Problem !!

http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://x-press12.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFA38E23-B0CD-491C-BE54-F31FB4DD8FFD}: NameServer = 206.47.244.87 206.47.244.136
O20 - Winlogon Notify: msrqhhke - C:\WINDOWS\SYSTEM32\msrqhhke.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 
ComboFix 07-12-02.6 - Junior Sanon 2007-12-06 0:08:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.412 [GMT -5:00]
Running from: C:\Documents and Settings\Junior Sanon\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Junior Sanon\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Junior Sanon\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Junior Sanon\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\asks~1\?asks\
C:\Program Files\Common Files\asks~1\wuaclt.exe
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\Internet Explorer\honepa4444.dll
C:\Program Files\Internet Explorer\honepa83122.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\smbols~1
C:\Program Files\smbols~1\t?skmgr.exe
C:\Program Files\WindowsUpdate\lazujotu.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\WINDOWS\b104.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\a3
C:\WINDOWS\system32\a3\rarndrll2.exe
C:\WINDOWS\system32\aeruxnwb.exe
C:\WINDOWS\system32\amldtptd.exe
C:\WINDOWS\system32\arcrjsfy.exe
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\bxnmjcmq.exe
C:\WINDOWS\system32\cagdntje.exe
C:\WINDOWS\system32\cbxvvtt.dll
C:\WINDOWS\system32\cfqxgiqh.exe
C:\WINDOWS\system32\ckqewskm.exe
C:\WINDOWS\system32\ctlehypw.exe
C:\WINDOWS\system32\cveussmu.exe
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\dkytdaqd.dll
C:\WINDOWS\system32\ducoqkej.exe
C:\WINDOWS\system32\efccbcd.dll
C:\WINDOWS\system32\fekcklcb.dll
C:\WINDOWS\system32\fmbcbska.dll
C:\WINDOWS\system32\fmdtdwfh.dll
C:\WINDOWS\system32\fmnlyhlq.dll
C:\WINDOWS\system32\fmxfldkn.exe
C:\WINDOWS\system32\g1
C:\WINDOWS\system32\g1\caws83122.exe
C:\WINDOWS\system32\gcevtren.dll
C:\WINDOWS\system32\gkstljri.dll
C:\WINDOWS\system32\guxhibbr.dll
C:\WINDOWS\system32\hgggdec.dll
C:\WINDOWS\system32\khfcbyv.dll
C:\WINDOWS\system32\klolntle.exe
C:\WINDOWS\system32\kybcehug.exe
C:\WINDOWS\system32\lhsqgnpr.dll
C:\WINDOWS\system32\lyosxxck.exe
C:\WINDOWS\system32\msrqhhke.dllbox
C:\WINDOWS\system32\nnnmnmm.dll
C:\WINDOWS\system32\noldjuss.ini
C:\WINDOWS\system32\nst4A.dll
C:\WINDOWS\system32\nsx19.dll
C:\WINDOWS\system32\nxvqqavq.exe
C:\WINDOWS\system32\obnjwkpn.exe
C:\WINDOWS\system32\ocakqpvx.dll
C:\WINDOWS\system32\oyahpxdq.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\pmnrlebj.exe
C:\WINDOWS\system32\qbnkxqon.dll
C:\WINDOWS\system32\qncjaoil.exe
 
