Cannot get rid of trats virus, generic dropper, and virtumonde

[nsga1]

Sure glad you guys are here. I have tried everything! The virus and malware keep coming back. After following the directions in the "before you post" thread, here is a HJT log after a Kapersky scan. I have a log of before the first Kaps scan too. (Kaps scan to follow):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:03 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page http://www.yahoo.com<br /> R1 - HKL.../?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URLhttp://go.microsoft.com/fwlink/?LinkId54896[
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page http://go.microsoft.com/fwlink/?LinkId=54896[
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtqn.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BOB\Application Data\Mozilla\Profiles\default\p0ly8aft.slt\prefs.js)
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [44abe178] rundll32.exe "C:\WINDOWS\system32\ybbrxonx.dll",b
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ESPN BottomLine] "C:\Program Files\ESPN\BottomLine\bline.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe
O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...riveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - c:\program files\mcafee\msk\msksrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 16333 bytes

[nsga1]

Protection
----------
Total scanned: 3542
Detected: 45
Untreated: 20
Start time: 1/22/2008 5:34:37 AM
Duration: 00:00:00
Finish time: 1/22/2008 5:34:37 AM


Detected
--------
Status Object
------ ------
will be deleted when the computer is restarted: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\WINDOWS\system32\csnxrmws.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dih File: C:\WINDOWS\system32\awtqn.dll
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: ctfmon.exe\ctfmon.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\7CDOE0EM\tr[1]
detected: adware not-a-virus:AdWare.Win32.SuperJuan.ez File: C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\BZMKY6SU\apst377[1]
detected: Trojan program Trojan-Clicker.Win32.Agent.ij File: C:\downloads ares\adobe acrobat 8 professional activation crack keygen serial(3).exe//data.rar/Patch.exe//FSG
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\Program Files\iTunes\iTunesHelper.exe
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\VundoFix Backups\agvjeigx.dll.bad
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\VundoFix Backups\jlpmalhc.dll.bad
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\VundoFix Backups\lyinyuvy.dll.bad
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\WINDOWS\system32\bdsvpadu.dll
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\WINDOWS\system32\ctfmon.exe.tmp
detected: adware not-a-virus:AdWare.Win32.Virtumonde.din File: C:\WINDOWS\system32\dpgbhsgq.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\WINDOWS\system32\fpvgqobd.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnl File: C:\WINDOWS\system32\pktvjfgf.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\WINDOWS\system32\pynfbdua.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn File: C:\WINDOWS\system32\tpqvdyyk.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.din File: C:\WINDOWS\system32\usminpio.dll
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
deleted: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp.exe\avp.exe
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: avp .exe\avp .exe
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo File: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
detected: Trojan program Trojan-Dropper.Win32.Agent.dgo Running module: ctfmon.exe\ctfmon.exe


