PDA

View Full Version : Virtumonde found me



cayveman
2008-02-24, 05:15
Please help me remove viruses on my pc. I've run the Kaspersky and hjt and will include logfiles for both. I did run s & d in safe mode, but was unable to get the virtumonde to quit coming back.

Here's the hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:54 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\SonyIEx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutt.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BM7383503f] Rundll32.exe "C:\WINDOWS\system32\ushpgnll.dll",s
O4 - HKLM\..\Run: [70b063a3] rundll32.exe "C:\WINDOWS\system32\innxlgul.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2832976248-3504857416-100292935-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'britney')
O4 - HKUS\S-1-5-21-2832976248-3504857416-100292935-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'britney')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.regence.com/remote/msrdp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6079 bytes

The Kaspersky file is too long to include. I'll send it at your request.

Thanks for your help.

ken545
2008-02-24, 19:29
Hello cayveman
Welcome to Safer Networking.

Please read Before YouPost (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.


Do these in order please, I need to see the report for each and after the final scan, post a new HJT log.

Do this first.

Disable the TeaTimer, you can re enable it when were done if you wish

Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect






Download VundoFix (http://www.atribune.org/ccount/click.php?id=4 ) to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.






Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a Hijackthis log.








Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net



2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.

IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.


3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.

cayveman
2008-02-25, 00:17
Here is the 1st half of the vundofix log. Too long for one post.
VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 7:52:10 PM 12/27/2007

Listing files found while scanning....

C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\bfsvmohy.dll
C:\WINDOWS\system32\cnfmyedp.dll
C:\WINDOWS\system32\qsoxidlm.dll
C:\WINDOWS\system32\sgutuvqu.dll
C:\WINDOWS\system32\ssqqqol.dll
C:\WINDOWS\system32\sxsddxvx.dll
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.exe
C:\WINDOWS\system32\wvuss.exe
C:\WINDOWS\system32\xxmubncg.dll
C:\WINDOWS\system32\yhomvsfb.ini

Beginning removal...

Attempting to delete C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\mrofinu72.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\bfsvmohy.dll
C:\WINDOWS\system32\bfsvmohy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cnfmyedp.dll
C:\WINDOWS\system32\cnfmyedp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qsoxidlm.dll
C:\WINDOWS\system32\qsoxidlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sgutuvqu.dll
C:\WINDOWS\system32\sgutuvqu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqqol.dll
C:\WINDOWS\system32\ssqqqol.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\sxsddxvx.dll
C:\WINDOWS\system32\sxsddxvx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ttutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.exe
C:\WINDOWS\system32\vtutt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuss.exe
C:\WINDOWS\system32\wvuss.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxmubncg.dll
C:\WINDOWS\system32\xxmubncg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yhomvsfb.ini
C:\WINDOWS\system32\yhomvsfb.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqqqol.dll
C:\WINDOWS\system32\ssqqqol.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 9:10:54 AM 12/29/2007

Listing files found while scanning....

C:\WINDOWS\system32\awuuynkq.dll
C:\WINDOWS\system32\bekwiedu.ini
C:\WINDOWS\system32\deuajbeo.dll
C:\WINDOWS\system32\dgcpuyov.dll
C:\WINDOWS\system32\oebjaued.ini
C:\WINDOWS\system32\owvcbgxb.dll
C:\WINDOWS\system32\rbgpphfm.dll
C:\WINDOWS\system32\ssqqqol.dll
C:\WINDOWS\system32\udeiwkeb.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awuuynkq.dll
C:\WINDOWS\system32\awuuynkq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bekwiedu.ini
C:\WINDOWS\system32\bekwiedu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\deuajbeo.dll
C:\WINDOWS\system32\deuajbeo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dgcpuyov.dll
C:\WINDOWS\system32\dgcpuyov.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\oebjaued.ini
C:\WINDOWS\system32\oebjaued.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\owvcbgxb.dll
C:\WINDOWS\system32\owvcbgxb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rbgpphfm.dll
C:\WINDOWS\system32\rbgpphfm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqqol.dll
C:\WINDOWS\system32\ssqqqol.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\udeiwkeb.dll
C:\WINDOWS\system32\udeiwkeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.exe
C:\WINDOWS\system32\vtutt.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqqqol.dll
C:\WINDOWS\system32\ssqqqol.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 5:35:52 PM 1/27/2008

Listing files found while scanning....

C:\WINDOWS\system32\agkxrbgt.dll
C:\WINDOWS\system32\autfwfjr.dll
C:\WINDOWS\system32\cgketqur.dll
C:\WINDOWS\system32\cherysig.dll
C:\WINDOWS\system32\cwgkmaae.ini
C:\WINDOWS\system32\cynagwab.dll
C:\WINDOWS\system32\dbfvxyvv.dll
C:\WINDOWS\system32\dchvlrsv.dll
C:\WINDOWS\system32\eaamkgwc.dll
C:\WINDOWS\system32\ebkflfsu.dll
C:\WINDOWS\system32\eqqmclkr.dll
C:\WINDOWS\system32\evdbfdih.dll
C:\WINDOWS\system32\fevxhlpd.dll
C:\WINDOWS\system32\fwukawkb.dll
C:\WINDOWS\system32\gduyiikr.dll
C:\WINDOWS\system32\gerlakde.dll
C:\WINDOWS\system32\ggvparxa.dll
C:\WINDOWS\system32\gisyrehc.ini
C:\WINDOWS\system32\glxmjvxc.dll
C:\WINDOWS\system32\gsnaijuj.dll
C:\WINDOWS\system32\gubtlspa.dll
C:\WINDOWS\system32\gywxdvgy.dll
C:\WINDOWS\system32\hanuauti.dll
C:\WINDOWS\system32\helrljwq.dll
C:\WINDOWS\system32\hjdiashf.dll
C:\WINDOWS\system32\hmevcwip.dll
C:\WINDOWS\system32\hwjfkula.dll
C:\WINDOWS\system32\iestldkn.dll
C:\WINDOWS\system32\irfwrrcl.dll
C:\WINDOWS\system32\jcqyplxp.dll
C:\WINDOWS\system32\jihorjsl.dll
C:\WINDOWS\system32\jslyjcvk.dll
C:\WINDOWS\system32\jtkpctxw.dll
C:\WINDOWS\system32\kcxoxgri.dll
C:\WINDOWS\system32\keurvtkm.dll
C:\WINDOWS\system32\kjjtuwvg.dll
C:\WINDOWS\system32\kppdnyxw.dll
C:\WINDOWS\system32\logphwfl.dll
C:\WINDOWS\system32\matxijex.dll
C:\WINDOWS\system32\mdtngtdj.dll
C:\WINDOWS\system32\mmwlddbr.dll
C:\WINDOWS\system32\mvhxpnts.dll
C:\WINDOWS\system32\ndplwcxm.dll
C:\WINDOWS\system32\ndyblfyg.dll
C:\WINDOWS\system32\nfdcxcpg.dll
C:\WINDOWS\system32\nqjrfqmo.dll
C:\WINDOWS\system32\nwumpdej.dll
C:\WINDOWS\system32\ojqynjui.dll
C:\WINDOWS\system32\opxppfqo.dll
C:\WINDOWS\system32\qffjradv.dll
C:\WINDOWS\system32\qnjhvuvu.dll
C:\WINDOWS\system32\rlfpcpfs.dll
C:\WINDOWS\system32\rlnsoswa.dll
C:\WINDOWS\system32\sqqtyddv.dll
C:\WINDOWS\system32\sqwtcacb.dll
C:\WINDOWS\system32\ssakqxsk.dll
C:\WINDOWS\system32\stgiwlvd.dll
C:\WINDOWS\system32\swnjpxpl.dll
C:\WINDOWS\system32\tgbrxkga.ini
C:\WINDOWS\system32\thhdnanf.dll
C:\WINDOWS\system32\towuwuuv.dll
C:\WINDOWS\system32\tvbyttcg.dll
C:\WINDOWS\system32\ueuvwyyk.dll
C:\WINDOWS\system32\uicturoc.dll
C:\WINDOWS\system32\vmelfkob.dll
C:\WINDOWS\system32\vsrlvhcd.ini
C:\WINDOWS\system32\vtfqmgiw.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.exe
C:\WINDOWS\system32\wolpbhsu.dll
C:\WINDOWS\system32\wrnpdeqq.dll
C:\WINDOWS\system32\xjxkgwpt.dll
C:\WINDOWS\system32\xrufhkmi.dll
C:\WINDOWS\system32\ymrdytng.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\agkxrbgt.dll
C:\WINDOWS\system32\agkxrbgt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\autfwfjr.dll
C:\WINDOWS\system32\autfwfjr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cgketqur.dll
C:\WINDOWS\system32\cgketqur.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cherysig.dll
C:\WINDOWS\system32\cherysig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cwgkmaae.ini
C:\WINDOWS\system32\cwgkmaae.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\cynagwab.dll
C:\WINDOWS\system32\cynagwab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dbfvxyvv.dll
C:\WINDOWS\system32\dbfvxyvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dchvlrsv.dll
C:\WINDOWS\system32\dchvlrsv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eaamkgwc.dll
C:\WINDOWS\system32\eaamkgwc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ebkflfsu.dll
C:\WINDOWS\system32\ebkflfsu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\eqqmclkr.dll
C:\WINDOWS\system32\eqqmclkr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\evdbfdih.dll
C:\WINDOWS\system32\evdbfdih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fevxhlpd.dll
C:\WINDOWS\system32\fevxhlpd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fwukawkb.dll
C:\WINDOWS\system32\fwukawkb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gduyiikr.dll
C:\WINDOWS\system32\gduyiikr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gerlakde.dll
C:\WINDOWS\system32\gerlakde.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggvparxa.dll
C:\WINDOWS\system32\ggvparxa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gisyrehc.ini
C:\WINDOWS\system32\gisyrehc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\glxmjvxc.dll
C:\WINDOWS\system32\glxmjvxc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gsnaijuj.dll
C:\WINDOWS\system32\gsnaijuj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gubtlspa.dll
C:\WINDOWS\system32\gubtlspa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gywxdvgy.dll
C:\WINDOWS\system32\gywxdvgy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hanuauti.dll
C:\WINDOWS\system32\hanuauti.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\helrljwq.dll
C:\WINDOWS\system32\helrljwq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjdiashf.dll
C:\WINDOWS\system32\hjdiashf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hmevcwip.dll
C:\WINDOWS\system32\hmevcwip.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hwjfkula.dll
C:\WINDOWS\system32\hwjfkula.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iestldkn.dll
C:\WINDOWS\system32\iestldkn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\irfwrrcl.dll
C:\WINDOWS\system32\irfwrrcl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jcqyplxp.dll
C:\WINDOWS\system32\jcqyplxp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jihorjsl.dll
C:\WINDOWS\system32\jihorjsl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jslyjcvk.dll
C:\WINDOWS\system32\jslyjcvk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jtkpctxw.dll
C:\WINDOWS\system32\jtkpctxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kcxoxgri.dll
C:\WINDOWS\system32\kcxoxgri.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\keurvtkm.dll
C:\WINDOWS\system32\keurvtkm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjjtuwvg.dll
C:\WINDOWS\system32\kjjtuwvg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kppdnyxw.dll
C:\WINDOWS\system32\kppdnyxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\logphwfl.dll
C:\WINDOWS\system32\logphwfl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\matxijex.dll
C:\WINDOWS\system32\matxijex.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mdtngtdj.dll
C:\WINDOWS\system32\mdtngtdj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmwlddbr.dll
C:\WINDOWS\system32\mmwlddbr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mvhxpnts.dll
C:\WINDOWS\system32\mvhxpnts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ndplwcxm.dll
C:\WINDOWS\system32\ndplwcxm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ndyblfyg.dll
C:\WINDOWS\system32\ndyblfyg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nfdcxcpg.dll
C:\WINDOWS\system32\nfdcxcpg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqjrfqmo.dll
C:\WINDOWS\system32\nqjrfqmo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nwumpdej.dll
C:\WINDOWS\system32\nwumpdej.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ojqynjui.dll
C:\WINDOWS\system32\ojqynjui.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opxppfqo.dll
C:\WINDOWS\system32\opxppfqo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qffjradv.dll
C:\WINDOWS\system32\qffjradv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qnjhvuvu.dll
C:\WINDOWS\system32\qnjhvuvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rlfpcpfs.dll
C:\WINDOWS\system32\rlfpcpfs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rlnsoswa.dll
C:\WINDOWS\system32\rlnsoswa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sqqtyddv.dll
C:\WINDOWS\system32\sqqtyddv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sqwtcacb.dll
C:\WINDOWS\system32\sqwtcacb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssakqxsk.dll
C:\WINDOWS\system32\ssakqxsk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\stgiwlvd.dll
C:\WINDOWS\system32\stgiwlvd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\swnjpxpl.dll
C:\WINDOWS\system32\swnjpxpl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tgbrxkga.ini
C:\WINDOWS\system32\tgbrxkga.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\thhdnanf.dll
C:\WINDOWS\system32\thhdnanf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\towuwuuv.dll
C:\WINDOWS\system32\towuwuuv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tvbyttcg.dll
C:\WINDOWS\system32\tvbyttcg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ueuvwyyk.dll
C:\WINDOWS\system32\ueuvwyyk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uicturoc.dll
C:\WINDOWS\system32\uicturoc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vmelfkob.dll
C:\WINDOWS\system32\vmelfkob.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vsrlvhcd.ini
C:\WINDOWS\system32\vsrlvhcd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtfqmgiw.dll
C:\WINDOWS\system32\vtfqmgiw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.exe
C:\WINDOWS\system32\vtutt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wolpbhsu.dll
C:\WINDOWS\system32\wolpbhsu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wrnpdeqq.dll
C:\WINDOWS\system32\wrnpdeqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xjxkgwpt.dll
C:\WINDOWS\system32\xjxkgwpt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xrufhkmi.dll
C:\WINDOWS\system32\xrufhkmi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ymrdytng.dll
C:\WINDOWS\system32\ymrdytng.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Other half on it's way soon.

