virtumonde

evilseadragon

New member
I've had this for about a week and can't get rid of it. Here's my logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:08 AM, on 11/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLHOS~1.EXE
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATTToolbar\FDServer.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224376845\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O20 - AppInit_DLLs: fyxmkb.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9183 bytes


Thanks for any help.
 
Hi evilseadragon

Rename HijackThis.exe to evilseadragon.exe and post back a fresh HijackThis log, please :)
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:27 AM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLServiceHost.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATTToolbar\FDServer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224376845\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [10d3d641] rundll32.exe "C:\WINDOWS\system32\opvthcpe.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA2521] command /c del "C:\WINDOWS\system32\fwxnvorp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7649] cmd /c del "C:\WINDOWS\system32\fwxnvorp.dll_old"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O20 - AppInit_DLLs: xrcmdm.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9456 bytes
 
Unfortunately it didn't go right.

Rename HijackThis.exe to evilseadragon.exe by doing the following;

  • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to evilseadragon.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Post the fresh HijackThis log here.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:05 PM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLHOS~1.EXE
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLServiceHost.exe
C:\Program Files\ATTToolbar\FDServer.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\evilseadragon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2882E338-7B6D-4E33-B087-FE006EBD7BE1} - C:\WINDOWS\system32\yayxvuVm.dll (file missing)
O2 - BHO: (no name) - {3d3f2668-6497-4918-ab0e-3ba8dab5dab0} - (no file)
O2 - BHO: (no name) - {46D78E31-B44A-4ADB-B97E-D7461D0647E1} - (no file)
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A910470-4819-4455-A95D-75798157B185} - C:\WINDOWS\system32\pmnoLefC.dll
O2 - BHO: (no name) - {8ab8c416-74e8-4388-ba42-ff6a38f2159a} - (no file)
O2 - BHO: (no name) - {9CBD857F-BF6E-4E5A-8DEA-36D188F7A02F} - (no file)
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\awtutrQi.dll
O2 - BHO: {c885d1c7-2ae1-8e2b-8634-9b81373d756b} - {b657d373-18b9-4368-b2e8-1ea27c1d588c} - C:\WINDOWS\system32\xrcmdm.dll
O2 - BHO: (no name) - {f6a2917d-692a-4d9b-934b-d981ecf316bd} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224376845\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O20 - AppInit_DLLs: xrcmdm.dll
O20 - Winlogon Notify: awtutrQi - C:\WINDOWS\SYSTEM32\awtutrQi.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 10447 bytes
 
I see.

Then we will remove them later and replace with freeware alternatives.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
 
combofix log:

ComboFix 08-12-05.01 - Owner 2008-12-05 12:11:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.541 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\INSTALL.LOG
c:\windows\system32\awtutrQi.dll
c:\windows\system32\bmlodpvd.dll
c:\windows\system32\byXRkLBR.dll
c:\windows\system32\CfeLonmp.ini
c:\windows\system32\CfeLonmp.ini2
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\cvlpwv.dll
c:\windows\system32\cvxbzl.dll
c:\windows\system32\ddjrxe.dll
c:\windows\system32\dmhmxstl.dll
c:\windows\system32\dxgjfv.dll
c:\windows\system32\edcytmlx.dll
c:\windows\system32\epchtvpo.ini
c:\windows\system32\fgwvyejr.dll
c:\windows\system32\frualbnw.dll
c:\windows\system32\fyxmkb.dll
c:\windows\system32\hfsfqxbp.dll
c:\windows\system32\hlbmmsrv.ini
c:\windows\system32\hslgiifv.dll
c:\windows\system32\ifjcfyod.dll
c:\windows\system32\jbvirqwb.dll
c:\windows\system32\jobmyu.dll
c:\windows\system32\jtogmd.dll
c:\windows\system32\juivddil.dll
c:\windows\system32\ksnckvgn.dll
c:\windows\system32\lwqdtk.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\msansspc.dll
c:\windows\system32\ncjbxk.dll
c:\windows\system32\nfihipfa.dll
c:\windows\system32\nxjqes.dll
c:\windows\system32\oqmwgy.dll
c:\windows\system32\pbwklail.dll
c:\windows\system32\pmnoLefC.dll
c:\windows\system32\tufbbwnq.dll
c:\windows\system32\tuvWnnNd.dll
c:\windows\system32\uvmkwidl.dll
c:\windows\system32\vbpyfm.dll
c:\windows\system32\vtUlkihG.dll
c:\windows\system32\xrcmdm.dll
c:\windows\system32\ygcojtqj.dll
c:\windows\system32\yielykyb.ini
c:\windows\system32\ylrgaosq.dll
c:\windows\wiaserviv.log
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://dna65.fastaccess.com
.
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-11-30 09:54 . 2008-11-30 09:54 <DIR> d-------- c:\program files\Trend Micro
2008-11-30 09:54 . 2008-11-30 09:54 812,344 --a------ C:\HJTInstall.exe
2008-11-30 09:51 . 2008-11-30 09:51 9,123 --a------ C:\ResetTeaTimer.bat
2008-11-30 09:25 . 2008-11-30 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-11-25 10:27 . 2008-11-25 10:27 <DIR> d-------- c:\documents and settings\Owner\Application Data\Symantec
2008-11-24 21:43 . 2008-11-24 21:43 <DIR> d-------- c:\documents and settings\Owner\Application Data\PlayFirst
2008-11-24 21:43 . 2008-11-24 21:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-24 21:41 . 2008-11-24 21:41 22 --a------ c:\windows\system32\ati64hlp.stb
2008-11-23 19:56 . 2008-12-04 22:52 438 --a------ c:\windows\wininit.ini
2008-11-23 12:32 . 2008-11-23 12:32 <DIR> d-------- c:\documents and settings\Owner\Application Data\funkitron
2008-11-23 11:04 . 2008-11-23 11:04 26,624 --a------ c:\documents and settings\Owner\~.exe
2008-11-20 16:31 . 2008-11-20 16:31 <DIR> d-------- c:\documents and settings\Owner\Application Data\Gaijin Ent
2008-11-15 16:36 . 2008-11-15 16:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Free Ride Games
2008-11-15 16:36 . 2008-06-21 16:28 37,033 --------- c:\windows\FRGT.ico
2008-11-15 16:36 . 2008-11-15 16:36 64 --a------ c:\windows\GPlrLanc.dat
2008-11-05 18:24 . 2008-11-05 18:24 56,789 --a------ c:\program files\american6.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 16:28 --------- d-----w c:\documents and settings\All Users\Application Data\ATTToolbar
2008-11-28 23:58 --------- d-----w c:\documents and settings\Owner\Application Data\ATTToolbar
2008-11-25 03:00 --------- d-----w c:\program files\Napster
2008-11-25 03:00 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-11-15 21:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 12:58 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 02:58 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-11-02 17:09 --------- d-----w c:\program files\EA GAMES
2008-10-23 23:47 1,234,120 ----a-w C:\wrar380.exe
2008-10-23 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 11:33 15,083,520 ----a-w C:\spybotsd160.exe
2008-10-19 02:17 --------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2008-10-19 02:17 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-19 02:14 --------- d-----w c:\program files\Yahoo!
2008-10-19 02:14 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-19 02:13 --------- d-----w c:\program files\FastAccessDSL
2008-10-19 02:13 --------- d-----w c:\program files\Common Files\SupportSoft
2008-10-19 02:00 --------- d-----w c:\program files\BellSouth Application Management
2008-10-19 02:00 --------- d-----w c:\program files\BellSouth
2008-10-19 01:54 --------- d-----w c:\program files\ATTToolbar
2008-10-19 01:54 --------- d-----w c:\program files\AT&T
2008-10-19 01:54 --------- d-----w c:\documents and settings\Owner\Application Data\AT&T
2008-10-19 01:54 --------- d-----w c:\documents and settings\All Users\Application Data\AT&T
2008-10-19 01:52 --------- d-----w c:\documents and settings\Owner\Application Data\Motive
2008-10-19 01:48 --------- d-----w c:\program files\Common Files\Motive
2008-10-19 01:48 --------- d-----w c:\program files\att-nap
2008-10-19 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2008-10-19 01:13 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-19 00:45 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\McAfee
2008-10-19 00:45 --------- d-----w c:\program files\McAfee
2008-10-19 00:45 --------- d-----w c:\program files\Common Files\McAfee
2008-10-19 00:45 --------- d-----w c:\documents and settings\Owner\Application Data\McAfee
2008-10-19 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-19 00:45 --------- d-----w c:\documents and settings\Administrator\Application Data\McAfee
2008-10-19 00:44 --------- d-----w c:\program files\McAfee.com
2008-10-19 00:44 --------- d-----w c:\program files\CyberLink
2008-10-19 00:44 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-10-19 00:43 --------- d-----w c:\program files\MSN Encarta Plus
2008-10-19 00:43 --------- d-----w c:\program files\Microsoft Money 2005
2008-10-19 00:43 --------- d-----w c:\program files\Common Files\Adobe
2008-10-19 00:42 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-10-19 00:42 --------- d-----w c:\program files\QuickTime
2008-10-19 00:42 --------- d-----w c:\program files\Common Files\Nullsoft
2008-10-19 00:42 --------- d-----w c:\program files\Common Files\aolshare
2008-10-19 00:42 --------- d-----w c:\program files\Common Files\AOL
2008-10-19 00:42 --------- d-----w c:\program files\America Online 9.0
2008-10-19 00:42 --------- d-----w c:\documents and settings\Owner\Application Data\You've Got Pictures Screensaver
2008-10-19 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-10-19 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-19 00:42 --------- d-----w c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-10-19 00:41 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys
2008-10-19 00:41 --------- d-----w c:\program files\Viewpoint
2008-10-19 00:41 --------- d-----w c:\program files\Real
2008-10-19 00:41 --------- d-----w c:\program files\Pure Networks
2008-10-19 00:41 --------- d-----w c:\program files\Common Files\Real
2008-10-19 00:41 --------- d-----w c:\program files\Common Files\AolCoach
2008-10-19 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-19 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks
2008-10-19 00:40 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SampleView
2008-10-19 00:40 --------- d-----w c:\documents and settings\Owner\Application Data\SampleView
2008-10-19 00:40 --------- d-----w c:\documents and settings\Administrator\Application Data\SampleView
2008-10-19 00:39 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-19 00:38 --------- d-----w c:\program files\Java
2008-10-19 00:38 --------- d-----w c:\program files\Common Files\Java
2008-10-19 00:34 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-19 00:33 --------- d-----w c:\program files\Microsoft.NET
2008-10-19 00:32 --------- d-----w c:\program files\ATI Technologies
2008-10-19 00:29 --------- d-----w c:\program files\Symantec
2008-10-19 00:29 --------- d-----w c:\program files\Norton Internet Security
2008-10-19 00:29 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-19 00:27 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Symantec
2008-10-19 00:26 --------- d-----w c:\program files\Google
2008-10-19 00:26 --------- d-----w c:\program files\BigFix
2008-10-19 00:25 --------- d-----w c:\program files\Microsoft Works
2008-10-19 00:25 --------- d-----w c:\program files\Digital Media Reader
2008-10-19 00:22 --------- d-----w c:\program files\Ahead
2008-10-19 00:21 --------- d-----w c:\program files\Common Files\Ahead
2008-10-19 00:17 --------- d-----w c:\program files\Common Files\New Boundary
2008-10-19 00:17 --------- d-----w c:\documents and settings\All Users\Application Data\Prism Deploy
2008-10-19 00:12 --------- d-----w c:\program files\CONEXANT
2008-10-18 23:59 --------- d-----w c:\program files\Windows Plus
2008-10-18 23:59 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 58488]
"IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [2004-08-17 132248]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 33936]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-09 966656]
"HostManager"="c:\program files\Common Files\AOL\1224376845\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2004-08-17 245760]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 184320]
"_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-10-19 114688]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-12 198184]
"McRegWiz"="c:\progra~1\McAfee.com\Agent\McRegWiz.exe" [2004-07-29 139264]
"CHotkey"="zHotkey.exe" [2005-05-03 c:\windows\zHotkey.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-10-18 1742384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-10-19 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ncjbxk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1224376845\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 McciCMService;McciCMService;"c:\program files\Common Files\Motive\McciCMService.exe" [2008-10-18 303104]
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-10-19 03:00]

