Picked up what I believe is a varitation of the Vundo. Then got suckered by the winifighter scam. So possibly a couple of viruses going on. The malware is blocking the exec programs for Malwarebytes and spybot. I cannot run either of these. It also is blocking me from updating any av software. Here are the Any help appreciated. Thanks in advance.

Here are the DDS and Attach file logs:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 17:19:03.71 on Mon 07/13/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.665 [GMT -5:00]

AV: Defender Pro Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Application Data\U3\0000161781736838\LaunchPad.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TDCRWZVI\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [PPMemCheck] c:\progra~1\pestpa~1\PPMemCheck.exe
mRun: [PestPatrol Control Center] c:\progra~1\pestpa~1\PPControl.exe
mRun: [CookiePatrol] c:\progra~1\pestpa~1\CookiePatrol.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207764425365
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} - hxxps://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
TCP: NameServer = 85.255.112.13,85.255.112.110
TCP: {8DF6A169-D630-45FD-A1E6-76CD5E570348} = 85.255.112.13,85.255.112.110
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli scecli

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-8 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2008-6-24 4064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-2-29 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 55024]
S0 blxtce;blxtce;c:\windows\system32\drivers\xfigw.sys --> c:\windows\system32\drivers\xfigw.sys [?]
S0 Imvyx;Imvyx;c:\windows\system32\drivers\oxzok.sys --> c:\windows\system32\drivers\oxzok.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2009-07-13 15:44 <DIR> --d----- c:\program files\Cobian Backup 9
2009-07-13 14:58 <DIR> --d----- c:\program files\Trend Micro
2009-07-13 14:51 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 14:51 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 14:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 14:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-13 13:32 6,954 a------- c:\windows\9068viz589.cpl
2009-07-12 03:36 6,004 a------- c:\windows\system32\4zfcstea59795.dll
2009-07-12 00:10 14,830 a------- c:\windows\5554wzrm966.exe
2009-07-11 22:16 16,444 a------- c:\windows\system32\28198troj295z.exe
2009-07-11 03:53 15,264 a------- c:\windows\system32\1960zw5rm13b9.dll
2009-07-10 18:10 9,157 a------- c:\windows\31d4szyw9re27905.exe
2009-07-08 18:01 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-08 17:55 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-08 17:54 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-08 17:54 <DIR> --d----- c:\program files\Lavasoft
2009-07-08 17:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-07-08 15:55 <DIR> --d----- C:\VundoFix Backups
2009-07-08 15:21 <DIR> --d----- c:\program files\Ask.com
2009-07-08 15:20 <DIR> --d----- c:\program files\MSSOAP
2009-07-08 15:19 <DIR> --d----- c:\program files\Webroot
2009-07-08 10:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-07 16:44 385 a------- c:\windows\system32\user_gensett.xml
2009-07-07 12:11 3,120 a------- c:\windows\system32\DRWSJLAD.ocx
2009-07-07 12:11 3,120 a------- c:\windows\LJRGKDD9.ocx
2009-07-07 12:09 <DIR> --d----- c:\program files\BitDefender
2009-07-07 11:48 <DIR> --d----- c:\program files\common files\BitDefender
2009-07-07 05:55 2,947 a------- c:\windows\system32\31734v9ruz57.exe
2009-07-07 03:36 5,376 a------- c:\windows\system32\16c5zhre596182.ocx
2009-07-05 00:24 6,487 a------- c:\windows\system32\6545thzef191.dll
2009-07-04 21:12 15,447 a------- c:\windows\system32\2z35addw9re2695.exe
2009-07-04 07:18 3,474 a------- c:\windows\18566sp5zbot7cc9.cpl
2009-07-02 13:32 9,329 a------- c:\windows\29zas5eal9534.bin
2009-07-01 09:47 <DIR> --d----- c:\program files\PlayMe
2009-07-01 08:40 2,707 a------- c:\windows\93158spz40.bin
2009-06-28 14:23 11,826 a------- c:\windows\2z4259pambot7a2.cpl
2009-06-24 23:52 10,783 a------- c:\windows\system32\zf10thr9at7695.dll
2009-06-24 01:33 9,966 a------- c:\windows\system32\5e9dvir58z.dll
2009-06-23 21:51 4,834 a------- c:\windows\93fzsparse185.cpl
2009-06-22 23:53 3,919 a------- c:\windows\30z74not-9-v5rus93.exe
2009-06-19 05:38 5,342 a------- c:\windows\2969thiz54879.dll
2009-06-14 23:40 12,567 a------- c:\windows\6f26zpyw5re9170.exe
2009-06-13 20:01 14,345 a------- c:\windows\system32\17z59teal1890.exe
2009-06-13 17:58 9,553 a------- c:\windows\system32\53z71sp9ca.ocx

==================== Find3M ====================

2009-06-12 08:42 17,990 a------- c:\windows\system32\15425haczt5ol96e.bin
2009-06-11 14:57 13,528 a------- c:\windows\system32\191z7w9rm59.exe
2009-06-09 04:06 14,780 a------- c:\windows\system32\5a449zdware1290.exe
2009-06-03 14:02 15,358 a------- c:\windows\system32\17z1059y15f.bin
2009-06-03 06:52 14,138 a------- c:\windows\2099adzware2152.exe
2009-06-02 16:39 9,622 a------- c:\windows\system32\2948zot-a-vir5s6f9.exe
2009-06-02 08:12 11,605 a------- c:\windows\system32\25075worm3z9.bin
2009-05-28 06:15 6,732 a------- c:\windows\1d59thzef1453.dll
2009-05-25 20:41 10,384 a------- c:\windows\system32\105815or91zc.bin
2009-05-23 03:07 8,785 a------- c:\windows\system32\3983st95l52z.bin
2009-05-22 21:46 16,681 a------- c:\windows\223z5tr9j10a.dll
2009-05-22 17:25 5,024 a------- c:\windows\59db9dzware5531.exe
2009-05-20 11:45 11,254 a------- c:\windows\34z45ro92f3.bin
2009-05-19 21:52 6,706 a------- c:\windows\49ebaddwz5e2779.bin
2009-05-19 11:49 18,230 a------- c:\windows\system32\21700szam5ot709.bin
2009-05-18 11:11 8,070 a------- c:\windows\1994vi5us4z2.exe
2009-05-14 17:28 14,909 a------- c:\windows\7065z5c9toolae.dll
2009-05-11 22:49 11,177 a------- c:\windows\system32\551zi91043.bin
2009-05-10 23:02 10,792 a------- c:\windows\system32\1az5addwa9e3183.bin
2009-05-10 15:15 15,164 a------- c:\windows\3d9spar5e65z.bin
2009-05-09 13:25 17,071 a------- c:\windows\system32\29610virzs2bd5.exe
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 06:02 10,059 a------- c:\windows\66905ze9l2101.exe
2009-05-06 06:40 17,623 a------- c:\windows\106165irzs7499.dll
2009-05-06 02:03 12,545 a------- c:\windows\7959szyware700.dll
2009-05-05 15:38 15,249 a------- c:\windows\system32\4879spzmb5t9de.bin
2009-05-05 15:24 11,141 a------- c:\windows\system32\25493virus50z.bin
2009-05-04 19:43 17,762 a------- c:\windows\system32\5c4ethiefz799.bin
2009-05-03 18:05 8,782 a------- c:\windows\system32\1940zor57929.bin
2009-05-01 20:12 6,994 a------- c:\windows\2221hz5ktool6c9.exe
2009-05-01 17:25 12,188 a------- c:\windows\system32\2909threat15z21.bin
2009-04-28 23:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 23:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-27 05:11 4,161 a------- c:\windows\69125tzal985.dll
2009-04-27 04:04 11,319 a------- c:\windows\2949downloaz5r2294.bin
2009-04-25 06:05 14,149 a------- c:\windows\91951spambo57ecz.bin
2009-04-21 14:19 3,845 a------- c:\windows\4z91hack5ool6bc.bin
2009-04-19 04:48 8,371 a------- c:\windows\system32\79zddw5re531.exe
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 06:11 4,758 a------- c:\windows\system32\579fviz5017.bin
2009-04-16 02:48 15,138 a------- c:\windows\516zv9rus4c5.dll
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2006-01-03 13:10 20,921,040 a------- c:\program files\AdbeRdr705_enu_full.exe
2008-04-23 20:12 1,540,620 a--sh--- c:\windows\system32\bieuuwaf.ini2
2008-04-28 10:41 429,284 a--sh--- c:\windows\system32\JjQtwyay.ini2
2008-04-22 08:47 315,040 a--sh--- c:\windows\system32\VEfMonpo.ini2