cayveman
2008-02-25, 00:20
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 12:47:14 PM 2/24/2008

Listing files found while scanning....

C:\WINDOWS\system32\aghjxwrd.dll
C:\WINDOWS\system32\aksumahx.dll
C:\WINDOWS\system32\amwfiqkf.dll
C:\WINDOWS\system32\aqvbukab.dll
C:\WINDOWS\system32\bjominev.dll
C:\WINDOWS\system32\ceghykvk.dll
C:\WINDOWS\system32\cjjckmvs.dll
C:\WINDOWS\system32\ddgjnwdc.dll
C:\WINDOWS\system32\doxpnrnm.dll
C:\WINDOWS\system32\dypiwteu.dll
C:\WINDOWS\system32\ewfcybmm.dll
C:\WINDOWS\system32\fbklhyfq.dll
C:\WINDOWS\system32\fgiuvppm.dll
C:\WINDOWS\system32\fmayjpkm.dll
C:\WINDOWS\system32\fmkqeyft.dll
C:\WINDOWS\system32\fskijcao.dll
C:\WINDOWS\system32\fwiebwbd.dll
C:\WINDOWS\system32\geyfirhl.ini
C:\WINDOWS\system32\gwicdexo.dll
C:\WINDOWS\system32\hgukuywh.dll
C:\WINDOWS\system32\hinagmgk.dll
C:\WINDOWS\system32\hkgfpgqd.dll
C:\WINDOWS\system32\hogllebc.dll
C:\WINDOWS\system32\hoijemrn.dll
C:\WINDOWS\system32\icmxaegm.dll
C:\WINDOWS\system32\innxlgul.dll
C:\WINDOWS\system32\irmynkhu.dll
C:\WINDOWS\system32\jhbbgdoj.dll
C:\WINDOWS\system32\jodgbbhj.ini
C:\WINDOWS\system32\jrltcmbu.dll
C:\WINDOWS\system32\kgeggbqd.dll
C:\WINDOWS\system32\kgxmdqfy.dll
C:\WINDOWS\system32\klifcsbu.dll
C:\WINDOWS\system32\lhrifyeg.dll
C:\WINDOWS\system32\ljllfkqp.dll
C:\WINDOWS\system32\ltrjlgek.dll
C:\WINDOWS\system32\luglxnni.ini
C:\WINDOWS\system32\mboriwcb.dll
C:\WINDOWS\system32\mhuylmiu.dll
C:\WINDOWS\system32\mifvpspf.dll
C:\WINDOWS\system32\ngaiwptf.dll
C:\WINDOWS\system32\okahonhb.dll
C:\WINDOWS\system32\ouoeairs.dll
C:\WINDOWS\system32\qmpfifdh.dll
C:\WINDOWS\system32\qquepugl.dll
C:\WINDOWS\system32\slddicyu.dll
C:\WINDOWS\system32\svmkcjjc.ini
C:\WINDOWS\system32\swiwfcge.dll
C:\WINDOWS\system32\thantoom.dll
C:\WINDOWS\system32\tibhuvuc.dll
C:\WINDOWS\system32\ufcqwrqj.dll
C:\WINDOWS\system32\ushpgnll.dll
C:\WINDOWS\system32\uvqejdft.dll
C:\WINDOWS\system32\uxjxmltt.dll
C:\WINDOWS\system32\veyadkpe.dll
C:\WINDOWS\system32\vkaxxpnb.dll
C:\WINDOWS\system32\vlusnmil.dll
C:\WINDOWS\system32\vnbbkkbx.dll
C:\WINDOWS\system32\vswudxdl.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vvmegbeg.dll
C:\WINDOWS\system32\wfswybfm.dll
C:\WINDOWS\system32\xcphbrnr.dll
C:\WINDOWS\system32\xmnnngeh.dll
C:\WINDOWS\system32\xpxovnax.dll
C:\WINDOWS\system32\yoynqqhc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aghjxwrd.dll
C:\WINDOWS\system32\aghjxwrd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\aksumahx.dll
C:\WINDOWS\system32\aksumahx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\amwfiqkf.dll
C:\WINDOWS\system32\amwfiqkf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\aqvbukab.dll
C:\WINDOWS\system32\aqvbukab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bjominev.dll
C:\WINDOWS\system32\bjominev.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ceghykvk.dll
C:\WINDOWS\system32\ceghykvk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cjjckmvs.dll
C:\WINDOWS\system32\cjjckmvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddgjnwdc.dll
C:\WINDOWS\system32\ddgjnwdc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\doxpnrnm.dll
C:\WINDOWS\system32\doxpnrnm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dypiwteu.dll
C:\WINDOWS\system32\dypiwteu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ewfcybmm.dll
C:\WINDOWS\system32\ewfcybmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fbklhyfq.dll
C:\WINDOWS\system32\fbklhyfq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fgiuvppm.dll
C:\WINDOWS\system32\fgiuvppm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fmayjpkm.dll
C:\WINDOWS\system32\fmayjpkm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fmkqeyft.dll
C:\WINDOWS\system32\fmkqeyft.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fskijcao.dll
C:\WINDOWS\system32\fskijcao.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fwiebwbd.dll
C:\WINDOWS\system32\fwiebwbd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\geyfirhl.ini
C:\WINDOWS\system32\geyfirhl.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\gwicdexo.dll
C:\WINDOWS\system32\gwicdexo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgukuywh.dll
C:\WINDOWS\system32\hgukuywh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hinagmgk.dll
C:\WINDOWS\system32\hinagmgk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hkgfpgqd.dll
C:\WINDOWS\system32\hkgfpgqd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hogllebc.dll
C:\WINDOWS\system32\hogllebc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hoijemrn.dll
C:\WINDOWS\system32\hoijemrn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\icmxaegm.dll
C:\WINDOWS\system32\icmxaegm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\innxlgul.dll
C:\WINDOWS\system32\innxlgul.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\irmynkhu.dll
C:\WINDOWS\system32\irmynkhu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jhbbgdoj.dll
C:\WINDOWS\system32\jhbbgdoj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jodgbbhj.ini
C:\WINDOWS\system32\jodgbbhj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jrltcmbu.dll
C:\WINDOWS\system32\jrltcmbu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kgeggbqd.dll
C:\WINDOWS\system32\kgeggbqd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kgxmdqfy.dll
C:\WINDOWS\system32\kgxmdqfy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\klifcsbu.dll
C:\WINDOWS\system32\klifcsbu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\lhrifyeg.dll
C:\WINDOWS\system32\lhrifyeg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljllfkqp.dll
C:\WINDOWS\system32\ljllfkqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ltrjlgek.dll
C:\WINDOWS\system32\ltrjlgek.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\luglxnni.ini
C:\WINDOWS\system32\luglxnni.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mboriwcb.dll
C:\WINDOWS\system32\mboriwcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mhuylmiu.dll
C:\WINDOWS\system32\mhuylmiu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mifvpspf.dll
C:\WINDOWS\system32\mifvpspf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ngaiwptf.dll
C:\WINDOWS\system32\ngaiwptf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\okahonhb.dll
C:\WINDOWS\system32\okahonhb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ouoeairs.dll
C:\WINDOWS\system32\ouoeairs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qmpfifdh.dll
C:\WINDOWS\system32\qmpfifdh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qquepugl.dll
C:\WINDOWS\system32\qquepugl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\slddicyu.dll
C:\WINDOWS\system32\slddicyu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\svmkcjjc.ini
C:\WINDOWS\system32\svmkcjjc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\swiwfcge.dll
C:\WINDOWS\system32\swiwfcge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\thantoom.dll
C:\WINDOWS\system32\thantoom.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tibhuvuc.dll
C:\WINDOWS\system32\tibhuvuc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ufcqwrqj.dll
C:\WINDOWS\system32\ufcqwrqj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ushpgnll.dll
C:\WINDOWS\system32\ushpgnll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvqejdft.dll
C:\WINDOWS\system32\uvqejdft.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\uxjxmltt.dll
C:\WINDOWS\system32\uxjxmltt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\veyadkpe.dll
C:\WINDOWS\system32\veyadkpe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vkaxxpnb.dll
C:\WINDOWS\system32\vkaxxpnb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vlusnmil.dll
C:\WINDOWS\system32\vlusnmil.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vnbbkkbx.dll
C:\WINDOWS\system32\vnbbkkbx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vswudxdl.dll
C:\WINDOWS\system32\vswudxdl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvmegbeg.dll
C:\WINDOWS\system32\vvmegbeg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wfswybfm.dll
C:\WINDOWS\system32\wfswybfm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xcphbrnr.dll
C:\WINDOWS\system32\xcphbrnr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xmnnngeh.dll
C:\WINDOWS\system32\xmnnngeh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xpxovnax.dll
C:\WINDOWS\system32\xpxovnax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yoynqqhc.dll
C:\WINDOWS\system32\yoynqqhc.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mifvpspf.dll
C:\WINDOWS\system32\mifvpspf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\thantoom.dll
C:\WINDOWS\system32\thantoom.dll Has been deleted!

Performing Repairs to the registry.
Done!

