virtumonde help needed please

C

crazychris

New member
got virtumonde on my computer!
ok here is my logs .



Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 90398
Number of viruses found: 13
Number of infected objects: 40
Number of suspicious objects: 0
Duration of the scan process: 01:04:48

Infected Object Name / Virus Name / Last Action
C:\a5f99c2c23d8c92d4ae6577ade36\%temp%dd_msxml_retMSI.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071207_Time-151239796_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071207_Time-151239796_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_HOME_PC.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_HOME_PC.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\Carin\Local Settings\Temp\cbybwvmc.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Carin\Local Settings\Temp\wogolren.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Carin\Local Settings\Temp\wsubjlpf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Carin\Local Settings\Temporary Internet Files\Content.IE5\PYYSF6PP\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\Documents and Settings\Carin\Local Settings\Temporary Internet Files\Content.IE5\PYYSF6PP\ptch[1] Infected: Trojan.Win32.BHO.abs skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\tophman\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\tophman\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\tophman\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\tophman\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\tophman\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\tophman\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\tophman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\tophman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\tophman\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tophman\Local Settings\Temp\facnghrx.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\tophman\Local Settings\Temp\fwvihmry.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\tophman\Local Settings\Temp\hmfsogfr.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\tophman\Local Settings\Temp\hvlojlll.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\tophman\Local Settings\Temp\Perflib_Perfdata_b04.dat Object is locked skipped
C:\Documents and Settings\tophman\Local Settings\Temp\Perflib_Perfdata_f64.dat Object is locked skipped
C:\Documents and Settings\tophman\Local Settings\Temp\~DF96.tmp Object is locked skipped
C:\Documents and Settings\tophman\Local Settings\Temp\~DFAF.tmp Object is locked skipped
C:\Documents and Settings\tophman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\tophman\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\tophman\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\tophman\Shared\06 Track 6 (twin).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\tophman\Shared\Top of Charts - 2003 (twin).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Program Files\BT Total Broadband 210\Help\log\mpbtn.log Object is locked skipped
C:\Program Files\iTunes\iTunes.Resources\06 Track 6 (twin).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Program Files\iTunes\iTunes.Resources\Top of Charts - 2003 (twin).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Program Files\LimeWire\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Program Files\LimeWire\Imogen Heap - I Megaphone Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Program Files\LimeWire\Imogen Heap - I Megaphone Crack.zip ZIP: infected - 1 skipped
C:\Program Files\LimeWire\Rare Recording.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002552.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP25\A0002553.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0002846.exe Infected: Trojan-Downloader.Win32.Small.guf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0002847.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ayy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0003562.exe Infected: Backdoor.Win32.IRCBot.aro skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP40\A0005208.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP40\A0005209.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP40\A0005210.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP40\A0005211.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.arv skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP41\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Fonts\Setup.exe Infected: Backdoor.Win32.IRCBot.aro skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{97DDF131-8236-4340-A2FE-AB492341A8C2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cbxxuus.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayy skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ffivoxgq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\gebywuv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayy skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hhxuscui.dll Infected: Trojan.Win32.BHO.abs skipped
C:\WINDOWS\system32\iifedbc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayy skipped
C:\WINDOWS\system32\iodcatnt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\nbjhqrdy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\opnnlkl.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayy skipped
C:\WINDOWS\system32\pxayogaw.dll Infected: Trojan.Win32.BHO.abs skipped
C:\WINDOWS\system32\qommklj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\WINDOWS\system32\rfqhfgmc.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ag skipped
C:\WINDOWS\system32\slxkgjlw.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ak skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wvuvsqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
the HJT wouldnt fit so here it is

ok here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:06, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BT Total Broadband 210\Help\bin\mpbtn.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\kpxgdclr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [54d087bf] rundll32.exe "C:\WINDOWS\system32\bueguqqr.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Total Broadband 210\Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\kpxgdclr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10248 bytes
 
Hello and welcome to the Forums :)

You're infected.

Rename HijackThis.exe to skanneri.exe by doing the following;

  • Navigate here using Windows Explorer (windows button + E) or My Computer Local Disk C: C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to skanneri.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Post the fresh HijackThis log here.
 
thank ever so much for your time and help :)
here it is


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:47, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\exwynxov.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\BT Total Broadband 210\Help\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9d31d2a3-821e-47a6-9fe7-8b95fd911b3e} - (no file)
O2 - BHO: {dd297dcc-4375-fd1a-d1b4-053fed84bd8a} - {a8db48de-f350-4b1d-a1df-5734ccd792dd} - C:\WINDOWS\system32\bsatimec.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D9674A2B-9BA5-42F0-833B-AB0E7C14F268} - (no file)
O2 - BHO: (no name) - {F129E2B4-F67B-4443-84B5-23EFEAE16D07} - C:\WINDOWS\system32\pmkhh.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [54d087bf] rundll32.exe "C:\WINDOWS\system32\dvgynyai.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Total Broadband 210\Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\exwynxov.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12076 bytes
 
Hi again :)

The story continues...

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
 
Hi :)

Okay in that case we'll use another tool...

