Nasty malware found

mlayefsky

New member
It seems to be a common complaint...."my kid clicked on something he shouldn't have."

I'm getting loads of popups, my desktop has been altered, etc.

Any help would be VERY much appreciated!!

Here's my Kaspersky log (sorry, I saved it as html by mistake):

Sunday, December 02, 2007 12:34:31 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/12/2007
Kaspersky Anti-Virus database records: 470432


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 117063
Number of viruses found 8
Number of infected objects 16
Number of suspicious objects 2
Duration of the scan process 02:45:17

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\cert8.db Object is locked skipped

C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\history.dat Object is locked skipped

C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\key3.db Object is locked skipped

C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\parent.lock Object is locked skipped

C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Mik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0d96-6c7992d6.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped

C:\Documents and Settings\Mik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0d96-6c7992d6.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Mik\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/01 Oct 2003 01:01 from Judith Lubina:RE: Spreadsheets amendments.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: suspicious - 1 skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\History\History.IE5\MSHist012007120220071203\index.dat Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Temp\k11u78.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bto skipped

C:\Documents and Settings\Mik\Local Settings\Temp\k11u78.exe NSIS: infected - 1 skipped

C:\Documents and Settings\Mik\Local Settings\Temp\Perflib_Perfdata_d48.dat Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Temp\stany.exe Infected: Trojan-Dropper.Win32.Agent.chq skipped

C:\Documents and Settings\Mik\Local Settings\Temp\temp.fr1611 Infected: Trojan-Downloader.Win32.Small.gkh skipped

C:\Documents and Settings\Mik\Local Settings\Temp\winshow.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped

C:\Documents and Settings\Mik\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Temporary Internet Files\Content.IE5\05QFSPIJ\k11u78[1].exe/data0006 Infected: Trojan-Downloader.Win32.VB.bto skipped

C:\Documents and Settings\Mik\Local Settings\Temporary Internet Files\Content.IE5\05QFSPIJ\k11u78[1].exe NSIS: infected - 1 skipped

C:\Documents and Settings\Mik\Local Settings\Temporary Internet Files\Content.IE5\05QFSPIJ\winshow[1].exe Infected: Trojan-Downloader.Win32.VB.bvj skipped

C:\Documents and Settings\Mik\Local Settings\Temporary Internet Files\Content.IE5\8163OHMV\pochki20071106[1] Infected: Trojan.Win32.Obfuscated.kp skipped

C:\Documents and Settings\Mik\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mik\Local Settings\Temporary Internet Files\Content.IE5\K9IJ49AZ\is68525[1].exe Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped

C:\Documents and Settings\Mik\Local Settings\Temporary Internet Files\Content.IE5\K9IJ49AZ\stany[1].exe Infected: Trojan-Dropper.Win32.Agent.chq skipped

C:\Documents and Settings\Mik\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Mik\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mik\Share Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP628\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\DD7D0X51.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\SYSTEM32\rMa02yy\rMa02yy1099.exe Infected: Trojan-Downloader.Win32.VB.bto skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\yaywxxu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped

C:\WINDOWS\Temp\Perflib_Perfdata_10c.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_d8.dat Object is locked skipped

C:\WINDOWS\Temp\ZLT028fe.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT02901.TMP Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\winshow.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped

Scan process completed.
 
and here's my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:07 AM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaiser\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: IMVU.lnk = C:\Evan\IMVU\IMVUClient.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kaiser VPN Client.lnk = C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mik\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dor-cluster.kp.org/iNotes6.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098856015268
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.otoy.com/download/CAB/OTOYAX.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6AECAC7-93C8-4406-B8F2-9159BCB080C9}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleMTSRecoveryService - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10452 bytes
 
Last edited by a moderator:
Hi mlayefsky

Rename HijackThis.exe to mlayefsky.exe and post back a fresh HijackThis log, please :)
 
Thanks so much for helping!!