Events
------
Time Event
---- -----
1/21/2008 9:07:23 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
1/21/2008 9:09:10 PM File C:\WINDOWS\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 9:09:10 PM Security threats have been detected. You are advised to neutralize them immediately.
1/21/2008 9:09:10 PM File C:\WINDOWS\system32\csnxrmws.dll: is still infected, postponed.
1/21/2008 9:09:13 PM File C:\WINDOWS\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/21/2008 9:09:13 PM File C:\WINDOWS\system32\awtqn.dll: is still infected, postponed.
1/21/2008 9:10:04 PM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:04 PM Running module avp.exe\avp.exe: is still infected, postponed.
1/21/2008 9:10:04 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:04 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: is still infected, postponed.
1/21/2008 9:10:05 PM Running module ctfmon.exe\ctfmon.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:05 PM Running module ctfmon.exe\ctfmon.exe: is still infected, postponed.
1/21/2008 9:10:10 PM File C:\WINDOWS\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 9:10:10 PM File C:\WINDOWS\system32\csnxrmws.dll: is still infected, postponed.
1/21/2008 9:10:17 PM File C:\WINDOWS\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/21/2008 9:10:17 PM File C:\WINDOWS\system32\awtqn.dll: is still infected, postponed.
1/21/2008 9:10:25 PM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:25 PM Running module avp.exe\avp.exe: is still infected, postponed.
1/21/2008 9:10:25 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:25 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: is still infected, postponed.
1/21/2008 9:10:25 PM Running module ctfmon.exe\ctfmon.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 9:10:25 PM Running module ctfmon.exe\ctfmon.exe: is still infected, postponed.
1/21/2008 9:10:39 PM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 9:10:39 PM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 9:10:39 PM File c:\windows\system32\csnxrmws.dll: is still infected, postponed.
1/21/2008 9:10:39 PM File c:\windows\system32\csnxrmws.dll: is still infected, postponed.
1/21/2008 9:11:12 PM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/21/2008 9:11:12 PM File c:\windows\system32\awtqn.dll: is still infected, postponed.
1/21/2008 9:11:12 PM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/21/2008 9:11:12 PM File c:\windows\system32\awtqn.dll: is still infected, postponed.
1/21/2008 9:11:53 PM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/CmnIds.vbs: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/arrow_right.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/btn_signup_52x20.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/more_info.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/sidetable_bottom.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/sidetable_bottom_red.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/sidetable_top.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/sidetable_top_red.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/transpix.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/images/watermark_mys_150x130.gif: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/oemcfg.vbs: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/OEMIds.vbs: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/valert.htm: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/valert_old.htm: is password protected.
1/21/2008 9:39:55 PM File C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\News\valert.ui/hs~valert.htm: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareDetector.zip/SDRemoveDB.db: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareDetector.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/awtqn.dll: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:47 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip/awtqn.dll: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip/awtqn.dll_old: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip/awtqn.dll: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip/awtqn.dll: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip/awtqn.dll_old: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip/awtqn.dll: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:48 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip/awtqn.dll_old: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip/csnxrmws.dllbox: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip/csnxrmws.dllbox: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric10.zip/csnxrmws.dll_old: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric10.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric11.zip/csnxrmws.dll: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric11.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric12.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric12.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric13.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric13.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric14.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric14.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric15.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric15.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric16.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric16.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric17.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:49 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric17.zip/sbRecovery.ini: is password protected.

[nsga1]