C:\WINDOWS\system32\qomkhig.dll
C:\WINDOWS\system32\rglmxltd.dll
C:\WINDOWS\system32\rjqeqdtr.ini
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa05yy\rMa05yy1080.exe
C:\WINDOWS\system32\rMa18yy
C:\WINDOWS\system32\rMa18yy\rMa18yy2328.exe
C:\WINDOWS\system32\rqrpnlj.dll
C:\WINDOWS\system32\rtdqeqjr.dll
C:\WINDOWS\system32\rvxkracx.dll
C:\WINDOWS\system32\ryxftdop.exe
C:\WINDOWS\system32\sefxbljr.exe
C:\WINDOWS\system32\slgcvjhk.exe
C:\WINDOWS\system32\snwtacdo.dll
C:\WINDOWS\system32\ssgnbtmw.exe
C:\WINDOWS\system32\ssujdlon.dll
C:\WINDOWS\system32\swadjeds.dll
C:\WINDOWS\system32\tgodeaon.dll
C:\WINDOWS\system32\ucylxtat.dll
C:\WINDOWS\system32\ufbprfpc.exe
C:\WINDOWS\system32\uokiawgh.exe
C:\WINDOWS\system32\utsytjgd.exe
C:\WINDOWS\system32\vljxayne.exe
C:\WINDOWS\system32\vpgsgghw.dll
C:\WINDOWS\system32\vrjdkptu.exe
C:\WINDOWS\system32\whyulama.dll
C:\WINDOWS\system32\wnscpsu.exe
C:\WINDOWS\system32\wyjikjqi.dll
C:\WINDOWS\system32\xrhmhonk.dll
C:\WINDOWS\system32\xvnmqaxe.exe
C:\WINDOWS\system32\yelrgfrn.exe
C:\WINDOWS\system32\yempwvio.exe
C:\WINDOWS\system32\yhcedtwx.dll
C:\WINDOWS\system32\ynqdgath.exe
C:\WINDOWS\system32\z1
C:\WINDOWS\system32\z1\wr31drs.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\x.dat
C:\z.dat
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FMTR
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-06 00:02 . 2007-12-06 00:02 145,984 --a------ C:\WINDOWS\system32\msrqhhke.dll
2007-12-06 00:01 . 2007-12-06 00:01 145,984 --a------ C:\WINDOWS\system32\kyvqogha.dll
2007-12-05 13:16 . 2007-12-05 13:16 74,304 --a------ C:\WINDOWS\system32\xgchcpue.exe
2007-12-05 00:30 . 2007-12-05 12:38 3,234 --ahs---- C:\WINDOWS\system32\nxxmnnkf.ini
2007-12-04 00:34 . 2007-12-04 23:43 2,934 --ahs---- C:\WINDOWS\system32\mdwxxdqt.ini
2007-12-03 02:23 . 2007-12-03 02:23 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-12-03 01:51 . 2007-12-03 02:07 <DIR> d-------- C:\Program Files\TradeTouch
2007-12-03 01:13 . 2005-11-14 04:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx
2007-12-03 01:13 . 2003-12-17 15:00 1,208,320 --a------ C:\WINDOWS\system32\PTxSCP.ocx
2007-12-03 01:13 . 2007-07-31 11:57 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2007-12-03 01:13 . 2004-02-08 14:53 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2007-12-03 01:13 . 2005-01-18 23:44 454,656 --a------ C:\WINDOWS\system32\FoxDVDImager.ocx
2007-12-03 01:13 . 2002-03-25 02:03 380,928 --a------ C:\WINDOWS\system32\CDRipperX.ocx
2007-12-03 01:13 . 2005-01-18 23:18 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-12-03 01:13 . 2007-04-05 23:08 196,608 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2007-12-03 01:13 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-12-03 01:13 . 2003-08-19 03:31 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-12-03 00:30 . 2007-12-04 00:30 2,634 --ahs---- C:\WINDOWS\system32\dbwyjftq.ini
2007-12-02 17:15 . 2007-12-02 17:15 37,376 --a------ C:\WINDOWS\system32\wvuuvsp.dll
2007-12-02 00:37 . 2007-12-02 17:13 2,274 --ahs---- C:\WINDOWS\system32\xsipwsah.ini
2007-12-01 18:58 . 2007-12-01 18:58 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-12-01 00:06 . 2007-12-02 00:25 2,034 --ahs---- C:\WINDOWS\system32\xhmpfset.ini
2007-12-01 00:00 . 2007-12-01 00:00 79,868 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-11-29 21:11 . 2007-11-30 23:51 1,734 --ahs---- C:\WINDOWS\system32\wdfonsyu.ini
2007-11-29 15:39 . 2007-11-29 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-28 21:16 . 2007-11-29 20:15 1,494 --ahs---- C:\WINDOWS\system32\cdhhnxsw.ini
2007-11-28 09:52 . 2007-11-28 09:52 64,000 --a------ C:\WINDOWS\system32\gzmrt.dll
2007-11-27 21:18 . 2007-11-28 18:58 1,134 --ahs---- C:\WINDOWS\system32\jytnwlmp.ini
2007-11-26 20:29 . 2007-11-27 21:04 894 --ahs---- C:\WINDOWS\system32\xdxteyda.ini
2007-11-26 12:52 . 2007-11-26 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 12:51 . 2007-11-26 12:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 12:31 . 2007-11-26 12:31 32,768 --a------ C:\Documents and Settings\Junior Sanon\services.exe
 