Here's the HJT new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:01 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaiser\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\mlayefsky.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {457DE591-4EFE-4831-A0D8-78C6E78B61AF} - \
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: {7ac52c94-e332-7b2a-fbd4-ad5917c97638} - {83679c71-95da-4dbf-a2b7-233e49c25ca7} - C:\WINDOWS\system32\ewrdvujj.dll
O2 - BHO: (no name) - {8DA7CC9A-DCB1-4DA7-806F-B84CA2D18592} - C:\WINDOWS\system32\rqoom.dll
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\yaywxxu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {d3dc4908-4f04-468a-a3b9-a56b4f14d29d} - C:\WINDOWS\system32\ainqhkh.dll
O2 - BHO: (no name) - {E9A1B099-940A-4F3D-B634-5C287760CDD6} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: IMVU.lnk = C:\Evan\IMVU\IMVUClient.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kaiser VPN Client.lnk = C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mik\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dor-cluster.kp.org/iNotes6.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098856015268
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.otoy.com/download/CAB/OTOYAX.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6AECAC7-93C8-4406-B8F2-9159BCB080C9}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: yaywxxu - C:\WINDOWS\SYSTEM32\yaywxxu.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleMTSRecoveryService - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12017 bytes
 
Hi

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

1. Download combofix from one of these links and save it to Desktop:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Post:

- a fresh HijackThis log
- combofix report
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:46 AM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaiser\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\mlayefsky.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {457DE591-4EFE-4831-A0D8-78C6E78B61AF} - \
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E9A1B099-940A-4F3D-B634-5C287760CDD6} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMVU.lnk = C:\Evan\IMVU\IMVUClient.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kaiser VPN Client.lnk = C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mik\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dor-cluster.kp.org/iNotes6.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098856015268
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.otoy.com/download/CAB/OTOYAX.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6AECAC7-93C8-4406-B8F2-9159BCB080C9}: NameServer = 192.168.1.1
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleMTSRecoveryService - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11221 bytes
 
Here's the Combofix log:

ComboFix 07-12-08.1 - Mik 2007-12-08 1:12:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.112 [GMT -8:00]
Running from: C:\Download\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mik\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Mik\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\temp\tn3
C:\WINDOWS\system32\ainqhkh.dll
C:\WINDOWS\system32\c1
C:\WINDOWS\system32\d1
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\ewrdvujj.dll
C:\WINDOWS\system32\j2
C:\WINDOWS\system32\m8
C:\WINDOWS\system32\m8\nsts2dll1.exe
C:\WINDOWS\SYSTEM32\mooqr.ini
C:\WINDOWS\SYSTEM32\mooqr.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rMa02yy
C:\WINDOWS\system32\rMa02yy\rMa02yy1099.exe
C:\WINDOWS\system32\rqoom.dll
C:\WINDOWS\system32\yaywxxu.dll
C:\WINDOWS\winshow.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.