Here's the second half. The hjt will follow in a minute.
VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 1:22:32 PM 2/24/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

cayveman
2008-02-25, 00:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:06 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\SonyIEx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtutt.exe
O2 - BHO: (no name) - {03818d58-854e-4681-bde0-8f5cb63c98aa} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {06e33a7a-900e-4a4d-8e10-64894c5a6101} - (no file)
O2 - BHO: (no name) - {07b1a70d-299a-427f-af53-b0d58f8c3236} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: {61d4896b-10ae-6f89-d8e4-48235cf03142} - {24130fc5-3284-4e8d-98f6-ea01b6984d16} - C:\WINDOWS\system32\fmkqeyft.dll (file missing)
O2 - BHO: (no name) - {2F551E36-B34E-4342-944B-2B980E432716} - (no file)
O2 - BHO: (no name) - {432B2330-2008-4E26-A237-594C54126615} - (no file)
O2 - BHO: (no name) - {48A16FEE-F943-403C-9F92-DECF55BCD820} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {552B86A7-D89C-4136-B589-81B5BE1B1D44} - (no file)
O2 - BHO: (no name) - {59C3B40A-92FE-4975-A5DF-BE51F45E7CCD} - (no file)
O2 - BHO: (no name) - {64960885-0409-41E1-80CB-457BB2D6896F} - (no file)
O2 - BHO: (no name) - {6A02C47F-60E3-4E2F-93B4-B4CE658B8C59} - (no file)
O2 - BHO: (no name) - {6E548D91-0D0F-4A48-9216-49C00191E207} - (no file)
O2 - BHO: (no name) - {6FF5EB0C-94F1-415A-AB9F-FB2D6C86184B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {79e40ab3-e068-4553-8839-b701acec1de7} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {91587F08-C5C4-4286-A90C-20DD8A78A4B2} - (no file)
O2 - BHO: (no name) - {97812B21-D87C-47BC-974E-2B30A46C0F59} - (no file)
O2 - BHO: (no name) - {98450F23-A8F3-48E6-9F48-ADEA0FAA4C54} - (no file)
O2 - BHO: (no name) - {9c6d2a88-9e99-40b0-9e4a-29b4c8ea5fb4} - (no file)
O2 - BHO: (no name) - {9E726B90-5DD7-4A24-9326-7A5067CBED64} - (no file)
O2 - BHO: (no name) - {A337763C-B6CE-4FC3-BB9E-BC97F3751856} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {A8352918-FFBA-4425-9FC0-EBF39236F6DE} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B82802EF-5E7B-4FAF-B4E9-9CF807226EC0} - (no file)
O2 - BHO: (no name) - {C36E56FB-3064-434B-B07C-6CE9A1E85E7C} - (no file)
O2 - BHO: (no name) - {E733331C-DCDC-48A2-B81B-9BE1D5CAFC75} - (no file)
O2 - BHO: (no name) - {F1CB876D-4022-43B1-9156-6758C4132136} - (no file)
O2 - BHO: (no name) - {F25A0899-F659-4B48-A012-0BC251DEB91F} - (no file)
O2 - BHO: (no name) - {F8A643C4-4D76-44DA-BCE1-4E8B9B7F73EE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [70b063a3] rundll32.exe "C:\WINDOWS\system32\thantoom.dll",b
O4 - HKLM\..\Run: [BM7383503f] Rundll32.exe "C:\WINDOWS\system32\mifvpspf.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.regence.com/remote/msrdp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 8356 bytes

cayveman
2008-02-25, 02:37
ComboFix 08-02-25.2 - Owner 2008-02-24 16:21:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.169 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abbqspcw.ini
C:\WINDOWS\system32\achealsx.ini
C:\WINDOWS\system32\ahtnjxxj.ini
C:\WINDOWS\system32\ajnvutqx.ini
C:\WINDOWS\system32\apsltbug.ini
C:\WINDOWS\system32\ashmwrjm.ini
C:\WINDOWS\system32\avthoppn.ini
C:\WINDOWS\system32\bfiphsij.ini
C:\WINDOWS\system32\bjgeogew.ini
C:\WINDOWS\system32\bpopycqo.ini
C:\WINDOWS\system32\btbjrmqc.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\cyfdgdfh.ini
C:\WINDOWS\system32\debnxfuy.ini
C:\WINDOWS\system32\dpbdpgsy.ini
C:\WINDOWS\system32\drfhcneu.ini
C:\WINDOWS\system32\elrxgrdx.ini
C:\WINDOWS\system32\frogowtd.ini
C:\WINDOWS\system32\ganutoro.ini
C:\WINDOWS\system32\gmxpfhwc.ini
C:\WINDOWS\system32\gvwutjjk.ini
C:\WINDOWS\system32\gwhmkudv.ini
C:\WINDOWS\system32\gyatgtbn.ini
C:\WINDOWS\system32\hfrksgcm.ini
C:\WINDOWS\system32\hsbnifle.ini
C:\WINDOWS\system32\ihxoljrm.ini
C:\WINDOWS\system32\irgxoxck.ini
C:\WINDOWS\system32\ispqjsyy.ini
C:\WINDOWS\system32\iujnyqjo.ini
C:\WINDOWS\system32\jhooouod.ini
C:\WINDOWS\system32\jjindwlq.ini
C:\WINDOWS\system32\jujiansg.ini
C:\WINDOWS\system32\kqccnltr.ini
C:\WINDOWS\system32\kyywvueu.ini
C:\WINDOWS\system32\ldxduwsv.ini
C:\WINDOWS\system32\lebvqqgd.ini
C:\WINDOWS\system32\ljqkxpwe.ini
C:\WINDOWS\system32\lnwionxk.ini
C:\WINDOWS\system32\ltqftktq.ini
C:\WINDOWS\system32\mbycqtmq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjnlxwib.ini
C:\WINDOWS\system32\mldacdbo.ini
C:\WINDOWS\system32\mnmkcufd.ini
C:\WINDOWS\system32\mootnaht.ini
C:\WINDOWS\system32\nnqnrdtd.ini
C:\WINDOWS\system32\ochmchtg.ini
C:\WINDOWS\system32\ogsobown.ini
C:\WINDOWS\system32\oqfppxpo.ini
C:\WINDOWS\system32\oxhmskuj.ini
C:\WINDOWS\system32\pvovwxuw.ini
C:\WINDOWS\system32\qyeklwrr.ini
C:\WINDOWS\system32\qywlqffo.ini
C:\WINDOWS\system32\ryerogam.ini
C:\WINDOWS\system32\sosorigk.ini
C:\WINDOWS\system32\srdcpohr.ini
C:\WINDOWS\system32\ssnqsvks.ini
C:\WINDOWS\system32\tpntrofq.ini
C:\WINDOWS\system32\trwtqojd.ini
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ualpxwnw.ini
C:\WINDOWS\system32\uvpmvadc.ini
C:\WINDOWS\system32\vgqmmajv.ini
C:\WINDOWS\system32\viiahysj.ini
C:\WINDOWS\system32\vulwqmvc.ini
C:\WINDOWS\system32\vvcowsnc.ini
C:\WINDOWS\system32\vvmdxfac.ini
C:\WINDOWS\system32\wnqncrmd.ini
C:\WINDOWS\system32\xejixtam.ini
C:\WINDOWS\system32\xiadmwex.ini
C:\WINDOWS\system32\xvnldore.ini
C:\WINDOWS\system32\xvvrtfaj.ini
C:\WINDOWS\system32\yeuepshe.ini
C:\WINDOWS\system32\ymskwtwd.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 14:26 . 2008-02-24 14:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-24 14:26 . 2008-02-24 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-24 14:25 . 2008-02-24 14:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-24 12:47 . 2008-02-24 13:17 <DIR> d-------- C:\VundoFix Backups
2008-02-23 13:56 . 2008-02-23 13:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 10:34 . 2008-02-24 10:20 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-02-23 10:34 . 2008-02-24 10:20 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-02-21 20:22 . 2008-02-23 20:34 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-17 14:06 . 2008-02-17 14:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 14:06 . 2008-02-17 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 20:40 . 2008-02-17 22:04 476 --a------ C:\WINDOWS\wininit.ini
2008-02-15 20:06 . 2008-02-15 19:56 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-15 20:06 . 2008-02-15 20:06 3,444 --a------ C:\WINDOWS\unins000.dat
2008-02-15 15:24 . 2008-02-15 15:25 2,094 --ahs---- C:\WINDOWS\system32\gebgemvv.ini
2008-02-15 15:18 . 2008-02-24 10:19 157,341 --a------ C:\WINDOWS\BM7383503f.xml
2008-02-15 15:18 . 2008-02-24 12:44 22 --a------ C:\WINDOWS\pskt.ini
2008-02-13 15:27 . 2008-02-15 14:53 1,373,515 --ahs---- C:\WINDOWS\system32\dwlbxjfq.ini
2008-02-07 19:22 . 2008-02-07 19:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-02-07 19:20 . 2008-02-07 19:20 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-07 19:18 . 2008-02-07 19:18 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-02-07 19:18 . 2008-02-07 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-02-07 19:18 . 2007-10-22 18:58 1,721,712 --a------ C:\WINDOWS\system32\InetClnt.dll
2008-02-07 19:08 . 2008-02-07 19:08 <DIR> d-------- C:\Program Files\TurboTax
2008-02-03 08:57 . 2008-02-03 10:47 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-01 21:04 . 2008-02-01 21:05 1,741,284 --ahs---- C:\WINDOWS\system32\murjhrjq.ini
2008-02-01 09:07 . 2008-02-01 09:07 0 --a------ C:\WINDOWS\system32\scrwjxgd.tmp
2008-02-01 09:06 . 2008-02-01 09:07 1,707,104 --ahs---- C:\WINDOWS\system32\scrwjxgd.ini
2008-01-31 21:10 . 2008-01-31 21:10 1,719,767 --ahs---- C:\WINDOWS\system32\tcfqvwlf.ini
2008-01-31 21:06 . 2008-01-31 21:07 1,961,288 --ahs---- C:\WINDOWS\system32\rxdhlufi.ini
2008-01-31 09:09 . 2008-01-31 16:00 1,707,044 --ahs---- C:\WINDOWS\system32\impyrvot.ini
2008-01-31 09:03 . 2008-01-31 09:04 1,725,849 --ahs---- C:\WINDOWS\system32\conlbuwo.ini
2008-01-30 21:05 . 2008-01-30 21:05 1,721,568 --ahs---- C:\WINDOWS\system32\wlbgiali.ini
2008-01-29 17:30 . 2008-01-31 16:00 1,964,520 --ahs---- C:\WINDOWS\system32\wgtqxlop.ini
2008-01-28 19:03 . 2008-01-28 19:03 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-28 09:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-27 20:18 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-27 20:17 . 2008-01-27 20:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-27 20:13 . 2008-01-27 20:13 <DIR> d-------- C:\Program Files\SDM
2008-01-27 19:22 . 2008-01-27 19:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-27 19:00 . 2007-07-08 21:01 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-27 19:00 . 2007-07-08 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-01-27 19:00 . 2007-12-17 21:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-27 19:00 . 2007-07-08 21:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-01-27 09:26 . 2008-01-27 15:01 586 --ahs---- C:\WINDOWS\system32\gyflbydn.ini
2008-01-27 09:23 . 2008-01-27 09:23 294 --ahs---- C:\WINDOWS\system32\vwfoojqm.ini
2008-01-26 09:29 . 2008-01-26 18:02 466 --ahs---- C:\WINDOWS\system32\qwjlrleh.ini
2008-01-26 09:23 . 2008-01-26 09:23 294 --ahs---- C:\WINDOWS\system32\wqaqtmdy.ini
2008-01-25 21:24 . 2008-01-26 09:35 466 --ahs---- C:\WINDOWS\system32\imkhfurx.ini
2008-01-25 21:21 . 2008-01-25 21:21 294 --ahs---- C:\WINDOWS\system32\cxsvknup.ini

.

cayveman
2008-02-25, 02:39
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 18:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-22 04:22 --------- d-----w C:\Program Files\MSN Messenger
2008-02-16 04:39 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-02-16 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 01:05 --------- d-----w C:\Program Files\McAfee
2008-02-08 03:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 23:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-28 04:18 --------- d-----w C:\Program Files\Java
2008-01-19 03:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-11 03:36 --------- d-----w C:\Program Files\RcvSystem
2008-01-05 19:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-01-04 19:00 --------- d-----w C:\Program Files\Common Files\Webroot Shared
2008-01-04 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-02 20:39 --------- d-----w C:\Documents and Settings\britney.FILBERT\Application Data\SiteAdvisor
2008-01-01 23:37 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-01 16:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-31 01:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-31 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-31 01:29 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-31 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-31 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-31 01:03 --------- d-----w C:\Program Files\Yahoo!
2007-12-29 23:59 --------- d-----w C:\Program Files\QuickTime
2007-12-23 18:54 46,512 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-11-26 22:47 194,888 ----a-w C:\WINDOWS\Unwash6.exe
2007-11-26 02:49 46,512 ----a-w C:\Documents and Settings\britney.FILBERT\Application Data\GDIPFONTCACHEV1.DAT
.

