System Resources Gone - Zlob Trojan

ok, ran the ComboFix script - log below.

Ran HJT, found only one of the three lines to delete:
O20 - Winlogon Notify: mgailfyk - C:\WINDOWS\SYSTEM32\mgailfyk.dll
Checked this line and fixed.
New HJT log posted below.

Thanks!

ComboFix 07-10-12.4 - Caitlin 2007-10-15 6:11:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.218 [GMT -4:00]
Running from: G:\ComboFix.exe
Command switches used :: G:\CFscript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\inucmrdh.exe
C:\WINDOWS\system32\mgailfyk.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp
C:\VundoFix Backups
C:\VundoFix Backups\kjypgobw.ini.bad
C:\VundoFix Backups\wbogpyjk.dll.bad
C:\WINDOWS\system32\inucmrdh.exe
C:\WINDOWS\system32\mgailfyk.dll
C:\WINDOWS\system32\mgailfyk.dll
C:\WINDOWS\system32\vMW02a

.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-14 06:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 16:25 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-10 13:47 <DIR> d-------- C:\Documents and Settings\Caitlin\Application Data\Grisoft
2007-10-10 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 13:46 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-10 13:44 <DIR> d-------- C:\Documents and Settings\Caitlin\Application Data\U3
2007-10-09 19:34 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 20:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-07 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-04 20:59 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-04 20:20 <DIR> d-------- C:\Documents and Settings\Caitlin\Application Data\Lavasoft
2007-10-04 19:59 <DIR> d---s---- C:\Documents and Settings\Guest\UserData
2007-10-04 19:55 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\SpywareBot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 20:26 --------- d-----w C:\Program Files\Java
2007-10-08 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-07 22:50 --------- d-----w C:\Program Files\Viewpoint
2007-10-05 16:34 --------- d-----w C:\Program Files\McAfee
2007-10-05 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-24 23:42 --------- d-----w C:\Documents and Settings\Caitlin\Application Data\SiteAdvisor
2007-09-07 10:15 --------- d-----w C:\Program Files\SiteAdvisor
.

((((((((((((((((((((((((((((( snapshot@2007-10-14_ 6.19.13.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-14 10:01:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-15 10:08:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-10-14 10:01:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-15 10:08:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 06:59 C:\WINDOWS\BCMSMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 09:43]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 19:45]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-15 19:41]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-08-15 13:38]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-08-15 13:37]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2004-03-04 12:36]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-03-04 21:59]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-01-17 15:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-28 20:40]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-12-08 18:50]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 12:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06]
NETGEAR WG511v2 Wireless Assistant.lnk - C:\WINDOWS\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [2005-02-21 22:44:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mgailfyk]
mgailfyk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335);C:\WINDOWS\system32\DRIVERS\WG511v2.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 LSWL;Instant Wireless Network PC Card V2.5 Driver;C:\WINDOWS\system32\DRIVERS\LSWLNDS.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 21:28:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-02-02 12:39:25 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-07-02 03:25:36 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 06:17:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 6:20:06 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-14 06:20
.
--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 6:26:22 AM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Caitlin\Desktop\hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/segmentation/welcome.adp?version=puccini
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
 
Logfile of HijackThis v1.99.1
Scan saved at 2:05:34 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Caitlin\Desktop\hijackthis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/segmentation/welcome.adp?version=puccini
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
Monday, October 15, 2007 1:58:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build
2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/10/2007
Kaspersky Anti-Virus database records: 436265


Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue

Scan TargetMy Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects37540
Number of viruses found4
Number of infected objects7
Number of suspicious objects0
Duration of the scan process01:18:31

Infected Object NameVirus NameLast Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\McAfee\MPF\data\tempIpRules.xdb Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\McAfee\MSC\Logs\{54B28DD6-DAE5-468A-9C76-B0D47561E6F1}.log Object is
locked skipped

C:\Documents and Settings\All Users\Application
Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys\2e0d9b234a5cde9f3a9b5eda45937960_1f6e4646-bb35-4625-95b1-eadf697f088f
Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr
Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Caitlin\Cookies\index.dat Object is locked
skipped