1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric44.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric5.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric5.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric6.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric6.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric7.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric7.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric8.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric8.zip/sbRecovery.ini: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric9.zip/sbRecovery.reg: is password protected.
1/21/2008 9:47:50 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric9.zip/sbRecovery.ini: is password protected.
1/21/2008 10:17:29 PM File C:\Documents and Settings\Lori\Local Settings\Application Data\Ares\My Shared Folder\microsoft office 2003 professional (word, excel, powerpoint, access, frontpage, outlook, infopath, visio, project)(2).exe/[App] Microsoft Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project).iso//SETUP.APM/ams_xml_pl.xml: is password protected.
1/21/2008 10:17:29 PM File C:\Documents and Settings\Lori\Local Settings\Application Data\Ares\My Shared Folder\microsoft office 2003 professional (word, excel, powerpoint, access, frontpage, outlook, infopath, visio, project)(2).exe/[App] Microsoft Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project).iso//SETUP.APM/ams_xml_temp.xml: is password protected.
1/21/2008 10:18:59 PM File C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\7CDOE0EM\tr[1]: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 10:18:59 PM File C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\7CDOE0EM\tr[1]: is still infected, postponed.
1/21/2008 10:19:02 PM File C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\BZMKY6SU\apst377[1]: detected adware 'not-a-virus:AdWare.Win32.SuperJuan.ez'.
1/21/2008 10:19:02 PM File C:\Documents and Settings\Lori\Local Settings\Temporary Internet Files\Content.IE5\BZMKY6SU\apst377[1]: is still infected, postponed.
1/21/2008 10:41:37 PM File C:\downloads ares\adobe acrobat 8 professional activation crack keygen serial(3).exe//data.rar/Patch.exe//FSG: detected Trojan program 'Trojan-Clicker.Win32.Agent.ij'.
1/21/2008 10:41:37 PM File C:\downloads ares\adobe acrobat 8 professional activation crack keygen serial(3).exe//data.rar/Patch.exe//FSG: is still infected, postponed.
1/21/2008 10:50:57 PM Update error: .
1/21/2008 11:10:56 PM Update error: .
1/21/2008 11:20:00 PM File C:\Program Files\iTunes\iTunesHelper.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 11:20:00 PM File C:\Program Files\iTunes\iTunesHelper.exe: is still infected, postponed.
1/21/2008 11:30:56 PM Update error: .
1/21/2008 11:33:58 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 11:33:58 PM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: is still infected, postponed.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/comctl.lpk: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/config.ini: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/pbar.vbs: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninst.vbs: is password protected.
1/21/2008 11:39:23 PM File C:\Program Files\McAfee.com\Agent\uninst\screm.ui/uninstall.htm: is password protected.
1/21/2008 11:50:56 PM Update error: .
1/21/2008 11:56:34 PM File C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/21/2008 11:56:34 PM File C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe: is still infected, postponed.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\agvjeigx.dll.bad: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\agvjeigx.dll.bad: is still infected, postponed.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\jlpmalhc.dll.bad: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\jlpmalhc.dll.bad: is still infected, postponed.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\lyinyuvy.dll.bad: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/21/2008 11:59:29 PM File C:\VundoFix Backups\lyinyuvy.dll.bad: is still infected, postponed.
1/22/2008 12:10:56 AM Update error: .
1/22/2008 12:28:46 AM File C:\WINDOWS\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 12:28:46 AM File C:\WINDOWS\system32\awtqn.dll: is still infected, postponed.
1/22/2008 12:28:46 AM File C:\WINDOWS\system32\bdsvpadu.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:28:46 AM File C:\WINDOWS\system32\bdsvpadu.dll: is still infected, postponed.
1/22/2008 12:28:50 AM File C:\WINDOWS\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:28:50 AM File C:\WINDOWS\system32\csnxrmws.dll: is still infected, postponed.
1/22/2008 12:28:52 AM File C:\WINDOWS\system32\ctfmon.exe.tmp: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 12:28:52 AM File C:\WINDOWS\system32\ctfmon.exe.tmp: is still infected, postponed.
1/22/2008 12:28:59 AM File C:\WINDOWS\system32\dpgbhsgq.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.din'.
1/22/2008 12:28:59 AM File C:\WINDOWS\system32\dpgbhsgq.dll: is still infected, postponed.
1/22/2008 12:29:04 AM File C:\WINDOWS\system32\fpvgqobd.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:29:04 AM File C:\WINDOWS\system32\fpvgqobd.dll: is still infected, postponed.
1/22/2008 12:29:44 AM File C:\WINDOWS\system32\pktvjfgf.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnl'.
1/22/2008 12:29:44 AM File C:\WINDOWS\system32\pktvjfgf.dll: is still infected, postponed.
1/22/2008 12:29:48 AM File C:\WINDOWS\system32\pynfbdua.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:29:48 AM File C:\WINDOWS\system32\pynfbdua.dll: is still infected, postponed.
1/22/2008 12:29:57 AM File C:\WINDOWS\system32\tpqvdyyk.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:29:57 AM File C:\WINDOWS\system32\tpqvdyyk.dll: is still infected, postponed.
1/22/2008 12:30:00 AM File C:\WINDOWS\system32\usminpio.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.din'.
1/22/2008 12:30:00 AM File C:\WINDOWS\system32\usminpio.dll: is still infected, postponed.
1/22/2008 12:30:57 AM Update error: .
1/22/2008 12:36:12 AM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 12:50:56 AM Update error: .
1/22/2008 1:10:56 AM Update error: .
1/22/2008 1:30:56 AM Update error: .
1/22/2008 1:50:56 AM Update error: .
1/22/2008 2:10:56 AM Update error: .
1/22/2008 2:30:56 AM Update error: .
1/22/2008 2:50:56 AM Update error: .
1/22/2008 3:10:56 AM Update error: .
1/22/2008 3:30:56 AM Update error: .
1/22/2008 3:50:56 AM Update error: .
1/22/2008 4:10:56 AM Update error: .
1/22/2008 4:30:56 AM Update error: .
1/22/2008 4:50:56 AM Update error: .
1/22/2008 5:10:56 AM Update error: .
1/22/2008 5:29:06 AM File c:\windows\system32\csnxrmws.dll will be deleted on system restart.
1/22/2008 5:29:09 AM Startup object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csnxrmws\csnxrmws: deleted.
1/22/2008 5:29:13 AM Startup object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}: deleted.
1/22/2008 5:29:16 AM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:29:31 AM File c:\windows\system32\csnxrmws.dll will be deleted on system restart.
1/22/2008 5:29:31 AM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:30:56 AM Update error: .
1/22/2008 5:30:58 AM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:30:58 AM File c:\windows\system32\awtqn.dll will be deleted on system restart.
1/22/2008 5:31:04 AM Startup object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24B1315D-2702-4C30-8571-6B5B7E2F249D}: deleted.
1/22/2008 5:31:07 AM File C:\WINDOWS\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 5:31:08 AM File C:\WINDOWS\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:31:15 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:30 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:30 AM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:30 AM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe will be deleted on system restart.
1/22/2008 5:31:30 AM Running module ctfmon.exe\ctfmon.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:30 AM Running module ctfmon.exe\ctfmon.exe: deleted.
1/22/2008 5:31:32 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:32 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:33 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:34 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:35 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:36 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:37 AM Running module avp.exe\avp.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:31:37 AM Running module avp.exe\avp.exe: deleted.
1/22/2008 5:31:39 AM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 5:31:43 AM File c:\windows\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:34:37 AM Security threats have been detected. You are advised to neutralize them immediately.
1/22/2008 5:38:00 AM File C:\WINDOWS\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 5:38:00 AM File C:\WINDOWS\system32\csnxrmws.dll: is still infected, postponed.
1/22/2008 5:38:11 AM File C:\WINDOWS\system32\awtqn.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dih'.
1/22/2008 5:38:11 AM File C:\WINDOWS\system32\awtqn.dll: is still infected, postponed.
1/22/2008 5:39:23 AM Running module avp .exe\avp .exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:39:23 AM Running module avp .exe\avp .exe: is still infected, postponed.
1/22/2008 5:39:23 AM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:39:23 AM File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe: is still infected, postponed.
1/22/2008 5:39:23 AM Running module ctfmon.exe\ctfmon.exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:39:23 AM Running module ctfmon.exe\ctfmon.exe: is still infected, postponed.
1/22/2008 5:39:53 AM File c:\windows\system32\csnxrmws.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.dnn'.
1/22/2008 5:39:53 AM File c:\windows\system32\csnxrmws.dll: is still infected, postponed.
1/22/2008 5:40:03 AM File c:\program files\kaspersky lab\kaspersky anti-virus 6.0 sos\avp .exe: detected Trojan program 'Trojan-Dropper.Win32.Agent.dgo'.
1/22/2008 5:40:03 AM File c:\program files\kaspersky lab\kaspersky anti-virus 6.0 sos\avp .exe: is still infected, postponed.