<pre>
----a-w 115,816 2007-12-29 17:39:32 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 68,856 2007-12-29 17:39:46 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 270,648 2007-12-22 18:55:30 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 144,784 2008-01-28 04:57:19 C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
----a-w 582,992 2008-01-30 02:05:10 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 1,694,208 2007-12-28 05:32:54 C:\Program Files\Messenger\msmsgs .exe
----a-w 5,674,352 2008-01-29 02:38:02 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 5,674,352 2008-01-31 03:43:29 C:\Program Files\MSN Messenger\bak\msnmsgr .exe
----a-w 282,624 2007-12-30 06:01:00 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:01 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:02 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:03 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:04 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:05 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:07 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:08 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:09 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:11 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:13 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:14 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:16 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:17 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:19 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:20 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:21 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:22 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:23 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:25 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:27 C:\Program Files\QuickTime\qttask .exe
----a-w 2,097,488 2008-02-24 04:35:39 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 1,206,600 2008-01-28 09:19:06 C:\Program Files\Webroot\Washer\wwDisp .exe
----a-w 169,984 2008-01-28 07:33:35 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-02-24 04:35:35 C:\WINDOWS\system32\ctfmon .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 5,674,352 2008-01-31 03:43:29 C:\Program Files\MSN Messenger\bak\msnmsgr .exe
----a-w 5,674,352 2008-01-29 02:38:02 C:\Program Files\MSN Messenger\MsnMsgr .Exe

----a-w 5,674,352 2008-02-01 12:37:30 C:\Program Files\MSN Messenger\bak\msnmsgr.exe

----a-w 36,640 2008-02-01 12:38:26 C:\Program Files\SiteAdvisor\6253\bak\SiteAdv.exe

----a-w 15,360 2004-08-04 19:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2008-02-24 18:20:24 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03818d58-854e-4681-bde0-8f5cb63c98aa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06e33a7a-900e-4a4d-8e10-64894c5a6101}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07b1a70d-299a-427f-af53-b0d58f8c3236}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24130fc5-3284-4e8d-98f6-ea01b6984d16}]
C:\WINDOWS\system32\fmkqeyft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F551E36-B34E-4342-944B-2B980E432716}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{432B2330-2008-4E26-A237-594C54126615}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48A16FEE-F943-403C-9F92-DECF55BCD820}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{552B86A7-D89C-4136-B589-81B5BE1B1D44}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59C3B40A-92FE-4975-A5DF-BE51F45E7CCD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64960885-0409-41E1-80CB-457BB2D6896F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A02C47F-60E3-4E2F-93B4-B4CE658B8C59}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E548D91-0D0F-4A48-9216-49C00191E207}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FF5EB0C-94F1-415A-AB9F-FB2D6C86184B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79e40ab3-e068-4553-8839-b701acec1de7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91587F08-C5C4-4286-A90C-20DD8A78A4B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97812B21-D87C-47BC-974E-2B30A46C0F59}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98450F23-A8F3-48E6-9F48-ADEA0FAA4C54}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c6d2a88-9e99-40b0-9e4a-29b4c8ea5fb4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E726B90-5DD7-4A24-9326-7A5067CBED64}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A337763C-B6CE-4FC3-BB9E-BC97F3751856}]
C:\WINDOWS\system32\vtutt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8352918-FFBA-4425-9FC0-EBF39236F6DE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B82802EF-5E7B-4FAF-B4E9-9CF807226EC0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C36E56FB-3064-434B-B07C-6CE9A1E85E7C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E733331C-DCDC-48A2-B81B-9BE1D5CAFC75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1CB876D-4022-43B1-9156-6758C4132136}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F25A0899-F659-4B48-A012-0BC251DEB91F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8A643C4-4D76-44DA-BCE1-4E8B9B7F73EE}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-24 10:20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 07:32 7204864]
"70b063a3"="C:\WINDOWS\system32\thantoom.dll" [ ]
"BM7383503f"="C:\WINDOWS\system32\mifvpspf.dll" [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\70b063a3]
C:\WINDOWS\system32\udeiwkeb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 16:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\Owner\LOCALS~1\Temp\200779174123_mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2004-11-03 13:03 125528 C:\Program Files\Common Files\AOL\1183959268\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-29 23:00 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\vtutt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-01-31 21:23 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\Owner\LOCALS~1\Temp\200779174121_mcinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 07:32 7204864 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 07:32 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 07:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-26 14:07 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-01 04:32 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 14:04 135168 C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 SonyIEx;SonyIEx;C:\WINDOWS\system32\SonyIEx.exe [2005-05-30 10:48]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 06:33:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 09:39:53 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 09:00:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 16:26:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\imapi.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-02-24 16:30:25 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-02-25 00:30:21
ComboFix2.txt 2008-01-28 05:01:11
.
2008-02-13 11:06:04 --- E O F ---

cayveman
2008-02-25, 02:40
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:13 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\SonyIEx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {03818d58-854e-4681-bde0-8f5cb63c98aa} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {06e33a7a-900e-4a4d-8e10-64894c5a6101} - (no file)
O2 - BHO: (no name) - {07b1a70d-299a-427f-af53-b0d58f8c3236} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: {61d4896b-10ae-6f89-d8e4-48235cf03142} - {24130fc5-3284-4e8d-98f6-ea01b6984d16} - C:\WINDOWS\system32\fmkqeyft.dll (file missing)
O2 - BHO: (no name) - {2F551E36-B34E-4342-944B-2B980E432716} - (no file)
O2 - BHO: (no name) - {432B2330-2008-4E26-A237-594C54126615} - (no file)
O2 - BHO: (no name) - {48A16FEE-F943-403C-9F92-DECF55BCD820} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {552B86A7-D89C-4136-B589-81B5BE1B1D44} - (no file)
O2 - BHO: (no name) - {59C3B40A-92FE-4975-A5DF-BE51F45E7CCD} - (no file)
O2 - BHO: (no name) - {64960885-0409-41E1-80CB-457BB2D6896F} - (no file)
O2 - BHO: (no name) - {6A02C47F-60E3-4E2F-93B4-B4CE658B8C59} - (no file)
O2 - BHO: (no name) - {6E548D91-0D0F-4A48-9216-49C00191E207} - (no file)
O2 - BHO: (no name) - {6FF5EB0C-94F1-415A-AB9F-FB2D6C86184B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {79e40ab3-e068-4553-8839-b701acec1de7} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {91587F08-C5C4-4286-A90C-20DD8A78A4B2} - (no file)
O2 - BHO: (no name) - {97812B21-D87C-47BC-974E-2B30A46C0F59} - (no file)
O2 - BHO: (no name) - {98450F23-A8F3-48E6-9F48-ADEA0FAA4C54} - (no file)
O2 - BHO: (no name) - {9c6d2a88-9e99-40b0-9e4a-29b4c8ea5fb4} - (no file)
O2 - BHO: (no name) - {9E726B90-5DD7-4A24-9326-7A5067CBED64} - (no file)
O2 - BHO: (no name) - {A337763C-B6CE-4FC3-BB9E-BC97F3751856} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {A8352918-FFBA-4425-9FC0-EBF39236F6DE} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B82802EF-5E7B-4FAF-B4E9-9CF807226EC0} - (no file)
O2 - BHO: (no name) - {C36E56FB-3064-434B-B07C-6CE9A1E85E7C} - (no file)
O2 - BHO: (no name) - {E733331C-DCDC-48A2-B81B-9BE1D5CAFC75} - (no file)
O2 - BHO: (no name) - {F1CB876D-4022-43B1-9156-6758C4132136} - (no file)
O2 - BHO: (no name) - {F25A0899-F659-4B48-A012-0BC251DEB91F} - (no file)
O2 - BHO: (no name) - {F8A643C4-4D76-44DA-BCE1-4E8B9B7F73EE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [70b063a3] rundll32.exe "C:\WINDOWS\system32\thantoom.dll",b
O4 - HKLM\..\Run: [BM7383503f] Rundll32.exe "C:\WINDOWS\system32\mifvpspf.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.regence.com/remote/msrdp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 8269 bytes

ken545
2008-02-25, 03:32
cayveman,

You have one of the heaviest Vundo Infections that I have seen in awhile, you need to follow the instructions as I post them otherwise I won't be able to help you.

My instructions

Do these in order please, I need to see the report for each and after the final scan, post a new HJT log.
1. Run Vundofix
2. Run MalwareBytes
3. Run Combofix
4. Then post all the reports and a new HJT log after the last scan.

I need to have the scans run in the order I listed them, I posted them that way for a reason.

You need to run Malwarebytes and then run Combofix again , post the Malwarebytes log, the Combofix log and THEN A NEW HJT LOG.

cayveman
2008-02-25, 07:21
This one looks a little better.

Vundofix log:
VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Scan started at 7:52:10 PM 12/27/2007

Listing files found while scanning....

C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\bfsvmohy.dll
C:\WINDOWS\system32\cnfmyedp.dll
C:\WINDOWS\system32\qsoxidlm.dll
C:\WINDOWS\system32\sgutuvqu.dll
C:\WINDOWS\system32\ssqqqol.dll
C:\WINDOWS\system32\sxsddxvx.dll
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.exe
C:\WINDOWS\system32\wvuss.exe
C:\WINDOWS\system32\xxmubncg.dll
C:\WINDOWS\system32\yhomvsfb.ini

Beginning removal...

Attempting to delete C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\mrofinu72.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\bfsvmohy.dll
C:\WINDOWS\system32\bfsvmohy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cnfmyedp.dll
C:\WINDOWS\system32\cnfmyedp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qsoxidlm.dll
C:\WINDOWS\system32\qsoxidlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sgutuvqu.dll
C:\WINDOWS\system32\sgutuvqu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqqol.dll
C:\WINDOWS\system32\ssqqqol.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\sxsddxvx.dll
C:\WINDOWS\system32\sxsddxvx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\ttutv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vtutt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtutt.exe

Mbam log:
Malwarebytes' Anti-Malware 1.05
Database version: 403

Scan type: Quick Scan
Objects scanned: 29054
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

combofix log & hjt to follow.