============= FINISH: 17:19:36.90 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/9/2008 12:16:48 PM
System Uptime: 7/13/2009 10:57:27 AM (7 hours ago)

Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | Microprocessor |

2524/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 31.984 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&3B1CAF2B&0&28F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&3B1CAF2B&0&28F0
Service:

==== System Restore Points ===================

RP428: 4/10/2009 9:19:50 AM - System Checkpoint
RP429: 4/11/2009 9:47:11 AM - System Checkpoint
RP430: 4/12/2009 10:47:09 AM - System Checkpoint
RP431: 4/13/2009 10:49:04 AM - System Checkpoint
RP432: 4/14/2009 11:47:14 AM - System Checkpoint
RP433: 4/15/2009 11:48:14 AM - System Checkpoint
RP434: 4/16/2009 12:47:47 PM - System Checkpoint
RP435: 4/17/2009 3:00:31 AM - Software Distribution Service 3.0
RP436: 4/18/2009 3:17:53 AM - System Checkpoint
RP437: 4/19/2009 3:26:53 AM - System Checkpoint
RP438: 4/20/2009 4:26:53 AM - System Checkpoint
RP439: 4/21/2009 5:26:57 AM - System Checkpoint
RP440: 4/22/2009 6:26:52 AM - System Checkpoint
RP441: 4/23/2009 7:26:55 AM - System Checkpoint
RP442: 4/24/2009 8:28:10 AM - System Checkpoint
RP443: 4/25/2009 9:27:04 AM - System Checkpoint
RP444: 4/26/2009 10:27:05 AM - System Checkpoint
RP445: 4/27/2009 11:13:08 AM - System Checkpoint
RP446: 4/28/2009 11:27:05 AM - System Checkpoint
RP447: 4/29/2009 11:39:06 AM - System Checkpoint
RP448: 4/30/2009 3:00:25 AM - Software Distribution Service 3.0
RP449: 5/1/2009 3:56:34 AM - System Checkpoint
RP450: 5/4/2009 8:58:41 AM - System Checkpoint
RP451: 5/5/2009 9:33:23 AM - System Checkpoint
RP452: 5/6/2009 11:27:26 AM - System Checkpoint
RP453: 5/7/2009 11:48:18 AM - System Checkpoint
RP454: 5/8/2009 12:33:31 PM - System Checkpoint
RP455: 5/9/2009 1:33:34 PM - System Checkpoint
RP456: 5/10/2009 2:33:33 PM - System Checkpoint
RP457: 5/11/2009 3:58:28 PM - System Checkpoint
RP458: 5/12/2009 3:00:18 AM - Software Distribution Service 3.0
RP459: 5/13/2009 3:00:24 AM - Software Distribution Service 3.0
RP460: 5/14/2009 3:33:35 AM - System Checkpoint
RP461: 5/15/2009 4:33:32 AM - System Checkpoint
RP462: 5/16/2009 4:33:46 AM - System Checkpoint
RP463: 5/17/2009 5:33:48 AM - System Checkpoint
RP464: 5/18/2009 6:33:46 AM - System Checkpoint
RP465: 5/18/2009 9:13:03 AM - Installed Windows XP WgaNotify.
RP466: 5/19/2009 9:14:21 AM - System Checkpoint
RP467: 5/20/2009 9:24:48 AM - System Checkpoint
RP468: 5/21/2009 10:15:25 AM - System Checkpoint
RP469: 5/22/2009 12:32:13 PM - System Checkpoint
RP470: 5/23/2009 1:14:21 PM - System Checkpoint
RP471: 5/24/2009 2:14:23 PM - System Checkpoint
RP472: 5/26/2009 3:26:00 PM - System Checkpoint
RP473: 5/27/2009 4:04:09 PM - System Checkpoint
RP474: 5/28/2009 5:04:09 PM - System Checkpoint
RP475: 5/29/2009 6:12:16 PM - System Checkpoint
RP476: 5/30/2009 7:04:08 PM - System Checkpoint
RP477: 5/31/2009 8:04:08 PM - System Checkpoint
RP478: 6/1/2009 9:04:07 PM - System Checkpoint
RP479: 6/2/2009 9:04:28 PM - System Checkpoint
RP480: 6/3/2009 10:04:29 PM - System Checkpoint
RP481: 6/4/2009 11:04:28 PM - System Checkpoint
RP482: 6/6/2009 12:04:29 AM - System Checkpoint
RP483: 6/7/2009 1:04:29 AM - System Checkpoint
RP484: 6/8/2009 8:20:48 AM - System Checkpoint
RP485: 6/9/2009 8:59:22 AM - System Checkpoint
RP486: 6/10/2009 9:10:37 AM - System Checkpoint
RP487: 6/11/2009 3:00:34 AM - Software Distribution Service 3.0
RP488: 6/15/2009 8:26:27 AM - System Checkpoint
RP489: 6/16/2009 9:01:17 AM - System Checkpoint
RP490: 6/17/2009 9:42:52 AM - System Checkpoint
RP491: 6/18/2009 10:01:15 AM - System Checkpoint
RP492: 6/19/2009 10:18:39 AM - System Checkpoint
RP493: 6/20/2009 11:01:17 AM - System Checkpoint
RP494: 6/21/2009 12:01:14 PM - System Checkpoint
RP495: 6/22/2009 12:24:02 PM - System Checkpoint
RP496: 6/23/2009 1:01:32 PM - System Checkpoint
RP497: 6/24/2009 2:01:31 PM - System Checkpoint
RP498: 6/25/2009 2:02:08 PM - System Checkpoint
RP499: 6/26/2009 3:17:34 PM - System Checkpoint
RP500: 6/27/2009 4:02:08 PM - System Checkpoint
RP501: 6/28/2009 5:02:08 PM - System Checkpoint
RP502: 6/29/2009 5:12:26 PM - System Checkpoint
RP503: 6/30/2009 6:03:47 PM - System Checkpoint
RP504: 7/7/2009 2:08:09 PM - System Checkpoint