2008-11-22 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1 [2008-10-18 19:45]

2008-12-05 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Administrator).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-10-02 18:34]

2008-12-05 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Administrator).job
- c:\progra~1\mcafee.com\agent [2008-10-19 00:40]

2008-12-05 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Owner).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-10-02 18:34]

2008-12-05 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Owner).job
- c:\progra~1\mcafee.com\agent [2008-10-19 00:40]

2008-10-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 19:26]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2882E338-7B6D-4E33-B087-FE006EBD7BE1} - c:\windows\system32\yayxvuVm.dll
BHO-{3d3f2668-6497-4918-ab0e-3ba8dab5dab0} - (no file)
BHO-{46D78E31-B44A-4ADB-B97E-D7461D0647E1} - (no file)
BHO-{588404fd-a25e-446a-91c5-0aa2a812dadb} - c:\windows\system32\ncjbxk.dll
BHO-{6431831F-3D54-4BB1-9480-94274262F611} - c:\windows\system32\pmnoLefC.dll
BHO-{8ab8c416-74e8-4388-ba42-ff6a38f2159a} - (no file)
BHO-{9CBD857F-BF6E-4E5A-8DEA-36D188F7A02F} - (no file)
BHO-{f6a2917d-692a-4d9b-934b-d981ecf316bd} - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 12:17:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\SoftwareDistribution
c:\windows\system32\wuapi.dll.mui 23576 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.311734.bak 111104 bytes executable
c:\windows\system32\wuaucpl.cpl.mui 23576 bytes executable
c:\windows\system32\wuaucpl.cpl.wusetup.315296.bak 162304 bytes executable
c:\windows\system32\wuaueng.dll.mui 18456 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.318359.bak 1134592 bytes executable

scan completed successfully
hidden files: 7

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehSched.exe
c:\program files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\progra~1\COMMON~1\AOL\122437~1\EE\AOLServiceHost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
.
**************************************************************************
.
Completion time: 2008-12-05 12:24:04 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-05 17:24:01

Pre-Run: 153,934,766,080 bytes free
Post-Run: 153,865,814,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows XP Media Center Edition" /noexecute=optin /fastdetect

303



hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:32 PM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLServiceHost.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\evilseadragon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224376845\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - AppInit_DLLs: ncjbxk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9524 bytes
 
Open notepad and copy/paste the text in the codebox below into it:

Code:
File::
c:\documents and settings\Owner\~.exe

Dirlook::
c:\documents and settings\Owner\Application Data\funkitron
c:\documents and settings\Owner\Application Data\Gaijin Ent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
combofix log:

ComboFix 08-12-05.01 - Owner 2008-12-06 21:54:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.550 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\Owner\~.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Owner\~.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-11-30 09:54 . 2008-11-30 09:54 <DIR> d-------- c:\program files\Trend Micro
2008-11-30 09:54 . 2008-11-30 09:54 812,344 --a------ C:\HJTInstall.exe
2008-11-30 09:51 . 2008-11-30 09:51 9,123 --a------ C:\ResetTeaTimer.bat
2008-11-30 09:25 . 2008-11-30 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-11-25 10:27 . 2008-11-25 10:27 <DIR> d-------- c:\documents and settings\Owner\Application Data\Symantec
2008-11-24 21:43 . 2008-11-24 21:43 <DIR> d-------- c:\documents and settings\Owner\Application Data\PlayFirst
2008-11-24 21:43 . 2008-11-24 21:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-24 21:41 . 2008-11-24 21:41 22 --a------ c:\windows\system32\ati64hlp.stb
2008-11-23 19:56 . 2008-12-04 22:52 438 --a------ c:\windows\wininit.ini
2008-11-23 12:32 . 2008-11-23 12:32 <DIR> d-------- c:\documents and settings\Owner\Application Data\funkitron
2008-11-20 16:31 . 2008-11-20 16:31 <DIR> d-------- c:\documents and settings\Owner\Application Data\Gaijin Ent
2008-11-15 16:36 . 2008-11-15 16:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Free Ride Games
2008-11-15 16:36 . 2008-06-21 16:28 37,033 --------- c:\windows\FRGT.ico
2008-11-15 16:36 . 2008-11-15 16:36 64 --a------ c:\windows\GPlrLanc.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 02:53 --------- d-----w c:\documents and settings\All Users\Application Data\ATTToolbar
2008-11-28 23:58 --------- d-----w c:\documents and settings\Owner\Application Data\ATTToolbar
2008-11-25 03:00 --------- d-----w c:\program files\Napster
2008-11-25 03:00 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-11-15 21:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 14:05 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-13 12:58 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-05 23:24 56,789 ----a-w c:\program files\american6.zip
2008-11-04 02:58 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-11-02 17:09 --------- d-----w c:\program files\EA GAMES
2008-10-23 23:47 1,234,120 ----a-w C:\wrar380.exe
2008-10-23 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 11:33 15,083,520 ----a-w C:\spybotsd160.exe
2008-10-19 02:17 --------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2008-10-19 02:17 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-19 02:14 --------- d-----w c:\program files\Yahoo!
2008-10-19 02:14 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-19 02:13 --------- d-----w c:\program files\FastAccessDSL
2008-10-19 02:13 --------- d-----w c:\program files\Common Files\SupportSoft
2008-10-19 02:00 --------- d-----w c:\program files\BellSouth Application Management
2008-10-19 02:00 --------- d-----w c:\program files\BellSouth
2008-10-19 01:54 --------- d-----w c:\program files\ATTToolbar
2008-10-19 01:54 --------- d-----w c:\program files\AT&T
2008-10-19 01:54 --------- d-----w c:\documents and settings\Owner\Application Data\AT&T
2008-10-19 01:54 --------- d-----w c:\documents and settings\All Users\Application Data\AT&T
2008-10-19 01:52 --------- d-----w c:\documents and settings\Owner\Application Data\Motive
2008-10-19 01:48 --------- d-----w c:\program files\Common Files\Motive
2008-10-19 01:48 --------- d-----w c:\program files\att-nap
2008-10-19 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2008-10-19 01:13 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-19 00:45 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\McAfee
2008-10-19 00:45 --------- d-----w c:\program files\McAfee
2008-10-19 00:45 --------- d-----w c:\program files\Common Files\McAfee
2008-10-19 00:45 --------- d-----w c:\documents and settings\Owner\Application Data\McAfee
2008-10-19 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-19 00:45 --------- d-----w c:\documents and settings\Administrator\Application Data\McAfee
2008-10-19 00:44 --------- d-----w c:\program files\McAfee.com
2008-10-19 00:44 --------- d-----w c:\program files\CyberLink
2008-10-19 00:44 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-10-19 00:43 --------- d-----w c:\program files\MSN Encarta Plus
2008-10-19 00:43 --------- d-----w c:\program files\Microsoft Money 2005
2008-10-19 00:43 --------- d-----w c:\program files\Common Files\Adobe
2008-10-19 00:42 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-10-19 00:42 --------- d-----w c:\program files\QuickTime
2008-10-19 00:42 --------- d-----w c:\program files\Common Files\Nullsoft
2008-10-19 00:42 --------- d-----w c:\program files\Common Files\aolshare
2008-10-19 00:42 --------- d-----w c:\program files\Common Files\AOL
2008-10-19 00:42 --------- d-----w c:\program files\America Online 9.0
2008-10-19 00:42 --------- d-----w c:\documents and settings\Owner\Application Data\You've Got Pictures Screensaver
2008-10-19 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-10-19 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-19 00:42 --------- d-----w c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-10-19 00:41 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys
2008-10-19 00:41 --------- d-----w c:\program files\Viewpoint
2008-10-19 00:41 --------- d-----w c:\program files\Real
2008-10-19 00:41 --------- d-----w c:\program files\Pure Networks
2008-10-19 00:41 --------- d-----w c:\program files\Common Files\Real
2008-10-19 00:41 --------- d-----w c:\program files\Common Files\AolCoach
2008-10-19 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-19 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks
2008-10-19 00:40 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SampleView
2008-10-19 00:40 --------- d-----w c:\documents and settings\Owner\Application Data\SampleView
2008-10-19 00:40 --------- d-----w c:\documents and settings\Administrator\Application Data\SampleView
2008-10-19 00:39 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-19 00:38 --------- d-----w c:\program files\Java
2008-10-19 00:38 --------- d-----w c:\program files\Common Files\Java
2008-10-19 00:34 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-19 00:33 --------- d-----w c:\program files\Microsoft.NET
2008-10-19 00:32 --------- d-----w c:\program files\ATI Technologies
2008-10-19 00:29 --------- d-----w c:\program files\Symantec
2008-10-19 00:29 --------- d-----w c:\program files\Norton Internet Security
2008-10-19 00:29 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-19 00:27 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Symantec
2008-10-19 00:26 --------- d-----w c:\program files\Google
2008-10-19 00:26 --------- d-----w c:\program files\BigFix
2008-10-19 00:25 --------- d-----w c:\program files\Microsoft Works
2008-10-19 00:25 --------- d-----w c:\program files\Digital Media Reader
2008-10-19 00:22 --------- d-----w c:\program files\Ahead
2008-10-19 00:21 --------- d-----w c:\program files\Common Files\Ahead
2008-10-19 00:17 --------- d-----w c:\program files\Common Files\New Boundary
2008-10-19 00:17 --------- d-----w c:\documents and settings\All Users\Application Data\Prism Deploy
2008-10-19 00:12 --------- d-----w c:\program files\CONEXANT
2008-10-18 23:59 --------- d-----w c:\program files\Windows Plus
2008-10-18 23:59 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\Owner\Application Data\funkitron ----

2008-11-24 22:46 315 --a------ c:\documents and settings\Owner\Application Data\funkitron\Slingo Quest Hawaii\SlingoQuest2.cfg

---- Directory of c:\documents and settings\Owner\Application Data\Gaijin Ent ----