2007-11-25 20:36 . 2007-11-26 18:33 714 --ahs---- C:\WINDOWS\system32\qluwupyj.ini
2007-11-24 21:35 . 2007-11-24 21:35 <DIR> d-------- C:\Program Files\Safer Networking
2007-11-24 20:50 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-24 20:44 . 2007-11-24 20:44 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-24 20:43 . 2007-11-24 20:43 <DIR> d-------- C:\Program Files\LimeWire
2007-11-24 20:23 . 2007-11-25 20:15 474 --ahs---- C:\WINDOWS\system32\ensiaepa.ini
2007-11-23 08:31 . 2007-12-01 01:06 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-22 11:37 . 2007-11-22 11:37 85,056 --a------ C:\WINDOWS\system32\lkwslhbc.dll
2007-11-22 11:37 . 2007-11-23 07:45 1,014 --ahs---- C:\WINDOWS\system32\cbhlswkl.ini
2007-11-22 11:35 . 2007-11-22 11:35 79,424 --a------ C:\WINDOWS\system32\xlwvrfqu.dll
2007-11-22 11:34 . 2007-11-22 11:34 71,232 --a------ C:\WINDOWS\system32\mkbbtmuj.exe
2007-11-22 11:34 . 2007-11-22 11:34 4,672 --a------ C:\WINDOWS\system32\sqmftjps.exe
2007-11-22 08:12 . 2007-11-22 08:28 <DIR> d-------- C:\Program Files\Gimp Pack Mode
2007-11-21 11:37 . 2007-11-22 11:16 894 --ahs---- C:\WINDOWS\system32\mermkexk.ini
2007-11-20 09:44 . 2007-11-21 11:32 654 --ahs---- C:\WINDOWS\system32\rggwxobr.ini
2007-11-18 23:48 . 2007-11-20 09:30 474 --ahs---- C:\WINDOWS\system32\cgycddnp.ini
2007-11-18 20:20 . 2007-11-18 20:20 82,028 --a------ C:\WINDOWS\system32\instdump.dmp
2007-11-18 20:20 . 2007-11-18 20:20 14,761 --a------ C:\WINDOWS\system32\instdump.zip
2007-11-18 20:12 . 2007-11-18 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-18 19:22 . 2007-11-18 19:22 <DIR> d-------- C:\Program Files\CCleaner
2007-11-16 23:51 . 2007-11-17 23:40 1,225,948 --ahs---- C:\WINDOWS\system32\fanfwaow.ini
2007-11-16 23:26 . 2007-11-16 23:26 <DIR> d-------- C:\Documents and Settings\Elsie Dume Charles\Application Data\Watchtower
2007-11-15 23:49 . 2007-11-16 23:21 672,348 --ahs---- C:\WINDOWS\system32\lbslndqy.ini
2007-11-14 20:48 . 2007-11-18 21:22 40,960 --a------ C:\Documents and Settings\Junior Sanon\f.exe
2007-11-14 20:47 . 2007-11-18 21:21 4,553 --a------ C:\Documents and Settings\Junior Sanon\z.dat
2007-11-14 20:47 . 2007-11-18 21:21 1,772 --a------ C:\Documents and Settings\Junior Sanon\x.dat
2007-11-14 19:34 . 2007-11-14 19:34 79,424 --a------ C:\WINDOWS\system32\acjwpihu.dll
2007-11-14 19:32 . 2007-11-14 19:32 671,127 --ahs---- C:\WINDOWS\system32\sxnrrqhq.ini
2007-11-14 19:32 . 2007-11-14 19:32 85,056 --a------ C:\WINDOWS\system32\qhqrrnxs.dll
2007-11-13 10:28 . 2007-11-15 23:45 669,716 --ahs---- C:\WINDOWS\system32\larhcqis.ini
2007-11-12 21:03 . 2007-11-14 20:48 <DIR> d-------- C:\Documents and Settings\Junior Sanon\.gimp-2.4
2007-11-12 19:37 . 2007-11-12 19:37 <DIR> d-------- C:\Documents and Settings\Junior Sanon\.gimp-2.2
2007-11-12 01:19 . 2007-11-13 10:14 584,614 --ahs---- C:\WINDOWS\system32\oyscigwx.ini
2007-11-11 21:42 . 2007-11-11 21:42 584,596 --ahs---- C:\WINDOWS\system32\ncexvlat.ini
2007-11-11 21:42 . 2007-11-11 21:42 88,128 --a------ C:\WINDOWS\system32\talvxecn.dll
2007-11-10 15:42 . 2007-11-11 21:31 584,536 --ahs---- C:\WINDOWS\system32\bvruvwns.ini
2007-11-10 15:38 . 2007-11-10 15:39 145,984 --a------ C:\WINDOWS\system32\ayxxxjwx.dll
2007-11-09 19:02 . 2007-11-18 21:22 120 --a------ C:\n.bat
2007-11-09 18:19 . 2007-11-22 11:32 <DIR> d-------- C:\Program Files\PartyGaming
2007-11-08 08:11 . 2007-11-16 09:32 <DIR> d-------- C:\Program Files\AtomixMP3
2007-11-08 08:11 . 2007-11-08 08:11 9 --ah----- C:\WINDOWS\system32\wxmmin.dll
2007-11-08 07:46 . 2007-11-08 07:46 <DIR> d-------- C:\Program Files\for draw tick
2007-11-06 11:25 . 2007-11-06 11:25 <DIR> d-------- C:\Documents and Settings\Junior Sanon\SmitfraudFix
 
2007-11-06 11:25 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-06 11:25 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-06 11:07 . 2007-11-06 11:07 78,764 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-11-06 07:57 . 2007-11-06 07:57 <DIR> d-------- C:\WINDOWS\system32\Mz18r
2007-11-06 07:57 . 2007-11-06 07:58 <DIR> d-------- C:\temp\mZOr