Reports
-------
Component Status Start Finish Size
--------- ------ ----- ------ ----
Scan startup objects running 1/22/2008 5:36:45 AM 482 KB


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.dnn c:\windows\system32\csnxrmws.dll 160 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.dgo ctfmon.exe\ctfmon.exe 372 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.dgo avp.exe\avp.exe 592 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.dgo avp.exe\avp.exe 592 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.dih c:\windows\system32\awtqn.dll 336.5 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.dgo ctfmon.exe\ctfmon.exe 372 KB
Infected: Trojan program Trojan-Dropper.Win32.Agent.dgo C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe 576 KB

[Shaba]

Hi nsga1

Rename HijackThis.exe to nsga1.exe and post back a fresh HijackThis log, please

[nsga1]

Where do I change the name ? in the Hijack folderThank you. I'll try it when I get home tonight and repost.

[Shaba]

Hi

Rename HijackThis.exe to nsga1.exe by doing the following;

• Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
• Right-click on the HijackThis.exe
• Choose from the pull-down menu; "Rename"
• And now Rename HijackThis.exe to nsga1.exe
• When you've renamed HijackThis, open HijackThis again.
• Take a fresh HijackThis log (click Do a system scan and save a log file)
• Post the fresh HijackThis log here.

[nsga1]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:43 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\nsga1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BOB\Application Data\Mozilla\Profiles\default\p0ly8aft.slt\prefs.js)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: {04ecce7c-ba69-ea19-26d4-6f0ea676f431} - {134f676a-e0f6-4d62-91ae-96abc7ecce40} - C:\WINDOWS\system32\acfrnddi.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {43B46ACD-6EE3-4C2A-B966-D0376B9B64A2} - C:\WINDOWS\system32\awtqn.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /QS
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [44abe178] "rundll32.exe" "C:\WINDOWS\system32\ybbrxonx.dll",b
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1007\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Grace')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Tony')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-1009\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Noelle')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-500\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Administrator')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-500\..\RunOnce: [SpybotDeletingB4253] command /c del "C:\WINDOWS\system32\csnxrmws.dll_old" (User 'Administrator')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-500\..\RunOnce: [SpybotDeletingD1987] cmd /c del "C:\WINDOWS\system32\csnxrmws.dll_old" (User 'Administrator')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-500\..\RunOnce: [SpybotDeletingB9128] command /c del "C:\WINDOWS\system32\csnxrmws.dll" (User 'Administrator')
O4 - HKUS\S-1-5-21-181056595-1994806308-2322526153-500\..\RunOnce: [SpybotDeletingD9388] cmd /c del "C:\WINDOWS\system32\csnxrmws.dll" (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