2007-12-02 08:53 . 2007-12-02 08:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 07:14 . 2001-08-17 22:36 24,660 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD156D.tmp
2007-12-02 07:13 . 2004-08-04 02:00 143,422 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1549.tmp
2007-12-02 07:13 . 2001-08-17 22:36 114,688 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1559.tmp
2007-12-02 07:13 . 2001-08-17 22:36 106,584 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1565.tmp
2007-12-02 07:13 . 2001-08-17 13:51 61,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1569.tmp
2007-12-02 07:13 . 2001-08-17 12:51 37,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD155D.tmp
2007-12-02 07:13 . 2001-08-17 12:51 20,752 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1555.tmp
2007-12-02 07:13 . 2001-08-17 13:53 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1551.tmp
2007-12-02 07:13 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1561.tmp
2007-12-02 07:13 . 2004-08-03 23:00 7,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD154D.tmp
2007-12-02 07:13 . 2001-08-17 13:53 7,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1546.tmp
2007-12-02 07:11 . 2004-08-04 02:00 236,544 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD150E.tmp
2007-12-02 07:10 . 2004-08-04 02:00 38,912 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD14DD.tmp
2007-12-02 07:10 . 2001-08-17 22:36 28,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD14D4.tmp
2007-12-02 07:10 . 2004-08-04 02:00 26,624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD14DA.tmp
2007-12-02 07:10 . 2004-08-04 02:00 26,624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD14D7.tmp
2007-12-02 07:10 . 2004-08-04 02:00 26,112 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD14D0.tmp
2007-12-02 07:09 . 2004-08-04 00:56 286,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1498.tmp
2007-12-02 07:09 . 2001-08-17 22:36 238,592 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1478.tmp
2007-12-02 07:09 . 2001-08-17 14:56 157,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1484.tmp
2007-12-02 07:09 . 2001-08-17 12:50 104,064 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1474.tmp
2007-12-02 07:09 . 2001-08-17 12:12 94,698 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1488.tmp
2007-12-02 07:09 . 2001-08-17 12:12 91,294 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD148C.tmp
2007-12-02 07:09 . 2004-08-04 00:56 73,832 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1494.tmp
2007-12-02 07:09 . 2004-08-03 22:31 63,547 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1490.tmp
2007-12-02 07:09 . 2001-08-17 12:50 50,432 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1480.tmp
2007-12-02 07:09 . 2004-08-03 22:31 32,768 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD147C.tmp
2007-12-02 07:08 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1468.tmp
2007-12-02 07:08 . 2001-08-17 14:56 150,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1470.tmp
2007-12-02 07:08 . 2001-08-17 12:50 101,760 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1464.tmp
2007-12-02 07:08 . 2001-08-17 12:50 68,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD146C.tmp
2007-12-02 07:08 . 2004-08-04 02:00 18,944 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1460.tmp
2007-12-02 07:08 . 2004-08-04 00:56 3,901 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD145D.tmp
2007-12-02 07:07 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD144D.tmp
2007-12-02 07:07 . 2001-07-21 14:29 161,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1459.tmp
2007-12-02 07:07 . 2001-08-17 12:51 98,080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1451.tmp
2007-12-02 07:07 . 2001-08-17 12:19 36,480 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1449.tmp
2007-12-02 07:07 . 2001-07-21 14:29 18,400 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1455.tmp
2007-12-02 07:06 . 2001-08-17 22:36 26,112 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD143D.tmp
2007-12-02 07:06 . 2001-08-17 13:48 17,664 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1441.tmp
2007-12-02 07:06 . 2001-08-17 13:53 10,880 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1435.tmp
2007-12-02 07:06 . 2001-08-17 13:53 6,912 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1439.tmp
2007-12-02 07:06 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1445.tmp
2007-12-02 07:03 . 2004-08-04 02:00 79,872 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13CD.tmp
2007-12-02 07:03 . 2001-08-17 12:19 30,720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13B4.tmp
2007-12-02 07:03 . 2001-08-17 22:36 26,624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13CA.tmp
2007-12-02 07:03 . 2004-08-04 02:00 26,624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13C2.tmp
2007-12-02 07:03 . 2001-08-17 22:36 24,576 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13C6.tmp
2007-12-02 07:03 . 2004-08-04 02:00 24,576 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13BF.tmp
2007-12-02 07:03 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13BC.tmp
2007-12-02 07:03 . 2001-08-17 12:12 19,017 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13B8.tmp
2007-12-02 07:03 . 2001-08-17 22:36 9,216 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13B0.tmp
2007-12-02 07:02 . 2001-08-17 22:36 86,097 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1398.tmp
2007-12-02 07:02 . 2004-08-03 22:59 79,104 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13A8.tmp
2007-12-02 07:02 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD139C.tmp
2007-12-02 07:02 . 2001-08-17 12:12 37,563 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13A0.tmp
2007-12-02 07:02 . 2004-08-03 23:04 30,080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13A4.tmp