.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 17:43 --------- d-----w C:\Documents and Settings\Elsie Dume Charles\Application Data\LimeWire
2007-12-03 07:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 23:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-25 02:35 --------- d-----w C:\Program Files\Java
2007-11-23 05:45 278,538 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-16 14:30 --------- d-----w C:\Program Files\VirtualDJ
2007-11-16 14:27 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-16 14:05 --------- d-----w C:\Program Files\Incomplete
2007-11-08 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3
2007-11-08 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bib Grey Log Inter
2007-11-08 00:51 --------- d-----w C:\Program Files\DISC
2007-11-06 15:59 --------- d-----w C:\Program Files\Symantec
2007-11-06 15:59 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-06 15:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-06 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-06 15:56 --------- d-----w C:\Documents and Settings\Elsie Dume Charles\Application Data\Symantec
2007-10-27 15:40 --------- d-----w C:\Program Files\BitDownload
2007-10-15 02:18 --------- d-----w C:\Documents and Settings\Junior Sanon\Application Data\Symantec
2007-10-15 01:24 --------- d-----w C:\Documents and Settings\Isabelle Sanon\Application Data\Symantec
2007-10-15 01:24 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Symantec
2007-08-10 16:10 138,840 ----a-w C:\Documents and Settings\Junior Sanon\Application Data\GDIPFONTCACHEV1.DAT
2007-06-17 11:47 138,840 ----a-w C:\Documents and Settings\Elsie Dume Charles\Application Data\GDIPFONTCACHEV1.DAT
2007-06-08 15:46 5,632 --sha-w C:\Program Files\Thumbs.db
2006-10-27 02:49 262 ----a-w C:\Documents and Settings\Junior Sanon\Application Data\wklnhst.dat
2006-09-22 17:26 57,816 ----a-w C:\Documents and Settings\Isabelle Sanon\Application Data\GDIPFONTCACHEV1.DAT
2005-05-12 14:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F3E8BD-257A-4702-A2F5-DC02055B068C}]
2007-11-28 09:52 64000 --a------ C:\WINDOWS\system32\gzmrt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-12-06 00:02 145984 --a------ C:\WINDOWS\system32\msrqhhke.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\msrqhhke.dll [2007-12-06 00:02 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\msrqhhke.dll [2007-12-06 00:02 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"NoAdware4"="C:\Program Files\NoAdware4\NoAdware4.exe" []
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-04-13 09:09]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 09:11]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-27 19:39]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 05:04]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 10:59]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 16:16]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 00:03]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 20:58]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 21:01]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2006-07-21 07:32]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2006-06-02 13:39]
"poke mp3 cdrom meta"="C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\the dart.exe" [2007-12-06 00:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"postSetupCheck"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-10 07:00]
"hovy"="C:\Program Files\ComPlus Applications\hovy77798.exe" [2007-08-07 15:30]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-11 15:47:17]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-11-11 16:32:23]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 06:26:28]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msrqhhke]
msrqhhke.dll 2007-12-06 00:02 145984 C:\WINDOWS\system32\msrqhhke.dll

R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\C:\WINDOWS\system32\Drivers\Aldebaran.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 lac97inf;lac97inf;\??\C:\DOCUME~1\VLADIM~1\LOCALS~1\Temp\lac97inf.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39ee5330-9564-11db-a8de-000d0bc441e4}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 05:20:58 C:\WINDOWS\Tasks\At1.job"
"2007-12-06 05:00:00 C:\WINDOWS\Tasks\B51537B0918EB130.job"
- c:\docume~1\vladim~1\applic~1\fordra~1\math move cool.exe
"2007-12-05 22:40:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
*************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 00:29:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 0:32:51 - machine was rebooted
.
--- E O F ---
 
Hi

You had a keylogger so it's highly recommendable to do the following:

One or more of the identified infections is a keylogger.

This allows hackers at least to steal critical system information

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

After that:

Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
C:\WINDOWS\system32\msrqhhke.dll
C:\WINDOWS\system32\kyvqogha.dll
C:\WINDOWS\system32\xgchcpue.exe
C:\WINDOWS\system32\nxxmnnkf.ini
C:\WINDOWS\system32\mdwxxdqt.ini
C:\WINDOWS\system32\dbwyjftq.ini
C:\WINDOWS\system32\wvuuvsp.dll
C:\WINDOWS\system32\xsipwsah.ini
C:\WINDOWS\system32\xhmpfset.ini
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\wdfonsyu.ini
C:\WINDOWS\system32\cdhhnxsw.ini
C:\WINDOWS\system32\gzmrt.dll
C:\WINDOWS\system32\jytnwlmp.ini
C:\WINDOWS\system32\xdxteyda.ini
C:\Documents and Settings\Junior Sanon\services.exe
C:\WINDOWS\system32\qluwupyj.ini
C:\WINDOWS\system32\ensiaepa.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\lkwslhbc.dll
C:\WINDOWS\system32\cbhlswkl.ini
C:\WINDOWS\system32\xlwvrfqu.dll
C:\WINDOWS\system32\sqmftjps.exe
C:\WINDOWS\system32\mermkexk.ini
C:\WINDOWS\system32\rggwxobr.ini
C:\WINDOWS\system32\cgycddnp.ini
C:\WINDOWS\system32\fanfwaow.ini
C:\WINDOWS\system32\lbslndqy.ini
C:\Documents and Settings\Junior Sanon\f.exe
C:\Documents and Settings\Junior Sanon\z.dat
C:\Documents and Settings\Junior Sanon\x.dat
C:\WINDOWS\system32\acjwpihu.dll C:\WINDOWS\system32\sxnrrqhq.ini
C:\WINDOWS\system32\qhqrrnxs.dll
C:\WINDOWS\system32\larhcqis.ini
C:\WINDOWS\system32\oyscigwx.ini
C:\WINDOWS\system32\ncexvlat.ini
C:\WINDOWS\system32\talvxecn.dll
C:\WINDOWS\system32\bvruvwns.ini
C:\WINDOWS\system32\ayxxxjwx.dll
C:\n.bat
C:\WINDOWS\Tasks\B51537B0918EB130.job