==== Installed Programs ======================

123 CopyDVD 2008
123 CopyDVD 2009
Ad-Aware
Adobe Acrobat Reader 3.01
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe Type Manager 4.0
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz 2
Ask.com Toolbar
AviSynth 2.5
BlackBerry Desktop Software 4.3
Bonjour
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
Cobian Backup 9
Dell Photo AIO Printer 922
Dell ResourceCD
DVD43 v4.3.1
GearDrivers
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP DVD Writer
HP Software Update
ICopyDVDs2 Basic 4.0.0
Intel(R) Extreme Graphics Driver
Internet Explorer Q903235
iTunes
J2SE Runtime Environment 5.0 Update 6
Lexmark 510 Series
LightScribe 1.4.84.1
Malwarebytes' Anti-Malware
Medieval Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Publisher 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer DVD Edition - HPC
Nero BurnRights
OSI Express
Plaxo Toolbar for Outlook and Outlook Express
PlayMe
Point
PokerStars.net
PowerDVD
QuickBooks Pro 2007
QuickBooks Product Listing Service
Quicken 2005
QuickTime
RecordNow
Registry Mechanic 5.2
Risk
Roxio Media Manager
Safari
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Setup
SkyCaddie Desktop
Sonic DLA
Sonic RecordNow!
Sonic Simple Backup
Sonic Update Manager
SoundMAX
Spy Sweeper Core
SupportSoft Assisted Service
Symantec Technical Support Web Controls
The Print Shop 22
Ulead Photo Express 3.0 SE
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Hotfix - KB887742
Windows XP Service Pack 3
WinZip Self-Extractor
World of Warcraft
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/8/2009 5:19:00 PM, error: Service Control Manager [7009] - Timeout (30000

milliseconds) waiting for the Webroot Spy Sweeper Engine service to connect.
7/8/2009 5:19:00 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper

Engine service failed to start due to the following error: The service did not respond

to the start or control request in a timely fashion.
7/8/2009 5:04:23 PM, error: Service Control Manager [7034] - The Webroot Client Service

service terminated unexpectedly. It has done this 1 time(s).
7/8/2009 5:04:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start

the service MSIServer with arguments "" in order to run the server:

{000C101C-0000-0000-C000-000000000046}
7/8/2009 5:02:12 PM, error: Service Control Manager [7026] - The following boot-start

or system-start driver(s) failed to load: AFD ATMhelpr bdftdif Fips intelppm IPSec

MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
7/8/2009 5:02:12 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper

service depends on the AFD Networking Support Environment service which failed to start

because of the following error: A device attached to the system is not functioning.
7/8/2009 5:02:12 PM, error: Service Control Manager [7001] - The IPSEC Services service

depends on the IPSEC driver service which failed to start because of the following

error: A device attached to the system is not functioning.
7/8/2009 5:02:12 PM, error: Service Control Manager [7001] - The DNS Client service

depends on the TCP/IP Protocol Driver service which failed to start because of the

following error: A device attached to the system is not functioning.
7/8/2009 5:02:12 PM, error: Service Control Manager [7001] - The DHCP Client service

depends on the NetBios over Tcpip service which failed to start because of the following

error: A device attached to the system is not functioning.
7/8/2009 5:02:12 PM, error: Service Control Manager [7001] - The Bonjour Service

service depends on the TCP/IP Protocol Driver service which failed to start because of

the following error: A device attached to the system is not functioning.
7/8/2009 5:02:12 PM, error: Service Control Manager [7001] - The Apple Mobile Device

service depends on the TCP/IP Protocol Driver service which failed to start because of

the following error: A device attached to the system is not functioning.
7/8/2009 5:02:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start

the service netman with arguments "" in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/8/2009 5:01:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start

the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
7/8/2009 3:24:25 PM, error: Service Control Manager [7026] - The following boot-start

or system-start driver(s) failed to load: bdftdif IntelIde
7/8/2009 10:44:16 AM, error: Service Control Manager [7026] - The following boot-start

or system-start driver(s) failed to load: bdftdif
7/8/2009 10:39:07 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call

failed for DeleteFlag with the following error: Access is denied.
7/7/2009 2:38:16 PM, error: Service Control Manager [7034] - The Bonjour Service

service terminated unexpectedly. It has done this 1 time(s).
7/7/2009 12:14:44 PM, error: Service Control Manager [7023] - The iPod Service service

terminated with the following error: Security must be initialized before any interfaces

are marshalled or unmarshalled. It cannot be changed once initialized.
7/7/2009 12:05:25 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start

the service LiveUpdate with arguments "" in order to run the server:

{03E0E6C2-363B-11D3-B536-00902771A435}
7/7/2009 12:05:24 PM, error: Service Control Manager [7009] - Timeout (30000

milliseconds) waiting for the LiveUpdate service to connect.

==== End Of File ===========================

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:



I will be working on your Malware issues this may or may not solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
I f you don't know or understand something please don't hesitate to ask.
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.



No Reply Within 4 Days Will Result In Your Topic Being Closed!!

Gmer

Please download Gmer (http://www.gmer.net/gmer.zip) by Gmer and save it to your desktop.



Right click on gmer.zip and select Extract All....
Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
Click on the Browse button. Click on Desktop. Then click OK.
Click Next. It will start extracting.
Once done, check (tick) the Show extracted files box and click Finish.
Double click on gmer.exe to run it.
Select the Rootkit tab.
On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
Select all drives that are connected to your system to be scanned.
Click on the Scan button.
When the scan is finished, click Copy to save the scan log to the Windows clipboard.
Open Notepad or a similar text editor.
Paste the clipboard contents into the text editor.
Save the Gmer scan log and post it in your next reply.
Close Gmer.



Note: Do not run any programs while Gmer is running.

Bio-hazard,

Thank you for your help I will do as instructed and get back ASAP!

Thanks Again!

her is the gmer log

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-15 11:45:07
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 86F7DC60 ZwAllocateVirtualMemory
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF765587E]
SSDT 86FA9898 ZwCreateProcess
SSDT 86FE41F0 ZwCreateProcessEx
SSDT 86F7DF30 ZwCreateThread
SSDT 86FAA2E8 ZwDeleteKey
SSDT 86F7E1A8 ZwDeleteValueKey
SSDT 86F7DCD8 ZwQueueApcThread
SSDT 86F7DB70 ZwReadVirtualMemory
SSDT 86FA9AC8 ZwRenameKey
SSDT 86F7DDC8 ZwSetContextThread
SSDT 86FE0BA8 ZwSetInformationKey
SSDT 86F897A0 ZwSetInformationProcess
SSDT 86F7DE40 ZwSetInformationThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7655C10]
SSDT 86F7DFA8 ZwSuspendProcess
SSDT 86F7DD50 ZwSuspendThread
SSDT 86F96FA8 ZwTerminateProcess
SSDT 86F7DEB8 ZwTerminateThread
SSDT 86F7DBE8 ZwWriteVirtualMemory

Code 86C23830 ZwEnumerateKey
Code 86CDA828 ZwFlushInstructionCache
Code 86C4B466 IofCallDriver
Code 86C1F6A6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 148 804E27A4 4 Bytes CALL 63D5224B
.text ntoskrnl.exe!_abnormal_termination + 3A0 804E29FC 1 Byte [C8]
.text ntoskrnl.exe!_abnormal_termination + 4A0 804E2AFC 4 Bytes CALL 26D522DC
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 86C4B46B
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 86C1F6AB
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 86C23834
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 86CDA82C

