evil Virtumonde!!!!

F

flipper55

New member
I have virtumonde and spysherriff. And now the MY COMPUTER icon is a red "X" and won't go away. KAV scan posted below, in two or three posts.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 20, 2008 9:20:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/03/2008
Kaspersky Anti-Virus database records: 648510
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 58740
Number of viruses found: 35
Number of infected objects: 305
Number of suspicious objects: 0
Duration of the scan process: 01:19:51

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008032020080321\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SV2DY1YH\_bm1fcmlke3JpZH1fa3cyX21hNXM_a2FzcGVyc2t5_bm1fNjgwODlfMzI1YTI2ZTQ1MTZiMTFkYzkyODFmNjgwODlmZGZmZmZfZTE3OThkN2M0NDRhNDA5NGJiZWRlNTBiOGFkYjNjNDg_[1].exe Infected: not-virus:Hoax.Win32.Renos.bej skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\McAfee Fire\FireLog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\Bcampbell.AMER-AD\Local Settings\Temp\9fp4i6io.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dqt skipped
C:\Documents and Settings\Bcampbell.AMER-AD\Local Settings\Temp\9fp4i6io.exe/stream Infected: Trojan-Downloader.Win32.Zlob.dqt skipped
C:\Documents and Settings\Bcampbell.AMER-AD\Local Settings\Temp\9fp4i6io.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Bcampbell.AMER-AD\Local Settings\Temp\dovqgsae.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Documents and Settings\Bcampbell.AMER-AD\Local Settings\Temp\_bm1fcmlkX21hX2t3MV9tYTVz_cGRh_bm1fNjgwODlfMzI1YTI2ZTQ1MTZiMTFkYzkyODFmNjgwODlmZGZmZmZfZTE3OThkN2M0NDRhNDA5NGJiZWRlNTBiOGFkYjNjNDg_.exe Infected: not-virus:Hoax.Win32.Renos.awj skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Novadigm\ManagementAgent\rma.log Object is locked skipped
C:\Program Files\Apoint\Apoint.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\Program Files\AT&T Global Network Client\NetSP.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\Program Files\Common Files\rfrr\rfrra.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Common Files\rfrr\rfrrl.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Common Files\rfrr\rfrrm.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Common Files\rfrr\rfrrp.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\Program Files\IBM\Client Access\cwbckver.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\Program Files\IBM\Client Access\cwbinhlp.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\Program Files\IBM\Client Access\cwbsvstr.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\Program Files\IBM\Client Access\cwbwlwiz.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\Program Files\Internet Explorer\lavufavel.dll Infected: Trojan.Win32.BHO.ab skipped
C:\Program Files\Internet Explorer\lavufavel635.dll Infected: Trojan.Win32.BHO.ab skipped
C:\Program Files\Internet Explorer\lavufavel86.dll Infected: Trojan.Win32.BHO.ab skipped
C:\Program Files\Internet Explorer\profsysypruk.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\Program Files\Novadigm\Log\radexecd.log Object is locked skipped
C:\Program Files\Novadigm\Log\radsched.log Object is locked skipped
C:\Program Files\Novadigm\Log\radstgms.log Object is locked skipped
C:\Program Files\Novadigm\radtray.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\Program Files\Windows Media Player\profsysypruk.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\quarantine\Dc2.Vir.Vir Infected: Trojan-Downloader.Win32.VB.cvs skipped
 
part II

Part II of KAV scan:

C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP266\A0050363.exe/data0008 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP266\A0050363.exe/data0009 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP266\A0050363.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP266\A0050364.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP271\A0050554.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP273\A0050611.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP273\A0050612.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP273\A0050613.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP273\A0050614.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051003.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051004.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051005.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051006.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051007.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051008.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051009.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051010.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051011.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051012.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051013.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051014.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051015.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051016.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051017.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051018.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051019.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051020.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051021.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051022.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051023.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051024.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051025.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051026.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051027.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051028.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051029.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051030.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051031.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051032.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051033.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051034.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051035.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051036.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051037.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051038.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051039.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051040.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051041.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051042.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051044.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051097.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051099.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051100.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051101.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051102.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051103.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051104.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051105.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051106.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051108.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051109.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051110.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051111.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051112.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051113.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051114.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051115.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051116.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051117.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051118.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051119.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051120.dll Infected: Trojan.Win32.Pakes.sc skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051121.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051122.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051123.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051124.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ebw skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051125.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051126.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051127.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051128.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051129.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051130.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051131.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051132.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051133.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051134.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051135.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051136.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051137.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051138.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051139.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051140.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051141.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051142.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051143.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051145.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051146.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051147.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051148.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051149.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051150.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051151.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051152.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051153.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051154.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051155.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051156.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051158.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051159.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051160.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051161.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051162.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051163.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051168.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051169.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051170.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051172.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051173.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051174.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051175.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051176.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051177.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051178.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051179.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.eby skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051180.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051181.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051182.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051183.dll Infected: Trojan.Win32.Pakes.fr skipped
 