cayveman
2008-02-25, 07:23
combofix log:
ComboFix 08-02-25.2 - Owner 2008-02-24 21:05:53.3 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 14:26 . 2008-02-24 14:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-24 14:26 . 2008-02-24 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-24 14:25 . 2008-02-24 14:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-24 12:47 . 2008-02-24 13:17 <DIR> d-------- C:\VundoFix Backups
2008-02-23 13:56 . 2008-02-23 13:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 10:34 . 2008-02-24 10:20 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-02-23 10:34 . 2008-02-24 10:20 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-02-21 20:22 . 2008-02-23 20:34 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-17 14:06 . 2008-02-17 14:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 14:06 . 2008-02-17 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 20:40 . 2008-02-17 22:04 476 --a------ C:\WINDOWS\wininit.ini
2008-02-15 20:06 . 2008-02-15 19:56 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-15 20:06 . 2008-02-15 20:06 3,444 --a------ C:\WINDOWS\unins000.dat
2008-02-15 15:24 . 2008-02-15 15:25 2,094 --ahs---- C:\WINDOWS\system32\gebgemvv.ini
2008-02-15 15:18 . 2008-02-24 10:19 157,341 --a------ C:\WINDOWS\BM7383503f.xml
2008-02-15 15:18 . 2008-02-24 12:44 22 --a------ C:\WINDOWS\pskt.ini
2008-02-13 15:27 . 2008-02-15 14:53 1,373,515 --ahs---- C:\WINDOWS\system32\dwlbxjfq.ini
2008-02-07 19:22 . 2008-02-07 19:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-02-07 19:20 . 2008-02-07 19:20 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-07 19:18 . 2008-02-07 19:18 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-02-07 19:18 . 2008-02-07 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-02-07 19:18 . 2007-10-22 18:58 1,721,712 --a------ C:\WINDOWS\system32\InetClnt.dll
2008-02-07 19:08 . 2008-02-07 19:08 <DIR> d-------- C:\Program Files\TurboTax
2008-02-03 08:57 . 2008-02-03 10:47 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-01 21:04 . 2008-02-01 21:05 1,741,284 --ahs---- C:\WINDOWS\system32\murjhrjq.ini
2008-02-01 09:07 . 2008-02-01 09:07 0 --a------ C:\WINDOWS\system32\scrwjxgd.tmp
2008-02-01 09:06 . 2008-02-01 09:07 1,707,104 --ahs---- C:\WINDOWS\system32\scrwjxgd.ini
2008-01-31 21:10 . 2008-01-31 21:10 1,719,767 --ahs---- C:\WINDOWS\system32\tcfqvwlf.ini
2008-01-31 21:06 . 2008-01-31 21:07 1,961,288 --ahs---- C:\WINDOWS\system32\rxdhlufi.ini
2008-01-31 09:09 . 2008-01-31 16:00 1,707,044 --ahs---- C:\WINDOWS\system32\impyrvot.ini
2008-01-31 09:03 . 2008-01-31 09:04 1,725,849 --ahs---- C:\WINDOWS\system32\conlbuwo.ini
2008-01-30 21:05 . 2008-01-30 21:05 1,721,568 --ahs---- C:\WINDOWS\system32\wlbgiali.ini
2008-01-29 17:30 . 2008-01-31 16:00 1,964,520 --ahs---- C:\WINDOWS\system32\wgtqxlop.ini
2008-01-28 19:03 . 2008-01-28 19:03 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-28 09:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-27 20:18 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-27 20:17 . 2008-01-27 20:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-27 20:13 . 2008-01-27 20:13 <DIR> d-------- C:\Program Files\SDM
2008-01-27 19:22 . 2008-01-27 19:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-27 19:00 . 2007-07-08 21:01 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-27 19:00 . 2007-07-08 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-01-27 19:00 . 2007-12-17 21:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-27 19:00 . 2007-07-08 21:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-01-27 09:26 . 2008-01-27 15:01 586 --ahs---- C:\WINDOWS\system32\gyflbydn.ini
2008-01-27 09:23 . 2008-01-27 09:23 294 --ahs---- C:\WINDOWS\system32\vwfoojqm.ini
2008-01-26 09:29 . 2008-01-26 18:02 466 --ahs---- C:\WINDOWS\system32\qwjlrleh.ini
2008-01-26 09:23 . 2008-01-26 09:23 294 --ahs---- C:\WINDOWS\system32\wqaqtmdy.ini
2008-01-25 21:24 . 2008-01-26 09:35 466 --ahs---- C:\WINDOWS\system32\imkhfurx.ini
2008-01-25 21:21 . 2008-01-25 21:21 294 --ahs---- C:\WINDOWS\system32\cxsvknup.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 18:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-24 04:35 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
2008-02-22 04:22 --------- d-----w C:\Program Files\MSN Messenger
2008-02-16 04:39 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-02-16 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 01:05 --------- d-----w C:\Program Files\McAfee
2008-02-08 03:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 23:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-28 07:33 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-01-28 04:18 --------- d-----w C:\Program Files\Java
2008-01-19 03:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-19 03:48 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-11 03:36 --------- d-----w C:\Program Files\RcvSystem
2008-01-05 19:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-01-04 19:00 --------- d-----w C:\Program Files\Common Files\Webroot Shared
2008-01-04 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-02 20:39 --------- d-----w C:\Documents and Settings\britney.FILBERT\Application Data\SiteAdvisor
2008-01-01 23:37 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-01 16:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-31 01:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-31 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-31 01:29 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-31 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-31 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-31 01:03 --------- d-----w C:\Program Files\Yahoo!
2007-12-29 23:59 --------- d-----w C:\Program Files\QuickTime
2007-12-23 18:54 46,512 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-27 07:04 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2007-11-26 22:47 194,888 ----a-w C:\WINDOWS\Unwash6.exe
2007-11-26 02:49 46,512 ----a-w C:\Documents and Settings\britney.FILBERT\Application Data\GDIPFONTCACHEV1.DAT
.

<pre>
----a-w 115,816 2007-12-29 17:39:32 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 68,856 2007-12-29 17:39:46 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 270,648 2007-12-22 18:55:30 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 144,784 2008-01-28 04:57:19 C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
----a-w 582,992 2008-01-30 02:05:10 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 1,694,208 2007-12-28 05:32:54 C:\Program Files\Messenger\msmsgs .exe
----a-w 5,674,352 2008-01-29 02:38:02 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 5,674,352 2008-01-31 03:43:29 C:\Program Files\MSN Messenger\bak\msnmsgr .exe
----a-w 282,624 2007-12-30 06:01:00 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:01 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:02 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:03 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:04 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:05 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:07 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:08 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:09 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:11 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:13 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:14 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:16 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:17 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:19 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:20 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:21 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:22 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:23 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:25 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:27 C:\Program Files\QuickTime\qttask .exe
----a-w 2,097,488 2008-02-24 04:35:39 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 1,206,600 2008-01-28 09:19:06 C:\Program Files\Webroot\Washer\wwDisp .exe
----a-w 169,984 2008-01-28 07:33:35 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-02-24 04:35:35 C:\WINDOWS\system32\ctfmon .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03818d58-854e-4681-bde0-8f5cb63c98aa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06e33a7a-900e-4a4d-8e10-64894c5a6101}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07b1a70d-299a-427f-af53-b0d58f8c3236}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24130fc5-3284-4e8d-98f6-ea01b6984d16}]
C:\WINDOWS\system32\fmkqeyft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F551E36-B34E-4342-944B-2B980E432716}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{432B2330-2008-4E26-A237-594C54126615}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48A16FEE-F943-403C-9F92-DECF55BCD820}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{552B86A7-D89C-4136-B589-81B5BE1B1D44}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59C3B40A-92FE-4975-A5DF-BE51F45E7CCD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64960885-0409-41E1-80CB-457BB2D6896F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A02C47F-60E3-4E2F-93B4-B4CE658B8C59}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E548D91-0D0F-4A48-9216-49C00191E207}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FF5EB0C-94F1-415A-AB9F-FB2D6C86184B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79e40ab3-e068-4553-8839-b701acec1de7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91587F08-C5C4-4286-A90C-20DD8A78A4B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97812B21-D87C-47BC-974E-2B30A46C0F59}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98450F23-A8F3-48E6-9F48-ADEA0FAA4C54}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c6d2a88-9e99-40b0-9e4a-29b4c8ea5fb4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E726B90-5DD7-4A24-9326-7A5067CBED64}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A337763C-B6CE-4FC3-BB9E-BC97F3751856}]
C:\WINDOWS\system32\vtutt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8352918-FFBA-4425-9FC0-EBF39236F6DE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B82802EF-5E7B-4FAF-B4E9-9CF807226EC0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C36E56FB-3064-434B-B07C-6CE9A1E85E7C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E733331C-DCDC-48A2-B81B-9BE1D5CAFC75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1CB876D-4022-43B1-9156-6758C4132136}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F25A0899-F659-4B48-A012-0BC251DEB91F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8A643C4-4D76-44DA-BCE1-4E8B9B7F73EE}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-24 10:20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 07:32 7204864]
"70b063a3"="C:\WINDOWS\system32\thantoom.dll" [ ]
"BM7383503f"="C:\WINDOWS\system32\mifvpspf.dll" [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\70b063a3]
C:\WINDOWS\system32\udeiwkeb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 16:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\Owner\LOCALS~1\Temp\200779174123_mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2004-11-03 13:03 125528 C:\Program Files\Common Files\AOL\1183959268\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-29 23:00 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\vtutt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-01-31 21:23 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\Owner\LOCALS~1\Temp\200779174121_mcinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 07:32 7204864 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 07:32 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 07:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-26 14:07 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-01 04:32 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 14:04 135168 C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 SonyIEx;SonyIEx;C:\WINDOWS\system32\SonyIEx.exe [2005-05-30 10:48]
S2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 06:33:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 09:39:53 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 09:00:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 21:08:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-24 21:09:35
ComboFix-quarantined-files.txt 2008-02-25 05:09:25
ComboFix2.txt 2008-02-25 00:30:26
ComboFix3.txt 2008-01-28 05:01:11
.
2008-02-13 11:06:04 --- E O F ---

cayveman
2008-02-25, 07:26
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:37 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\SonyIEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {03818d58-854e-4681-bde0-8f5cb63c98aa} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {06e33a7a-900e-4a4d-8e10-64894c5a6101} - (no file)
O2 - BHO: (no name) - {07b1a70d-299a-427f-af53-b0d58f8c3236} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: {61d4896b-10ae-6f89-d8e4-48235cf03142} - {24130fc5-3284-4e8d-98f6-ea01b6984d16} - C:\WINDOWS\system32\fmkqeyft.dll (file missing)
O2 - BHO: (no name) - {2F551E36-B34E-4342-944B-2B980E432716} - (no file)
O2 - BHO: (no name) - {432B2330-2008-4E26-A237-594C54126615} - (no file)
O2 - BHO: (no name) - {48A16FEE-F943-403C-9F92-DECF55BCD820} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {552B86A7-D89C-4136-B589-81B5BE1B1D44} - (no file)
O2 - BHO: (no name) - {59C3B40A-92FE-4975-A5DF-BE51F45E7CCD} - (no file)
O2 - BHO: (no name) - {64960885-0409-41E1-80CB-457BB2D6896F} - (no file)
O2 - BHO: (no name) - {6A02C47F-60E3-4E2F-93B4-B4CE658B8C59} - (no file)
O2 - BHO: (no name) - {6E548D91-0D0F-4A48-9216-49C00191E207} - (no file)
O2 - BHO: (no name) - {6FF5EB0C-94F1-415A-AB9F-FB2D6C86184B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {79e40ab3-e068-4553-8839-b701acec1de7} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {91587F08-C5C4-4286-A90C-20DD8A78A4B2} - (no file)
O2 - BHO: (no name) - {97812B21-D87C-47BC-974E-2B30A46C0F59} - (no file)
O2 - BHO: (no name) - {98450F23-A8F3-48E6-9F48-ADEA0FAA4C54} - (no file)
O2 - BHO: (no name) - {9c6d2a88-9e99-40b0-9e4a-29b4c8ea5fb4} - (no file)
O2 - BHO: (no name) - {9E726B90-5DD7-4A24-9326-7A5067CBED64} - (no file)
O2 - BHO: (no name) - {A337763C-B6CE-4FC3-BB9E-BC97F3751856} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {A8352918-FFBA-4425-9FC0-EBF39236F6DE} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B82802EF-5E7B-4FAF-B4E9-9CF807226EC0} - (no file)
O2 - BHO: (no name) - {C36E56FB-3064-434B-B07C-6CE9A1E85E7C} - (no file)
O2 - BHO: (no name) - {E733331C-DCDC-48A2-B81B-9BE1D5CAFC75} - (no file)
O2 - BHO: (no name) - {F1CB876D-4022-43B1-9156-6758C4132136} - (no file)
O2 - BHO: (no name) - {F25A0899-F659-4B48-A012-0BC251DEB91F} - (no file)
O2 - BHO: (no name) - {F8A643C4-4D76-44DA-BCE1-4E8B9B7F73EE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [70b063a3] rundll32.exe "C:\WINDOWS\system32\thantoom.dll",b
O4 - HKLM\..\Run: [BM7383503f] Rundll32.exe "C:\WINDOWS\system32\mifvpspf.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.regence.com/remote/msrdp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 8185 bytes