Folder::
C:\Program Files\for draw tick
C:\WINDOWS\system32\Mz18r
C:\temp\mZOr
c:\docume~1\vladim~1\applic~1\fordra~1\

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F3E8BD-257A-4702-A2F5-DC02055B068C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-

[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=- 

[-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NoAdware4"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"poke mp3 cdrom meta"=-
"hovy"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msrqhhke]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it.
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

Post:

- a fresh HijackThis log
- combofix report
- nolop log
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:38 PM, on 06/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\kjunior.exe.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
 
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
 
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://x-press12.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFA38E23-B0CD-491C-BE54-F31FB4DD8FFD}: NameServer = 206.47.244.87 206.47.244.136
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12089 bytes
 
ComboFix 07-12-02.6 - Junior Sanon 2007-12-06 14:19:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.243 [GMT -5:00]
Running from: C:\Documents and Settings\Junior Sanon\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Junior Sanon\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Junior Sanon\f.exe
C:\Documents and Settings\Junior Sanon\services.exe
C:\Documents and Settings\Junior Sanon\x.dat
C:\Documents and Settings\Junior Sanon\z.dat
C:\n.bat
C:\WINDOWS\system32\acjwpihu.dll C:\WINDOWS\system32\sxnrrqhq.ini
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\ayxxxjwx.dll
C:\WINDOWS\system32\bvruvwns.ini
C:\WINDOWS\system32\cbhlswkl.ini
C:\WINDOWS\system32\cdhhnxsw.ini
C:\WINDOWS\system32\cgycddnp.ini
C:\WINDOWS\system32\dbwyjftq.ini
C:\WINDOWS\system32\ensiaepa.ini
C:\WINDOWS\system32\fanfwaow.ini
C:\WINDOWS\system32\gzmrt.dll
C:\WINDOWS\system32\jytnwlmp.ini
C:\WINDOWS\system32\kyvqogha.dll
C:\WINDOWS\system32\larhcqis.ini
C:\WINDOWS\system32\lbslndqy.ini
C:\WINDOWS\system32\lkwslhbc.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdwxxdqt.ini
C:\WINDOWS\system32\mermkexk.ini
C:\WINDOWS\system32\msrqhhke.dll
C:\WINDOWS\system32\ncexvlat.ini
C:\WINDOWS\system32\nxxmnnkf.ini
C:\WINDOWS\system32\oyscigwx.ini
C:\WINDOWS\system32\qhqrrnxs.dll
C:\WINDOWS\system32\qluwupyj.ini
C:\WINDOWS\system32\rggwxobr.ini
C:\WINDOWS\system32\sqmftjps.exe
C:\WINDOWS\system32\talvxecn.dll
C:\WINDOWS\system32\wdfonsyu.ini
C:\WINDOWS\system32\wvuuvsp.dll
C:\WINDOWS\system32\xdxteyda.ini
C:\WINDOWS\system32\xgchcpue.exe
C:\WINDOWS\system32\xhmpfset.ini
C:\WINDOWS\system32\xlwvrfqu.dll
C:\WINDOWS\system32\xsipwsah.ini
C:\WINDOWS\Tasks\B51537B0918EB130.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Junior Sanon\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Junior Sanon\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Junior Sanon\f.exe
C:\Documents and Settings\Junior Sanon\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Junior Sanon\services.exe
C:\Documents and Settings\Junior Sanon\x.dat
C:\Documents and Settings\Junior Sanon\z.dat
C:\n.bat
C:\Program Files\for draw tick
C:\temp\mZOr
C:\temp\mZOr\tOasF.log
C:\WINDOWS\system32\acjwpihu.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\ayxxxjwx.dll
C:\WINDOWS\system32\bvruvwns.ini
C:\WINDOWS\system32\cbhlswkl.ini
C:\WINDOWS\system32\cdhhnxsw.ini
C:\WINDOWS\system32\cgycddnp.ini
C:\WINDOWS\system32\dbwyjftq.ini
C:\WINDOWS\system32\ensiaepa.ini
C:\WINDOWS\system32\fanfwaow.ini
C:\WINDOWS\system32\gzmrt.dll
C:\WINDOWS\system32\jytnwlmp.ini
C:\WINDOWS\system32\kyvqogha.dll
C:\WINDOWS\system32\larhcqis.ini
C:\WINDOWS\system32\lbslndqy.ini
C:\WINDOWS\system32\lkwslhbc.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdwxxdqt.ini
C:\WINDOWS\system32\mermkexk.ini
C:\WINDOWS\system32\mkbbtmuj.exe
C:\WINDOWS\system32\Mz18r
C:\WINDOWS\system32\Mz18r\Mz18r2328.exe
C:\WINDOWS\system32\ncexvlat.ini
C:\WINDOWS\system32\nxxmnnkf.ini
C:\WINDOWS\system32\oyscigwx.ini
C:\WINDOWS\system32\qhqrrnxs.dll
C:\WINDOWS\system32\qluwupyj.ini
C:\WINDOWS\system32\rggwxobr.ini
C:\WINDOWS\system32\sqmftjps.exe
C:\WINDOWS\system32\sxnrrqhq.ini
C:\WINDOWS\system32\talvxecn.dll
C:\WINDOWS\system32\wdfonsyu.ini
C:\WINDOWS\system32\wvuuvsp.dll
C:\WINDOWS\system32\xdxteyda.ini
C:\WINDOWS\system32\xgchcpue.exe
C:\WINDOWS\system32\xhmpfset.ini
C:\WINDOWS\system32\xlwvrfqu.dll
C:\WINDOWS\system32\xsipwsah.ini
C:\WINDOWS\Tasks\B51537B0918EB130.job
D:\Autorun.inf
 