[nsga1]

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe
O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://mail.malden.mec.edu/iNotes.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - http://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://mycampus.phoenix.edu/support...oad/CVALAX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151289857000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1151290801484
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoshare.microgaming.com/...re/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0167741201228485) (0167741201228485mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\016774~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVP - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp .exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - c:\program files\mcafee\msk\msksrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 21986 bytes

[Shaba]

Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report

[nsga1]

ComboFix 08-02.02.5 - Lori 2008-02-02 11:17:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1367 [GMT -5:00]
Running from: C:\Documents and Settings\Lori\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\setup.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\acfrnddi.dll
C:\WINDOWS\system32\aqftkvvn.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\bvjfikhf.dll
C:\WINDOWS\system32\fkaiimif.ini
C:\WINDOWS\system32\gfurykvh.ini
C:\WINDOWS\system32\kyuehqpt.dll
C:\WINDOWS\system32\lapmdxwh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlhtwmcr.dll
C:\WINDOWS\system32\nldgonkb.dll
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\oipnimsu.ini
C:\WINDOWS\system32\qgshbgpd.ini
C:\WINDOWS\system32\tpqheuyk.ini
C:\WINDOWS\system32\wftvvvcl.ini
C:\WINDOWS\system32\wqfdwxwv.dll
C:\WINDOWS\system32\wyhwoens.dll
C:\WINDOWS\system32\ylregyes.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-02-02 11:01 . 2008-02-02 11:43 124 --a------ C:\WINDOWS\_WVINUSE.ini
2008-01-30 21:21 . 2008-01-30 21:21 <DIR> d-------- C:\Documents and Settings\Noelle\Application Data\Talkback
2008-01-21 19:55 . 2008-02-02 10:55 7,741,472 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-21 19:55 . 2008-02-02 10:55 1,054,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-21 19:55 . 2008-02-02 10:55 105,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 19:55 . 2008-02-02 10:55 101,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-21 19:54 . 2008-01-21 19:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-21 19:49 . 2008-01-21 19:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-21 19:49 . 2008-01-21 19:49 <DIR> d-------- C:\KAV
2008-01-21 13:28 . 2008-02-02 10:54 1,178 ---hs---- C:\WINDOWS\system32\xnoxrbby.ini
2008-01-21 12:29 . 2008-01-21 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prism
2008-01-21 12:28 . 2005-11-15 22:16 357,632 -ra------ C:\WINDOWS\system32\drivers\2862WICB.sys
2008-01-21 12:27 . 2008-01-21 12:27 <DIR> d-------- C:\Program Files\SMC
2008-01-21 12:27 . 2008-01-21 12:27 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-01-21 10:51 . 2008-01-21 10:51 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\HPAppData
2008-01-19 07:29 . 2008-01-23 22:31 1,357 --a------ C:\WINDOWS\wininit.ini
2008-01-19 06:30 . 2008-01-19 06:30 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Talkback
2008-01-18 16:57 . 2008-01-19 05:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-18 16:57 . 2008-01-19 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-18 10:17 . 2008-01-19 12:34 2,667,099 --ahs---- C:\WINDOWS\system32\hwifxssq.ini
2008-01-16 16:29 . 2008-01-16 16:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:29 . 2008-01-16 16:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-16 15:57 . 2008-01-16 15:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-01-15 23:14 . 2008-01-15 23:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-01-15 23:12 . 2003-12-02 16:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-01-15 23:11 . 2008-01-15 23:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-01-11 23:08 . 2008-01-22 05:42 <DIR> d-------- C:\VundoFix Backups
2008-01-06 13:39 . 2008-01-06 13:39 <DIR> d-------- C:\Documents and Settings\Noelle\Application Data\HPAppData
2008-01-06 00:43 . 2008-01-06 00:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-05 23:56 . 2008-01-05 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-01-05 23:49 . 2007-03-07 23:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-05 23:48 . 2008-01-05 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-01-05 23:48 . 2007-03-07 23:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-05 23:45 . 2007-05-02 03:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-01-05 23:45 . 2007-05-02 04:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-01-05 23:45 . 2007-03-07 23:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-01-05 23:45 . 2007-03-07 23:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-01-05 23:45 . 2007-05-02 04:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-01-05 23:45 . 2007-03-07 23:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-01-05 23:25 . 2008-01-05 23:25 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\HP
2008-01-05 23:19 . 2008-01-05 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-01-05 23:12 . 2008-01-05 23:14 146,986 --------- C:\WINDOWS\hpoins21.dat.temp
2008-01-05 23:12 . 2007-05-15 05:10 8,138 --------- C:\WINDOWS\hpomdl21.dat.temp
2008-01-05 22:49 . 2008-01-05 22:49 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\HPAppData
2008-01-05 21:59 . 2008-01-05 21:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-01-05 21:59 . 2008-01-05 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-01-05 21:58 . 2008-01-05 21:58 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-05 21:57 . 2008-01-05 21:57 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-05 21:56 . 2008-01-05 21:56 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-01-05 21:54 . 2008-01-05 23:19 <DIR> d-------- C:\Program Files\HP
2008-01-05 21:52 . 2008-01-06 00:01 147,669 --a------ C:\WINDOWS\hpoins21.dat
2008-01-05 21:52 . 2007-05-15 05:10 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-01-02 23:30 . 2008-01-02 23:30 <DIR> d-------- C:\Program Files\Casino Share Flash Casino
2008-01-02 18:28 . 2008-01-02 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2008-01-02 18:25 . 2008-01-02 18:25 <DIR> d-------- C:\MicroGaming