If I'm understanding you, I need to do ANOTHER mbam & combofix. They'll be along shortly.

cayveman
2008-02-25, 07:58
Malwarebytes' Anti-Malware 1.05
Database version: 403

Scan type: Quick Scan
Objects scanned: 28201
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cayveman
2008-02-25, 07:58
ComboFix 08-02-25.2 - Owner 2008-02-24 21:40:23.4 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 14:26 . 2008-02-24 14:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-24 14:26 . 2008-02-24 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-24 14:25 . 2008-02-24 14:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-24 12:47 . 2008-02-24 13:17 <DIR> d-------- C:\VundoFix Backups
2008-02-23 13:56 . 2008-02-23 13:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-23 10:34 . 2008-02-24 10:20 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-02-23 10:34 . 2008-02-24 10:20 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-02-21 20:22 . 2008-02-23 20:34 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-17 14:06 . 2008-02-17 14:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 14:06 . 2008-02-17 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 20:40 . 2008-02-17 22:04 476 --a------ C:\WINDOWS\wininit.ini
2008-02-15 20:06 . 2008-02-15 19:56 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-15 20:06 . 2008-02-15 20:06 3,444 --a------ C:\WINDOWS\unins000.dat
2008-02-15 15:24 . 2008-02-15 15:25 2,094 --ahs---- C:\WINDOWS\system32\gebgemvv.ini
2008-02-15 15:18 . 2008-02-24 10:19 157,341 --a------ C:\WINDOWS\BM7383503f.xml
2008-02-15 15:18 . 2008-02-24 12:44 22 --a------ C:\WINDOWS\pskt.ini
2008-02-13 15:27 . 2008-02-15 14:53 1,373,515 --ahs---- C:\WINDOWS\system32\dwlbxjfq.ini
2008-02-07 19:22 . 2008-02-07 19:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-02-07 19:20 . 2008-02-07 19:20 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-07 19:18 . 2008-02-07 19:18 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-02-07 19:18 . 2008-02-07 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-02-07 19:18 . 2007-10-22 18:58 1,721,712 --a------ C:\WINDOWS\system32\InetClnt.dll
2008-02-07 19:08 . 2008-02-07 19:08 <DIR> d-------- C:\Program Files\TurboTax
2008-02-03 08:57 . 2008-02-03 10:47 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-01 21:04 . 2008-02-01 21:05 1,741,284 --ahs---- C:\WINDOWS\system32\murjhrjq.ini
2008-02-01 09:07 . 2008-02-01 09:07 0 --a------ C:\WINDOWS\system32\scrwjxgd.tmp
2008-02-01 09:06 . 2008-02-01 09:07 1,707,104 --ahs---- C:\WINDOWS\system32\scrwjxgd.ini
2008-01-31 21:10 . 2008-01-31 21:10 1,719,767 --ahs---- C:\WINDOWS\system32\tcfqvwlf.ini
2008-01-31 21:06 . 2008-01-31 21:07 1,961,288 --ahs---- C:\WINDOWS\system32\rxdhlufi.ini
2008-01-31 09:09 . 2008-01-31 16:00 1,707,044 --ahs---- C:\WINDOWS\system32\impyrvot.ini
2008-01-31 09:03 . 2008-01-31 09:04 1,725,849 --ahs---- C:\WINDOWS\system32\conlbuwo.ini
2008-01-30 21:05 . 2008-01-30 21:05 1,721,568 --ahs---- C:\WINDOWS\system32\wlbgiali.ini
2008-01-29 17:30 . 2008-01-31 16:00 1,964,520 --ahs---- C:\WINDOWS\system32\wgtqxlop.ini
2008-01-28 19:03 . 2008-01-28 19:03 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-28 09:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-27 20:18 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-27 20:17 . 2008-01-27 20:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-27 20:13 . 2008-01-27 20:13 <DIR> d-------- C:\Program Files\SDM
2008-01-27 19:22 . 2008-01-27 19:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-27 19:00 . 2007-07-08 21:01 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-27 19:00 . 2007-07-08 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-01-27 19:00 . 2007-12-17 21:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-27 19:00 . 2007-07-08 21:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-01-27 09:26 . 2008-01-27 15:01 586 --ahs---- C:\WINDOWS\system32\gyflbydn.ini
2008-01-27 09:23 . 2008-01-27 09:23 294 --ahs---- C:\WINDOWS\system32\vwfoojqm.ini
2008-01-26 09:29 . 2008-01-26 18:02 466 --ahs---- C:\WINDOWS\system32\qwjlrleh.ini
2008-01-26 09:23 . 2008-01-26 09:23 294 --ahs---- C:\WINDOWS\system32\wqaqtmdy.ini
2008-01-25 21:24 . 2008-01-26 09:35 466 --ahs---- C:\WINDOWS\system32\imkhfurx.ini
2008-01-25 21:21 . 2008-01-25 21:21 294 --ahs---- C:\WINDOWS\system32\cxsvknup.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 18:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-24 04:35 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
2008-02-22 04:22 --------- d-----w C:\Program Files\MSN Messenger
2008-02-16 04:39 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-02-16 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 01:05 --------- d-----w C:\Program Files\McAfee
2008-02-08 03:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 23:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-28 07:33 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-01-28 04:18 --------- d-----w C:\Program Files\Java
2008-01-19 03:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-19 03:48 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-11 03:36 --------- d-----w C:\Program Files\RcvSystem
2008-01-05 19:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-01-04 19:00 --------- d-----w C:\Program Files\Common Files\Webroot Shared
2008-01-04 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-02 20:39 --------- d-----w C:\Documents and Settings\britney.FILBERT\Application Data\SiteAdvisor
2008-01-01 23:37 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-01 16:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-31 01:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-31 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-31 01:29 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-31 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-31 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-31 01:03 --------- d-----w C:\Program Files\Yahoo!
2007-12-29 23:59 --------- d-----w C:\Program Files\QuickTime
2007-12-23 18:54 46,512 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-27 07:04 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2007-11-26 22:47 194,888 ----a-w C:\WINDOWS\Unwash6.exe
2007-11-26 02:49 46,512 ----a-w C:\Documents and Settings\britney.FILBERT\Application Data\GDIPFONTCACHEV1.DAT
.

<pre>
----a-w 115,816 2007-12-29 17:39:32 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 68,856 2007-12-29 17:39:46 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 270,648 2007-12-22 18:55:30 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 144,784 2008-01-28 04:57:19 C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
----a-w 582,992 2008-01-30 02:05:10 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 1,694,208 2007-12-28 05:32:54 C:\Program Files\Messenger\msmsgs .exe
----a-w 5,674,352 2008-01-29 02:38:02 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 5,674,352 2008-01-31 03:43:29 C:\Program Files\MSN Messenger\bak\msnmsgr .exe
----a-w 282,624 2007-12-30 06:01:00 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:01 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:02 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:03 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:04 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:05 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:07 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:08 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:09 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:11 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:13 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:14 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:16 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:17 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:19 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:20 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:21 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:22 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:23 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:25 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2007-12-30 06:01:27 C:\Program Files\QuickTime\qttask .exe
----a-w 2,097,488 2008-02-24 04:35:39 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 1,206,600 2008-01-28 09:19:06 C:\Program Files\Webroot\Washer\wwDisp .exe
----a-w 169,984 2008-01-28 07:33:35 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-02-24 04:35:35 C:\WINDOWS\system32\ctfmon .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03818d58-854e-4681-bde0-8f5cb63c98aa}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06e33a7a-900e-4a4d-8e10-64894c5a6101}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07b1a70d-299a-427f-af53-b0d58f8c3236}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24130fc5-3284-4e8d-98f6-ea01b6984d16}]
C:\WINDOWS\system32\fmkqeyft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F551E36-B34E-4342-944B-2B980E432716}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{432B2330-2008-4E26-A237-594C54126615}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48A16FEE-F943-403C-9F92-DECF55BCD820}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{552B86A7-D89C-4136-B589-81B5BE1B1D44}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59C3B40A-92FE-4975-A5DF-BE51F45E7CCD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64960885-0409-41E1-80CB-457BB2D6896F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A02C47F-60E3-4E2F-93B4-B4CE658B8C59}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E548D91-0D0F-4A48-9216-49C00191E207}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FF5EB0C-94F1-415A-AB9F-FB2D6C86184B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79e40ab3-e068-4553-8839-b701acec1de7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91587F08-C5C4-4286-A90C-20DD8A78A4B2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97812B21-D87C-47BC-974E-2B30A46C0F59}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98450F23-A8F3-48E6-9F48-ADEA0FAA4C54}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c6d2a88-9e99-40b0-9e4a-29b4c8ea5fb4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E726B90-5DD7-4A24-9326-7A5067CBED64}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A337763C-B6CE-4FC3-BB9E-BC97F3751856}]
C:\WINDOWS\system32\vtutt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8352918-FFBA-4425-9FC0-EBF39236F6DE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B82802EF-5E7B-4FAF-B4E9-9CF807226EC0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C36E56FB-3064-434B-B07C-6CE9A1E85E7C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E733331C-DCDC-48A2-B81B-9BE1D5CAFC75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1CB876D-4022-43B1-9156-6758C4132136}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F25A0899-F659-4B48-A012-0BC251DEB91F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8A643C4-4D76-44DA-BCE1-4E8B9B7F73EE}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-24 10:20 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 07:32 7204864]
"70b063a3"="C:\WINDOWS\system32\thantoom.dll" [ ]
"BM7383503f"="C:\WINDOWS\system32\mifvpspf.dll" [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\70b063a3]
C:\WINDOWS\system32\udeiwkeb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 16:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\Owner\LOCALS~1\Temp\200779174123_mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2004-11-03 13:03 125528 C:\Program Files\Common Files\AOL\1183959268\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-29 23:00 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\vtutt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-01-31 21:23 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\Owner\LOCALS~1\Temp\200779174121_mcinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 07:32 7204864 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 07:32 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 07:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-26 14:07 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-01 04:32 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 14:04 135168 C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 SonyIEx;SonyIEx;C:\WINDOWS\system32\SonyIEx.exe [2005-05-30 10:48]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 06:33:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 09:39:53 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 09:00:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 21:44:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-24 21:45:12
ComboFix-quarantined-files.txt 2008-02-25 05:45:02
ComboFix2.txt 2008-02-25 05:09:36
ComboFix3.txt 2008-02-25 00:30:26
ComboFix4.txt 2008-01-28 05:01:11
.
2008-02-13 11:06:04 --- E O F ---