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1732] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 86F7DA00
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 86F7DAF8
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 86F7DAF8
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 86F7DA00
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 86F7DA00
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 86F7DAF8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 86F7DAF8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 86F7DA00
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 86F7DAF8
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 86F7DA00
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 86F7DAF8
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 86F7DAF8
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 86F7DA00

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\Tcpip \Device\Ip 86C26D20

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)

Device \Driver\Tcpip \Device\Tcp 86C26D20

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp 86C26D20
Device \Driver\Tcpip \Device\RawIp 86C26D20
Device \Driver\Tcpip \Device\IPMULTICAST 86C26D20

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\MSIVXobuswfmnaijqkfflurpilsviktdrjnwb.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXobuswfmnaijqkfflurpilsviktdrjnwb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXobuswfmnaijqkfflurpilsviktdrjnwb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXwnhrphpfhmvvdisaakfkmyeawpkntjtl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXikpurafymkvrxdlwskauqutjqqxyqgnf.dll
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXobuswfmnaijqkfflurpilsviktdrjnwb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXobuswfmnaijqkfflurpilsviktdrjnwb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXwnhrphpfhmvvdisaakfkmyeawpkntjtl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXikpurafymkvrxdlwskauqutjqqxyqgnf.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\MSIVXcount 4 bytes
File C:\WINDOWS\system32\MSIVXikpurafymkvrxdlwskauqutjqqxyqgnf.dll 52224 bytes executable
File C:\WINDOWS\system32\MSIVXwnhrphpfhmvvdisaakfkmyeawpkntjtl.dll 22528 bytes executable
File C:\WINDOWS\system32\drivers\MSIVXobuswfmnaijqkfflurpilsviktdrjnwb.sys 73216 bytes executable <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Download and Run ComboFix

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)



You must download it to and run it from your Desktop
ComboFix SHOULD NOT be used unless requested by a forum helper.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click on ComboFix.exe and follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Combofix should never take more that 20 minutes including the reboot if malware is detected.



IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.


Next Reply

Please reply with:


ComboFix log (found at C:\Combofix.txt)
New HijackThis log

I downloaded combo-fix to my desktop. The program will not initiate when I click on the program. Any suggestions?

Hello!

Delete the copy of Combofix and follow these instructions.

Download and Run ComboFix



ComboFix SHOULD NOT be used unless requested by a forum helper.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE (http://www.bleepingcomputer.com/forums/topic114351.html)
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
Double click on Combo-Fix.exe and follow the prompts.
When finished, it will produce a report for you (C:\ComboFix.txt )
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Combofix should never take more that 20 minutes including the reboot if malware is detected.

IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.

Next Reply

Please reply with:
ComboFix log (found at C:\Combofix.txt)
New HijackThis log

Bio-hazard,
That worked. Here is the combo-fix log.
I will run the Hijack this program next. I will be leaving my office and away from my problem computer until the morning CST USA. So I will post the Hi-jack this log first thing tomarrow. My aplogies for the interruption in your assistance.
You have been a lifesaver. Many, many thanks for your help!!