2008-11-24 19:17 83785 --a------ c:\documents and settings\Owner\Application Data\Gaijin Ent\MahjonggArtifacts10vEng\profiles\0.profile
2008-11-24 19:17 82 --a------ c:\documents and settings\Owner\Application Data\Gaijin Ent\MahjonggArtifacts10vEng\profiles\player_list.xml
2008-11-24 19:17 551 --a------ c:\documents and settings\Owner\Application Data\Gaijin Ent\MahjonggArtifacts10vEng\hiscore_endless.xml
2008-11-22 14:55 500 --a------ c:\documents and settings\Owner\Application Data\Gaijin Ent\MahjonggArtifacts10vEng\hiscore_quest.xml
2008-11-20 16:31 203 --a------ c:\documents and settings\Owner\Application Data\Gaijin Ent\MahjonggArtifacts10vEng\userconfig.xml


((((((((((((((((((((((((((((( snapshot@2008-12-05_12.23.37.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2005-03-21 22:00:20 2,890,240 ----a-w c:\windows\system32\msi.dll
+ 2005-05-04 19:45:32 2,890,240 ----a-w c:\windows\system32\msi.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
- 2004-07-09 21:33:26 15,872 ----a-w c:\windows\system32\spupdsvc.exe
+ 2005-02-25 03:35:05 22,752 ----a-w c:\windows\system32\spupdsvc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 58488]
"IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [2004-08-17 132248]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 33936]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-09 966656]
"HostManager"="c:\program files\Common Files\AOL\1224376845\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2004-08-17 245760]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 184320]
"_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-10-19 114688]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-12 198184]
"McRegWiz"="c:\progra~1\McAfee.com\Agent\McRegWiz.exe" [2004-07-29 139264]
"CHotkey"="zHotkey.exe" [2005-05-03 c:\windows\zHotkey.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-10-18 1742384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-10-19 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1224376845\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 McciCMService;McciCMService;"c:\program files\Common Files\Motive\McciCMService.exe" [2008-10-18 303104]
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-10-19 03:00]

2008-11-22 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1 [2008-10-18 19:45]

2008-12-07 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Administrator).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-10-02 18:34]

2008-12-07 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Administrator).job
- c:\progra~1\mcafee.com\agent [2008-10-19 00:40]

2008-12-07 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Owner).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-10-02 18:34]

2008-12-07 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Owner).job
- c:\progra~1\mcafee.com\agent [2008-10-19 00:40]

2008-10-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 19:26]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 21:57:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-06 21:59:12
ComboFix-quarantined-files.txt 2008-12-07 02:57:58
ComboFix2.txt 2008-12-05 17:24:05

Pre-Run: 153,288,310,784 bytes free
Post-Run: 153,276,538,880 bytes free

245 --- E O F --- 2008-12-06 13:13:06


hijack log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:43 PM, on 12/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLHOS~1.EXE
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLServiceHost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\evilseadragon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224376845\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9382 bytes
 
Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
 
ComboFix 08-12-05.01 - Owner 2008-12-05 12:11:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.541 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\INSTALL.LOG
c:\windows\system32\awtutrQi.dll
c:\windows\system32\bmlodpvd.dll
c:\windows\system32\byXRkLBR.dll
c:\windows\system32\CfeLonmp.ini
c:\windows\system32\CfeLonmp.ini2
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\cvlpwv.dll
c:\windows\system32\cvxbzl.dll
c:\windows\system32\ddjrxe.dll
c:\windows\system32\dmhmxstl.dll
c:\windows\system32\dxgjfv.dll
c:\windows\system32\edcytmlx.dll
c:\windows\system32\epchtvpo.ini
c:\windows\system32\fgwvyejr.dll
c:\windows\system32\frualbnw.dll
c:\windows\system32\fyxmkb.dll
c:\windows\system32\hfsfqxbp.dll
c:\windows\system32\hlbmmsrv.ini
c:\windows\system32\hslgiifv.dll
c:\windows\system32\ifjcfyod.dll
c:\windows\system32\jbvirqwb.dll
c:\windows\system32\jobmyu.dll
c:\windows\system32\jtogmd.dll
c:\windows\system32\juivddil.dll
c:\windows\system32\ksnckvgn.dll
c:\windows\system32\lwqdtk.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\msansspc.dll
c:\windows\system32\ncjbxk.dll
c:\windows\system32\nfihipfa.dll
c:\windows\system32\nxjqes.dll
c:\windows\system32\oqmwgy.dll
c:\windows\system32\pbwklail.dll
c:\windows\system32\pmnoLefC.dll
c:\windows\system32\tufbbwnq.dll
c:\windows\system32\tuvWnnNd.dll
c:\windows\system32\uvmkwidl.dll
c:\windows\system32\vbpyfm.dll
c:\windows\system32\vtUlkihG.dll
c:\windows\system32\xrcmdm.dll
c:\windows\system32\ygcojtqj.dll
c:\windows\system32\yielykyb.ini
c:\windows\system32\ylrgaosq.dll
c:\windows\wiaserviv.log
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://dna65.fastaccess.com
((((((((((((((((((((((((( Files Created from 2008-11-05 to 2008-12-05 )))))))))))))))))))))))))))))))
.