Part III of KAV scan:

C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051184.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051185.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051186.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051187.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ebw skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051188.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051189.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051190.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051191.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051192.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051193.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051194.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051195.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051196.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051198.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051199.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051200.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051201.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051202.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051203.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051204.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051205.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051206.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051207.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051208.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051209.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051210.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051211.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051212.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051213.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051214.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051215.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051216.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051217.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051218.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051219.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051220.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051221.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051222.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051224.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051225.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051226.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051227.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051228.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051229.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051230.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051231.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051232.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051233.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051234.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051235.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051236.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051238.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051239.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051240.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051241.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051242.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051243.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051244.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051245.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051246.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051247.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051248.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051249.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051250.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051251.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051252.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\A0051253.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{B5A37487-8612-40FE-9C54-76B1B20DC5C7}\RP276\change.log Object is locked skipped
 
final part of KAV scan

Part IV of KAV scan:

C:\WINDOWS\b103.exe_old Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
C:\WINDOWS\b138.exe_old Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_9999_N91S2507NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D19M2108NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWAS7_0001_N99M3108NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_9999_N91S2507NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWAS7_0001_N99M3108NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERS_9999_N91S2507NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWAS7_0001_N99M3108NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\webinst.dll Infected: not-virus:Hoax.Win32.Renos.asm skipped
C:\WINDOWS\Downloaded Program Files\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\RXhlbCBVc2Vy\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\RXhlbCBVc2Vy\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bdwpiwxw.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\WINDOWS\system32\bytkitfr.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\IBD4\rru22011.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\WINDOWS\system32\IBD4\rru22011.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\igfxtray.exe Infected: Trojan-Downloader.Win32.Agent.exa skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\nvvvroqx.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\WINDOWS\system32\ogfthvoy.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wqynwhed.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\WINDOWS\system32\ygpccuoi.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\WINDOWS\Temp\Perflib_Perfdata_444.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
And the HIJACK THIS scan

Here is the HJT scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:02 PM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.exel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.exel.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://88.80.5.21/70/checkin.php?ci...CALS~1\Temp\\1205955778&fw=1088&v=70&m=0&vm=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;198.*;128.*;*.exelusa.com;*.exel-intra.net;*.tbgamericas.com;*.tbgna.com
;<local>
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [RUNRADTRAY] C:\Program Files\Novadigm\radtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [c07f0d39] rundll32.exe "C:\WINDOWS\system32\shgtreqo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.exel.com
O16 - DPF: RevealJFC - http://198.176.168.59/revealjavaweb/applet/revealjfc.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctorNewReleaseInstall.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://10.35.108.51/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122304495406
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://americasportal.exel.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\Software\..\Telephony: DomainName = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Radia Notify Daemon (radexecd) - Novadigm - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Novadigm - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9319 bytes
 
Hi flipper55

Rename HijackThis.exe to flipper55.exe and post back a fresh HijackThis log, please :)
 
Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:58 AM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Novadigm\radsched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Administrator\Desktop\flipper55.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.exel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.exel.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://88.80.5.21/70/checkin.php?ci...CALS~1\Temp\\1205955778&fw=1088&v=70&m=0&vm=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;198.*;128.*;*.exelusa.com;*.exel-intra.net;*.tbgamericas.com;*.tbgna.com
;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F2880B0-7902-43DE-9831-8A55DB095134} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {618F3A1F-C8BC-4A53-199C-9E9B960B1C1B} - C:\Program Files\Internet Explorer\lavufavel86.dll
O2 - BHO: (no name) - {8A146666-E7F1-4FB6-9BDE-9A4F2FE10AD4} - C:\DOCUME~1\BCAMPB~1.AME\LOCALS~1\Temp\pmkhg.dll
O2 - BHO: (no name) - {cab53130-e4ee-410c-b2f1-4eebdd11e804} - C:\WINDOWS\system32\jeblupi.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [RUNRADTRAY] C:\Program Files\Novadigm\radtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [c07f0d39] rundll32.exe "C:\WINDOWS\system32\shgtreqo.dll",b
O4 - HKLM\..\Run: [BMc34c3ea5] Rundll32.exe "C:\WINDOWS\system32\exlddqdt.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.exel.com
O16 - DPF: RevealJFC - http://198.176.168.59/revealjavaweb/applet/revealjfc.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctorNewReleaseInstall.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://10.35.108.51/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122304495406
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://americasportal.exel.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\Software\..\Telephony: DomainName = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O20 - Winlogon Notify: pmkhg - C:\DOCUME~1\BCAMPB~1.AME\LOCALS~1\Temp\pmkhg.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Radia Notify Daemon (radexecd) - Novadigm - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Novadigm - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10014 bytes
 
Hi

Move HijackThis.exe to own folder in Desktop.

After that:

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report
 
Here is the Combofix log. Thanks again.