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
here is the log sorry i havent got back sooner



ComboFix 07-12-17.1 - tophman 2007-12-17 17:12:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1426 [GMT 0:00]
Running from: C:\Documents and Settings\tophman\Local Settings\Temporary Internet Files\Content.IE5\6CUZA7AN\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bbdorumj.dll
C:\WINDOWS\system32\bsatimec.dll
C:\WINDOWS\system32\cypopcor.dll
C:\WINDOWS\system32\eeqmsnuv.dll
C:\WINDOWS\system32\ffivoxgq.dll
C:\WINDOWS\system32\fvpovxig.dll
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.bak2
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini2
C:\WINDOWS\system32\hhkmp.tmp
C:\WINDOWS\system32\hhxuscui.dll
C:\WINDOWS\system32\hqggnqem.dll
C:\WINDOWS\system32\iodcatnt.dll
C:\WINDOWS\system32\ipwpoxaw.ini
C:\WINDOWS\system32\jahlusnp.dll
C:\WINDOWS\system32\jxgnvmhs.dll
C:\WINDOWS\system32\khborurv.dll
C:\WINDOWS\system32\kldpbvgo.dll
C:\WINDOWS\system32\kntcsdgq.dll
C:\WINDOWS\system32\laynvhaq.dll
C:\WINDOWS\system32\lpukpghu.dll
C:\WINDOWS\system32\nokudyap.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\pxayogaw.dll
C:\WINDOWS\system32\qgxoviff.ini
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\rfqhfgmc.dll
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rpgbudsp.dll
C:\WINDOWS\system32\seemjqxf.dll
C:\WINDOWS\system32\slxkgjlw.dll
C:\WINDOWS\system32\tntacdoi.ini
C:\WINDOWS\system32\waxopwpi.dll
C:\WINDOWS\system32\wnqndiqt.dll
C:\WINDOWS\system32\wuquodur.dll
C:\WINDOWS\system32\wwsgaksx.dll
C:\WINDOWS\system32\xpiockjp.dll
C:\WINDOWS\system32\ytayrtxk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))
.

2007-12-14 14:53 . 2007-12-17 16:38 2,506 --ahs---- C:\WINDOWS\system32\gunomwvg.ini
2007-12-13 18:18 . 2006-11-07 08:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2007-12-13 18:18 . 2006-11-07 08:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2007-12-13 18:13 . 2006-11-07 08:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2007-12-13 18:13 . 2006-11-07 08:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2007-12-13 18:13 . 2006-11-07 08:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2007-12-13 13:50 . 2007-12-14 14:48 2,386 --ahs---- C:\WINDOWS\system32\ptjgrarx.ini
2007-12-12 03:01 . 2007-12-13 13:47 2,206 --ahs---- C:\WINDOWS\system32\ikvdvjmr.ini
2007-12-12 02:57 . 2007-12-12 02:57 268 --ah----- C:\sqmdata10.sqm
2007-12-12 02:57 . 2007-12-12 02:57 244 --ah----- C:\sqmnoopt10.sqm
2007-12-11 21:18 . 2007-12-12 02:59 2,026 --ahs---- C:\WINDOWS\system32\brdfvsss.ini
2007-12-10 13:43 . 2007-12-11 21:12 1,906 --ahs---- C:\WINDOWS\system32\qeawfrdl.ini
2007-12-09 21:55 . 2007-12-10 13:31 1,606 --ahs---- C:\WINDOWS\system32\mqpagrsi.ini
2007-12-09 20:15 . 2007-12-09 20:15 <DIR> d-------- C:\Program Files\Ares
2007-12-09 19:38 . 2007-12-09 21:54 1,306 --ahs---- C:\WINDOWS\system32\iaynygvd.ini
2007-12-08 21:53 . 2007-12-09 19:35 1,074 --ahs---- C:\WINDOWS\system32\plncakwk.ini
2007-12-08 20:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-08 17:52 . 2007-12-08 22:00 894 --ahs---- C:\WINDOWS\system32\afxaegkd.ini
2007-12-08 13:41 . 2007-12-08 17:47 834 --ahs---- C:\WINDOWS\system32\domfcmim.ini
2007-12-07 21:19 . 2007-12-08 13:36 714 --ahs---- C:\WINDOWS\system32\utrnqsfu.ini
2007-12-07 20:20 . 2007-12-07 20:20 <DIR> d-------- C:\Program Files\uTorrent
2007-12-07 20:06 . 2007-12-07 21:13 594 --ahs---- C:\WINDOWS\system32\riglxouk.ini
2007-12-07 19:49 . 2007-12-07 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-07 15:19 . 2007-12-07 20:03 474 --ahs---- C:\WINDOWS\system32\rqqugeub.ini
2007-12-07 15:18 . 2007-12-07 15:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-07 15:18 . 2007-12-07 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-06 22:56 . 2007-12-06 22:56 <DIR> d-------- C:\VundoFix Backups
2007-12-06 22:24 . 2007-12-07 15:14 354 --ahs---- C:\WINDOWS\system32\ydrqhjbn.ini
2007-12-04 16:35 . 2007-12-04 16:35 1,134 --ahs---- C:\WINDOWS\system32\bryvnhyx.ini
2007-12-03 16:38 . 2007-12-04 17:07 1,014 --ahs---- C:\WINDOWS\system32\gdvfxwmg.ini
2007-12-02 12:20 . 2007-12-02 12:22 <DIR> d-------- C:\Documents and Settings\lizzy\Shared
2007-12-02 00:06 . 2007-12-03 16:29 474 --ahs---- C:\WINDOWS\system32\exnlwpat.ini
2007-12-01 23:57 . 2007-12-01 23:57 5,620 --a------ C:\WINDOWS\system32\ivogskfe.dll
2007-11-29 16:54 . 2007-11-29 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-29 12:59 . 2007-11-29 12:59 <DIR> d-------- C:\Program Files\MSBuild
2007-11-29 12:56 . 2007-12-07 21:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-29 12:56 . 2007-11-29 12:56 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-29 12:55 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-11-29 12:49 . 2007-11-29 12:49 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-29 12:49 . 2006-10-04 14:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-11-29 12:49 . 2006-10-04 14:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-11-29 12:49 . 2006-10-04 14:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-11-29 12:48 . 2007-11-29 12:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-29 12:46 . 2007-11-29 12:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-29 12:46 . 2007-11-29 12:47 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-29 12:37 . 2006-11-13 06:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-11-29 12:37 . 2006-11-13 06:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-11-29 12:37 . 2006-11-13 06:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-11-29 12:30 . 2007-12-17 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-28 16:05 . 2007-11-28 16:05 23,696 --a------ C:\WINDOWS\system32\ddcabba.dll
2007-11-27 12:32 . 2007-11-27 13:47 <DIR> d-------- C:\Program Files\Incomplete
2007-11-27 12:25 . 2007-12-05 18:48 <DIR> d-------- C:\Program Files\LimeWire
2007-11-27 08:54 . 2007-11-27 08:54 <DIR> d-------- C:\Program Files\IrfanView
2007-11-27 00:39 . 2007-11-27 00:39 268 --ah----- C:\sqmdata09.sqm
2007-11-27 00:39 . 2007-11-27 00:39 244 --ah----- C:\sqmnoopt09.sqm
2007-11-27 00:33 . 2007-11-27 00:33 268 --ah----- C:\sqmdata08.sqm
2007-11-27 00:33 . 2007-11-27 00:33 244 --ah----- C:\sqmnoopt08.sqm
2007-11-26 15:37 . 2007-08-28 20:21 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Roxio
2007-11-26 15:37 . 2007-08-28 20:10 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\InstallShield
2007-11-26 15:37 . 2007-08-28 20:17 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\GTek
2007-11-26 15:37 . 2007-08-28 20:21 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\ATI
2007-11-23 17:41 . 2007-11-23 17:41 268 --ah----- C:\sqmdata07.sqm
2007-11-23 17:41 . 2007-11-23 17:41 244 --ah----- C:\sqmnoopt07.sqm
2007-11-23 13:31 . 2007-11-29 18:25 <DIR> d-------- C:\Temp
2007-11-21 00:29 . 2007-11-21 00:29 268 --ah----- C:\sqmdata06.sqm
2007-11-21 00:29 . 2007-11-21 00:29 244 --ah----- C:\sqmnoopt06.sqm
2007-11-20 15:27 . 2007-12-17 16:49 <DIR> d-------- C:\QUARANTINE
2007-11-20 11:26 . 2007-11-29 18:36 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-20 10:57 . 2007-12-04 16:46 <DIR> d-------- C:\Program Files\Microsoft Games
2007-11-19 23:03 . 2007-11-20 23:17 2,740 --a------ C:\Documents and Settings\Carin\z.dat
2007-11-19 23:03 . 2007-11-20 23:17 1,176 --a------ C:\Documents and Settings\Carin\x.dat
2007-11-19 21:54 . 2007-11-20 14:34 <DIR> d-------- C:\Program Files\IGZones
2007-11-19 21:10 . 2007-11-19 21:10 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-19 21:08 . 2007-11-19 21:12 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-11-19 21:07 . 2007-11-20 10:55 881 --a------ C:\Documents and Settings\tophman\x.dat
2007-11-19 21:06 . 2007-11-20 10:55 4,328 --a------ C:\Documents and Settings\tophman\z.dat
2007-11-18 18:03 . 2007-11-18 18:03 268 --ah----- C:\sqmdata05.sqm
2007-11-18 18:03 . 2007-11-18 18:03 244 --ah----- C:\sqmnoopt05.sqm
2007-11-18 14:20 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