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-03 02:23 . 2007-12-03 02:23 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-12-03 01:51 . 2007-12-03 02:07 <DIR> d-------- C:\Program Files\TradeTouch
2007-12-03 01:13 . 2005-11-14 04:23 1,228,800 --a------ C:\WINDOWS\system32\FoxBurner.ocx
2007-12-03 01:13 . 2003-12-17 15:00 1,208,320 --a------ C:\WINDOWS\system32\PTxSCP.ocx
2007-12-03 01:13 . 2007-07-31 11:57 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2007-12-03 01:13 . 2004-02-08 14:53 856,064 --a------ C:\WINDOWS\system32\mpgfiltr.ax
2007-12-03 01:13 . 2005-01-18 23:44 454,656 --a------ C:\WINDOWS\system32\FoxDVDImager.ocx
2007-12-03 01:13 . 2002-03-25 02:03 380,928 --a------ C:\WINDOWS\system32\CDRipperX.ocx
2007-12-03 01:13 . 2005-01-18 23:18 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-12-03 01:13 . 2007-04-05 23:08 196,608 --a------ C:\WINDOWS\system32\VideoEdit.ocx
2007-12-03 01:13 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-12-03 01:13 . 2003-08-19 03:31 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-12-01 18:58 . 2007-12-01 18:58 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-29 15:39 . 2007-11-29 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-26 12:52 . 2007-11-26 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 12:51 . 2007-11-26 12:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-24 21:35 . 2007-11-24 21:35 <DIR> d-------- C:\Program Files\Safer Networking
2007-11-24 20:50 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-24 20:44 . 2007-11-24 20:44 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-24 20:43 . 2007-11-24 20:43 <DIR> d-------- C:\Program Files\LimeWire
2007-11-22 08:12 . 2007-11-22 08:28 <DIR> d-------- C:\Program Files\Gimp Pack Mode
2007-11-18 20:20 . 2007-11-18 20:20 82,028 --a------ C:\WINDOWS\system32\instdump.dmp
2007-11-18 20:20 . 2007-11-18 20:20 14,761 --a------ C:\WINDOWS\system32\instdump.zip
2007-11-18 20:12 . 2007-11-18 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-18 19:22 . 2007-11-18 19:22 <DIR> d-------- C:\Program Files\CCleaner
2007-11-16 23:26 . 2007-11-16 23:26 <DIR> d-------- C:\Documents and Settings\Elsie Dume Charles\Application Data\Watchtower
2007-11-12 21:03 . 2007-11-14 20:48 <DIR> d-------- C:\Documents and Settings\Junior Sanon\.gimp-2.4
2007-11-12 19:37 . 2007-11-12 19:37 <DIR> d-------- C:\Documents and Settings\Junior Sanon\.gimp-2.2
2007-11-09 18:19 . 2007-11-22 11:32 <DIR> d-------- C:\Program Files\PartyGaming
2007-11-08 08:11 . 2007-11-16 09:32 <DIR> d-------- C:\Program Files\AtomixMP3
2007-11-08 08:11 . 2007-11-08 08:11 9 --ah----- C:\WINDOWS\system32\wxmmin.dll
2007-11-06 11:25 . 2007-11-06 11:25 <DIR> d-------- C:\Documents and Settings\Junior Sanon\SmitfraudFix
2007-11-06 11:25 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-06 11:25 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-06 11:07 . 2007-11-06 11:07 78,764 --ah----- C:\WINDOWS\system32\mlfcache.dat
 