ComboFix 09-07-14.08 - Owner 07/15/2009 17:25.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.705 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: Defender Pro Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Start Menu\Programs\PlayMe
c:\documents and settings\Owner\Start Menu\Programs\PlayMe\Uninstall.lnk
c:\program files\PlayMe
c:\program files\PlayMe\Uninstall.exe
c:\recycler\NPROTECT
c:\windows\1054zviru9456.ocx
c:\windows\106165irzs7499.dll
c:\windows\10890tz5j509.ocx
c:\windows\1091vir158z5.cpl
c:\windows\10z91w5rm60e9.ocx
c:\windows\1124ztroj9f5.bin
c:\windows\11e695eal1160z.cpl
c:\windows\12002zot-9-virus56a.bin
c:\windows\12206sp5zbo952b.bin
c:\windows\1236zworm59b.exe
c:\windows\124z5spambot9b5.ocx
c:\windows\1256zv5r9s711.cpl
c:\windows\12b9adzware2593.ocx
c:\windows\13572s9ambzt60c5.exe
c:\windows\13588tr9j45z.bin
c:\windows\136add5are19z6.exe
c:\windows\13b4thre9t598z6.cpl
c:\windows\13e2thzea9186175.ocx
c:\windows\13z18n9t-a-v5rus34d.ocx
c:\windows\14139spamz5t10.ocx
c:\windows\14389tea5z342.dll
c:\windows\14909tr9z295.cpl
c:\windows\14e9th5ef13z6.ocx
c:\windows\14z85wo594e4.exe
c:\windows\1505zhack9ool3f5.cpl
c:\windows\1580z9py42e5.exe
c:\windows\15960trojz55.dll
c:\windows\15f7threa9z7459.exe
c:\windows\166665iru9208z.cpl
c:\windows\16z22troj55c9.cpl
c:\windows\17597zpy159.dll
c:\windows\18566sp5zbot7cc9.cpl
c:\windows\18960worz16f5.bin
c:\windows\18z1spy9are1815.ocx
c:\windows\18z50not-a-virus57e9.dll
c:\windows\19090not5azvi9us59c.bin
c:\windows\1918s5eal255z.cpl
c:\windows\19331zo5m104.ocx
c:\windows\1948z59oj1f9.dll
c:\windows\19858spy11z.dll
c:\windows\1993zspambot1ad5.bin
c:\windows\1994vi5us4z2.exe
c:\windows\19955szambot3cd.bin
c:\windows\1995zworm771.cpl
c:\windows\1997zackdoor5166.bin
c:\windows\199faddwarez115.dll
c:\windows\19z95j739.exe
c:\windows\1ceas9arsez535.dll
c:\windows\1d59thzef1453.dll
c:\windows\1d99backdoor5596z.ocx
c:\windows\1e11szyware595.bin
c:\windows\1e79threa5z3493.exe
c:\windows\1z055ddware1629.ocx
c:\windows\1z4089py659.exe
c:\windows\1z59thief236.exe
c:\windows\1z791vir5s11a.dll
c:\windows\1z7ca5dware498.exe
c:\windows\1z8csp9wa5e1631.ocx
c:\windows\1zt5reat97810.ocx
c:\windows\20133w5rm1z69.ocx
c:\windows\20895d9waze237.dll
c:\windows\2089spz5are358.cpl
c:\windows\20905spy3c2z.exe
c:\windows\2099adzware2152.exe
c:\windows\21252sp92cz.dll
c:\windows\21667vz9us3e15.ocx
c:\windows\218579acktzol65d.bin
c:\windows\219615azkt9ol6bf.exe
c:\windows\21d5tzief2494.ocx
c:\windows\2221hz5ktool6c9.exe
c:\windows\223z5tr9j10a.dll
c:\windows\22593zpambo9540.exe
c:\windows\2279zw5rm203.cpl
c:\windows\2289spa5se1z95.cpl
c:\windows\22926sp5mzot574.exe
c:\windows\22z05parse2591.dll
c:\windows\23978vz9us35b.dll
c:\windows\23bc5aczdo9r764.cpl
c:\windows\240z9spam9otb5.bin
c:\windows\2425adz5a9e1479.dll
c:\windows\245z1not-a-viru920b.cpl
c:\windows\25277zpy399.bin
c:\windows\25323z9r537c.exe
c:\windows\2589spambot25z.dll
c:\windows\25z0s9yware1586.bin
c:\windows\260579ot-azvirus47d.bin
c:\windows\261z5hacktoo94785.cpl
c:\windows\26529spzmbot705.exe
c:\windows\2657d9wzloader1416.exe
c:\windows\269fspywar517z.cpl
c:\windows\27284sp9z8d5.ocx
c:\windows\27452z9rm663.cpl
c:\windows\27491hacktool501z.dll
c:\windows\28007sp9mbot6z75.ocx
c:\windows\28209not-a-virz945c.ocx
c:\windows\28565hackt9ol5bbz.exe
c:\windows\2909thz5at92743.ocx
c:\windows\2949downloaz5r2294.bin
c:\windows\2957th9zf1540.exe
c:\windows\2969thiz54879.dll
c:\windows\29750wo9m64z.dll
c:\windows\2975spywaze2065.cpl
c:\windows\29959troj7z8.cpl
c:\windows\29960zirus57d5.ocx
c:\windows\29bzsp9w5re2455.exe
c:\windows\29ddzddware14995.exe
c:\windows\29zas5eal9534.bin
c:\windows\2az4spywar52962.dll
c:\windows\2e49downlo5der738z.bin
c:\windows\2fb9zpy9a5e1239.cpl
c:\windows\2z169ha5ktool2db.dll
c:\windows\2z25895y6ae.bin
c:\windows\2z4259pambot7a2.cpl
c:\windows\2z560spa9bot34f.ocx
c:\windows\2z71down5oad9r3153.dll
c:\windows\2za9thief2512.dll
c:\windows\2zcav5r739.dll
c:\windows\305325rzj9c2.cpl
c:\windows\3095zvirus5af.exe
c:\windows\30c2thrza598242.ocx
c:\windows\30z74not-9-v5rus93.exe
c:\windows\31282nzt-a9v5rus298.cpl
c:\windows\31d4szyw9re27905.exe
c:\windows\3205b9ckdoorz359.ocx
c:\windows\322095py958z.cpl
c:\windows\32281notza-5iru91d7.dll
c:\windows\33c5zack9oor1800.ocx
c:\windows\3422not-a-9irus57az.dll
c:\windows\3429addw9re115z.dll
c:\windows\345zsteal2891.dll
c:\windows\348zst59l931.cpl
c:\windows\34z45ro92f3.bin
c:\windows\34z95pyware1376.ocx
c:\windows\35555spz1e9.dll
c:\windows\35ddzddware908.dll
c:\windows\3610thr5atz1793.bin
c:\windows\3761threat55z9.dll
c:\windows\3774adzwa9e2005.bin
c:\windows\3860steal956z.ocx
c:\windows\3892zr5918f.dll
c:\windows\38c59ir445z.ocx
c:\windows\cookies.ini
c:\windows\system32\bfpdofvd.ini
c:\windows\system32\bieuuwaf.ini
c:\windows\system32\bieuuwaf.ini2
c:\windows\system32\bieuuwaf.tmp
c:\windows\system32\drivers\MSIVXobuswfmnaijqkfflurpilsviktdrjnwb.sys
c:\windows\system32\eeqngutu.ini
c:\windows\system32\fpslhanh.ini
c:\windows\system32\ggksegmc.ini
c:\windows\system32\gqbcpoyn.ini
c:\windows\system32\gwscvedk.ini
c:\windows\system32\JjQtwyay.ini
c:\windows\system32\JjQtwyay.ini2
c:\windows\system32\kycxqnib.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXikpurafymkvrxdlwskauqutjqqxyqgnf.dll
c:\windows\system32\MSIVXwnhrphpfhmvvdisaakfkmyeawpkntjtl.dll
c:\windows\system32\scceeslt.ini
c:\windows\system32\tvyecltx.ini
c:\windows\system32\VEfMonpo.ini
c:\windows\system32\VEfMonpo.ini2
c:\windows\system32\xbbHOXbc.ini
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-12-28 01:57 . 2009-12-28 01:57 2772 ----a-w- c:\windows\9957w9rz2be.exe
2009-12-27 15:00 . 2009-12-27 15:00 15753 ----a-w- c:\windows\394z1spambot59f.bin
2009-12-26 08:37 . 2009-12-26 08:37 15984 ----a-w- c:\windows\7c8zs5eal192.bin
2009-12-25 05:07 . 2009-12-25 05:07 3809 ----a-w- c:\windows\system32\2029ownloader8z5.bin
2009-12-24 22:59 . 2009-12-24 22:59 14921 ----a-w- c:\windows\system32\29z8vi51622.exe
2009-12-22 20:17 . 2009-12-22 20:17 8278 ----a-w- c:\windows\system32\519ddow5loadzr3263.bin
2009-12-22 12:30 . 2009-12-22 12:30 3487 ----a-w- c:\windows\system32\205zspambot439.bin
2009-12-21 22:03 . 2009-12-21 22:03 10441 ----a-w- c:\windows\system32\51950spy77z.exe
2009-12-20 11:54 . 2009-12-20 11:54 9104 ----a-w- c:\windows\system32\4f54s9zrse214.bin
2009-12-20 03:54 . 2009-12-20 03:54 4248 ----a-w- c:\windows\system32\29435sp91z9.exe