ComboFix 08-03-26.3 - ExelAdmin 2008-03-28 10:16:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.137 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\BCAMPB~1.AME\LOCALS~1\Temp\pmkhg.dll
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1190215127.old
C:\Program Files\WinBudget\bin\crap.1191423407.old
C:\Program Files\WinBudget\bin\matrix.dll
C:\Program Files\WinBudget\bin\matrix.dll.1191423406.old
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BMc34c3ea5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\dobvodwj.ini
C:\WINDOWS\system32\eclqearw.dll
C:\WINDOWS\system32\eeivtjix.ini
C:\WINDOWS\system32\exlddqdt.dll
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\fcgxjihh.ini
C:\WINDOWS\system32\fgjhpisg.ini
C:\WINDOWS\system32\fmeetkvo.ini
C:\WINDOWS\system32\fpuffqkg.dll
C:\WINDOWS\system32\fqjoyxok.ini
C:\WINDOWS\system32\fqqxclbv.ini
C:\WINDOWS\system32\glklrymy.ini
C:\WINDOWS\system32\jfyttiii.ini
C:\WINDOWS\system32\jjewjmsl.ini
C:\WINDOWS\system32\kkpbkspa.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmkxdeqw.ini
C:\WINDOWS\system32\msssjedu.ini
C:\WINDOWS\system32\naouaptv.ini
C:\WINDOWS\system32\oogltphe.ini
C:\WINDOWS\system32\podfvxak.ini
C:\WINDOWS\system32\qmurhane.ini
C:\WINDOWS\system32\rsgxohuo.ini
C:\WINDOWS\system32\rvgisauq.ini
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\tckihcgg.dll
C:\WINDOWS\system32\uerftawv.dll
C:\WINDOWS\system32\wraeqlce.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-27 10:13 . 2008-03-27 10:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-24 14:50 . 2008-03-21 15:41 229,376 --a------ C:\Program Files\Uninstall My Global Search Bar.dll
2008-03-20 17:03 . 2008-03-24 14:49 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-03-20 17:03 . 2008-03-24 14:49 <DIR> d-------- C:\Program Files\AVSMedia
2008-03-20 12:06 . 2008-03-20 21:50 534 ---hs---- C:\WINDOWS\system32\oqertghs.ini
2008-03-19 22:46 . 2008-03-19 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-19 20:53 . 2008-03-19 20:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-03-19 20:40 . 2008-03-19 20:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-19 14:38 . 2008-03-19 14:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-19 14:33 . 2008-03-19 14:35 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-19 10:08 . 2008-03-20 10:55 1,434 ---hs---- C:\WINDOWS\system32\nukuwdck.ini
2008-03-18 10:03 . 2008-03-18 10:15 1,314,796 --ahs---- C:\WINDOWS\system32\ygwgxlea.ini
2008-03-17 09:45 . 2008-03-18 09:57 1,314,736 --ahs---- C:\WINDOWS\system32\gwasoeyt.ini
2008-03-14 14:01 . 2008-03-17 09:43 1,314,676 --ahs---- C:\WINDOWS\system32\xbeceqrb.ini
2008-03-13 12:59 . 2008-03-14 13:00 1,314,616 --ahs---- C:\WINDOWS\system32\utiucyhl.ini
2008-03-12 12:59 . 2008-03-13 12:59 1,314,556 --ahs---- C:\WINDOWS\system32\jmjixiac.ini
2008-03-12 11:56 . 2008-03-12 11:57 1,314,496 --ahs---- C:\WINDOWS\system32\xybevcml.ini
2008-03-11 10:26 . 2008-03-12 11:57 1,314,436 --ahs---- C:\WINDOWS\system32\dtjoeian.ini
2008-03-10 10:10 . 2008-03-11 10:24 1,317,789 --ahs---- C:\WINDOWS\system32\dbuwapov.ini
2008-03-07 14:54 . 2008-03-10 10:04 1,307,741 --ahs---- C:\WINDOWS\system32\kueapmtg.ini
2008-03-07 13:48 . 2008-03-07 13:49 1,307,681 --ahs---- C:\WINDOWS\system32\nuoacsfb.ini
2008-03-06 13:26 . 2008-03-07 13:45 1,306,737 --ahs---- C:\WINDOWS\system32\qqdobana.ini
2008-03-06 12:00 . 2008-03-06 13:25 1,306,917 --ahs---- C:\WINDOWS\system32\qiucmbok.ini
2008-03-05 11:57 . 2008-03-06 11:57 1,306,797 --ahs---- C:\WINDOWS\system32\oiixijli.ini
2008-03-05 10:57 . 2008-03-05 10:58 1,307,373 --ahs---- C:\WINDOWS\system32\olkxsltt.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 20:50 --------- d-----w C:\Documents and Settings\Bcampbell.AMER-AD\Application Data\Sametime
2008-03-24 20:05 --------- d-----w C:\Program Files\Novadigm
2008-03-21 02:50 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-20 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 05:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 21:34 --------- d-----w C:\Program Files\AT&T Global Network Client
2008-03-03 17:36 --------- d-----w C:\Program Files\Google
2008-02-08 20:03 --------- d-----w C:\Program Files\IBM
2007-02-02 20:50 35,480 ----a-w C:\Documents and Settings\Bcampbell.AMER-AD\Application Data\GDIPFONTCACHEV1.DAT
2006-01-27 09:09 360,600 ----a-w C:\WINDOWS\Internet Logs\tvuninstall.exe
2005-08-02 20:46 187,904 --sha-r C:\WINDOWS\RXhlbCBVc2Vy\asappsrv.dll
2005-08-02 20:58 293,888 --sha-r C:\WINDOWS\RXhlbCBVc2Vy\command.exe
2005-07-29 20:24 472 --sha-r C:\WINDOWS\RXhlbCBVc2Vy\lr15vF1pwZpV.vbs
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 155,648 2004-09-13 15:33:20 C:\Program Files\Apoint\bak\Apoint.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\Apoint\Apoint.exe