2007-12-02 07:02 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1394.tmp
2007-12-02 07:02 . 2004-08-04 02:00 14,848 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1390.tmp
2007-12-02 07:02 . 2004-08-03 22:41 13,776 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD138D.tmp
2007-12-02 07:02 . 2001-08-17 12:19 3,840 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13AC.tmp
2007-12-02 07:01 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD137E.tmp
2007-12-02 07:01 . 2001-08-17 13:28 714,762 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1382.tmp
2007-12-02 07:01 . 2001-08-17 22:36 41,472 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD137A.tmp
2007-12-02 07:01 . 2004-08-04 02:00 20,736 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1385.tmp
2007-12-02 07:01 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1389.tmp
2007-12-02 07:01 . 2004-08-04 02:00 16,384 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1372.tmp
2007-12-02 07:01 . 2004-08-04 02:00 9,728 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD136F.tmp
2007-12-02 07:01 . 2001-08-17 13:53 3,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1376.tmp
2007-12-02 07:00 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD135C.tmp
2007-12-02 07:00 . 2001-08-17 13:28 130,942 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1368.tmp
2007-12-02 07:00 . 2001-08-17 13:28 128,286 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1360.tmp
2007-12-02 07:00 . 2001-08-17 13:28 112,574 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1364.tmp
2007-12-02 07:00 . 2004-08-03 23:00 6,016 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD136C.tmp
2007-12-02 07:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1358.tmp
2007-12-02 06:59 . 2001-08-17 22:36 121,344 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1321.tmp
2007-12-02 06:58 . 2004-08-04 00:56 259,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1305.tmp
2007-12-02 06:58 . 2004-08-04 00:56 211,712 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12FD.tmp
2007-12-02 06:58 . 2001-08-17 14:04 173,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1315.tmp
2007-12-02 06:58 . 2001-08-17 22:37 105,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1309.tmp
2007-12-02 06:58 . 2001-08-17 14:04 92,416 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1319.tmp
2007-12-02 06:58 . 2001-08-17 14:04 75,776 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1311.tmp
2007-12-02 06:58 . 2004-08-03 23:06 28,032 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1301.tmp
2007-12-02 06:58 . 2004-08-03 23:06 27,904 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12F9.tmp
2007-12-02 06:58 . 2001-08-17 14:07 19,840 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD131D.tmp
2007-12-02 06:58 . 2001-08-17 22:36 16,384 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD130D.tmp
2007-12-02 06:57 . 2004-08-03 22:06 169,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12F5.tmp
2007-12-02 06:57 . 2001-08-17 22:36 86,016 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12F1.tmp
2007-12-02 06:57 . 2004-08-04 02:00 36,927 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12D2.tmp
2007-12-02 06:57 . 2001-08-17 12:11 35,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12ED.tmp
2007-12-02 06:57 . 2001-08-17 12:12 30,495 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12D9.tmp
2007-12-02 06:57 . 2001-08-17 12:11 30,282 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12E5.tmp
2007-12-02 06:57 . 2001-08-17 12:11 29,769 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12E9.tmp
2007-12-02 06:57 . 2004-08-03 22:31 29,502 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12DD.tmp
2007-12-02 06:57 . 2001-08-17 12:12 26,153 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12E1.tmp
2007-12-02 06:57 . 2004-08-04 02:00 14,336 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12D5.tmp
2007-12-02 06:56 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12BB.tmp
2007-12-02 06:56 . 2001-08-17 22:36 116,736 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12B7.tmp
2007-12-02 06:56 . 2001-08-17 14:05 48,000 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12AB.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 21:54 --------- d-----w C:\Program Files\1208_Fiberlink
2007-11-12 03:20 --------- d-----w C:\Program Files\Real
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2005-04-29 02:37 443,529 --sha-w C:\WINDOWS\Registration\cvsva.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{457DE591-4EFE-4831-A0D8-78C6E78B61AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9A1B099-940A-4F3D-B634-5C287760CDD6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 18:57]
"ISMModule3"="C:\Program Files\ISM\ISMModule3.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 17:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 22:01]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 00:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-27 13:08]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 14:48]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 17:15]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 11:45]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 08:43]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-14 22:04]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-05-16 17:18]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 18:10]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 12:32]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 08:20]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-06-18 16:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 00:37]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-10-20 10:44:43]
Kaiser VPN Client.lnk - C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe [2004-10-27 09:57:38]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56]