.
 
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 14:36 --------- d-----w C:\Program Files\LogMeIn
2007-12-08 20:06 --------- d-----w C:\Program Files\Java
2007-12-03 16:58 --------- d-----w C:\Documents and Settings\tophman\Application Data\LimeWire
2007-11-29 12:30 --------- d-----w C:\Program Files\Google
2007-11-27 12:32 --------- d-----w C:\Documents and Settings\lizzy\Application Data\LimeWire
2007-11-15 18:46 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-11-15 18:46 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-11-15 18:46 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-11-15 18:46 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-11-15 18:46 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-11-14 22:03 --------- d-----w C:\Program Files\World of Warcraft
2007-11-13 23:29 --------- d--h--w C:\Documents and Settings\lizzy\Application Data\GTek
2007-11-13 21:17 --------- d--h--w C:\Documents and Settings\tophman\Application Data\GTek
2007-11-13 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 01:04 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-12 23:28 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-12 19:34 --------- d--h--w C:\Documents and Settings\tophman\Application Data\yahoo!
2007-11-12 19:22 --------- d-----w C:\Documents and Settings\tophman\Application Data\Apple Computer
2007-11-12 18:58 --------- d-----w C:\Documents and Settings\tophman\Application Data\Logitech
2007-11-12 17:40 --------- d-----w C:\Program Files\iTunes
2007-11-12 17:31 --------- d-----w C:\Program Files\QuickTime
2007-11-12 17:31 --------- d-----w C:\Program Files\iPod
2007-11-12 17:31 --------- d-----w C:\Program Files\Apple Software Update
2007-11-12 17:31 --------- d-----w C:\Documents and Settings\lizzy\Application Data\Apple Computer
2007-11-12 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-12 17:30 --------- d-----w C:\Program Files\Common Files\Apple
2007-11-12 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-12 16:51 --------- d-----w C:\Documents and Settings\lizzy\Application Data\Yahoo!
2007-11-12 16:51 --------- d-----w C:\Documents and Settings\lizzy\Application Data\Logitech
2007-11-12 16:47 --------- d-----w C:\Program Files\Windows Live
2007-11-12 16:45 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-12 16:45 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-12 16:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-12 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-12 12:28 --------- d--h--w C:\Documents and Settings\Carin\Application Data\GTek
2007-11-12 12:15 --------- d-----w C:\Documents and Settings\Carin\Application Data\Motive
2007-11-12 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-12 11:54 --------- d-----w C:\Documents and Settings\Carin\Application Data\Yahoo!
2007-11-12 11:52 --------- d-----w C:\Program Files\Yahoo!
2007-11-12 11:48 --------- d-----w C:\Program Files\BT Total Broadband 210
2007-11-12 11:45 155,995 ----a-w C:\WINDOWS\java\Packages\75RTBPJL.ZIP
2007-11-12 11:45 --------- d-----w C:\Program Files\Motive
2007-11-12 11:45 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-12 11:45 --------- d-----w C:\Program Files\btbb_wcm
2007-11-12 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2007-11-12 11:30 --------- d-----w C:\Program Files\SereneScreen
2007-11-12 11:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-12 11:25 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-12 11:23 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-12 11:17 --------- d-----w C:\Program Files\Network Associates
2007-11-12 11:17 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-11-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-12 11:16 --------- d-----w C:\Program Files\Common Files\Network Associates
2007-11-12 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-12 10:51 --------- d-----w C:\Documents and Settings\Carin\Application Data\Logitech
2007-11-12 10:50 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-12 10:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 10:50 --------- d-----w C:\Program Files\Logitech
2007-11-12 10:49 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-12 10:49 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-11-12 10:48 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-12 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-31 13:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 01:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 01:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 01:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 01:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 09:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 09:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 09:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 20:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 19:41 C:\WINDOWS\RTHDCPL.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 10:22]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 08:00]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 16:23]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 10:22]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 10:20]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BT Broadband Desktop Help.lnk - C:\Program Files\BT Total Broadband 210\Help\bin\matcli.exe [2007-11-12 11:45:12]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-29 12:30:02]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-12 10:50:27]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-12 10:48:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-02-06 18:52 462935 --a------ C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35]
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-18 08:00]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 10:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 10:20]
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-09-12 10:20]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2002-03-21 09:14]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-10-24 14:10]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]

.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 19:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-12-14 20:25:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 17:18:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-17 17:19:13 - machine was rebooted
.
2007-12-13 15:55:24 --- E O F ---
 
Hi again, we'll continue :)

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\system32\gunomwvg.ini
C:\WINDOWS\system32\ptjgrarx.ini
C:\WINDOWS\system32\ikvdvjmr.ini
C:\WINDOWS\system32\brdfvsss.ini
C:\WINDOWS\system32\qeawfrdl.ini
C:\WINDOWS\system32\mqpagrsi.ini
C:\WINDOWS\system32\iaynygvd.ini
C:\WINDOWS\system32\plncakwk.ini
C:\WINDOWS\system32\javacpl.cpl
C:\WINDOWS\system32\afxaegkd.ini
C:\WINDOWS\system32\domfcmim.ini
C:\WINDOWS\system32\utrnqsfu.ini
C:\WINDOWS\system32\riglxouk.ini
C:\WINDOWS\system32\rqqugeub.ini
C:\WINDOWS\system32\ydrqhjbn.ini
C:\WINDOWS\system32\bryvnhyx.ini
C:\WINDOWS\system32\gdvfxwmg.ini
C:\WINDOWS\system32\exnlwpat.ini
C:\WINDOWS\system32\ivogskfe.dll
C:\WINDOWS\system32\ddcabba.dll
C:\WINDOWS\system32\mcrh.tmp
C:\Documents and Settings\Carin\z.dat
C:\Documents and Settings\Carin\x.dat
C:\Documents and Settings\tophman\x.dat
C:\Documents and Settings\tophman\z.dat
C:\WINDOWS\Fonts\svchost.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]

Save this as "CFScript"

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
ComboFix 07-12-21.4 - tophman 2007-12-22 17:02:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1371 [GMT 0:00]
Running from: C:\Documents and Settings\tophman\Local Settings\Temporary Internet Files\Content.IE5\6GVF66CQ\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.