cayveman
2008-02-25, 08:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:51 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\SonyIEx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {03818d58-854e-4681-bde0-8f5cb63c98aa} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {06e33a7a-900e-4a4d-8e10-64894c5a6101} - (no file)
O2 - BHO: (no name) - {07b1a70d-299a-427f-af53-b0d58f8c3236} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: {61d4896b-10ae-6f89-d8e4-48235cf03142} - {24130fc5-3284-4e8d-98f6-ea01b6984d16} - C:\WINDOWS\system32\fmkqeyft.dll (file missing)
O2 - BHO: (no name) - {2F551E36-B34E-4342-944B-2B980E432716} - (no file)
O2 - BHO: (no name) - {432B2330-2008-4E26-A237-594C54126615} - (no file)
O2 - BHO: (no name) - {48A16FEE-F943-403C-9F92-DECF55BCD820} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {552B86A7-D89C-4136-B589-81B5BE1B1D44} - (no file)
O2 - BHO: (no name) - {59C3B40A-92FE-4975-A5DF-BE51F45E7CCD} - (no file)
O2 - BHO: (no name) - {64960885-0409-41E1-80CB-457BB2D6896F} - (no file)
O2 - BHO: (no name) - {6A02C47F-60E3-4E2F-93B4-B4CE658B8C59} - (no file)
O2 - BHO: (no name) - {6E548D91-0D0F-4A48-9216-49C00191E207} - (no file)
O2 - BHO: (no name) - {6FF5EB0C-94F1-415A-AB9F-FB2D6C86184B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {79e40ab3-e068-4553-8839-b701acec1de7} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {91587F08-C5C4-4286-A90C-20DD8A78A4B2} - (no file)
O2 - BHO: (no name) - {97812B21-D87C-47BC-974E-2B30A46C0F59} - (no file)
O2 - BHO: (no name) - {98450F23-A8F3-48E6-9F48-ADEA0FAA4C54} - (no file)
O2 - BHO: (no name) - {9c6d2a88-9e99-40b0-9e4a-29b4c8ea5fb4} - (no file)
O2 - BHO: (no name) - {9E726B90-5DD7-4A24-9326-7A5067CBED64} - (no file)
O2 - BHO: (no name) - {A337763C-B6CE-4FC3-BB9E-BC97F3751856} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {A8352918-FFBA-4425-9FC0-EBF39236F6DE} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {B82802EF-5E7B-4FAF-B4E9-9CF807226EC0} - (no file)
O2 - BHO: (no name) - {C36E56FB-3064-434B-B07C-6CE9A1E85E7C} - (no file)
O2 - BHO: (no name) - {E733331C-DCDC-48A2-B81B-9BE1D5CAFC75} - (no file)
O2 - BHO: (no name) - {F1CB876D-4022-43B1-9156-6758C4132136} - (no file)
O2 - BHO: (no name) - {F25A0899-F659-4B48-A012-0BC251DEB91F} - (no file)
O2 - BHO: (no name) - {F8A643C4-4D76-44DA-BCE1-4E8B9B7F73EE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [70b063a3] rundll32.exe "C:\WINDOWS\system32\thantoom.dll",b
O4 - HKLM\..\Run: [BM7383503f] Rundll32.exe "C:\WINDOWS\system32\mifvpspf.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.regence.com/remote/msrdp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Thanks,
cayveman

ken545
2008-02-25, 15:17
Good Morning,

Thanks for the logs, let me tell you what we are up against. You have the latest variant of Vundo that includes a File Infector, if you look at your Combofix log, all the files and programs in the Blue Code Box have been infected by this trojan, besides that, you have another issue being a downloader trojan . I would strongly urge you until we give you the all clear that you stay off the internet except for posting here , if not this trojan is going to continue to go out and download other garbage.

Do this, make sure you do this correctly, any programs not removed with have to be uninstalled and reinstalled .

Open Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Killall::



Killall::

RenV::
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\MSN Messenger\bak\msnmsgr .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Webroot\Washer\wwDisp .exe
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
C:\WINDOWS\system32\ctfmon .exe

File::
C:\WINDOWS\system32\gebgemvv.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dwlbxjfq.ini
C:\WINDOWS\system32\murjhrjq.ini
C:\WINDOWS\system32\scrwjxgd.tmp
C:\WINDOWS\system32\scrwjxgd.ini
C:\WINDOWS\system32\tcfqvwlf.ini
C:\WINDOWS\system32\rxdhlufi.ini
C:\WINDOWS\system32\impyrvot.ini
C:\WINDOWS\system32\conlbuwo.ini
C:\WINDOWS\system32\wlbgiali.ini
C:\WINDOWS\system32\wgtqxlop.ini
C:\WINDOWS\system32\gyflbydn.ini
C:\WINDOWS\system32\vwfoojqm.ini
C:\WINDOWS\system32\qwjlrleh.ini
C:\WINDOWS\system32\wqaqtmdy.ini
C:\WINDOWS\system32\imkhfurx.ini
C:\WINDOWS\system32\cxsvknup.ini
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\fmkqeyft.dll
C:\WINDOWS\system32\udeiwkeb.dll
C:\WINDOWS\system32\mifvpspf.dll
C:\WINDOWS\system32\thantoom.dll


Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03818d58-854e-4681-bde0-8f5cb63c98aa}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06e33a7a-900e-4a4d-8e10-64894c5a6101}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07b1a70d-299a-427f-af53-b0d58f8c3236}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24130fc5-3284-4e8d-98f6-ea01b6984d16}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F551E36-B34E-4342-944B-2B980E432716}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{432B2330-2008-4E26-A237-594C54126615}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48A16FEE-F943-403C-9F92-DECF55BCD820}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{552B86A7-D89C-4136-B589-81B5BE1B1D44}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59C3B40A-92FE-4975-A5DF-BE51F45E7CCD}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64960885-0409-41E1-80CB-457BB2D6896F}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A02C47F-60E3-4E2F-93B4-B4CE658B8C59}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E548D91-0D0F-4A48-9216-49C00191E207}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FF5EB0C-94F1-415A-AB9F-FB2D6C86184B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79e40ab3-e068-4553-8839-b701acec1de7}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91587F08-C5C4-4286-A90C-20DD8A78A4B2}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97812B21-D87C-47BC-974E-2B30A46C0F59}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98450F23-A8F3-48E6-9F48-ADEA0FAA4C54}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c6d2a88-9e99-40b0-9e4a-29b4c8ea5fb4}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E726B90-5DD7-4A24-9326-7A5067CBED64}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A337763C-B6CE-4FC3-BB9E-BC97F3751856}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8352918-FFBA-4425-9FC0-EBF39236F6DE}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B82802EF-5E7B-4FAF-B4E9-9CF807226EC0}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C36E56FB-3064-434B-B07C-6CE9A1E85E7C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E733331C-DCDC-48A2-B81B-9BE1D5CAFC75}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1CB876D-4022-43B1-9156-6758C4132136}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F25A0899-F659-4B48-A012-0BC251DEB91F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"70b063a3"=-
"BM7383503f"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\70b063a3]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.




You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected and their backups and then restore them.

Please download FindAWF (http://noahdfear.geekstogo.com/FindAWF.exe) and save it to your desktop

* Double-click FindAWF.exe to start the tool.
* Select option #1 - Scan for bak folders by typing 1 and press 'Enter'
* When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt here.

**Do not run any other option unless directed to do so.**

cayveman
2008-02-25, 17:04
Here we are again.
Here's the latest combofix log:
ComboFix 08-02-25.2 - Owner 2008-02-25 6:47:10.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.164 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\conlbuwo.ini
C:\WINDOWS\system32\cxsvknup.ini
C:\WINDOWS\system32\dwlbxjfq.ini
C:\WINDOWS\system32\fmkqeyft.dll
C:\WINDOWS\system32\gebgemvv.ini
C:\WINDOWS\system32\gyflbydn.ini
C:\WINDOWS\system32\imkhfurx.ini
C:\WINDOWS\system32\impyrvot.ini
C:\WINDOWS\system32\mifvpspf.dll
C:\WINDOWS\system32\murjhrjq.ini
C:\WINDOWS\system32\qwjlrleh.ini
C:\WINDOWS\system32\rxdhlufi.ini
C:\WINDOWS\system32\scrwjxgd.ini
C:\WINDOWS\system32\scrwjxgd.tmp
C:\WINDOWS\system32\tcfqvwlf.ini
C:\WINDOWS\system32\thantoom.dll
C:\WINDOWS\system32\udeiwkeb.dll
C:\WINDOWS\system32\vtutt.dll
C:\WINDOWS\system32\vwfoojqm.ini
C:\WINDOWS\system32\wgtqxlop.ini
C:\WINDOWS\system32\wlbgiali.ini
C:\WINDOWS\system32\wqaqtmdy.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\aghjxwrd.dll.bad
C:\VundoFix Backups\aksumahx.dll.bad
C:\VundoFix Backups\amwfiqkf.dll.bad
C:\VundoFix Backups\aqvbukab.dll.bad
C:\VundoFix Backups\bjominev.dll.bad
C:\VundoFix Backups\ceghykvk.dll.bad
C:\VundoFix Backups\cjjckmvs.dll.bad
C:\VundoFix Backups\ddgjnwdc.dll.bad
C:\VundoFix Backups\doxpnrnm.dll.bad
C:\VundoFix Backups\dypiwteu.dll.bad
C:\VundoFix Backups\ewfcybmm.dll.bad
C:\VundoFix Backups\fbklhyfq.dll.bad
C:\VundoFix Backups\fgiuvppm.dll.bad
C:\VundoFix Backups\fmayjpkm.dll.bad
C:\VundoFix Backups\fmkqeyft.dll.bad
C:\VundoFix Backups\fskijcao.dll.bad
C:\VundoFix Backups\fwiebwbd.dll.bad
C:\VundoFix Backups\geyfirhl.ini.bad
C:\VundoFix Backups\gwicdexo.dll.bad
C:\VundoFix Backups\hgukuywh.dll.bad
C:\VundoFix Backups\hinagmgk.dll.bad
C:\VundoFix Backups\hkgfpgqd.dll.bad
C:\VundoFix Backups\hogllebc.dll.bad
C:\VundoFix Backups\hoijemrn.dll.bad
C:\VundoFix Backups\icmxaegm.dll.bad
C:\VundoFix Backups\innxlgul.dll.bad
C:\VundoFix Backups\irmynkhu.dll.bad
C:\VundoFix Backups\jhbbgdoj.dll.bad
C:\VundoFix Backups\jodgbbhj.ini.bad
C:\VundoFix Backups\jrltcmbu.dll.bad
C:\VundoFix Backups\kgeggbqd.dll.bad
C:\VundoFix Backups\kgxmdqfy.dll.bad
C:\VundoFix Backups\klifcsbu.dll.bad
C:\VundoFix Backups\lhrifyeg.dll.bad
C:\VundoFix Backups\ljllfkqp.dll.bad
C:\VundoFix Backups\ltrjlgek.dll.bad
C:\VundoFix Backups\luglxnni.ini.bad
C:\VundoFix Backups\mboriwcb.dll.bad
C:\VundoFix Backups\mhuylmiu.dll.bad
C:\VundoFix Backups\mifvpspf.dll.bad
C:\VundoFix Backups\ngaiwptf.dll.bad
C:\VundoFix Backups\okahonhb.dll.bad
C:\VundoFix Backups\ouoeairs.dll.bad
C:\VundoFix Backups\qmpfifdh.dll.bad
C:\VundoFix Backups\qquepugl.dll.bad
C:\VundoFix Backups\slddicyu.dll.bad
C:\VundoFix Backups\svmkcjjc.ini.bad
C:\VundoFix Backups\swiwfcge.dll.bad
C:\VundoFix Backups\thantoom.dll.bad
C:\VundoFix Backups\tibhuvuc.dll.bad
C:\VundoFix Backups\ufcqwrqj.dll.bad
C:\VundoFix Backups\ushpgnll.dll.bad
C:\VundoFix Backups\uvqejdft.dll.bad
C:\VundoFix Backups\uxjxmltt.dll.bad
C:\VundoFix Backups\veyadkpe.dll.bad
C:\VundoFix Backups\vkaxxpnb.dll.bad
C:\VundoFix Backups\vlusnmil.dll.bad
C:\VundoFix Backups\vnbbkkbx.dll.bad
C:\VundoFix Backups\vswudxdl.dll.bad
C:\VundoFix Backups\vtutt.dll.bad
C:\VundoFix Backups\vvmegbeg.dll.bad
C:\VundoFix Backups\wfswybfm.dll.bad
C:\VundoFix Backups\xcphbrnr.dll.bad
C:\VundoFix Backups\xmnnngeh.dll.bad
C:\VundoFix Backups\xpxovnax.dll.bad
C:\VundoFix Backups\yoynqqhc.dll.bad
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\conlbuwo.ini
C:\WINDOWS\system32\cxsvknup.ini
C:\WINDOWS\system32\dwlbxjfq.ini
C:\WINDOWS\system32\gebgemvv.ini
C:\WINDOWS\system32\gyflbydn.ini
C:\WINDOWS\system32\imkhfurx.ini
C:\WINDOWS\system32\impyrvot.ini
C:\WINDOWS\system32\murjhrjq.ini
C:\WINDOWS\system32\qwjlrleh.ini
C:\WINDOWS\system32\rxdhlufi.ini
C:\WINDOWS\system32\scrwjxgd.ini
C:\WINDOWS\system32\scrwjxgd.tmp
C:\WINDOWS\system32\tcfqvwlf.ini
C:\WINDOWS\system32\vwfoojqm.ini
C:\WINDOWS\system32\wgtqxlop.ini
C:\WINDOWS\system32\wlbgiali.ini
C:\WINDOWS\system32\wqaqtmdy.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 14:26 . 2008-02-24 14:26 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-24 14:26 . 2008-02-24 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-24 14:25 . 2008-02-24 14:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-23 13:56 . 2008-02-23 13:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 20:22 . 2008-02-23 20:34 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-17 14:06 . 2008-02-17 14:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-17 14:06 . 2008-02-17 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-15 20:40 . 2008-02-17 22:04 476 --a------ C:\WINDOWS\wininit.ini
2008-02-15 20:06 . 2008-02-15 19:56 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-15 20:06 . 2008-02-15 20:06 3,444 --a------ C:\WINDOWS\unins000.dat
2008-02-15 15:18 . 2008-02-24 10:19 157,341 --a------ C:\WINDOWS\BM7383503f.xml
2008-02-07 19:22 . 2008-02-07 19:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-02-07 19:20 . 2008-02-07 19:20 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-02-07 19:18 . 2008-02-07 19:18 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-02-07 19:18 . 2008-02-07 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-02-07 19:18 . 2007-10-22 18:58 1,721,712 --a------ C:\WINDOWS\system32\InetClnt.dll
2008-02-07 19:08 . 2008-02-07 19:08 <DIR> d-------- C:\Program Files\TurboTax
2008-02-03 08:57 . 2008-02-03 10:47 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-28 19:03 . 2008-01-28 19:03 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-28 09:47 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-27 20:18 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-27 20:17 . 2008-01-27 20:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-27 20:13 . 2008-01-27 20:13 <DIR> d-------- C:\Program Files\SDM
2008-01-27 19:22 . 2008-01-27 19:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-27 19:00 . 2007-07-08 21:01 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-27 19:00 . 2007-07-08 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-01-27 19:00 . 2007-12-17 21:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-27 19:00 . 2007-07-08 21:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 14:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-25 14:47 --------- d-----w C:\Program Files\QuickTime
2008-02-25 14:46 --------- d-----w C:\Program Files\MSN Messenger
2008-02-25 14:46 --------- d-----w C:\Program Files\iTunes
2008-02-25 14:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-16 04:39 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-02-16 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 01:05 --------- d-----w C:\Program Files\McAfee
2008-02-08 03:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 23:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-28 04:18 --------- d-----w C:\Program Files\Java
2008-01-19 03:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-11 03:36 --------- d-----w C:\Program Files\RcvSystem
2008-01-05 19:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-01-04 19:00 --------- d-----w C:\Program Files\Common Files\Webroot Shared
2008-01-04 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-02 20:39 --------- d-----w C:\Documents and Settings\britney.FILBERT\Application Data\SiteAdvisor
2008-01-01 23:37 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-01 16:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-31 01:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-31 01:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-31 01:29 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-31 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-31 01:03 --------- d-----w C:\Program Files\Yahoo!
2007-12-23 18:54 46,512 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-11-26 22:47 194,888 ----a-w C:\WINDOWS\Unwash6.exe
2007-11-26 02:49 46,512 ----a-w C:\Documents and Settings\britney.FILBERT\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 5,674,352 2008-01-31 03:43:29 C:\Program Files\MSN Messenger\bak\msnmsgr.exe
----a-w 5,674,352 2008-01-29 02:38:02 C:\Program Files\MSN Messenger\MsnMsgr.Exe