----a-w 10,752 2006-03-17 15:00:00 C:\Program Files\AT&T Global Network Client\bak\NetSP.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\AT&T Global Network Client\NetSP.exe

----a-w 147,514 2003-10-07 16:48:56 C:\Program Files\Common Files\Network Associates\TalkBack\bak\tbmon.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe

----a-w 163,576 2006-12-15 18:12:34 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

----a-w 45,056 2002-05-07 09:20:00 C:\Program Files\IBM\Client Access\bak\cwbckver.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\IBM\Client Access\cwbckver.exe

----a-w 24,626 2002-05-07 09:20:00 C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\IBM\Client Access\cwbinhlp.exe

----a-w 20,530 2002-05-07 09:20:00 C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\IBM\Client Access\cwbsvstr.exe

----a-w 20,530 2002-05-07 09:20:00 C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\IBM\Client Access\cwbwlwiz.exe

----a-w 569,413 2005-12-28 19:00:56 C:\Program Files\Intel\Wireless\Bin\bak\EOUWiz.exe

----a-w 602,182 2005-12-28 18:56:16 C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe
----a-w 970,752 2007-02-21 15:17:42 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

----a-w 667,718 2005-12-28 18:55:40 C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe
----a-w 819,200 2007-02-21 15:19:58 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

----a-w 139,320 2005-02-25 19:50:00 C:\Program Files\Network Associates\Common Framework\bak\UpdaterUI.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

----a-w 434,176 2005-05-04 09:10:38 C:\Program Files\Novadigm\bak\radtray.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\Novadigm\radtray.exe

----a-w 282,624 2006-09-15 17:18:46 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 15,360 2004-08-04 05:56:50 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 05:56:50 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2005-02-15 13:02:58 C:\WINDOWS\system32\bak\igfxtray.exe
----a-w 38,924 2007-01-18 19:23:58 C:\WINDOWS\system32\igfxtray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F2880B0-7902-43DE-9831-8A55DB095134}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{618F3A1F-C8BC-4A53-199C-9E9B960B1C1B}]
2007-09-10 09:51 70144 --a------ C:\Program Files\Internet Explorer\lavufavel86.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cab53130-e4ee-410c-b2f1-4eebdd11e804}]
C:\WINDOWS\system32\jeblupi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-01-18 12:23 38924]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-18 12:23 38924]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2007-01-18 12:23 38924]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2007-01-18 12:23 38924]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2007-01-18 12:23 38924]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2007-01-18 12:23 38924]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2007-01-18 12:23 38924]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2007-01-18 12:23 38924]
"RUNRADTRAY"="C:\Program Files\Novadigm\radtray.exe" [2007-01-18 12:23 38924]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 08:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 08:17 970752]
"c07f0d39"="C:\WINDOWS\system32\shgtreqo.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
McAfee Desktop Firewall Tray.lnk - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe [2005-07-26 07:51:53 679996]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RecycleBinSize"= 10 (0xa)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= Msimn.exe
"2"= Outlook.exe
"3"= wab.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2003-10-31 08:01 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=adsi_startup.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
"Apoint"=C:\Program Files\Apoint\Apoint.exe
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe"
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
"QuickTime Task"="C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
"RUNRADTRAY"=C:\Program Files\Novadigm\radtray.exe
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2006-03-17 10:49]
R2 radexecd;Radia Notify Daemon;"C:\Program Files\Novadigm\radexecd.exe" [2005-05-11 08:01]
R2 radsched;Radia Scheduler Daemon;"C:\Program Files\Novadigm\radsched.exe" [2005-06-10 02:10]
R2 Radstgms;Radia MSI Redirector;"C:\Program Files\Novadigm\Radstgms.exe" [2004-08-04 03:53]
R3 ABVPN2K;AGN VPN Client Miniport Interface;C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2005-10-26 09:40]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 12:48]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 10:27:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-03-28 10:29:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-28 17:29:15
Pre-Run: 24,732,549,120 bytes free
Post-Run: 24,761,294,848 bytes free
 
Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:20 AM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\flipper55.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.exel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://88.80.5.21/70/checkin.php?ci...CALS~1\Temp\\1205955778&fw=1088&v=70&m=0&vm=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;198.*;128.*;*.exelusa.com;*.exel-intra.net;*.tbgamericas.com;*.tbgna.com
;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {618F3A1F-C8BC-4A53-199C-9E9B960B1C1B} - C:\Program Files\Internet Explorer\lavufavel86.dll
O2 - BHO: (no name) - {cab53130-e4ee-410c-b2f1-4eebdd11e804} - C:\WINDOWS\system32\jeblupi.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [RUNRADTRAY] C:\Program Files\Novadigm\radtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [c07f0d39] rundll32.exe "C:\WINDOWS\system32\shgtreqo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.exel.com
O16 - DPF: RevealJFC - http://198.176.168.59/revealjavaweb/applet/revealjfc.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://10.35.108.51/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122304495406
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://americasportal.exel.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\Software\..\Telephony: DomainName = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Radia Notify Daemon (radexecd) - Novadigm - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Novadigm - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9760 bytes
 
Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:20 AM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\flipper55.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.exel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://88.80.5.21/70/checkin.php?ci...CALS~1\Temp\\1205955778&fw=1088&v=70&m=0&vm=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;198.*;128.*;*.exelusa.com;*.exel-intra.net;*.tbgamericas.com;*.tbgna.com
;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {618F3A1F-C8BC-4A53-199C-9E9B960B1C1B} - C:\Program Files\Internet Explorer\lavufavel86.dll
O2 - BHO: (no name) - {cab53130-e4ee-410c-b2f1-4eebdd11e804} - C:\WINDOWS\system32\jeblupi.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [RUNRADTRAY] C:\Program Files\Novadigm\radtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [c07f0d39] rundll32.exe "C:\WINDOWS\system32\shgtreqo.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.exel.com
O16 - DPF: RevealJFC - http://198.176.168.59/revealjavaweb/applet/revealjfc.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://10.35.108.51/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122304495406
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://americasportal.exel.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\Software\..\Telephony: DomainName = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Radia Notify Daemon (radexecd) - Novadigm - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Novadigm - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9760 bytes
 
Hi

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
AWF::
C:\Program Files\Apoint\bak\Apoint.exe
C:\Program Files\AT&T Global Network Client\bak\NetSP.exe
Files\Common Files\Network Associates\TalkBack\bak\tbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe
C:\Program Files\IBM\Client Access\bak\cwbckver.exe
C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe
C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe
C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe
C:\Program Files\Intel\Wireless\Bin\bak\EOUWiz.exe
C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe
C:\Program Files\Network Associates\Common Framework\bak\UpdaterUI.exe
C:\Program Files\Novadigm\bak\radtray.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe
C:\WINDOWS\system32\bak\igfxtray.exe

File::
C:\WINDOWS\system32\oqertghs.ini
C:\WINDOWS\system32\nukuwdck.ini
C:\WINDOWS\system32\ygwgxlea.ini
C:\WINDOWS\system32\gwasoeyt.ini
C:\WINDOWS\system32\xbeceqrb.ini
C:\WINDOWS\system32\utiucyhl.ini
C:\WINDOWS\system32\jmjixiac.ini
C:\WINDOWS\system32\xybevcml.ini
C:\WINDOWS\system32\dtjoeian.ini
C:\WINDOWS\system32\dbuwapov.ini
C:\WINDOWS\system32\kueapmtg.ini
C:\WINDOWS\system32\nuoacsfb.ini
C:\WINDOWS\system32\qqdobana.ini
C:\WINDOWS\system32\qiucmbok.ini
C:\WINDOWS\system32\oiixijli.ini
C:\WINDOWS\system32\olkxsltt.ini
C:\Program Files\Uninstall My Global Search Bar.dll

Folder::
C:\WINDOWS\RXhlbCBVc2Vy

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F2880B0-7902-43DE-9831-8A55DB095134}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{618F3A1F-C8BC-4A53-199C-9E9B960B1C1B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cab53130-e4ee-410c-b2f1-4eebdd11e804}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c07f0d39"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
You provide a wonderful and useful service, and even on weekends. Thanks again.