R2 BASFND;BASFND;\??\C:\WINDOWS\system32\Drivers\BASFND.sys
R2 CVPNDRV;Kaiser IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRV.sys
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 STVqx3;Intel Play QX3 Microscope;C:\WINDOWS\system32\drivers\STVqx3.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4fa1620-e861-11d9-8e14-000b7d09ad0e}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 22:34:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Mik\LOCALS~1\Temp\smratixy.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 01:33:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 1:35:37 - machine was rebooted
.
--- E O F ---
 
Hi

Looking better :bigthumb:

Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\WINDOWS\Registration\cvsva.bak2
C:\DOCUME~1\Mik\LOCALS~1\Temp\smratixy.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{457DE591-4EFE-4831-A0D8-78C6E78B61AF}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9A1B099-940A-4F3D-B634-5C287760CDD6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISMModule3"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
ComboFix 07-12-08.1 - Mik 2007-12-08 1:56:08.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.134 [GMT -8:00]
Running from: C:\Documents and Settings\Mik\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mik\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\DOCUME~1\Mik\LOCALS~1\Temp\smratixy.dll
C:\WINDOWS\Registration\cvsva.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Registration\cvsva.bak2

.
((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.

2007-12-02 08:53 . 2007-12-02 08:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 07:14 . 2001-08-17 22:36 24,660 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD156D.tmp
2007-12-02 07:13 . 2004-08-04 02:00 143,422 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1549.tmp
2007-12-02 07:13 . 2001-08-17 22:36 114,688 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1559.tmp
2007-12-02 07:13 . 2001-08-17 22:36 106,584 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1565.tmp
2007-12-02 07:13 . 2001-08-17 13:51 61,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1569.tmp
2007-12-02 07:13 . 2001-08-17 12:51 37,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD155D.tmp
2007-12-02 07:13 . 2001-08-17 12:51 20,752 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1555.tmp
2007-12-02 07:13 . 2001-08-17 13:53 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1551.tmp
2007-12-02 07:13 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1561.tmp
2007-12-02 07:13 . 2004-08-03 23:00 7,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD154D.tmp
2007-12-02 07:13 . 2001-08-17 13:53 7,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1546.tmp
2007-12-02 07:11 . 2004-08-04 02:00 236,544 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD150E.tmp
2007-12-02 07:10 . 2004-08-04 02:00 38,912 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD14DD.tmp
2007-12-02 07:10 . 2001-08-17 22:36 28,160 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD14D4.tmp
2007-12-02 07:10 . 2004-08-04 02:00 26,624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD14DA.tmp
2007-12-02 07:10 . 2004-08-04 02:00 26,624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD14D7.tmp
2007-12-02 07:10 . 2004-08-04 02:00 26,112 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD14D0.tmp
2007-12-02 07:09 . 2004-08-04 00:56 286,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1498.tmp
2007-12-02 07:09 . 2001-08-17 22:36 238,592 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1478.tmp
2007-12-02 07:09 . 2001-08-17 14:56 157,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1484.tmp
2007-12-02 07:09 . 2001-08-17 12:50 104,064 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1474.tmp
2007-12-02 07:09 . 2001-08-17 12:12 94,698 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1488.tmp
2007-12-02 07:09 . 2001-08-17 12:12 91,294 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD148C.tmp
2007-12-02 07:09 . 2004-08-04 00:56 73,832 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1494.tmp
2007-12-02 07:09 . 2004-08-03 22:31 63,547 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1490.tmp
2007-12-02 07:09 . 2001-08-17 12:50 50,432 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1480.tmp
2007-12-02 07:09 . 2004-08-03 22:31 32,768 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD147C.tmp
2007-12-02 07:08 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1468.tmp
2007-12-02 07:08 . 2001-08-17 14:56 150,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1470.tmp