2009-12-19 09:50 . 2009-12-19 09:50 10016 ----a-w- c:\windows\system32\4451down9oazer295.bin
2009-12-15 19:37 . 2009-12-15 19:37 17895 ----a-w- c:\windows\805v9r28z.dll
2009-12-13 07:42 . 2009-12-13 07:42 6975 ----a-w- c:\windows\system32\21155t9ozdf.bin
2009-12-11 23:31 . 2009-12-11 23:31 6964 ----a-w- c:\windows\system32\16305zac9tool525.bin
2009-12-11 10:09 . 2009-12-11 10:09 12452 ----a-w- c:\windows\system32\6599zddw5re687.bin
2009-12-10 01:59 . 2009-12-10 01:59 11518 ----a-w- c:\windows\system32\49515rojzb7.dll
2009-12-08 20:12 . 2009-12-08 20:12 3609 ----a-w- c:\windows\bczown9oader1358.dll
2009-12-02 09:23 . 2009-12-02 09:23 15307 ----a-w- c:\windows\system32\519zsp9ware1518.dll
2009-11-28 22:38 . 2009-11-28 22:38 5194 ----a-w- c:\windows\system32\15z63hac5to9l18.exe
2009-11-26 15:16 . 2009-11-26 15:16 14997 ----a-w- c:\windows\4z479ir2615.exe
2009-11-25 18:12 . 2009-11-25 18:12 12000 ----a-w- c:\windows\47bbthre5t29z0.dll
2009-11-20 10:15 . 2009-11-20 10:15 15393 ----a-w- c:\windows\92435not-a5virzs570.bin
2009-11-12 14:26 . 2009-11-12 14:26 7907 ----a-w- c:\windows\system32\6994thief3529z.exe
2009-11-10 03:05 . 2009-11-10 03:05 11842 ----a-w- c:\windows\system32\14598zpambot18e.dll
2009-11-09 02:12 . 2009-11-09 02:12 11559 ----a-w- c:\windows\system32\10654trzj3f9.exe
2009-11-06 01:34 . 2009-11-06 01:34 5161 ----a-w- c:\windows\90184troj5z8.exe
2009-11-05 06:54 . 2009-11-05 06:54 6291 ----a-w- c:\windows\3929v5rus3bz.bin
2009-11-02 19:02 . 2009-11-02 19:02 17250 ----a-w- c:\windows\system32\4855sparsz1997.exe
2009-10-28 15:10 . 2009-10-28 15:10 3474 ----a-w- c:\windows\5729hzef655.exe
2009-10-24 16:39 . 2009-10-24 16:39 7636 ----a-w- c:\windows\4edat5ief19z.dll
2009-10-22 23:33 . 2009-10-22 23:33 3406 ----a-w- c:\windows\system32\1167doznloader99145.exe
2009-10-20 19:28 . 2009-10-20 19:28 10811 ----a-w- c:\windows\system32\5519zhief3526.dll
2009-10-20 09:15 . 2009-10-20 09:15 12251 ----a-w- c:\windows\9088zviru52ff.bin
2009-10-19 14:15 . 2009-10-19 14:15 14650 ----a-w- c:\windows\5dz6vi92028.dll
2009-10-19 12:27 . 2009-10-19 12:27 15332 ----a-w- c:\windows\5153dzwnloader1169.exe
2009-10-10 10:55 . 2009-10-10 10:55 9396 ----a-w- c:\windows\4260s5eal6z9.dll
2009-10-02 15:19 . 2009-10-02 15:19 6782 ----a-w- c:\windows\7809szambo94885.exe
2009-10-02 05:10 . 2009-10-02 05:10 6016 ----a-w- c:\windows\system32\310729pamzot593.bin
2009-09-28 21:45 . 2009-09-28 21:45 10844 ----a-w- c:\windows\system32\11379v5zus926.exe
2009-09-26 01:05 . 2009-09-26 01:05 13762 ----a-w- c:\windows\system32\3649zacktool7675.exe
2009-09-19 20:13 . 2009-09-19 20:13 9726 ----a-w- c:\windows\system32\4123thr9at578z.dll
2009-09-18 21:53 . 2009-09-18 21:53 7935 ----a-w- c:\windows\system32\7755sparze31959.dll
2009-09-09 23:07 . 2009-09-09 23:07 8794 ----a-w- c:\windows\system32\8339hackt5zl294.exe
2009-09-09 13:29 . 2009-09-09 13:29 15462 ----a-w- c:\windows\5z09t5ief362.dll
2009-09-08 03:59 . 2009-09-08 03:59 4404 ----a-w- c:\windows\system32\9z5bth5eat31796.bin
2009-09-05 18:22 . 2009-09-05 18:22 14722 ----a-w- c:\windows\system32\9995wzrmd2.bin
2009-08-28 13:34 . 2009-08-28 13:34 9051 ----a-w- c:\windows\5295teaz920.dll
2009-08-27 10:57 . 2009-08-27 10:57 8803 ----a-w- c:\windows\54769zpambo9721.bin
2009-08-23 04:57 . 2009-08-23 04:57 18385 ----a-w- c:\windows\system32\8056zi9us438.dll
2009-08-16 16:25 . 2009-08-16 16:25 4321 ----a-w- c:\windows\735znot-9-v5rus25a.bin
2009-08-16 10:08 . 2009-08-16 10:08 4297 ----a-w- c:\windows\system32\ez5addware20549.dll
2009-08-15 13:03 . 2009-08-15 13:03 13474 ----a-w- c:\windows\system32\6589spambo9z96.dll
2009-08-14 15:09 . 2009-08-14 15:09 10305 ----a-w- c:\windows\z319troj1e25.exe
2009-08-12 21:53 . 2009-08-12 21:53 9032 ----a-w- c:\windows\system32\6b34ad5war993z.dll
2009-08-09 10:20 . 2009-08-09 10:20 5190 ----a-w- c:\windows\7596spa5s977z.bin
2009-08-07 15:37 . 2009-08-07 15:37 8191 ----a-w- c:\windows\system32\521ebaczdo5r2739.exe
2009-08-05 16:41 . 2009-08-05 16:41 15810 ----a-w- c:\windows\5e129ownload5rz267.exe
2009-08-04 16:15 . 2009-08-04 16:15 14879 ----a-w- c:\windows\7cfbsp5warez398.dll
2009-08-01 16:01 . 2009-08-01 16:01 4345 ----a-w- c:\windows\93159hacktool5z8.exe
2009-08-01 01:20 . 2009-08-01 01:20 4733 ----a-w- c:\windows\system32\79c95pazse668.dll
2009-07-27 09:15 . 2009-07-27 09:15 13086 ----a-w- c:\windows\system32\318359izusf2.dll
2009-07-24 11:06 . 2009-07-24 11:06 5751 ----a-w- c:\windows\system32\z965troj445.dll
2009-07-22 05:33 . 2009-07-22 05:33 8679 ----a-w- c:\windows\system32\3a39thzef503.exe
2009-07-22 00:30 . 2009-07-22 00:30 13912 ----a-w- c:\windows\759dsteal2z61.dll
2009-07-19 14:04 . 2009-07-19 14:04 8052 ----a-w- c:\windows\505zworm539.bin
2009-07-13 20:44 . 2009-07-13 20:45 -------- d-----w- c:\program files\Cobian Backup 9
2009-07-13 19:58 . 2009-07-13 19:58 -------- d-----w- c:\program files\Trend Micro
2009-07-13 19:51 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 19:51 . 2009-07-13 19:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 19:51 . 2009-07-13 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 19:51 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 08:36 . 2009-07-12 08:36 6004 ----a-w- c:\windows\system32\4zfcstea59795.dll
2009-07-12 05:10 . 2009-07-12 05:10 14830 ----a-w- c:\windows\5554wzrm966.exe
2009-07-12 03:16 . 2009-07-12 03:16 16444 ----a-w- c:\windows\system32\28198troj295z.exe
2009-07-11 08:53 . 2009-07-11 08:53 15264 ----a-w- c:\windows\system32\1960zw5rm13b9.dll
2009-07-08 23:01 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-08 22:55 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-08 22:54 . 2009-07-08 22:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-08 22:54 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-08 22:54 . 2009-07-08 22:54 -------- d-----w- c:\program files\Lavasoft
2009-07-08 22:54 . 2009-07-08 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-08 22:05 . 2009-07-08 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-07-08 22:04 . 2009-07-08 22:04 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-07-08 22:04 . 2009-07-08 22:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-07-08 20:55 . 2009-07-08 20:55 -------- d-----w- C:\VundoFix Backups
2009-07-08 20:25 . 2009-07-08 20:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2009-07-08 20:21 . 2009-07-08 20:21 -------- d-----w- c:\program files\Ask.com
