I also ran the Combo Fix... here's that log.
"Rebecca" - 2007-06-30 15:16:31 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\gebxxvs.dll
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rqtss.tmp
C:\WINDOWS\system32\qomkifc.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\DOWNLO~1.\DinerDash.1.0.0.80
C:\WINDOWS\system32\bszip.dll
((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))
2007-06-30 15:07 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-30 11:12 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-30 10:34 128,576 --a------ C:\WINDOWS\system32\pyyddfoo.dll
2007-06-30 09:05 128,576 --a------ C:\WINDOWS\system32\wknsdkev.dll
2007-06-29 22:45 <DIR> d-------- C:\DOCUME~1\Rebecca\DoctorWeb
2007-06-29 21:35 <DIR> d-------- C:\Lightscribe Labels
2007-06-29 21:00 <DIR> d-------- C:\DOCUME~1\Rebecca\APPLIC~1\WTablet
2007-06-29 20:59 6,272 --a------ C:\WINDOWS\system32\drivers\wacomvhid.sys
2007-06-29 20:59 5,632 --a------ C:\WINDOWS\system32\drivers\wacommousefilter.sys
2007-06-29 20:59 140,848 --a------ C:\WINDOWS\system32\Wintab32.dll
2007-06-29 20:59 1,013,296 --a------ C:\WINDOWS\system32\Tablet.exe
2007-06-29 20:59 <DIR> d-------- C:\WINDOWS\system32\WTablet
2007-06-29 20:59 <DIR> d-------- C:\Program Files\Tablet
2007-06-29 19:37 <DIR> d-------- C:\System32
2007-06-29 18:59 <DIR> d-------- C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Ipswitch
2007-06-29 10:15 <DIR> d-------- C:\Program Files\Common Files\Ankiro
2007-06-29 10:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPAMfighter
2007-06-29 09:32 <DIR> d-------- C:\HijackThis
2007-06-29 05:29 128,576 --a------ C:\WINDOWS\system32\oojsnrtw.dll
2007-06-28 17:26 6,062 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-28 17:11 <DIR> d-------- C:\VundoFix Backups
2007-06-28 13:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-27 23:52 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-06-27 23:49 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-06-27 23:49 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-06-27 23:49 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-06-27 23:49 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-06-27 23:49 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-06-27 23:49 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-06-27 23:47 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-27 23:47 <DIR> d-------- C:\Program Files\McAfee
2007-06-27 23:47 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-06-27 00:22 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-06-27 00:22 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-06-27 00:22 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-06-27 00:22 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-06-27 00:22 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-06-27 00:22 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-06-27 00:22 <DIR> d-------- C:\DOCUME~1\Rebecca\APPLIC~1\PC Tools
2007-06-27 00:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-26 09:47 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-26 09:36 <DIR> d-------- C:\WINDOWS\system32\recngrvl
2007-06-25 18:20 <DIR> d-------- C:\DOCUME~1\Rebecca\APPLIC~1\.bittorrent
2007-06-25 14:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-06-25 14:19 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-25 14:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-06-24 13:07 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Ahead
2007-06-10 12:06 <DIR> d-------- C:\Albert
2007-06-05 10:34 1,184,664 --a------ C:\WINDOWS\system32\FreeImage.dll
2007-05-31 10:59 <DIR> d-------- C:\Program Files\iTunes
2007-05-31 10:59 <DIR> d-------- C:\Program Files\iPod
2007-05-22 12:47 <DIR> d-------- C:\Program Files\Banner Maker Pro 6
2007-05-17 17:53 <DIR> d-------- C:\DOCUME~1\Rebecca\APPLIC~1\Uniblue
2007-05-06 11:44 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2007-05-06 11:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
2007-05-06 11:24 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2007-05-06 11:24 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2007-05-06 11:12 <DIR> d-------- C:\Program Files\Bonjour
2007-05-06 10:52 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-05-03 11:10 <DIR> d-------- C:\Program Files\QuickTime
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-28 14:07:35 -------- d-----w C:\Program Files\XoftSpySE
2007-06-28 04:15:08 -------- d-----w C:\DOCUME~1\Rebecca\APPLIC~1\McAfee
2007-06-27 14:39:52 -------- d-----w C:\Program Files\Thumbs7
2007-06-27 12:17:49 -------- d-----w C:\Program Files\AOL Toolbar
2007-06-26 18:01:12 -------- d-----w C:\DOCUME~1\Rebecca\APPLIC~1\Iomega Automatic Backup Pro
2007-06-26 17:45:41 -------- d-----w C:\Program Files\Common Files\aolshare
2007-06-26 17:45:40 -------- d-----w C:\Program Files\WS_FTP
2007-06-26 17:45:15 -------- d-----w C:\Program Files\WDC
2007-06-26 17:44:21 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-06-26 17:44:20 -------- d-----w C:\Program Files\Quick ShutDown
2007-06-26 17:44:15 -------- d-----w C:\Program Files\Webshots
2007-06-26 17:43:45 -------- d-----w C:\Program Files\America Online 9.0a
2007-06-26 17:43:33 -------- d-----w C:\Program Files\America Online 9.0
2007-06-25 22:20:57 -------- d-----w C:\DOCUME~1\Rebecca\APPLIC~1\.bittorrent