2008-11-30 09:54 . 2008-11-30 09:54 <DIR> d-------- c:\program files\Trend Micro
2008-11-30 09:54 . 2008-11-30 09:54 812,344 --a------ C:\HJTInstall.exe
2008-11-30 09:51 . 2008-11-30 09:51 9,123 --a------ C:\ResetTeaTimer.bat
2008-11-30 09:25 . 2008-11-30 09:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-11-25 10:27 . 2008-11-25 10:27 <DIR> d-------- c:\documents and settings\Owner\Application Data\Symantec
2008-11-24 21:43 . 2008-11-24 21:43 <DIR> d-------- c:\documents and settings\Owner\Application Data\PlayFirst
2008-11-24 21:43 . 2008-11-24 21:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-24 21:41 . 2008-11-24 21:41 22 --a------ c:\windows\system32\ati64hlp.stb
2008-11-23 19:56 . 2008-12-04 22:52 438 --a------ c:\windows\wininit.ini
2008-11-23 12:32 . 2008-11-23 12:32 <DIR> d-------- c:\documents and settings\Owner\Application Data\funkitron
2008-11-23 11:04 . 2008-11-23 11:04 26,624 --a------ c:\documents and settings\Owner\~.exe
2008-11-20 16:31 . 2008-11-20 16:31 <DIR> d-------- c:\documents and settings\Owner\Application Data\Gaijin Ent
2008-11-15 16:36 . 2008-11-15 16:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Free Ride Games
2008-11-15 16:36 . 2008-06-21 16:28 37,033 --------- c:\windows\FRGT.ico
2008-11-15 16:36 . 2008-11-15 16:36 64 --a------ c:\windows\GPlrLanc.dat
2008-11-05 18:24 . 2008-11-05 18:24 56,789 --a------ c:\program files\american6.zip
 
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 16:28 --------- d-----w c:\documents and settings\All Users\Application Data\ATTToolbar
2008-11-28 23:58 --------- d-----w c:\documents and settings\Owner\Application Data\ATTToolbar
2008-11-25 03:00 --------- d-----w c:\program files\Napster
2008-11-25 03:00 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 03:00 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-11-15 21:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 12:58 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-04 02:58 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM
2008-11-02 17:09 --------- d-----w c:\program files\EA GAMES
2008-10-23 23:47 1,234,120 ----a-w C:\wrar380.exe
2008-10-23 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 11:33 15,083,520 ----a-w C:\spybotsd160.exe
2008-10-19 02:17 --------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2008-10-19 02:17 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-19 02:14 --------- d-----w c:\program files\Yahoo!
2008-10-19 02:14 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-19 02:13 --------- d-----w c:\program files\FastAccessDSL
2008-10-19 02:13 --------- d-----w c:\program files\Common Files\SupportSoft
2008-10-19 02:00 --------- d-----w c:\program files\BellSouth Application Management
2008-10-19 02:00 --------- d-----w c:\program files\BellSouth
2008-10-19 01:54 --------- d-----w c:\program files\ATTToolbar
2008-10-19 01:54 --------- d-----w c:\program files\AT&T
2008-10-19 01:54 --------- d-----w c:\documents and settings\Owner\Application Data\AT&T
2008-10-19 01:54 --------- d-----w c:\documents and settings\All Users\Application Data\AT&T
2008-10-19 01:52 --------- d-----w c:\documents and settings\Owner\Application Data\Motive
2008-10-19 01:48 --------- d-----w c:\program files\Common Files\Motive
2008-10-19 01:48 --------- d-----w c:\program files\att-nap
2008-10-19 01:47 --------- d-----w c:\documents and settings\All Users\Application Data\Motive
2008-10-19 01:13 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-10-19 00:45 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\McAfee
2008-10-19 00:45 --------- d-----w c:\program files\McAfee
2008-10-19 00:45 --------- d-----w c:\program files\Common Files\McAfee
2008-10-19 00:45 --------- d-----w c:\documents and settings\Owner\Application Data\McAfee
2008-10-19 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-19 00:45 --------- d-----w c:\documents and settings\Administrator\Application Data\McAfee
2008-10-19 00:44 --------- d-----w c:\program files\McAfee.com
2008-10-19 00:44 --------- d-----w c:\program files\CyberLink
2008-10-19 00:44 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2008-10-19 00:43 --------- d-----w c:\program files\MSN Encarta Plus
2008-10-19 00:43 --------- d-----w c:\program files\Microsoft Money 2005
2008-10-19 00:43 --------- d-----w c:\program files\Common Files\Adobe
2008-10-19 00:42 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-10-19 00:42 --------- d-----w c:\program files\QuickTime
2008-10-19 00:42 --------- d-----w c:\program files\Common Files\Nullsoft
2008-10-19 00:42 --------- d-----w c:\program files\Common Files\aolshare
2008-10-19 00:42 --------- d-----w c:\program files\Common Files\AOL
2008-10-19 00:42 --------- d-----w c:\program files\America Online 9.0
2008-10-19 00:42 --------- d-----w c:\documents and settings\Owner\Application Data\You've Got Pictures Screensaver
2008-10-19 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime
2008-10-19 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-19 00:42 --------- d-----w c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-10-19 00:41 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys
2008-10-19 00:41 --------- d-----w c:\program files\Viewpoint
2008-10-19 00:41 --------- d-----w c:\program files\Real
2008-10-19 00:41 --------- d-----w c:\program files\Pure Networks
2008-10-19 00:41 --------- d-----w c:\program files\Common Files\Real
2008-10-19 00:41 --------- d-----w c:\program files\Common Files\AolCoach
2008-10-19 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-10-19 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks
2008-10-19 00:40 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SampleView
2008-10-19 00:40 --------- d-----w c:\documents and settings\Owner\Application Data\SampleView
2008-10-19 00:40 --------- d-----w c:\documents and settings\Administrator\Application Data\SampleView
2008-10-19 00:39 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-10-19 00:38 --------- d-----w c:\program files\Java
2008-10-19 00:38 --------- d-----w c:\program files\Common Files\Java
2008-10-19 00:34 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-19 00:33 --------- d-----w c:\program files\Microsoft.NET
2008-10-19 00:32 --------- d-----w c:\program files\ATI Technologies
2008-10-19 00:29 --------- d-----w c:\program files\Symantec
2008-10-19 00:29 --------- d-----w c:\program files\Norton Internet Security
2008-10-19 00:29 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-19 00:27 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Symantec
2008-10-19 00:26 --------- d-----w c:\program files\Google
2008-10-19 00:26 --------- d-----w c:\program files\BigFix
2008-10-19 00:25 --------- d-----w c:\program files\Microsoft Works
2008-10-19 00:25 --------- d-----w c:\program files\Digital Media Reader
2008-10-19 00:22 --------- d-----w c:\program files\Ahead
2008-10-19 00:21 --------- d-----w c:\program files\Common Files\Ahead
2008-10-19 00:17 --------- d-----w c:\program files\Common Files\New Boundary
2008-10-19 00:17 --------- d-----w c:\documents and settings\All Users\Application Data\Prism Deploy
2008-10-19 00:12 --------- d-----w c:\program files\CONEXANT
2008-10-18 23:59 --------- d-----w c:\program files\Windows Plus
2008-10-18 23:59 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 58488]
"IS CfgWiz"="c:\program files\Norton Internet Security\cfgwiz.exe" [2004-08-17 132248]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 33936]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 218240]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-17 339968]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-09 966656]
"HostManager"="c:\program files\Common Files\AOL\1224376845\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2004-08-17 245760]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2004-10-02 184320]
"_AntiSpyware"="c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe" [2004-10-19 114688]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-12 198184]
"McRegWiz"="c:\progra~1\McAfee.com\Agent\McRegWiz.exe" [2004-07-29 139264]
"CHotkey"="zHotkey.exe" [2005-05-03 c:\windows\zHotkey.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-10-18 1742384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "c:\program files\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-10-19 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ncjbxk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1224376845\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R2 McciCMService;McciCMService;"c:\program files\Common Files\Motive\McciCMService.exe" [2008-10-18 303104]
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1\McSpy.exe [2004-10-19 03:00]