2007-12-02 07:08 . 2001-08-17 12:50 101,760 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1464.tmp
2007-12-02 07:08 . 2001-08-17 12:50 68,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD146C.tmp
2007-12-02 07:08 . 2004-08-04 02:00 18,944 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1460.tmp
2007-12-02 07:08 . 2004-08-04 00:56 3,901 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD145D.tmp
2007-12-02 07:07 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD144D.tmp
2007-12-02 07:07 . 2001-07-21 14:29 161,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1459.tmp
2007-12-02 07:07 . 2001-08-17 12:51 98,080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1451.tmp
2007-12-02 07:07 . 2001-08-17 12:19 36,480 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1449.tmp
2007-12-02 07:07 . 2001-07-21 14:29 18,400 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1455.tmp
2007-12-02 07:06 . 2001-08-17 22:36 26,112 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD143D.tmp
2007-12-02 07:06 . 2001-08-17 13:48 17,664 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1441.tmp
2007-12-02 07:06 . 2001-08-17 13:53 10,880 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1435.tmp
2007-12-02 07:06 . 2001-08-17 13:53 6,912 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1439.tmp
2007-12-02 07:06 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1445.tmp
2007-12-02 07:03 . 2004-08-04 02:00 79,872 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13CD.tmp
2007-12-02 07:03 . 2001-08-17 12:19 30,720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13B4.tmp
2007-12-02 07:03 . 2001-08-17 22:36 26,624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13CA.tmp
2007-12-02 07:03 . 2004-08-04 02:00 26,624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13C2.tmp
2007-12-02 07:03 . 2001-08-17 22:36 24,576 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13C6.tmp
2007-12-02 07:03 . 2004-08-04 02:00 24,576 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13BF.tmp
2007-12-02 07:03 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13BC.tmp
2007-12-02 07:03 . 2001-08-17 12:12 19,017 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13B8.tmp
2007-12-02 07:03 . 2001-08-17 22:36 9,216 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13B0.tmp
2007-12-02 07:02 . 2001-08-17 22:36 86,097 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1398.tmp
2007-12-02 07:02 . 2004-08-03 22:59 79,104 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13A8.tmp
2007-12-02 07:02 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD139C.tmp
2007-12-02 07:02 . 2001-08-17 12:12 37,563 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13A0.tmp
2007-12-02 07:02 . 2004-08-03 23:04 30,080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13A4.tmp
2007-12-02 07:02 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1394.tmp
2007-12-02 07:02 . 2004-08-04 02:00 14,848 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1390.tmp
2007-12-02 07:02 . 2004-08-03 22:41 13,776 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD138D.tmp
2007-12-02 07:02 . 2001-08-17 12:19 3,840 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD13AC.tmp
2007-12-02 07:01 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD137E.tmp
2007-12-02 07:01 . 2001-08-17 13:28 714,762 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1382.tmp
2007-12-02 07:01 . 2001-08-17 22:36 41,472 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD137A.tmp
2007-12-02 07:01 . 2004-08-04 02:00 20,736 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1385.tmp
2007-12-02 07:01 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1389.tmp
2007-12-02 07:01 . 2004-08-04 02:00 16,384 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1372.tmp
2007-12-02 07:01 . 2004-08-04 02:00 9,728 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD136F.tmp
2007-12-02 07:01 . 2001-08-17 13:53 3,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1376.tmp
2007-12-02 07:00 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD135C.tmp
2007-12-02 07:00 . 2001-08-17 13:28 130,942 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1368.tmp
2007-12-02 07:00 . 2001-08-17 13:28 128,286 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1360.tmp
2007-12-02 07:00 . 2001-08-17 13:28 112,574 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1364.tmp
2007-12-02 07:00 . 2004-08-03 23:00 6,016 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD136C.tmp