2007-12-22 16:55 . 2007-12-22 16:57 <DIR> d-------- C:\Documents and Settings\tophman\Application Data\AVG7
2007-12-20 19:10 . 2007-12-20 19:10 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-17 19:58 . 2006-11-07 08:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys
2007-12-17 18:09 . 2007-12-17 18:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-17 18:09 . 2007-12-21 11:07 <DIR> d-------- C:\Documents and Settings\lizzy\Application Data\AVG7
2007-12-17 18:09 . 2007-12-17 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-17 18:09 . 2007-12-18 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-14 14:53 . 2007-12-17 16:38 2,506 --ahs---- C:\WINDOWS\system32\gunomwvg.ini
2007-12-13 18:18 . 2006-11-07 08:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2007-12-13 18:18 . 2006-11-07 08:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2007-12-13 18:13 . 2006-11-07 08:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2007-12-13 18:13 . 2006-11-07 08:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2007-12-13 18:13 . 2006-11-07 08:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2007-12-13 13:50 . 2007-12-14 14:48 2,386 --ahs---- C:\WINDOWS\system32\ptjgrarx.ini
2007-12-12 03:01 . 2007-12-13 13:47 2,206 --ahs---- C:\WINDOWS\system32\ikvdvjmr.ini
2007-12-12 02:57 . 2007-12-12 02:57 268 --ah----- C:\sqmdata10.sqm
2007-12-12 02:57 . 2007-12-12 02:57 244 --ah----- C:\sqmnoopt10.sqm
2007-12-11 21:18 . 2007-12-12 02:59 2,026 --ahs---- C:\WINDOWS\system32\brdfvsss.ini
2007-12-10 13:43 . 2007-12-11 21:12 1,906 --ahs---- C:\WINDOWS\system32\qeawfrdl.ini
2007-12-09 21:55 . 2007-12-10 13:31 1,606 --ahs---- C:\WINDOWS\system32\mqpagrsi.ini
2007-12-09 20:15 . 2007-12-09 20:15 <DIR> d-------- C:\Program Files\Ares
2007-12-09 19:38 . 2007-12-09 21:54 1,306 --ahs---- C:\WINDOWS\system32\iaynygvd.ini
2007-12-08 21:53 . 2007-12-09 19:35 1,074 --ahs---- C:\WINDOWS\system32\plncakwk.ini
2007-12-08 20:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-08 17:52 . 2007-12-08 22:00 894 --ahs---- C:\WINDOWS\system32\afxaegkd.ini
2007-12-08 13:41 . 2007-12-08 17:47 834 --ahs---- C:\WINDOWS\system32\domfcmim.ini
2007-12-07 21:19 . 2007-12-08 13:36 714 --ahs---- C:\WINDOWS\system32\utrnqsfu.ini
2007-12-07 20:20 . 2007-12-07 20:20 <DIR> d-------- C:\Program Files\uTorrent
2007-12-07 20:06 . 2007-12-07 21:13 594 --ahs---- C:\WINDOWS\system32\riglxouk.ini
2007-12-07 19:49 . 2007-12-07 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-07 15:19 . 2007-12-07 20:03 474 --ahs---- C:\WINDOWS\system32\rqqugeub.ini
2007-12-07 15:18 . 2007-12-07 15:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-07 15:18 . 2007-12-07 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-06 22:56 . 2007-12-06 22:56 <DIR> d-------- C:\VundoFix Backups
2007-12-06 22:24 . 2007-12-07 15:14 354 --ahs---- C:\WINDOWS\system32\ydrqhjbn.ini
2007-12-04 16:35 . 2007-12-04 16:35 1,134 --ahs---- C:\WINDOWS\system32\bryvnhyx.ini
2007-12-03 16:38 . 2007-12-04 17:07 1,014 --ahs---- C:\WINDOWS\system32\gdvfxwmg.ini
2007-12-02 12:20 . 2007-12-02 12:22 <DIR> d-------- C:\Documents and Settings\lizzy\Shared
2007-12-02 00:06 . 2007-12-03 16:29 474 --ahs---- C:\WINDOWS\system32\exnlwpat.ini
2007-12-01 23:57 . 2007-12-01 23:57 5,620 --a------ C:\WINDOWS\system32\ivogskfe.dll
2007-11-29 16:54 . 2007-11-29 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-29 12:59 . 2007-11-29 12:59 <DIR> d-------- C:\Program Files\MSBuild
2007-11-29 12:56 . 2007-12-07 21:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-29 12:56 . 2007-11-29 12:56 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-29 12:55 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-11-29 12:49 . 2007-11-29 12:49 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-29 12:49 . 2006-10-04 14:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-11-29 12:49 . 2006-10-04 14:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-11-29 12:49 . 2006-10-04 14:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-11-29 12:48 . 2007-11-29 12:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-29 12:46 . 2007-11-29 12:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-29 12:46 . 2007-11-29 12:47 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-29 12:37 . 2006-11-13 06:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-11-29 12:37 . 2006-11-13 06:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-11-29 12:37 . 2006-11-13 06:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-11-29 12:30 . 2007-12-21 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-28 16:05 . 2007-11-28 16:05 23,696 --a------ C:\WINDOWS\system32\ddcabba.dll
2007-11-27 12:32 . 2007-11-27 13:47 <DIR> d-------- C:\Program Files\Incomplete
2007-11-27 12:25 . 2007-12-05 18:48 <DIR> d-------- C:\Program Files\LimeWire
2007-11-27 08:54 . 2007-11-27 08:54 <DIR> d-------- C:\Program Files\IrfanView
2007-11-27 00:39 . 2007-11-27 00:39 268 --ah----- C:\sqmdata09.sqm
2007-11-27 00:39 . 2007-11-27 00:39 244 --ah----- C:\sqmnoopt09.sqm
2007-11-27 00:33 . 2007-11-27 00:33 268 --ah----- C:\sqmdata08.sqm
2007-11-27 00:33 . 2007-11-27 00:33 244 --ah----- C:\sqmnoopt08.sqm
2007-11-26 15:37 . 2007-08-28 20:21 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Roxio
2007-11-26 15:37 . 2007-08-28 20:10 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\InstallShield
2007-11-26 15:37 . 2007-08-28 20:17 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\GTek
2007-11-26 15:37 . 2007-08-28 20:21 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\ATI
2007-11-23 17:41 . 2007-11-23 17:41 268 --ah----- C:\sqmdata07.sqm
2007-11-23 17:41 . 2007-11-23 17:41 244 --ah----- C:\sqmnoopt07.sqm
2007-11-23 13:31 . 2007-11-29 18:25 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 19:11 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-09 14:36 --------- d-----w C:\Program Files\LogMeIn
2007-12-08 20:06 --------- d-----w C:\Program Files\Java
2007-12-04 16:46 --------- d-----w C:\Program Files\Microsoft Games
2007-12-03 16:58 --------- d-----w C:\Documents and Settings\tophman\Application Data\LimeWire
2007-11-29 12:30 --------- d-----w C:\Program Files\Google
2007-11-27 12:32 --------- d-----w C:\Documents and Settings\lizzy\Application Data\LimeWire
2007-11-20 23:17 2,740 ----a-w C:\Documents and Settings\Carin\z.dat
2007-11-20 23:17 1,176 ----a-w C:\Documents and Settings\Carin\x.dat
2007-11-20 14:34 --------- d-----w C:\Program Files\IGZones
2007-11-20 10:55 881 ----a-w C:\Documents and Settings\tophman\x.dat
2007-11-20 10:55 4,328 ----a-w C:\Documents and Settings\tophman\z.dat