2007-06-25 18:14:42 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-25 18:12:39 -------- d-----w C:\DOCUME~1\Rebecca\APPLIC~1\Apple Computer
2007-06-24 16:19:28 -------- d-----w C:\DOCUME~1\Rebecca\APPLIC~1\RipIt4Me
2007-06-14 11:49:24 -------- d-----w C:\Program Files\RegCure
2007-06-13 16:26:04 9,433 -c--a-w C:\WINDOWS\mozver.dat
2007-06-13 12:30:46 -------- d-----w C:\DOCUME~1\Rebecca\APPLIC~1\SPAMfighter
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-09 22:04:39 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-08 03:01:13 3,766 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-03 15:08:46 -------- d-----w C:\Program Files\Apple Software Update
2007-05-01 19:16:25 -------- d-----w C:\Program Files\Shockwave.com
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll
2006-10-23 21:51:49 104 -csha-r C:\WINDOWS\system32\3CC10F6DAA.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{01F220E9-8F8B-4B15-AC56-B4A4CF60152E}=C:\WINDOWS\system32\mljjk.dll []
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 11:09]
{4DC3DF36-FA08-4392-BDF5-A5360E662A8E}=C:\WINDOWS\system32\ddabb.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{6E80E9AF-5346-4AD6-B78F-D35D1DB3C7AD}=C:\WINDOWS\system32\awvtu.dll []
{70DB27C1-66D7-44D3-950B-EE0D796B4CB9}=C:\WINDOWS\system32\vtsts.dll []
{724d43a9-0d85-11d4-9908-00400523e39a}=C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2007-06-29 15:40]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}=c:\program files\mcafee\virusscan\scriptcl.dll [2006-12-22 16:02]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2006-08-09 17:52]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-17 18:34]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" [2004-08-06 09:27]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 14:48]
"SetIcon"="\Program Files\WDC\SetIcon.exe" [2004-04-28 15:02]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1147893218\ee\AOLSoftware.exe" [2006-09-25 20:52]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" []
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 13:52]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-04-09 11:31]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2007-01-03 13:01]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 16:41]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03]
"Opware15"="C:\Program Files\ScanSoft\OmniPage15\Opware15.exe" [2006-12-18 17:38]
"ScanSoft OmniPage 15-reminder"="C:\Program Files\ScanSoft\OmniPage15\Ereg\Ereg.exe" [2006-11-27 11:25]
"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Converter 4\RegistryController.exe" [2006-12-20 18:13]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 22:12]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 22:17]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 22:13]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe" [2007-03-20 16:40]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-04-05 12:53]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24]
"@"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Automatic Backup Pro"="C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" [2005-07-01 10:12]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 18:34]
"SHCenter.exe"="C:\Program Files\IMSI\HiJaak 5.0\bin\shcenter.exe" [1999-07-26 12:27]
"runner.exe"="C:\Program Files\IMSI\HiJaak 5.0\bin\shcenter.exe" [1999-07-26 12:27]
"iolo Utility Bar"="C:\Program Files\iolo\System Mechanic 5\SMUtilityBar.exe" [2005-02-17 14:10]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-06-29 15:40]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjg]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqr]
C:\WINDOWS\system32\sstqr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 relog_ap
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yhypghyz.exe]
C:\Documents and Settings\All Users\Application Data\yhypghyz.exe
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
Contents of the 'Scheduled Tasks' folder
2007-06-28 14:56:09 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-28 03:48:34 C:\WINDOWS\tasks\McDefragTask.job
2007-06-28 03:48:33 C:\WINDOWS\tasks\McQcTask.job
2007-06-05 12:07:16 C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
2007-06-30 19:30:43 C:\WINDOWS\tasks\RegCure Program Check.job
2007-06-28 13:26:32 C:\WINDOWS\tasks\RegCure.job
2007-06-30 19:30:43 C:\WINDOWS\tasks\XoftSpySE 2.job
2007-06-30 12:18:10 C:\WINDOWS\tasks\XoftSpySE.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-06-30 15:30:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s?????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-30 15:35:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-30 15:35
--- E O F ---
__________________________________________________
I ran HijackThis and deleted the odd looking {empty} items similar to those listed in the thread I followed.
__________________________________________________
I've run AVG and it found no problems.
My computer was still not up to speed. I opened IE and poked around there a bit, found a "reset to factory specifications" button and did so. For whatever reason, that seemed to do the trick. I've not had any speed slowdowns or popups since late yesterday, but would appreciate your looking at my most recent HijackThis log just in case.
I have also turned off restore, rebooted and set a new "Clean PC" restore point.
HJT log will follow. Thank you so much!