2007-12-02 07:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1358.tmp
2007-12-02 06:59 . 2001-08-17 22:36 121,344 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1321.tmp
2007-12-02 06:58 . 2004-08-04 00:56 259,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1305.tmp
2007-12-02 06:58 . 2004-08-04 00:56 211,712 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12FD.tmp
2007-12-02 06:58 . 2001-08-17 14:04 173,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1315.tmp
2007-12-02 06:58 . 2001-08-17 22:37 105,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1309.tmp
2007-12-02 06:58 . 2001-08-17 14:04 92,416 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1319.tmp
2007-12-02 06:58 . 2001-08-17 14:04 75,776 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1311.tmp
2007-12-02 06:58 . 2004-08-03 23:06 28,032 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD1301.tmp
2007-12-02 06:58 . 2004-08-03 23:06 27,904 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12F9.tmp
2007-12-02 06:58 . 2001-08-17 14:07 19,840 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD131D.tmp
2007-12-02 06:58 . 2001-08-17 22:36 16,384 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD130D.tmp
2007-12-02 06:57 . 2004-08-03 22:06 169,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12F5.tmp
2007-12-02 06:57 . 2001-08-17 22:36 86,016 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12F1.tmp
2007-12-02 06:57 . 2004-08-04 02:00 36,927 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12D2.tmp
2007-12-02 06:57 . 2001-08-17 12:11 35,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12ED.tmp
2007-12-02 06:57 . 2001-08-17 12:12 30,495 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12D9.tmp
2007-12-02 06:57 . 2001-08-17 12:11 30,282 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12E5.tmp
2007-12-02 06:57 . 2001-08-17 12:11 29,769 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12E9.tmp
2007-12-02 06:57 . 2004-08-03 22:31 29,502 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12DD.tmp
2007-12-02 06:57 . 2001-08-17 12:12 26,153 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12E1.tmp
2007-12-02 06:57 . 2004-08-04 02:00 14,336 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12D5.tmp
2007-12-02 06:56 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12BB.tmp
2007-12-02 06:56 . 2001-08-17 22:36 116,736 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12B7.tmp
2007-12-02 06:56 . 2001-08-17 14:05 48,000 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\OLD12AB.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 21:54 --------- d-----w C:\Program Files\1208_Fiberlink
2007-11-12 03:20 --------- d-----w C:\Program Files\Real
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\SYSTEM32\AVASTSS.scr
2007-09-12 18:44 12,978,228 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-06-06 13:59 18,499,199 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_06_05_23_57_12_full.dmp.zip
2007-01-04 01:47 19,551,676 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_03_09_50_37_full.dmp.zip
2007-01-04 01:46 19,584,908 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_01_03_09_26_28_full.dmp.zip
2006-12-20 23:45 19,721,894 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_19_10_20_56_full.dmp.zip
2006-12-19 06:09 19,721,878 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_18_08_51_29_full.dmp.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 18:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 17:05]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 22:01]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 00:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-12-27 13:08]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 14:48]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 17:15]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 11:45]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 08:43]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-14 22:04]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-05-16 17:18]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 18:10]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 12:32]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 08:20]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-06-18 16:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 00:37]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-10-20 10:44:43]
Kaiser VPN Client.lnk - C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe [2004-10-27 09:57:38]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56]