2007-11-19 21:10 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-11-15 18:46 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-11-15 18:46 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-11-15 18:46 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-11-15 18:46 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-11-15 18:46 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-11-14 22:03 --------- d-----w C:\Program Files\World of Warcraft
2007-11-13 23:29 --------- d--h--w C:\Documents and Settings\lizzy\Application Data\GTek
2007-11-13 21:17 --------- d--h--w C:\Documents and Settings\tophman\Application Data\GTek
2007-11-13 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 01:04 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-12 23:28 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-12 19:34 --------- d--h--w C:\Documents and Settings\tophman\Application Data\yahoo!
2007-11-12 19:22 --------- d-----w C:\Documents and Settings\tophman\Application Data\Apple Computer
2007-11-12 18:58 --------- d-----w C:\Documents and Settings\tophman\Application Data\Logitech
2007-11-12 17:40 --------- d-----w C:\Program Files\iTunes
2007-11-12 17:31 --------- d-----w C:\Program Files\QuickTime
2007-11-12 17:31 --------- d-----w C:\Program Files\iPod
2007-11-12 17:31 --------- d-----w C:\Program Files\Apple Software Update
2007-11-12 17:31 --------- d-----w C:\Documents and Settings\lizzy\Application Data\Apple Computer
2007-11-12 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-12 17:30 --------- d-----w C:\Program Files\Common Files\Apple
2007-11-12 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-12 16:51 --------- d-----w C:\Documents and Settings\lizzy\Application Data\Yahoo!
2007-11-12 16:51 --------- d-----w C:\Documents and Settings\lizzy\Application Data\Logitech
2007-11-12 16:47 --------- d-----w C:\Program Files\Windows Live
2007-11-12 16:45 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-12 16:45 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-12 16:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-12 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-12 12:28 --------- d--h--w C:\Documents and Settings\Carin\Application Data\GTek
2007-11-12 12:15 --------- d-----w C:\Documents and Settings\Carin\Application Data\Motive
2007-11-12 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-12 11:54 --------- d-----w C:\Documents and Settings\Carin\Application Data\Yahoo!
2007-11-12 11:52 --------- d-----w C:\Program Files\Yahoo!
2007-11-12 11:48 --------- d-----w C:\Program Files\BT Total Broadband 210
2007-11-12 11:45 155,995 ----a-w C:\WINDOWS\java\Packages\75RTBPJL.ZIP
2007-11-12 11:45 --------- d-----w C:\Program Files\Motive
2007-11-12 11:45 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-12 11:45 --------- d-----w C:\Program Files\btbb_wcm
2007-11-12 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2007-11-12 11:30 --------- d-----w C:\Program Files\SereneScreen
2007-11-12 11:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-12 11:25 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-12 11:23 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-12 11:17 --------- d-----w C:\Program Files\Network Associates
2007-11-12 11:17 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-11-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-12 11:16 --------- d-----w C:\Program Files\Common Files\Network Associates
2007-11-12 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-12 10:51 --------- d-----w C:\Documents and Settings\Carin\Application Data\Logitech
2007-11-12 10:50 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-12 10:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 10:50 --------- d-----w C:\Program Files\Logitech
2007-11-12 10:49 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-12 10:49 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-11-12 10:48 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-12 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-31 13:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 01:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 01:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 01:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 01:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 09:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 09:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 09:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-17_17.18.50.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-17 18:09:23 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-12-17 18:09:25 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2007-12-17 18:09:25 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2007-12-20 19:06:04 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2007-12-20 19:05:50 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 20:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 19:41 C:\WINDOWS\RTHDCPL.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 10:22]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 08:00]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 16:23]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 10:22]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 10:20]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 19:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-17 18:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BT Broadband Desktop Help.lnk - C:\Program Files\BT Total Broadband 210\Help\bin\matcli.exe [2007-11-12 11:45:12]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-29 12:30:02]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-12 10:50:27]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-12 10:48:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-02-06 18:52 462935 --a------ C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35]
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-18 08:00]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 10:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 10:20]
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-09-12 10:20]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2002-03-21 09:14]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-10-24 14:10]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2007-12-17 19:42:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-21 20:25:47 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 17:03:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\DLAAPI_W.DLL
.
Completion time: 2007-12-22 17:03:55
C:\ComboFix2.txt ... 2007-12-17 17:19
.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:32, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Total Broadband 210\Help\bin\mpbtn.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Total Broadband 210\Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11611 bytes
 