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 17:43 --------- d-----w C:\Documents and Settings\Elsie Dume Charles\Application Data\LimeWire
2007-12-03 07:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 23:58 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-25 02:35 --------- d-----w C:\Program Files\Java
2007-11-16 14:30 --------- d-----w C:\Program Files\VirtualDJ
2007-11-16 14:27 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-16 14:05 --------- d-----w C:\Program Files\Incomplete
2007-11-08 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3
2007-11-08 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bib Grey Log Inter
2007-11-08 00:51 --------- d-----w C:\Program Files\DISC
2007-11-06 15:59 --------- d-----w C:\Program Files\Symantec
2007-11-06 15:59 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-06 15:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-06 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-06 15:56 --------- d-----w C:\Documents and Settings\Elsie Dume Charles\Application Data\Symantec
2007-10-27 15:40 --------- d-----w C:\Program Files\BitDownload
2007-10-15 02:18 --------- d-----w C:\Documents and Settings\Junior Sanon\Application Data\Symantec
2007-10-15 01:24 --------- d-----w C:\Documents and Settings\Isabelle Sanon\Application Data\Symantec
2007-10-15 01:24 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Symantec
2007-08-10 16:10 138,840 ----a-w C:\Documents and Settings\Junior Sanon\Application Data\GDIPFONTCACHEV1.DAT
2007-06-17 11:47 138,840 ----a-w C:\Documents and Settings\Elsie Dume Charles\Application Data\GDIPFONTCACHEV1.DAT
2007-06-08 15:46 5,632 --sha-w C:\Program Files\Thumbs.db
2006-10-27 02:49 262 ----a-w C:\Documents and Settings\Junior Sanon\Application Data\wklnhst.dat
2006-09-22 17:26 57,816 ----a-w C:\Documents and Settings\Isabelle Sanon\Application Data\GDIPFONTCACHEV1.DAT
2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-06_ 0.32.02.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-13 05:00:00 8,044 ----a-w C:\WINDOWS\system32\majutilli1.dll
+ 2004-08-15 05:00:00 8,044 ----a-w C:\WINDOWS\system32\majutilli1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 C:\WINDOWS\arpwrmsg.exe]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-04-13 09:09]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-27 02:42]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 12:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 09:11]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-27 19:39]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 14:20]
"Lexmark 4200 Series"="C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 05:04]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 10:59]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-11 16:16]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 00:03]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 20:58]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 21:01]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2006-07-21 07:32]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2006-06-02 13:39]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"postSetupCheck"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-10 07:00]
 
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-11-11 15:47:17]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-11-11 16:32:23]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 06:26:28]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\C:\WINDOWS\system32\Drivers\Aldebaran.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 lac97inf;lac97inf;\??\C:\DOCUME~1\VLADIM~1\LOCALS~1\Temp\lac97inf.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39ee5330-9564-11db-a8de-000d0bc441e4}]
\Shell\Auto\command - F:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 18:40:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 14:28:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 14:30:07 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-06 00:32
.
--- E O F ---
 
NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Junior Sanon\Desktop
[06/12/2007]
[2:36:51 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Digital Interactive Systems Corporation
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Intuit
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\4200series
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bib Grey Log Inter
C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
C:\Documents and Settings\All Users\Application Data\Grey This Meta Jump -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users\Application Data\Kodak
C:\Documents and Settings\All Users\Application Data\Logitech
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Napster
C:\Documents and Settings\All Users\Application Data\Roxio
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Sonic
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Teleca
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\Compaq_administrator\Application Data\4200series
C:\Documents and Settings\Compaq_administrator\Application Data\Digital Interactive Systems Corporation
C:\Documents and Settings\Compaq_administrator\Application Data\Identities
C:\Documents and Settings\Compaq_administrator\Application Data\Intervideo
C:\Documents and Settings\Compaq_administrator\Application Data\Intuit
C:\Documents and Settings\Compaq_administrator\Application Data\Leadertech
C:\Documents and Settings\Compaq_administrator\Application Data\Macromedia
C:\Documents and Settings\Compaq_administrator\Application Data\Microsoft
C:\Documents and Settings\Compaq_administrator\Application Data\Mozilla
C:\Documents and Settings\Compaq_administrator\Application Data\Real
C:\Documents and Settings\Compaq_administrator\Application Data\Roxio
C:\Documents and Settings\Compaq_administrator\Application Data\Sonic
C:\Documents and Settings\Compaq_administrator\Application Data\Symantec
C:\Documents and Settings\Compaq_administrator\Application Data\Talkback
C:\Documents and Settings\Compaq_administrator\Application Data\Watchtower
C:\Documents and Settings\Compaq_administrator\Application Data\Webroot
 