Combofix log:

ComboFix 08-03-26.3 - ExelAdmin 2008-03-29 12:57:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.180 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\Program Files\Uninstall My Global Search Bar.dll
C:\WINDOWS\system32\dbuwapov.ini
C:\WINDOWS\system32\dtjoeian.ini
C:\WINDOWS\system32\gwasoeyt.ini
C:\WINDOWS\system32\jmjixiac.ini
C:\WINDOWS\system32\kueapmtg.ini
C:\WINDOWS\system32\nukuwdck.ini
C:\WINDOWS\system32\nuoacsfb.ini
C:\WINDOWS\system32\oiixijli.ini
C:\WINDOWS\system32\olkxsltt.ini
C:\WINDOWS\system32\oqertghs.ini
C:\WINDOWS\system32\qiucmbok.ini
C:\WINDOWS\system32\qqdobana.ini
C:\WINDOWS\system32\utiucyhl.ini
C:\WINDOWS\system32\xbeceqrb.ini
C:\WINDOWS\system32\xybevcml.ini
C:\WINDOWS\system32\ygwgxlea.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Uninstall My Global Search Bar.dll
C:\WINDOWS\b104.exe
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S1502NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UERS_9999_N91S2507NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWAS7_0001_N99M3108NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\WinAntiSpyware2007FreeInstall.exe
C:\WINDOWS\RXhlbCBVc2Vy
C:\WINDOWS\RXhlbCBVc2Vy\asappsrv.dll
C:\WINDOWS\RXhlbCBVc2Vy\command.exe
C:\WINDOWS\RXhlbCBVc2Vy\lr15vF1pwZpV.vbs
C:\WINDOWS\system32\dbuwapov.ini
C:\WINDOWS\system32\dtjoeian.ini
C:\WINDOWS\system32\gwasoeyt.ini
C:\WINDOWS\system32\jmjixiac.ini
C:\WINDOWS\system32\jrvjmhzx.dllbox
C:\WINDOWS\system32\kueapmtg.ini
C:\WINDOWS\system32\nukuwdck.ini
C:\WINDOWS\system32\nuoacsfb.ini
C:\WINDOWS\system32\oiixijli.ini
C:\WINDOWS\system32\olkxsltt.ini
C:\WINDOWS\system32\oqertghs.ini
C:\WINDOWS\system32\qiucmbok.ini
C:\WINDOWS\system32\qqdobana.ini
C:\WINDOWS\system32\utiucyhl.ini
C:\WINDOWS\system32\xbeceqrb.ini
C:\WINDOWS\system32\xybevcml.ini
C:\WINDOWS\system32\ygwgxlea.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-27 10:13 . 2008-03-27 10:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 17:03 . 2008-03-24 14:49 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-03-20 17:03 . 2008-03-24 14:49 <DIR> d-------- C:\Program Files\AVSMedia
2008-03-19 22:46 . 2008-03-19 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-19 20:53 . 2008-03-19 20:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-03-19 20:40 . 2008-03-19 20:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-19 14:38 . 2008-03-19 14:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-19 14:33 . 2008-03-19 14:35 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 19:59 --------- d-----w C:\Program Files\AT&T Global Network Client
2008-03-29 19:57 --------- d-----w C:\Program Files\Apoint
2008-03-26 20:50 --------- d-----w C:\Documents and Settings\Bcampbell.AMER-AD\Application Data\Sametime
2008-03-24 20:05 --------- d-----w C:\Program Files\Novadigm
2008-03-21 02:50 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-20 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 05:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-03 17:36 --------- d-----w C:\Program Files\Google
2008-02-08 20:03 --------- d-----w C:\Program Files\IBM
2008-01-04 06:00 9,123 ----a-w C:\WINDOWS\system32\pgcwlyls.dll
2007-02-02 20:50 35,480 ----a-w C:\Documents and Settings\Bcampbell.AMER-AD\Application Data\GDIPFONTCACHEV1.DAT
2006-01-27 09:09 360,600 ----a-w C:\WINDOWS\Internet Logs\tvuninstall.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-28_10.28.57.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-19 22:34:40 41,066 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-28 17:29:25 41,066 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-19 22:34:40 313,514 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-28 17:29:25 313,514 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-29 19:53:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_36c.dat
+ 2008-03-29 19:53:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_d0.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 147,514 2003-10-07 16:48:56 C:\Program Files\Common Files\Network Associates\TalkBack\bak\tbmon.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe

----a-w 163,576 2006-12-15 18:12:34 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

----a-w 45,056 2002-05-07 09:20:00 C:\Program Files\IBM\Client Access\bak\cwbckver.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\IBM\Client Access\cwbckver.exe

----a-w 24,626 2002-05-07 09:20:00 C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\IBM\Client Access\cwbinhlp.exe

----a-w 20,530 2002-05-07 09:20:00 C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\IBM\Client Access\cwbsvstr.exe

----a-w 20,530 2002-05-07 09:20:00 C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\IBM\Client Access\cwbwlwiz.exe

----a-w 569,413 2005-12-28 19:00:56 C:\Program Files\Intel\Wireless\Bin\bak\EOUWiz.exe

----a-w 602,182 2005-12-28 18:56:16 C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe
----a-w 970,752 2007-02-21 15:17:42 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

----a-w 667,718 2005-12-28 18:55:40 C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe
----a-w 819,200 2007-02-21 15:19:58 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

----a-w 139,320 2005-02-25 19:50:00 C:\Program Files\Network Associates\Common Framework\bak\UpdaterUI.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