----a-w 36,640 2008-02-01 12:38:26 C:\Program Files\SiteAdvisor\6253\bak\SiteAdv.exe

----a-w 15,360 2004-08-04 19:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2008-02-24 04:35:35 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8A643C4-4D76-44DA-BCE1-4E8B9B7F73EE}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-23 20:35 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 07:32 7204864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 16:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\Owner\LOCALS~1\Temp\200779174123_mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2004-11-03 13:03 125528 C:\Program Files\Common Files\AOL\1183959268\EE\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-22 10:55 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-01-29 18:05 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
C:\DOCUME~1\Owner\LOCALS~1\Temp\200779174121_mcinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2008-01-28 18:38 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-18 07:32 7204864 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-18 07:32 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-18 07:32 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-29 22:01 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-26 14:07 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-01-27 20:57 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 14:04 135168 C:\Program Files\Digital Media Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
--a------ 2008-01-28 01:19 1206600 C:\Program Files\Webroot\Washer\wwDisp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R2 SonyIEx;SonyIEx;C:\WINDOWS\system32\SonyIEx.exe [2005-05-30 10:48]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 06:33:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 09:39:53 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 09:00:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 06:51:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-02-25 6:54:22 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-02-25 14:54:18
ComboFix2.txt 2008-02-25 05:45:13
ComboFix3.txt 2008-02-25 05:09:36
ComboFix4.txt 2008-02-25 00:30:26
ComboFix5.txt 2008-01-28 05:01:11
.
2008-02-13 11:06:04 --- E O F ---

cayveman
2008-02-25, 17:07
AWF log:

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Mon 02/25/2008
The current time is: 6:56:11.29


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MSNMES~1\BAK

01/30/2008 07:43 PM 5,674,352 msnmsgr.exe
1 File(s) 5,674,352 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 11:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\SITEAD~1\6253\BAK

02/01/2008 04:38 AM 36,640 SiteAdv.exe
1 File(s) 36,640 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

5674352 Jan 28 2008 "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
5674352 Jan 30 2008 "C:\Program Files\MSN Messenger\bak\msnmsgr.exe"
15360 Feb 23 2008 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
36640 Feb 1 2008 "C:\Program Files\SiteAdvisor\6253\bak\SiteAdv.exe"


end of report

And the Highjackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:03 AM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\SonyIEx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {F8A643C4-4D76-44DA-BCE1-4E8B9B7F73EE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.regence.com/remote/msrdp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6284 bytes

Thanks again,
Cayveman

ken545
2008-02-25, 17:20
Hello,

You lucked out, Combofix removed the infected Vundo files.


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: (no name) - {F8A643C4-4D76-44DA-BCE1-4E8B9B7F73EE} - (no file)



Double-click FindAWF.exe to start the tool.

* Select option #2 - Restore files from bak folders by typing 2 and press 'Enter'
* A text file will open up. Please copy/paste the following bolded text into the text file:

"C:\Program Files\MSN Messenger\bak\msnmsgr.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\SiteAdvisor\6253\bak\SiteAdv.exe"

* Close the .txt file and click 'Yes' to save the changes.
* When the tool has completed, a report will open up in notepad.

Please post the results of the awf.txt here.

cayveman
2008-02-26, 04:44
Hello ken545,

Here is my awf log:


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Mon 02/25/2008
The current time is: 18:41:17.32


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MSNMES~1\BAK

01/30/2008 07:43 PM 5,674,352 msnmsgr.exe
1 File(s) 5,674,352 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 11:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\SITEAD~1\6253\BAK

02/01/2008 04:38 AM 36,640 SiteAdv.exe
1 File(s) 36,640 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

5674352 Jan 30 2008 "C:\Program Files\MSN Messenger\msnmsgr.exe"
5674352 Jan 30 2008 "C:\Program Files\MSN Messenger\bak\msnmsgr.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
36640 Feb 1 2008 "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
36640 Feb 1 2008 "C:\Program Files\SiteAdvisor\6253\bak\SiteAdv.exe"


end of report

ken545
2008-02-26, 04:56
Double-click FindAWF.exe to start the tool.


Select option #3 - Remove bak folders by typing 3 and press 'Enter'
A text file will open up. Please copy/paste the following bolded text into the text file:


C:\Program Files\MSN Messenger\bak
C:\WINDOWS\system32\bak
C:\Program Files\SiteAdvisor\6253\bak

* Close the .txt file and click 'Yes' to save the changes.
* When the tool has completed, a report will open up in notepad.

Please post the results of the awf.txt here.

cayveman
2008-02-26, 06:34
You put in a long day pal, but I appreciate it!

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Mon 02/25/2008
The current time is: 20:31:26.78


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

ken545
2008-02-26, 08:25
cayveman,

Not a problem helping you :bigthumb: It looks like we beat both infections :bigthumb:

Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones.

When the program returns to the main menu, use the following option:
Press E then Enter to EXIT.


Post hopefully one last HJT log and lets make sure nothing has come back

cayveman
2008-02-27, 07:38
Well, here it is. I hope this is done. I have one more question for you. I currently have a free trial of McAfee that is about to expire. I had Norton Internet Security when this problem arose. I want internet security that is simple and effective. What do you recommend?

Thanks for all your help,
cayveman

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:49 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\SonyIEx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.regence.com/remote/msrdp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 6210 bytes

ken545
2008-02-27, 11:44
Hello,

O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe This is running as a service on your system and I can't find any info on it, do you have any idea what it is. The file was uploaded for analysis on another forum and came back clean. Have you installed any Sony software or music / video CDs?

The rest of your log looks fine :bigthumb: How are things running now??

cayveman
2008-02-29, 07:43
It's the only "sony" file I have on the computer. I have no Sony appliances that I would plug into this pc. I Googled it and couldn't find anything positive on it. I would like to remove it if it doesn't have a positive purpose. If you feel the same, please let me know what I should do. Thanks

cayveman
2008-02-29, 07:45
Things are running a lot smoother. No pop-ups and no delays. I really appreciate what you've done for me. Thanks

ken545
2008-02-29, 12:11
Hello,

You can do this.

Remove it with HJT.
O23 - Service: SonyIEx - Unknown owner - C:\WINDOWS\system32\SonyIEx.exe


If it gives you issues, then you can restore it like this.

To restore the backups:
Open HiJackThis
Click on "View the list of Backups"
Place a check mark next to anything you want to restore
Click Restore
Click Yes
Reboot your computer





If after a few days all is ok and no problem removing it you can then do this.



Open HJT > Misc Tools > Delete an NT Service
Type in SonyIEx
Then click on OK, it will ask you to reboot, do so.



C:\WINDOWS\system32\SonyIEx.exe <-- Delete this file


Post back in a day or so and let me know how it went

cayveman
2008-03-01, 19:23
No problems found after deleting the SonyIEx file. I would still like a recommendation for an antivirus/firewall. Please le me know what you recommend, if you can. Something low maintenance. Thanks

ken545
2008-03-01, 19:40
Hi,

You already have Mcafee installed that includes a firewall, it looks like your all set in that department. Just remember the basic rule of thumb..ONLY ONE ANTIVIRUS PROGRAM AND ONLY ONE FIREWALL are needed, more is overkill and can slow your system down and cause you problems. If you have a router with a built in Firewall, thats fine, you can have One Software and One Hardware Firewall. My self, I use Norton Internet Security and am very happy with it. Whatever you install, remember to uninstall Mcafee first.

Here are some free ones if your interested.

Free Anti Virus Programs


AVG Free (http://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5)
Free Avast 4 Home Edition (http://www.avast.com/eng/avast_4_home.html)
Avira AntiVir® Personal Edition Classic (http://www.free-av.com/)



A Firewall also should be installed, these are all free


Sygate Personal Firewall Free Edition (http://www.filehippo.com/download_sygate_personal_firewall/[/url])
Comodo Personal Firewall (http://www.personalfirewall.comodo.com/)
Outpost Firewall Free (http://www.agnitum.com/products/outpostfree/index.php)
Zone Alarm (http://www.pcworld.com/downloads/file_description/0,fid,7228,00.asp)



You can have a few Anti Spyware Programs running, 2 or 3 are fine.

Ken

cayveman
2008-03-01, 20:54
Thanks again for all your help ken545. I think I'll go back to Norton, as the McAfee was just a free trial. I lost Norton when I was trying to fix this thing myself and was just using the other as a temp. I'm glad there are people like you around to help people like me.

ken545
2008-03-02, 04:00
Your very welcome,

Stay well,

Ken