Hi, we'll continue :)

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\system32\gunomwvg.ini
C:\WINDOWS\system32\ptjgrarx.ini
C:\WINDOWS\system32\ikvdvjmr.ini
C:\WINDOWS\system32\brdfvsss.ini
C:\WINDOWS\system32\qeawfrdl.ini
C:\WINDOWS\system32\mqpagrsi.ini
C:\WINDOWS\system32\iaynygvd.ini
C:\WINDOWS\system32\plncakwk.ini
C:\WINDOWS\system32\afxaegkd.ini
C:\WINDOWS\system32\domfcmim.ini
C:\WINDOWS\system32\utrnqsfu.ini
C:\WINDOWS\system32\riglxouk.ini
C:\WINDOWS\system32\rqqugeub.ini
C:\WINDOWS\system32\ydrqhjbn.ini
C:\WINDOWS\system32\bryvnhyx.ini
C:\WINDOWS\system32\gdvfxwmg.ini
C:\WINDOWS\system32\exnlwpat.ini
C:\WINDOWS\system32\ivogskfe.dll
C:\WINDOWS\system32\ddcabba.dll
C:\Documents and Settings\Carin\z.dat
C:\Documents and Settings\Carin\x.dat
C:\Documents and Settings\tophman\x.dat
C:\Documents and Settings\tophman\z.dat
C:\WINDOWS\Fonts\svchost.exe

Save this as "CFScript"