----a-w 434,176 2005-05-04 09:10:38 C:\Program Files\Novadigm\bak\radtray.exe
----a-w 38,924 2007-01-18 19:23:58 C:\Program Files\Novadigm\radtray.exe

----a-w 282,624 2006-09-15 17:18:46 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 15,360 2004-08-04 05:56:50 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 05:56:50 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2005-02-15 13:02:58 C:\WINDOWS\system32\bak\igfxtray.exe
----a-w 38,924 2007-01-18 19:23:58 C:\WINDOWS\system32\igfxtray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 08:33 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-18 12:23 38924]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2007-01-18 12:23 38924]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2007-01-18 12:23 38924]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2007-01-18 12:23 38924]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2007-01-18 12:23 38924]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2007-01-18 12:23 38924]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2007-01-18 12:23 38924]
"RUNRADTRAY"="C:\Program Files\Novadigm\radtray.exe" [2007-01-18 12:23 38924]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 08:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 08:17 970752]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
McAfee Desktop Firewall Tray.lnk - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe [2005-07-26 07:51:53 679996]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RecycleBinSize"= 10 (0xa)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= Msimn.exe
"2"= Outlook.exe
"3"= wab.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2003-10-31 08:01 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=adsi_startup.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
"Apoint"=C:\Program Files\Apoint\Apoint.exe
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe"
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
"QuickTime Task"="C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
"RUNRADTRAY"=C:\Program Files\Novadigm\radtray.exe
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2006-03-17 10:49]
R2 radexecd;Radia Notify Daemon;"C:\Program Files\Novadigm\radexecd.exe" [2005-05-11 08:01]
R2 radsched;Radia Scheduler Daemon;"C:\Program Files\Novadigm\radsched.exe" [2005-06-10 02:10]
R2 Radstgms;Radia MSI Redirector;"C:\Program Files\Novadigm\Radstgms.exe" [2004-08-04 03:53]
R3 ABVPN2K;AGN VPN Client Miniport Interface;C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2005-10-26 09:40]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 12:48]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 12:59:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
Completion time: 2008-03-29 12:59:58
ComboFix-quarantined-files.txt 2008-03-29 19:59:49
ComboFix2.txt 2008-03-28 17:29:19
Pre-Run: 24,738,811,904 bytes free
Post-Run: 24,707,092,480 bytes free
 
And the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:11 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\flipper55.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.exel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://88.80.5.21/70/checkin.php?ci...CALS~1\Temp\\1205955778&fw=1088&v=70&m=0&vm=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;198.*;128.*;*.exelusa.com;*.exel-intra.net;*.tbgamericas.com;*.tbgna.com
;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [RUNRADTRAY] C:\Program Files\Novadigm\radtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.exel.com
O16 - DPF: RevealJFC - http://198.176.168.59/revealjavaweb/applet/revealjfc.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://10.35.108.51/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122304495406
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://americasportal.exel.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\Software\..\Telephony: DomainName = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Radia Notify Daemon (radexecd) - Novadigm - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Novadigm - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9366 bytes
 
Hi

AWF part didn't went right so let's try again:

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
AWF::
C:\Program Files\Apoint\bak\Apoint.exe
C:\Program Files\AT&T Global Network Client\bak\NetSP.exe
C:\Program Files\Common Files\Network Associates\TalkBack\bak\tbmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifier.exe
C:\Program Files\IBM\Client Access\bak\cwbckver.exe
C:\Program Files\IBM\Client Access\bak\cwbinhlp.exe
C:\Program Files\IBM\Client Access\bak\cwbsvstr.exe
C:\Program Files\IBM\Client Access\bak\cwbwlwiz.exe
C:\Program Files\Intel\Wireless\Bin\bak\EOUWiz.exe
C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe
C:\Program Files\Network Associates\Common Framework\bak\UpdaterUI.exe
C:\Program Files\Novadigm\bak\radtray.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe
C:\WINDOWS\system32\bak\igfxtray.exe

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Hello Shaba

Nothing happened. I copied the text, saved it to a file called CFScript.txt, then dragged it onto Combofix.exe. Combofix looks like it is beginning to start, then nothing happens. I downloaded Combofix again, and tried copying and pasting several times, all to no effect.

Any ideas?
 
It ran in SAFE mode, but not sure if it did anything. Combofix log in this message, and a new HJT log in the next. Thanks.