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 16:34 22 ----a-w C:\qpmd8376.bin
2008-02-02 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-02 03:11 --------- d-----w C:\Documents and Settings\Bob\Application Data\SiteAdvisor
2008-02-02 02:20 --------- d-----w C:\Program Files\VIP Casinos
2008-01-31 04:17 --------- d-----w C:\Documents and Settings\Noelle\Application Data\SiteAdvisor
2008-01-22 10:41 --------- d-----w C:\Program Files\iTunes
2008-01-22 01:11 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2008-01-22 00:18 --------- d-----w C:\Documents and Settings\Lori\Application Data\SiteAdvisor
2008-01-21 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 17:15 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2008-01-17 01:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-17 01:48 --------- d-----w C:\Documents and Settings\Lori\Application Data\McAfee
2008-01-11 03:31 --------- d-----w C:\Program Files\WhiteSmoke
2008-01-09 04:11 --------- d-----w C:\Program Files\QuickTime
2008-01-09 04:11 --------- d-----w C:\Program Files\ESPNRunTime
2008-01-09 04:11 --------- d-----w C:\Program Files\DIGStream
2008-01-09 04:10 --------- d-----w C:\Program Files\MSN Messenger
2008-01-09 04:10 --------- d-----w C:\Program Files\AIM95
2008-01-09 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-01-05 01:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2008-01-05 01:34 23,920 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-05 01:34 21,872 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 01:34 20,336 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-05 01:34 163,696 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-04 01:45 --------- d-----w C:\Program Files\DL_cats
2007-12-31 05:29 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-31 05:23 --------- d-----w C:\Program Files\Dell_Photo AIO Printer 962
2007-12-30 17:30 --------- d-----w C:\Program Files\Dell_ENA
2007-12-30 17:30 --------- d-----w C:\Program Files\Dell
2007-12-30 16:05 --------- d-----w C:\Program Files\KeyGen Crack
2007-12-30 01:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
2007-12-30 00:38 --------- d-----w C:\Documents and Settings\Lori\Application Data\AdobeUM
2007-12-28 02:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-28 01:56 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-27 23:32 --------- d-----w C:\Documents and Settings\Lori\Application Data\Apple Computer
2007-12-23 00:02 --------- d-----w C:\Program Files\BatchPhoto
2007-12-23 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-21 04:02 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-09 21:11 --------- d-----w C:\Program Files\PhotoFiltre
2007-12-08 05:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-09 01:13 164 ----a-w C:\install.dat
2002-05-19 05:57 944,797 ----a-w C:\Program Files\wrar300.exe
2002-05-15 04:37 473 ----a-w C:\Program Files\rarregkey.txt
2002-04-01 13:43 11,264 ----a-w C:\Program Files\readme.wri
.