2009-07-08 20:20 . 2009-07-08 20:20 -------- d-----w- c:\program files\MSSOAP
2009-07-08 20:19 . 2009-07-08 20:19 -------- d-----w- c:\program files\Webroot
2009-07-08 15:58 . 2009-07-08 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-07 17:09 . 2009-07-07 17:09 -------- d-----w- c:\program files\BitDefender
2009-07-07 16:48 . 2009-07-07 17:09 -------- d-----w- c:\program files\Common Files\BitDefender
2009-07-07 10:55 . 2009-07-07 10:55 2947 ----a-w- c:\windows\system32\31734v9ruz57.exe
2009-07-05 05:24 . 2009-07-05 05:24 6487 ----a-w- c:\windows\system32\6545thzef191.dll
2009-07-05 02:12 . 2009-07-05 02:12 15447 ----a-w- c:\windows\system32\2z35addw9re2695.exe
2009-07-01 13:40 . 2009-07-01 13:40 2707 ----a-w- c:\windows\93158spz40.bin
2009-06-25 04:52 . 2009-06-25 04:52 10783 ----a-w- c:\windows\system32\zf10thr9at7695.dll
2009-06-24 06:33 . 2009-06-24 06:33 9966 ----a-w- c:\windows\system32\5e9dvir58z.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 22:37 . 2006-01-26 17:14 -------- d-----w- c:\program files\PestPatrol
2009-07-15 21:30 . 2007-12-03 21:28 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-07-15 21:29 . 2008-02-25 17:02 2855 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2009-07-10 20:47 . 2009-01-26 14:36 -------- d-----w- c:\program files\PokerStars.NET
2009-07-08 16:01 . 2006-01-04 17:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-08 16:01 . 2006-01-04 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-07 16:08 . 2008-04-29 21:46 -------- d-----w- c:\program files\CCleaner
2009-06-15 04:40 . 2009-06-15 04:40 12567 ----a-w- c:\windows\6f26zpyw5re9170.exe
2009-06-14 01:01 . 2009-06-14 01:01 14345 ----a-w- c:\windows\system32\17z59teal1890.exe
2009-06-12 13:42 . 2009-06-12 13:42 17990 ----a-w- c:\windows\system32\15425haczt5ol96e.bin
2009-06-11 19:57 . 2009-06-11 19:57 13528 ----a-w- c:\windows\system32\191z7w9rm59.exe
2009-06-09 09:06 . 2009-06-09 09:06 14780 ----a-w- c:\windows\system32\5a449zdware1290.exe
2009-06-03 19:02 . 2009-06-03 19:02 15358 ----a-w- c:\windows\system32\17z1059y15f.bin
2009-06-02 21:39 . 2009-06-02 21:39 9622 ----a-w- c:\windows\system32\2948zot-a-vir5s6f9.exe
2009-06-02 13:12 . 2009-06-02 13:12 11605 ----a-w- c:\windows\system32\25075worm3z9.bin
2009-05-26 01:41 . 2009-05-26 01:41 10384 ----a-w- c:\windows\system32\105815or91zc.bin
2009-05-23 08:07 . 2009-05-23 08:07 8785 ----a-w- c:\windows\system32\3983st95l52z.bin
2009-05-22 22:25 . 2009-05-22 22:25 5024 ----a-w- c:\windows\59db9dzware5531.exe
2009-05-21 15:33 . 2009-05-21 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SkyGolf
2009-05-21 15:32 . 2009-05-21 15:32 -------- d-----w- c:\program files\SkyGolf
2009-05-21 15:32 . 2009-05-21 15:32 -------- d-----w- c:\program files\SG2
2009-05-20 02:52 . 2009-05-20 02:52 6706 ----a-w- c:\windows\49ebaddwz5e2779.bin
2009-05-19 16:49 . 2009-05-19 16:49 18230 ----a-w- c:\windows\system32\21700szam5ot709.bin
2009-05-14 22:28 . 2009-05-14 22:28 14909 ----a-w- c:\windows\7065z5c9toolae.dll
2009-05-12 03:49 . 2009-05-12 03:49 11177 ----a-w- c:\windows\system32\551zi91043.bin
2009-05-11 04:02 . 2009-05-11 04:02 10792 ----a-w- c:\windows\system32\1az5addwa9e3183.bin
2009-05-10 20:15 . 2009-05-10 20:15 15164 ----a-w- c:\windows\3d9spar5e65z.bin
2009-05-09 18:25 . 2009-05-09 18:25 17071 ----a-w- c:\windows\system32\29610virzs2bd5.exe
2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 11:02 . 2009-05-07 11:02 10059 ----a-w- c:\windows\66905ze9l2101.exe
2009-05-06 07:03 . 2009-05-06 07:03 12545 ----a-w- c:\windows\7959szyware700.dll
2009-05-05 20:38 . 2009-05-05 20:38 15249 ----a-w- c:\windows\system32\4879spzmb5t9de.bin
2009-05-05 20:24 . 2009-05-05 20:24 11141 ----a-w- c:\windows\system32\25493virus50z.bin
2009-05-05 00:43 . 2009-05-05 00:43 17762 ----a-w- c:\windows\system32\5c4ethiefz799.bin
2009-05-03 23:05 . 2009-05-03 23:05 8782 ----a-w- c:\windows\system32\1940zor57929.bin
2009-05-01 22:25 . 2009-05-01 22:25 12188 ----a-w- c:\windows\system32\2909threat15z21.bin
2009-05-01 12:55 . 2008-02-25 18:06 816392 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch2.exe
2009-04-29 04:56 . 2003-03-31 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 10:11 . 2009-04-27 10:11 4161 ----a-w- c:\windows\69125tzal985.dll
2009-04-25 11:05 . 2009-04-25 11:05 14149 ----a-w- c:\windows\91951spambo57ecz.bin
2009-04-21 23:27 . 2009-04-21 23:27 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-04-21 23:27 . 2009-04-21 23:27 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-04-21 23:27 . 2009-04-21 23:27 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-21 19:19 . 2009-04-21 19:19 3845 ----a-w- c:\windows\4z91hack5ool6bc.bin
2009-04-19 09:48 . 2009-04-19 09:48 8371 ----a-w- c:\windows\system32\79zddw5re531.exe
2009-04-17 12:26 . 2003-03-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 11:11 . 2009-04-17 11:11 4758 ----a-w- c:\windows\system32\579fviz5017.bin
2006-01-03 18:10 . 2006-01-03 18:08 20921040 ----a-w- c:\program files\AdbeRdr705_enu_full.exe
2008-04-22 23:40 . 2008-04-22 23:40 1540917 --sha-w- c:\windows\system32\fpslhanh.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 20:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480]
"PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304]
"CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-23 16:34 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
backup=c:\windows\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\123CopyDVD 2008\\123CopyDVD.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=
"c:\\Program Files\\123CopyDVD 2009\\123CopyDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/8/2009 5:55 PM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [6/24/2008 5:34 PM 4064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 4:03 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 55024]
S0 blxtce;blxtce;c:\windows\system32\drivers\xfigw.sys --> c:\windows\system32\drivers\xfigw.sys [?]
S0 Imvyx;Imvyx;c:\windows\system32\drivers\oxzok.sys --> c:\windows\system32\drivers\oxzok.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 951632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 20:06]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-setup2 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 17:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-15 17:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 22:47