ComboFix 08-03-30.2 - ExelAdmin 2008-03-31 7:35:59.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.366 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fswseoep.ini
C:\WINDOWS\system32\fuymuxyk.ini
C:\WINDOWS\system32\ikymievm.ini
C:\WINDOWS\system32\jagpmvhv.ini
C:\WINDOWS\system32\jkbnycfl.ini
C:\WINDOWS\system32\karlxhda.ini
C:\WINDOWS\system32\nbhweaty.ini
C:\WINDOWS\system32\ndevvomb.ini
C:\WINDOWS\system32\qxnqpkpu.ini
C:\WINDOWS\system32\rhjvhooo.ini
C:\WINDOWS\system32\ujooaxpc.ini
C:\WINDOWS\system32\umiegfxa.ini
C:\WINDOWS\system32\wwrajmvr.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-27 10:13 . 2008-03-27 10:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 17:03 . 2008-03-24 14:49 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-03-20 17:03 . 2008-03-24 14:49 <DIR> d-------- C:\Program Files\AVSMedia
2008-03-19 22:46 . 2008-03-19 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-19 20:53 . 2008-03-19 20:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-03-19 20:40 . 2008-03-19 20:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-19 14:38 . 2008-03-19 14:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-19 14:33 . 2008-03-19 14:35 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-08 13:23 . 2008-02-08 13:23 <DIR> d-------- C:\Documents and Settings\Bcampbell.AMER-AD\SametimeTranscripts
2008-02-08 13:03 . 2008-03-26 13:50 <DIR> d-------- C:\Documents and Settings\Bcampbell.AMER-AD\Application Data\Sametime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 14:35 --------- d-----w C:\Program Files\QuickTime
2008-03-31 14:35 --------- d-----w C:\Program Files\Novadigm
2008-03-29 19:59 --------- d-----w C:\Program Files\AT&T Global Network Client
2008-03-29 19:59 --------- d-----w C:\Program Files\Apoint
2008-03-21 02:50 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-20 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 05:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-03 17:36 --------- d-----w C:\Program Files\Google
2008-02-08 20:03 --------- d-----w C:\Program Files\IBM
2008-01-04 06:00 9,123 ----a-w C:\WINDOWS\system32\pgcwlyls.dll
2007-12-04 19:13 4,672 ----a-w C:\WINDOWS\system32\bdwpiwxw.exe
2007-02-02 20:50 35,480 ----a-w C:\Documents and Settings\Bcampbell.AMER-AD\Application Data\GDIPFONTCACHEV1.DAT
2006-01-27 09:09 360,600 ----a-w C:\WINDOWS\Internet Logs\tvuninstall.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-28_10.28.57.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-18 19:23:58 38,924 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2005-02-15 13:02:58 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
- 2008-03-19 22:34:40 41,066 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-28 17:29:25 41,066 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-19 22:34:40 313,514 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-28 17:29:25 313,514 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 08:33 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 06:02 155648]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 12:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 09:48 147514]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 02:20 20530]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 02:20 24626]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2002-05-07 02:20 45056]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 02:20 20530]
"RUNRADTRAY"="C:\Program Files\Novadigm\radtray.exe" [2005-05-04 02:10 434176]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
McAfee Desktop Firewall Tray.lnk - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe [2005-07-26 07:51:53 679996]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
"LogonType"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RecycleBinSize"= 10 (0xa)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= Msimn.exe
"2"= Outlook.exe
"3"= wab.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2003-10-31 08:01 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=adsi_startup.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
"Apoint"=C:\Program Files\Apoint\Apoint.exe
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe"
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
"QuickTime Task"="C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
"RUNRADTRAY"=C:\Program Files\Novadigm\radtray.exe
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R3 ABVPN2K;AGN VPN Client Miniport Interface;C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2005-10-26 09:40]
S2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2006-03-17 10:49]
S2 radexecd;Radia Notify Daemon;"C:\Program Files\Novadigm\radexecd.exe" [2005-05-11 08:01]
S2 radsched;Radia Scheduler Daemon;"C:\Program Files\Novadigm\radsched.exe" [2005-06-10 02:10]
S2 Radstgms;Radia MSI Redirector;"C:\Program Files\Novadigm\Radstgms.exe" [2004-08-04 03:53]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 12:48]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 07:37:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
Completion time: 2008-03-31 7:38:00
ComboFix-quarantined-files.txt 2008-03-31 14:37:53
ComboFix2.txt 2008-03-29 19:59:59
ComboFix3.txt 2008-03-28 17:29:19
Pre-Run: 25,227,182,080 bytes free
Post-Run: 25,203,077,120 bytes free
 
Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:09 AM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis\flipper55.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.exel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://88.80.5.21/70/checkin.php?ci...CALS~1\Temp\\1205955778&fw=1088&v=70&m=0&vm=0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;198.*;128.*;*.exelusa.com;*.exel-intra.net;*.tbgamericas.com;*.tbgna.com
;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [RUNRADTRAY] C:\Program Files\Novadigm\radtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.exel.com
O16 - DPF: RevealJFC - http://198.176.168.59/revealjavaweb/applet/revealjfc.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://10.35.108.51/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122304495406
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://americasportal.exel.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\Software\..\Telephony: DomainName = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.exel-intra.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = amer.exel-intra.net
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Radia Notify Daemon (radexecd) - Novadigm - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Novadigm - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8062 bytes
 
You must log in or register to reply here.
Back
Top