WINDOWS\DIIUnin.pif
2007-07-23 09:41 879,832 --a------ H:\WINDOWS\system32\drivers\vetefile.sys
2007-07-23 09:41 108,360 --a------ H:\WINDOWS\system32\drivers\veteboot.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-12 14:50 --------- d-------- H:\Program Files\Windows Live Toolbar
2007-08-12 14:47 --------- d-------- H:\Program Files\MSN Messenger
2007-08-11 23:26 --------- d-------- H:\Program Files\Viewpoint
2007-08-11 21:36 --------- d-------- H:\Program Files\Google
2007-08-11 18:22 9344 --a------ H:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 18:22 8320 --a------ H:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-11 17:51 --------- d-------- H:\Program Files\Common Files\Wise Installation Wizard
2007-08-10 19:14 --------- d-------- H:\Program Files\World of Warcraft
2007-08-03 11:10 --------- d-------- H:\DOCUME~1\Hogie\APPLIC~1\LimeWire
2007-07-31 10:56 --------- d-------- H:\Program Files\Diablo II
2007-07-31 10:55 43520 --a------ H:\WINDOWS\system32\CmdLineExt03.dll
2007-07-28 17:12 21840 --a----t- H:\WINDOWS\system32\SIntfNT.dll
2007-07-28 17:12 17212 --a----t- H:\WINDOWS\system32\SIntf32.dll
2007-07-28 17:12 12067 --a----t- H:\WINDOWS\system32\SIntf16.dll
2007-06-29 08:21 --------- d-------- H:\Program Files\CA
2007-06-29 08:09 --------- d--h----- H:\Program Files\InstallShield Installation Information
2007-06-29 08:09 --------- d-------- H:\Program Files\DivX
2007-06-29 06:54 --------- d-------- H:\Program Files\Pinnacle
2007-06-29 06:53 --------- d-------- H:\Program Files\Common Files\Symantec Shared
2007-06-28 10:17 --------- d-------- H:\Program Files\Microsoft.NET
2007-06-28 10:17 --------- d-------- H:\Program Files\Microsoft ActiveSync
2007-05-26 10:54 2256 --a------ H:\WINDOWS\current_settings.bin
2007-05-26 09:40 109990 --a------ H:\WINDOWS\hpoins08.dat
2007-05-25 14:37 95 --a------ H:\AUTOEXEC.BAT
2007-05-16 10:12 86528 --a--c--- H:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --a--c--- H:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a--c--- H:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 683520 --a------ H:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 510976 --a--c--- H:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --a--c--- H:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="H:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 02:49 H:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 05:43 H:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2005-12-19 22:02]
"nwiz"="nwiz.exe" [2005-12-19 22:02 H:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2005-12-19 22:02]
"NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AIMPro"="H:\Program Files\AIM\AIM Pro\aimpro.exe" []
"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"LogitechCommunicationsManager"="H:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LVCOMSX"="H:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 17:43]
"LogitechQuickCamRibbon"="H:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
"PCLEUSBTip"="H:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" []
"HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18]
"cctray"="H:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-29 08:26]
"CAVRID"="H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-04-30 10:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MySpaceIM"="H:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34]
"Aim6"="H:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"Steam"="H:\Program Files\Steam\Steam.exe" [2007-08-08 17:50]
"Uniblue RegistryBooster 2"="H:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=H:\Program Files\MySpace\IM\MySpaceIM.exe

H:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44]

R1 PCLEPCI;PCLEPCI;\??\H:\WINDOWS\system32\drivers\pclepci.sys
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;"H:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe"
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;H:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 MarvinBus;Pinnacle Marvin Bus;H:\WINDOWS\system32\DRIVERS\MarvinBus.sys
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);H:\WINDOWS\system32\DRIVERS\LV302V32.SYS
R3 StillCam;Still Serial Digital Camera Driver;H:\WINDOWS\system32\DRIVERS\serscan.sys
R3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;H:\WINDOWS\system32\DRIVERS\rt2500usb.sys
S3 BCM42RLY;BCM42RLY;\??\H:\WINDOWS\System32\BCM42RLY.SYS
S3 CO_Mon;CO_Mon;\??\H:\WINDOWS\system32\Drivers\CO_Mon.sys
S3 gdrv;gdrv;\??\H:\WINDOWS\gdrv.sys
S3 WISTechVIDCAP;Dazzle DVC170;H:\WINDOWS\system32\drivers\wisgostrm.sys

*Newly Created Service* - USNJSVC

Contents of the 'Scheduled Tasks' folder
2007-08-12 20:26:02 H:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 16:13:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 16:15:39
H:\ComboFix-quarantined-files.txt ... 2007-08-12 16:15
H:\ComboFix2.txt ... 2007-08-12 00:26

--- E O F ---

hi RoyalWapiti,

ok good.

this look like a reference to mywebsearch:
Extra context menu item: &Search - ?p=ZSzim029YYUS
take a look in the add/remove programs panel and uninstall it. most likely its not there now.

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O8 - Extra context menu item: &Search - ?p=ZSzim029YYUS

i dont think the kaspersky log is needed. cruise around, use messenger to make sure the problem is gone.

shelf life

This topic has been moved to archives.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.