C:\Documents and Settings\Caitlin\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Caitlin\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Caitlin\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Caitlin\Local
Settings\History\History.IE5\MSHist012007101520071016\index.dat Object is
locked skipped

C:\Documents and Settings\Caitlin\Local Settings\Temp\~DFFC5D.tmp Object
is locked skipped

C:\Documents and Settings\Caitlin\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Caitlin\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Caitlin\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked
skipped

C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped


C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked
skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is
locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked
skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\rshhbaxn.dll.vir Infected:
Trojan.Win32.Pakes.fr skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\xbgccvpa.dll.vir Infected:
not-a-virus:AdWare.Win32.Virtumonde.acf skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

C:\System Volume
Information\_restore{87BDAD47-9479-4E36-AD93-33BDD971FA91}\RP856\A0138790.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped

C:\System Volume
Information\_restore{87BDAD47-9479-4E36-AD93-33BDD971FA91}\RP857\A0139804.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped

C:\System Volume
Information\_restore{87BDAD47-9479-4E36-AD93-33BDD971FA91}\RP858\A0140913.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.wn skipped

C:\System Volume
Information\_restore{87BDAD47-9479-4E36-AD93-33BDD971FA91}\RP866\A0143446.dll
Infected: Trojan.Win32.Pakes.fr skipped

C:\System Volume
Information\_restore{87BDAD47-9479-4E36-AD93-33BDD971FA91}\RP866\A0143449.dll
Infected: not-a-virus:AdWare.Win32.Virtumonde.acf skipped

C:\System Volume
Information\_restore{87BDAD47-9479-4E36-AD93-33BDD971FA91}\RP867\change.log
Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll.000 Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{257D41E6-E3D3-411E-ACCC-497FB4403263}.bin
Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped

C:\WINDOWS\Temp\mcafee_Ez9naUthEHVbboV Object is locked skipped

C:\WINDOWS\Temp\mcmsc_DdJlpGmPdewvWcT Object is locked skipped

C:\WINDOWS\Temp\mcmsc_QPBBS6jaIQthZYG Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

Scan process completed.
 
Hello :)

Delete this folder: (Using Windows Explorer; Windows key +e)

C:\qoobox
________________

Disable system restore:
  • Right click on my computer icon
  • Choose properties
  • Click on system restore tab
  • Select Turn off System Restore
  • Click apply and click OK
  • Reboot!

Enable system restore:
  • Right click on my computer icon
  • Choose properties
  • Click on system restore tab
  • un-check Turn off System Restore
  • Click apply and click OK
  • Reboot!
_________________

Otherwise all logs are clean! How is your computer running now?

  • Clean speech:
  • Use Mozilla firefox or Opera as your browser!
    Mozilla firefox or Opera are better than Internet Explorer.
    Download Mozilla firefox from here!
    Download Opera from here!
  • Install Hosts-file!
    Hosts-file blocks bad web addresses. Remember to update hosts-file regularly.
    Download Hosts-file from here!
  • Install Winpatrol!
    Winpatrol monitors your system and blocks hijacks.
    Download Winpatrol from here!
  • Install AVG Anti-Spyware!
    AVG anti-spyware detecs and removes malware and cleans your register too. Run a scan with Ad-aware regularly and update it before the scan.
    Download AVG anti-spyware from here!
  • Install Ccleaner!
    CCleaner cleans your temporary files and also cleans your register. Run CCleaner regularly.
    Download CCleaner from here!
  • Install Ad-Aware!
    Ad-aware detecs and removes malware and cleans your register too. Run a scan with Ad-aware regularly and update it before the scan.
    Download Ad-aware from here!
  • Install SpywareBlaster!
    Spywareblaster blocks bad activeX-components. Update it regularly.
    Download Spywareblaster from here!
  • System restore!
    Clean and create a new system restore point regularly.
    How do I clean my system restore and the create new system restore point?
    Here are instructions!
  • Keep all programs updated!
    Remember to keep all programs up-to-date, also Windows. So please visit here regularly and install all critical updates.
 
Glad we could help, thank you Markka.

This topic has been moved to archives.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.
 
You must log in or register to reply here.
Back
Top