2008-11-22 c:\windows\Tasks\McAfee AntiSpyware.job
- c:\progra~1\McAfee\MCAFEE~1 [2008-10-18 19:45]

2008-12-05 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Administrator).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-10-02 18:34]

2008-12-05 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Administrator).job
- c:\progra~1\mcafee.com\agent [2008-10-19 00:40]

2008-12-05 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Owner).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2004-10-02 18:34]

2008-12-05 c:\windows\Tasks\McAfee.com Update Check (YOUR-B15A5064CF-Owner).job
- c:\progra~1\mcafee.com\agent [2008-10-19 00:40]

2008-10-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 19:26]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2882E338-7B6D-4E33-B087-FE006EBD7BE1} - c:\windows\system32\yayxvuVm.dll
BHO-{3d3f2668-6497-4918-ab0e-3ba8dab5dab0} - (no file)
BHO-{46D78E31-B44A-4ADB-B97E-D7461D0647E1} - (no file)
BHO-{588404fd-a25e-446a-91c5-0aa2a812dadb} - c:\windows\system32\ncjbxk.dll
BHO-{6431831F-3D54-4BB1-9480-94274262F611} - c:\windows\system32\pmnoLefC.dll
BHO-{8ab8c416-74e8-4388-ba42-ff6a38f2159a} - (no file)
BHO-{9CBD857F-BF6E-4E5A-8DEA-36D188F7A02F} - (no file)
BHO-{f6a2917d-692a-4d9b-934b-d981ecf316bd} - (no file)
**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 12:17:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\SoftwareDistribution
c:\windows\system32\wuapi.dll.mui 23576 bytes executable
c:\windows\system32\wuauclt.exe.wusetup.311734.bak 111104 bytes executable
c:\windows\system32\wuaucpl.cpl.mui 23576 bytes executable
c:\windows\system32\wuaucpl.cpl.wusetup.315296.bak 162304 bytes executable
c:\windows\system32\wuaueng.dll.mui 18456 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.318359.bak 1134592 bytes executable

scan completed successfully
hidden files: 7

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\ehome\ehSched.exe
c:\program files\McAfee\McAfee AntiSpyware\Msssrv.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\progra~1\COMMON~1\AOL\122437~1\EE\AOLServiceHost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
.
**************************************************************************
.
Completion time: 2008-12-05 12:24:04 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-12-05 17:24:01

Pre-Run: 153,934,766,080 bytes free
Post-Run: 153,865,814,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows XP Media Center Edition" /noexecute=optin /fastdetect

303
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:27 AM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLHOS~1.EXE
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLServiceHost.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\evilseadragon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
 
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224376845\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9381 bytes
 
I had trouble with the Kaspersky scan. Ran for more than two hours then the log takes about a day to show up once it's saved.

Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 20:42:14
Records in database: 1444573
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 144258
Threat name: 34
Infected objects: 61
Suspicious objects: 0
Duration of the scan: 02:17:43