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
Last edited:
ComboFix 07-12-21.4 - tophman 2007-12-30 13:50:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1100 [GMT 0:00]
Running from: C:\Documents and Settings\tophman\Local Settings\Temporary Internet Files\Content.IE5\BID75H1J\ComboFix[1].exe
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-26 10:30 . 2007-12-26 10:31 <DIR> d-------- C:\Documents and Settings\Carin\Application Data\AVG7
2007-12-22 16:55 . 2007-12-30 13:38 <DIR> d-------- C:\Documents and Settings\tophman\Application Data\AVG7
2007-12-20 19:10 . 2007-12-20 19:10 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-17 19:58 . 2006-11-07 08:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys
2007-12-17 18:09 . 2007-12-17 18:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-17 18:09 . 2007-12-29 15:22 <DIR> d-------- C:\Documents and Settings\lizzy\Application Data\AVG7
2007-12-17 18:09 . 2007-12-17 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-17 18:09 . 2007-12-18 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-14 14:53 . 2007-12-17 16:38 2,506 --ahs---- C:\WINDOWS\system32\gunomwvg.ini
2007-12-13 18:18 . 2006-11-07 08:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2007-12-13 18:18 . 2006-11-07 08:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2007-12-13 18:13 . 2006-11-07 08:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2007-12-13 18:13 . 2006-11-07 08:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2007-12-13 18:13 . 2006-11-07 08:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2007-12-13 13:50 . 2007-12-14 14:48 2,386 --ahs---- C:\WINDOWS\system32\ptjgrarx.ini
2007-12-12 03:01 . 2007-12-13 13:47 2,206 --ahs---- C:\WINDOWS\system32\ikvdvjmr.ini
2007-12-12 02:57 . 2007-12-12 02:57 268 --ah----- C:\sqmdata10.sqm
2007-12-12 02:57 . 2007-12-12 02:57 244 --ah----- C:\sqmnoopt10.sqm
2007-12-11 21:18 . 2007-12-12 02:59 2,026 --ahs---- C:\WINDOWS\system32\brdfvsss.ini
2007-12-10 13:43 . 2007-12-11 21:12 1,906 --ahs---- C:\WINDOWS\system32\qeawfrdl.ini
2007-12-09 21:55 . 2007-12-10 13:31 1,606 --ahs---- C:\WINDOWS\system32\mqpagrsi.ini
2007-12-09 20:15 . 2007-12-09 20:15 <DIR> d-------- C:\Program Files\Ares
2007-12-09 19:38 . 2007-12-09 21:54 1,306 --ahs---- C:\WINDOWS\system32\iaynygvd.ini
2007-12-08 21:53 . 2007-12-09 19:35 1,074 --ahs---- C:\WINDOWS\system32\plncakwk.ini
2007-12-08 20:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-08 17:52 . 2007-12-08 22:00 894 --ahs---- C:\WINDOWS\system32\afxaegkd.ini
2007-12-08 13:41 . 2007-12-08 17:47 834 --ahs---- C:\WINDOWS\system32\domfcmim.ini
2007-12-07 21:19 . 2007-12-08 13:36 714 --ahs---- C:\WINDOWS\system32\utrnqsfu.ini
2007-12-07 20:06 . 2007-12-07 21:13 594 --ahs---- C:\WINDOWS\system32\riglxouk.ini
2007-12-07 19:49 . 2007-12-07 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-07 15:19 . 2007-12-07 20:03 474 --ahs---- C:\WINDOWS\system32\rqqugeub.ini
2007-12-07 15:18 . 2007-12-07 15:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-07 15:18 . 2007-12-07 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-06 22:56 . 2007-12-06 22:56 <DIR> d-------- C:\VundoFix Backups
2007-12-06 22:24 . 2007-12-07 15:14 354 --ahs---- C:\WINDOWS\system32\ydrqhjbn.ini
2007-12-04 16:35 . 2007-12-04 16:35 1,134 --ahs---- C:\WINDOWS\system32\bryvnhyx.ini
2007-12-03 16:38 . 2007-12-04 17:07 1,014 --ahs---- C:\WINDOWS\system32\gdvfxwmg.ini
2007-12-02 12:20 . 2007-12-02 12:22 <DIR> d-------- C:\Documents and Settings\lizzy\Shared
2007-12-02 00:06 . 2007-12-03 16:29 474 --ahs---- C:\WINDOWS\system32\exnlwpat.ini
2007-12-01 23:57 . 2007-12-01 23:57 5,620 --a------ C:\WINDOWS\system32\ivogskfe.dll
2007-11-29 16:54 . 2007-11-29 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-29 12:59 . 2007-11-29 12:59 <DIR> d-------- C:\Program Files\MSBuild