Code:

<pre>
----a-w           620,152 2007-12-30 01:02:58  C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
----a-w            57,344 2008-01-09 03:09:18  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w            67,488 2007-12-30 01:03:04  C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy .exe
----a-w            40,048 2007-12-30 01:02:55  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            67,112 2008-01-07 05:39:30  C:\Program Files\AIM95\aim .exe
----a-w           335,872 2008-01-07 20:53:33  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w         2,321,600 2008-01-07 05:39:38  C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater .exe
----a-w            94,208 2008-01-05 19:00:53  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w            28,672 2008-01-09 03:09:08  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w           278,528 2008-01-09 03:09:07  C:\Program Files\DIGStream\digstream .exe
----a-w           101,888 2008-01-09 03:09:12  C:\Program Files\ESPNRunTime\DIGServices .exe
----a-w            68,856 2008-01-09 03:09:21  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w            49,152 2008-01-09 03:09:19  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w           267,048 2008-01-16 21:29:06  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2008-01-09 03:09:13  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w           231,952 2008-01-22 10:35:41  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp  .exe
----a-w            67,128 2008-01-07 05:39:23  C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
----a-w           582,992 2008-01-22 10:34:22  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w         5,674,352 2008-01-07 05:39:49  C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w           286,720 2008-01-10 03:15:50  C:\Program Files\QuickTime\qttask            .exe
----a-w           286,720 2008-01-10 03:15:50  C:\Program Files\QuickTime\qttask           .exe
----a-w           286,720 2008-01-10 03:15:50  C:\Program Files\QuickTime\qttask          .exe
----a-w           286,720 2008-01-11 13:47:40  C:\Program Files\QuickTime\qttask         .exe
----a-w           286,720 2008-01-10 03:15:50  C:\Program Files\QuickTime\qttask        .exe
----a-w           286,720 2008-01-10 03:15:51  C:\Program Files\QuickTime\qttask       .exe
----a-w           286,720 2008-01-10 03:15:51  C:\Program Files\QuickTime\qttask      .exe
----a-w           286,720 2008-01-10 03:15:51  C:\Program Files\QuickTime\qttask     .exe
----a-w           286,720 2008-01-11 13:47:41  C:\Program Files\QuickTime\qttask    .exe
----a-w           286,720 2008-01-10 03:15:52  C:\Program Files\QuickTime\qttask   .exe
----a-w           286,720 2008-01-10 03:15:52  C:\Program Files\QuickTime\qttask  .exe
----a-w           286,720 2008-01-10 03:15:52  C:\Program Files\QuickTime\qttask .exe
----a-w            36,904 2008-01-09 03:09:11  C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w         5,367,608 2008-01-23 00:48:54  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w           158,208 2008-01-21 17:15:05  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w            28,672 2008-01-07 05:38:44  C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal .exe
----a-w            15,360 2008-01-22 10:35:18  C:\WINDOWS\system32\ctfmon .exe
----a-w           114,688 2008-01-07 05:38:43  C:\WINDOWS\system32\hkcmd .exe
----a-w           155,648 2008-01-07 05:38:41  C:\WINDOWS\system32\igfxtray .exe
</pre>

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{134f676a-e0f6-4d62-91ae-96abc7ecce40}]
C:\WINDOWS\system32\acfrnddi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43B46ACD-6EE3-4C2A-B966-D0376B9B64A2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-16 16:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [ ]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2006-10-30 13:12 2287152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"PRISMSVR.EXE"="C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"combofix"="C:\ComboFix\kmd.exe" [2004-08-04 02:56 388608]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"McWebDownlMgr"="C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe" [ ]

C:\Documents and Settings\Lori\Start Menu\Programs\Startup\
Kaboom! Jr. Control Panel.lnk - C:\Documents and Settings\Lori\My Documents\My Music\KAB_JR\KABOOM.EXE [2007-03-04 19:28:55 5072]
MemoKit.lnk - C:\Program Files\MemoKit\mk.exe [2004-04-19 11:58:34 21504]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-06-25 23:05:30 155715]
Office Information Worker Feedback Program.lnk - C:\Program Files\Microsoft Office System Information Worker Feedback Program\wfpscheduler.exe [2006-04-22 10:46:30 106496]