File name / Threat name / Threats count
C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL/C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL Infected: not-a-virus:AdWare.Win32.MegaSearch.ae 2
C:\My Backup -- 08-10-18 0456PM\Documents and Settings\Owner\Application Data\Facegame\Facegame.exe Infected: Trojan.Win32.Agent.aiim 1
C:\My Backup -- 08-10-18 0456PM\Documents and Settings\Owner\Local Settings\Temp\3nick568.exe Infected: not-a-virus:AdWare.Win32.BHO.din 1
C:\My Backup -- 08-10-18 0456PM\Documents and Settings\Owner\Local Settings\Temp\3nick568.exe Infected: not-a-virus:AdWare.Win32.BHO.dim 1
C:\My Backup -- 08-10-18 0456PM\Documents and Settings\Owner\Local Settings\Temp\Binaries1.cab2 Infected: Trojan.Win32.FraudPack.gfc 1
C:\My Backup -- 08-10-18 0456PM\Documents and Settings\Owner\Local Settings\Temp\Binaries2.cab3 Infected: Trojan.Win32.Agent.akkh 1
C:\My Backup -- 08-10-18 0456PM\Documents and Settings\Owner\Local Settings\Temp\Binaries2.cab3 Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.ba 1
C:\My Backup -- 08-10-18 0456PM\Documents and Settings\Owner\Local Settings\Temp\mmmatt.exe Infected: Trojan-Downloader.Win32.Delf.pfs 1
C:\My Backup -- 08-10-18 0456PM\Documents and Settings\Owner\Local Settings\Temp\TDSS3bc7.tmp Infected: Trojan.Win32.Patched.dy 1
C:\My Backup -- 08-10-18 0456PM\Program Files\Common\helper.dll Infected: Trojan.Win32.Vapsup.neh 1
C:\My Backup -- 08-10-18 0456PM\Program Files\Common\_helper.dll Infected: Trojan.Win32.Vapsup.neh 1
C:\My Backup -- 08-10-18 0456PM\Program Files\GetModule\GetModule24.exe Infected: Trojan.Win32.Agent.aiae 1
C:\My Backup -- 08-10-18 0456PM\Program Files\PeoplePC\Toolbar\PPCToolbar.dll Infected: not-a-virus:AdWare.Win32.Agent.hjg 1
C:\My Backup -- 08-10-18 0456PM\Program Files\XP_AntiSpyware\AVEngn.dll Infected: Trojan.Win32.Agent.akkh 1
C:\My Backup -- 08-10-18 0456PM\Program Files\XP_AntiSpyware\Uninstall.exe Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.az 1
C:\My Backup -- 08-10-18 0456PM\Program Files\XP_AntiSpyware\wscui.cpl Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.ba 1
C:\My Backup -- 08-10-18 0456PM\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe Infected: Trojan.Win32.FraudPack.gfc 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\brastk.exe Infected: Trojan-Downloader.Win32.Agent.alzk 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\karna.dat Infected: Backdoor.Win32.Small.gjm 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\brastk.exe Infected: Trojan-Downloader.Win32.Agent.alzk 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\dllcache\beep.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\drivers\beep.sys Infected: Backdoor.Win32.UltimateDefender.a 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\drivers\TDSSpxfe.sys Infected: Backdoor.Win32.TDSS.aov 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\getsn32.dll Infected: not-a-virus:AdWare.Win32.BHO.dim 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\karna.dat Infected: Backdoor.Win32.Small.gjm 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\msansspc.dll Infected: Trojan.Win32.Inject.ktr 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\msiebbar.dll Infected: Trojan-Downloader.Win32.Agent.wis 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\smwin32.dll Infected: not-a-virus:AdWare.Win32.BHO.din 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\TDSSarxx.dll Infected: Backdoor.Win32.TDSS.arv 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\TDSSnpur.dll Infected: Backdoor.Win32.Agent.tww 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\TDSSoitu.dll Infected: Backdoor.Win32.TDSS.aru 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\TDSSshyf.dll Infected: Trojan-Downloader.Win32.FraudLoad.vbxt 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\TDSSyoqm.dll Infected: Backdoor.Win32.TDSS.arr 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\uesiuqcr.exe Infected: not-a-virus:AdWare.Win32.BHO.din 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\uesiuqcr.exe Infected: not-a-virus:AdWare.Win32.BHO.dim 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\wini10803.exe Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.az 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\wpv593.cpx Infected: Trojan.Win32.Agent.aiae 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\wpv953.cpx Infected: Trojan.Win32.Agent.aiae 1
C:\My Backup -- 08-10-18 0456PM\WINDOWS\system32\_scui.cpl Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.ba 1
C:\Program Files\ATTToolbar\ATTToolbar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.ae 1
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\~.exe.vir Infected: Trojan-Dropper.Win32.Agent.aarl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\awtutrQi.dll.vir Infected: Trojan.Win32.Monderb.xer 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\byXRkLBR.dll.vir Infected: Trojan.Win32.Monderb.xik 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\cvxbzl.dll.vir Infected: Trojan.Win32.Monder.zzq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddjrxe.dll.vir Infected: Trojan.Win32.Monder.aaun 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dmhmxstl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ewk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dxgjfv.dll.vir Infected: Trojan.Win32.Monder.aaxp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hfsfqxbp.dll.vir Infected: Trojan.Win32.Monder.zzq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ifjcfyod.dll.vir Infected: Trojan.Win32.Monder.zzq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jbvirqwb.dll.vir Infected: Trojan.Win32.Monder.aaun 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jtogmd.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ewk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\juivddil.dll.vir Infected: Trojan.Win32.Monder.aaxp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lwqdtk.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ewk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\msansspc.dll.vir Infected: Trojan.Win32.Monder.zzr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oqmwgy.dll.vir Infected: Trojan.Win32.Monder.zzq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tufbbwnq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ewk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWnnNd.dll.vir Infected: Trojan.Win32.Monderb.xik 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vtUlkihG.dll.vir Infected: Trojan.Win32.Monderb.xer 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ylrgaosq.dll.vir Infected: Trojan.Win32.Monder.aann 1
D:\i386\Apps\App03130\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.


hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:27 PM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLHOS~1.EXE
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\PROGRA~1\COMMON~1\AOL\122437~1\EE\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\ATTToolbar\FDServer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\evilseadragon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1224376845\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 10181 bytes
 
Back
Top