R2 BASFND;BASFND;\??\C:\WINDOWS\system32\Drivers\BASFND.sys
R2 CVPNDRV;Kaiser IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRV.sys
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 STVqx3;Intel Play QX3 Microscope;C:\WINDOWS\system32\drivers\STVqx3.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4fa1620-e861-11d9-8e14-000b7d09ad0e}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 22:34:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 01:59:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 2:00:43
C:\ComboFix2.txt ... 2007-12-08 01:35
.
--- E O F ---
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:21 AM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaiser\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\mlayefsky.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMVU.lnk = C:\Evan\IMVU\IMVUClient.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kaiser VPN Client.lnk = C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mik\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dor-cluster.kp.org/iNotes6.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098856015268
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.otoy.com/download/CAB/OTOYAX.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6AECAC7-93C8-4406-B8F2-9159BCB080C9}: NameServer = 192.168.1.1
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleMTSRecoveryService - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10872 bytes
 
Hi

Active infections looks like to be gone but let's check deeper:

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:40 AM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Kaiser\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\mlayefsky.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMVU.lnk = C:\Evan\IMVU\IMVUClient.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kaiser VPN Client.lnk = C:\Program Files\Kaiser\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mik\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://dor-cluster.kp.org/iNotes6.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098856015268
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://campuscentercam.its.wesleyan.edu/activex/AMC.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.otoy.com/download/CAB/OTOYAX.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://165.91.110.101:2010/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/heavyweapon/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6AECAC7-93C8-4406-B8F2-9159BCB080C9}: NameServer = 192.168.1.1
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Kaiser\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleMTSRecoveryService - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10923 bytes
 
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 08, 2007 9:42:32 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/12/2007
Kaspersky Anti-Virus database records: 477200
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 90416
Number of viruses found: 6
Number of infected objects: 11
Number of suspicious objects: 2
Duration of the scan process: 01:26:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\cert8.db Object is locked skipped
C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\history.dat Object is locked skipped
C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\key3.db Object is locked skipped
C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\parent.lock Object is locked skipped
C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Mik\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Mik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0d96-6c7992d6.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\Mik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0d96-6c7992d6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Mik\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/01 Oct 2003 01:01 from Judith Lubina:RE: Spreadsheets amendments.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Mail MS Mail: suspicious - 1 skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Application Data\Mozilla\Firefox\Profiles\frkbcbka.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\History\History.IE5\MSHist012007120820071209\index.dat Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Temp\Perflib_Perfdata_9e8.dat Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Mik\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mik\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mik\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mik\Share Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\ainqhkh.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\rMa02yy\rMa02yy1099.exe.vir Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\qoobox\Quarantine\C\WINDOWS\winshow.exe.vir Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\qoobox\Quarantine\catchme2007-12-08_ 13310.25.zip/yaywxxu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\qoobox\Quarantine\catchme2007-12-08_ 13310.25.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP631\A0223448.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP631\A0223452.exe Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP631\A0223454.exe Infected: Trojan-Downloader.Win32.VB.bvj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP631\A0223459.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP632\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DD7D0X51.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7ec.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT05b0a.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT05b0d.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Hi

Delete this mail via Outlook:

C:\Documents and Settings\Mik\Local Settings\Application Data\Microsoft\Outlook\outlook.pst/Personal Folders/Inbox/01 Oct 2003 01:01 from Judith Lubina

Empty these folders:

C:\qoobox\Quarantine\
C:\Documents and Settings\Mik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

Empty Recycle Bin

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
 
Excellent, Shaba!! The computer seems to be performing much better and there are no IE popup windows. Thank you SO much for all the help. Very impressive!

I do find 2 emails from Judith Lubina. However, neither is from October 2003. One is from 7/15/2005 9:20 AM, the other is from 9/30/2003 6:01 PM. Shall I delete either or both of these?

I emptied C:\qoobox\Quarantine\ and the recycle bin

I don't find a folder C:\Documents and Settings\Mik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

under C:\Documents and Settings\Mik\ there is no Application Data folder that I can see.

Let me know what else to do.
 
Hi

"I do find 2 emails from Judith Lubina. However, neither is from October 2003. One is from 7/15/2005 9:20 AM, the other is from 9/30/2003 6:01 PM. Shall I delete either or both of these?"

Delete that one from 9/30/2003 6:01 PM, please.

"
I don't find a folder C:\Documents and Settings\Mik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\

under C:\Documents and Settings\Mik\ there is no Application Data folder that I can see."

That is most likely hidden.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

And try again, please :)
 
OK, great. I was able to view and delete everything in that folder, and the email from 9/30/2003 6:01 PM, then I emptied the recycled bin again. What should I do next?
 
Back
Top