Pre-Run: 34,287,144,960 bytes free
Post-Run: 34,298,826,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

461 --- E O F --- 2009-06-11 08:07

Well the HJT scan went much faster than I thought. Here is that log as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:20 PM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207764425365
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - https://www.clickloan.com/CAB/PtClickLoan/1,0,0,12/PtClickLoan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

--
End of file - 6465 bytes

Hello!

Is this a business computer?

Im self employed. Its at my office mainly for personal use.

Im self employed. Its at my office mainly for personal use. Could you please explain this?

Regarding infected Corporate, Government, Small Business or Institutional machines.

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showpost.php?p=25712&postcount=5)




The intention of this forum is not to replace a company's IT department, nor can we anticipate alterations or configurations that may have been made to a business machine, or how it will interact with the tools commonly used in the removal of malware.

The majority of the tools used in this forum are only free for Home Users and only tested on Home machines, they may well change settings that are required for a Company network. Another consideration is that company information may show in the logs.

More than one machine could be at stake, possibly even the server. If sensitive material has been compromised by an infection, the company could be held liable.

To prevent any possible loss or corruption of company information, please inform your IT department or Supervisor when a workplace computer has been infected, immediately.

It's not that we don't want to help, but there are too many issues that could arise from a networked company machine that malware forum volunteers are not experienced in dealing with.

This is my personal computer at my office. It is not networked with any other computers. I have a small business with 2 employees. If you do not feel like you can help me, than you do what you have to do.

This is my personal computer at my office. It is not networked with any other computers. I have a small business with 2 employees. If you do not feel like you can help me, than you do what you have to do.

It is fine to continue.

What antivirus program are you using at the moment?

Run CFScript



Close any open browsers.
Open Notepad by click start
Click Run
Type notepad into the box and click enter
Notepad will open
Copy and Paste everything from the Code box into Notepad:




http://forums.spybot.info/showthread.php?t=50010&page=2
Collect::
c:\windows\system32\drivers\oxzok.sys
c:\windows\system32\drivers\xfigw.sys
c:\windows\9957w9rz2be.exe
c:\windows\394z1spambot59f.bin
c:\windows\7c8zs5eal192.bin
c:\windows\system32\2029ownloader8z5.bin
c:\windows\system32\29z8vi51622.exe
c:\windows\system32\519ddow5loadzr3263.bin
c:\windows\system32\205zspambot439.bin
c:\windows\system32\51950spy77z.exe
c:\windows\system32\4f54s9zrse214.bin
c:\windows\system32\29435sp91z9.exe
c:\windows\system32\4451down9oazer295.bin
c:\windows\805v9r28z.dll
c:\windows\system32\21155t9ozdf.bin
c:\windows\system32\16305zac9tool525.bin
c:\windows\system32\6599zddw5re687.bin
c:\windows\system32\49515rojzb7.dll
c:\windows\bczown9oader1358.dll
c:\windows\system32\519zsp9ware1518.dll
c:\windows\system32\15z63hac5to9l18.exe
c:\windows\4z479ir2615.exe
c:\windows\47bbthre5t29z0.dll
c:\windows\92435not-a5virzs570.bin
c:\windows\system32\6994thief3529z.exe
c:\windows\system32\14598zpambot18e.dll
c:\windows\system32\10654trzj3f9.exe
c:\windows\90184troj5z8.exe
c:\windows\3929v5rus3bz.bin
c:\windows\system32\4855sparsz1997.exe
c:\windows\5729hzef655.exe
c:\windows\4edat5ief19z.dll
c:\windows\system32\1167doznloader99145.exe
c:\windows\system32\5519zhief3526.dll
c:\windows\9088zviru52ff.bin
c:\windows\5dz6vi92028.dll
c:\windows\5153dzwnloader1169.exe
c:\windows\4260s5eal6z9.dll
c:\windows\7809szambo94885.exe
c:\windows\system32\310729pamzot593.bin
c:\windows\system32\11379v5zus926.exe
c:\windows\system32\3649zacktool7675.exe
c:\windows\system32\4123thr9at578z.dll
c:\windows\system32\7755sparze31959.dll
c:\windows\system32\8339hackt5zl294.exe
c:\windows\5z09t5ief362.dll
c:\windows\system32\9z5bth5eat31796.bin
c:\windows\system32\9995wzrmd2.bin
c:\windows\5295teaz920.dll
c:\windows\54769zpambo9721.bin
c:\windows\system32\8056zi9us438.dll
c:\windows\735znot-9-v5rus25a.bin
c:\windows\system32\ez5addware20549.dll
c:\windows\system32\6589spambo9z96.dll
c:\windows\z319troj1e25.exe
c:\windows\system32\6b34ad5war993z.dll
c:\windows\7596spa5s977z.bin
c:\windows\system32\521ebaczdo5r2739.exe
c:\windows\5e129ownload5rz267.exe
c:\windows\7cfbsp5warez398.dll
c:\windows\93159hacktool5z8.exe
c:\windows\system32\79c95pazse668.dll
c:\windows\system32\318359izusf2.dll
c:\windows\system32\z965troj445.dll
c:\windows\system32\3a39thzef503.exe
c:\windows\759dsteal2z61.dll
c:\windows\505zworm539.bin
c:\windows\system32\4zfcstea59795.dll
c:\windows\5554wzrm966.exe
c:\windows\system32\28198troj295z.exe
c:\windows\system32\1960zw5rm13b9.dll
c:\windows\system32\31734v9ruz57.exe
c:\windows\system32\6545thzef191.dll
c:\windows\system32\2z35addw9re2695.exe
c:\windows\93158spz40.bin
c:\windows\system32\zf10thr9at7695.dll
c:\windows\system32\5e9dvir58z.dll
c:\windows\6f26zpyw5re9170.exe
c:\windows\system32\17z59teal1890.exe
c:\windows\system32\15425haczt5ol96e.bin
c:\windows\system32\191z7w9rm59.exe
c:\windows\system32\5a449zdware1290.exe
c:\windows\system32\17z1059y15f.bin
c:\windows\system32\2948zot-a-vir5s6f9.exe
c:\windows\system32\25075worm3z9.bin
c:\windows\system32\105815or91zc.bin
c:\windows\system32\3983st95l52z.bin
c:\windows\59db9dzware5531.exe
c:\windows\49ebaddwz5e2779.bin
c:\windows\system32\21700szam5ot709.bin
c:\windows\7065z5c9toolae.dll
c:\windows\system32\551zi91043.bin
c:\windows\system32\1az5addwa9e3183.bin
c:\windows\3d9spar5e65z.bin
c:\windows\system32\29610virzs2bd5.exe
c:\windows\66905ze9l2101.exe
c:\windows\7959szyware700.dll
c:\windows\system32\4879spzmb5t9de.bin
c:\windows\system32\25493virus50z.bin
c:\windows\system32\5c4ethiefz799.bin
c:\windows\system32\1940zor57929.bin
c:\windows\system32\2909threat15z21.bin
c:\windows\69125tzal985.dll
c:\windows\91951spambo57ecz.bin
c:\windows\4z91hack5ool6bc.bin
c:\windows\system32\79zddw5re531.exe
c:\windows\system32\579fviz5017.bin
c:\windows\system32\fpslhanh.tmp

Driver::
blxtce
Imvyx


Registry::
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]


Save this as CFScript.txt, in the same location as ComboFix.exe (on your desktop)

http://i219.photobucket.com/albums/cc99/BioHazard_030/CFScriptExample.jpg
Refering to the picture below, drag CFScript into ComboFix.exe

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
When finished, it shall produce a log for you at C:\ComboFix.txt



NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it.



CCleaner



Make sure that ALL browser windows are closed
Double-click the CCleaner shortcut on the desktop to start the program.
Click on the Options block on the left, then choose Cookies.

Under Cookies to Delete, highlight any cookies you would like to retain permanently
Click the right arrow > to move them to the Cookies to Keep window.


Go into Options > Advanced deselect/uncheck 'Only delete files in Windows Temp folders older than 48 hours'
Click Run Cleaner to run the program.
Caution: It is not recommended that you use the 'Registry' feature unless you are very familiar with the registry.
After CCleaner has completed its process, click Exit.




Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.



Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives


Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.





Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:


Answer to My question
ComboFix log (found at C:\Combofix.txt)
Kaspersky Log
A fresh HijackThis Log ( after all the above has been done)
A description of how your computer is behaving

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.