C:\Documents and Settings\Default User\Application Data\Digital Interactive Systems Corporation
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intuit
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Elsie Dume Charles\Application Data\4200series
C:\Documents and Settings\Elsie Dume Charles\Application Data\Adobe
C:\Documents and Settings\Elsie Dume Charles\Application Data\Adobeum
C:\Documents and Settings\Elsie Dume Charles\Application Data\Digital Interactive Systems Corporation
C:\Documents and Settings\Elsie Dume Charles\Application Data\Divx
C:\Documents and Settings\Elsie Dume Charles\Application Data\Hp
C:\Documents and Settings\Elsie Dume Charles\Application Data\Hpq
C:\Documents and Settings\Elsie Dume Charles\Application Data\Identities
C:\Documents and Settings\Elsie Dume Charles\Application Data\Intervideo
C:\Documents and Settings\Elsie Dume Charles\Application Data\Intuit
C:\Documents and Settings\Elsie Dume Charles\Application Data\Limewire
C:\Documents and Settings\Elsie Dume Charles\Application Data\Macromedia
C:\Documents and Settings\Elsie Dume Charles\Application Data\Microsoft
C:\Documents and Settings\Elsie Dume Charles\Application Data\Mozilla
C:\Documents and Settings\Elsie Dume Charles\Application Data\Netscape
C:\Documents and Settings\Elsie Dume Charles\Application Data\Real
C:\Documents and Settings\Elsie Dume Charles\Application Data\Roxio
C:\Documents and Settings\Elsie Dume Charles\Application Data\Sun
C:\Documents and Settings\Elsie Dume Charles\Application Data\Symantec
C:\Documents and Settings\Elsie Dume Charles\Application Data\Syntrillium
C:\Documents and Settings\Elsie Dume Charles\Application Data\Talkback
C:\Documents and Settings\Elsie Dume Charles\Application Data\Teleca
C:\Documents and Settings\Elsie Dume Charles\Application Data\Watchtower
C:\Documents and Settings\Elsie Dume Charles\Application Data\Webroot
C:\Documents and Settings\Isabelle Sanon\Application Data\4200series
C:\Documents and Settings\Isabelle Sanon\Application Data\Adobe
C:\Documents and Settings\Isabelle Sanon\Application Data\Adobeum
C:\Documents and Settings\Isabelle Sanon\Application Data\Ahead
C:\Documents and Settings\Isabelle Sanon\Application Data\Apple Computer
C:\Documents and Settings\Isabelle Sanon\Application Data\Digital Interactive Systems Corporation
C:\Documents and Settings\Isabelle Sanon\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Isabelle Sanon\Application Data\Hp
C:\Documents and Settings\Isabelle Sanon\Application Data\Hpq
C:\Documents and Settings\Isabelle Sanon\Application Data\Identities
C:\Documents and Settings\Isabelle Sanon\Application Data\Intuit
C:\Documents and Settings\Isabelle Sanon\Application Data\Macromedia
C:\Documents and Settings\Isabelle Sanon\Application Data\Microsoft
 
C:\Documents and Settings\Isabelle Sanon\Application Data\Mozilla
C:\Documents and Settings\Isabelle Sanon\Application Data\Netscape
C:\Documents and Settings\Isabelle Sanon\Application Data\Real
C:\Documents and Settings\Isabelle Sanon\Application Data\Roxio
C:\Documents and Settings\Isabelle Sanon\Application Data\Sun
C:\Documents and Settings\Isabelle Sanon\Application Data\Symantec
C:\Documents and Settings\Isabelle Sanon\Application Data\Talkback
C:\Documents and Settings\Isabelle Sanon\Application Data\Teleca
C:\Documents and Settings\Isabelle Sanon\Application Data\Webroot
C:\Documents and Settings\Junior Sanon\Application Data\4200series
C:\Documents and Settings\Junior Sanon\Application Data\Adobe
C:\Documents and Settings\Junior Sanon\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Junior Sanon\Application Data\Ahead
C:\Documents and Settings\Junior Sanon\Application Data\Apple Computer
C:\Documents and Settings\Junior Sanon\Application Data\Bittorrent
C:\Documents and Settings\Junior Sanon\Application Data\Digital Interactive Systems Corporation
C:\Documents and Settings\Junior Sanon\Application Data\Divx
C:\Documents and Settings\Junior Sanon\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Junior Sanon\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Junior Sanon\Application Data\Hp
C:\Documents and Settings\Junior Sanon\Application Data\Hpq
C:\Documents and Settings\Junior Sanon\Application Data\Identities
C:\Documents and Settings\Junior Sanon\Application Data\Intervideo
C:\Documents and Settings\Junior Sanon\Application Data\Intuit
C:\Documents and Settings\Junior Sanon\Application Data\Lavasoft
C:\Documents and Settings\Junior Sanon\Application Data\Macromedia
C:\Documents and Settings\Junior Sanon\Application Data\Microsoft
C:\Documents and Settings\Junior Sanon\Application Data\Mozilla
C:\Documents and Settings\Junior Sanon\Application Data\Netscape
C:\Documents and Settings\Junior Sanon\Application Data\Real
C:\Documents and Settings\Junior Sanon\Application Data\Roxio
C:\Documents and Settings\Junior Sanon\Application Data\Sun
C:\Documents and Settings\Junior Sanon\Application Data\Symantec
C:\Documents and Settings\Junior Sanon\Application Data\Syntrillium
C:\Documents and Settings\Junior Sanon\Application Data\Talkback
C:\Documents and Settings\Junior Sanon\Application Data\Teleca
C:\Documents and Settings\Junior Sanon\Application Data\Template
C:\Documents and Settings\Junior Sanon\Application Data\Webroot
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Webroot
C:\Documents and Settings\Networkservice\Application Data\4200series
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Symantec
 
Hi

Delete these:

C:\Documents and Settings\All Users\Application Data\Bib Grey Log Inter
C:\Documents and Settings\All Users\Application Data\Grey This Meta Jump
C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3
C:\WINDOWS\system32\majutilli1.dll

Empty Recycle Bin.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Open HijackThis, click do a system scan only and checkmark this:

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

Close all windows including browser and press fix checked.

Reboot.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:45 PM, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Trend Micro\HijackThis\kjunior.exe.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
 
Back
Top