2007-11-29 12:56 . 2007-12-07 21:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-29 12:56 . 2007-11-29 12:56 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-11-29 12:55 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-11-29 12:49 . 2007-11-29 12:49 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-29 12:49 . 2006-10-04 14:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-11-29 12:49 . 2006-10-04 14:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-11-29 12:49 . 2006-10-04 14:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-11-29 12:48 . 2007-11-29 12:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-29 12:46 . 2007-11-29 12:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-29 12:46 . 2007-11-29 12:47 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-29 12:37 . 2006-11-13 06:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-11-29 12:37 . 2006-11-13 06:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-11-29 12:37 . 2006-11-13 06:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-11-29 12:30 . 2007-12-30 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-27 12:32 . 2007-11-27 13:47 <DIR> d-------- C:\Program Files\Incomplete
2007-11-27 12:25 . 2007-12-05 18:48 <DIR> d-------- C:\Program Files\LimeWire
2007-11-27 08:54 . 2007-11-27 08:54 <DIR> d-------- C:\Program Files\IrfanView
2007-11-27 00:39 . 2007-11-27 00:39 268 --ah----- C:\sqmdata09.sqm
2007-11-27 00:39 . 2007-11-27 00:39 244 --ah----- C:\sqmnoopt09.sqm
2007-11-27 00:33 . 2007-11-27 00:33 268 --ah----- C:\sqmdata08.sqm
2007-11-27 00:33 . 2007-11-27 00:33 244 --ah----- C:\sqmnoopt08.sqm
2007-11-26 15:37 . 2007-08-28 20:21 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Roxio
2007-11-26 15:37 . 2007-08-28 20:10 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\InstallShield
2007-11-26 15:37 . 2007-08-28 20:17 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\GTek
2007-11-26 15:37 . 2007-08-28 20:21 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\ATI
2007-11-23 17:41 . 2007-11-23 17:41 268 --ah----- C:\sqmdata07.sqm
2007-11-23 17:41 . 2007-11-23 17:41 244 --ah----- C:\sqmnoopt07.sqm
2007-11-23 13:31 . 2007-11-29 18:25 <DIR> d-------- C:\Temp
2007-11-21 00:29 . 2007-11-21 00:29 268 --ah----- C:\sqmdata06.sqm
2007-11-21 00:29 . 2007-11-21 00:29 244 --ah----- C:\sqmnoopt06.sqm
2007-11-20 15:27 . 2007-12-17 18:53 <DIR> d-------- C:\QUARANTINE
2007-11-20 11:26 . 2007-11-29 18:36 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-20 10:57 . 2007-12-04 16:46 <DIR> d-------- C:\Program Files\Microsoft Games
2007-11-19 23:03 . 2007-11-20 23:17 2,740 --a------ C:\Documents and Settings\Carin\z.dat
2007-11-19 23:03 . 2007-11-20 23:17 1,176 --a------ C:\Documents and Settings\Carin\x.dat
2007-11-19 21:54 . 2007-11-20 14:34 <DIR> d-------- C:\Program Files\IGZones
2007-11-19 21:10 . 2007-11-19 21:10 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-19 21:08 . 2007-12-20 19:11 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-11-19 21:07 . 2007-11-20 10:55 881 --a------ C:\Documents and Settings\tophman\x.dat
2007-11-19 21:06 . 2007-11-20 10:55 4,328 --a------ C:\Documents and Settings\tophman\z.dat
2007-11-18 18:03 . 2007-11-18 18:03 268 --ah----- C:\sqmdata05.sqm
2007-11-18 18:03 . 2007-11-18 18:03 244 --ah----- C:\sqmnoopt05.sqm
2007-11-18 14:20 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-13 01:08 . 2006-08-21 09:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-13 01:08 . 2006-08-21 09:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-13 01:08 . 2006-08-21 12:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-13 01:04 . 2007-11-13 01:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-12 23:28 . 2007-11-12 23:28 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-11-12 23:27 . 2007-11-14 22:03 <DIR> d-------- C:\Program Files\World of Warcraft
2007-11-12 21:29 . 2007-11-12 21:29 <DIR> d--hs---- C:\Documents and Settings\lizzy\UserData
2007-11-12 20:56 . 2007-11-12 20:56 <DIR> d--hs---- C:\Documents and Settings\tophman\UserData
2007-11-12 19:35 . 2007-07-09 13:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-12 19:33 . 2007-11-12 19:34 <DIR> d--h----- C:\Documents and Settings\tophman\Application Data\yahoo!
2007-11-12 19:22 . 2007-11-12 19:22 <DIR> d-------- C:\Documents and Settings\tophman\Application Data\Apple Computer
2007-11-12 19:21 . 2007-11-12 20:56 <DIR> d-------- C:\Documents and Settings\tophman\Contacts
2007-11-12 19:20 . 2007-12-07 21:19 <DIR> d-------- C:\Documents and Settings\tophman\Shared
2007-11-12 19:20 . 2007-12-03 18:31 <DIR> d-------- C:\Documents and Settings\tophman\Incomplete
2007-11-12 19:18 . 2007-12-03 16:58 <DIR> d-------- C:\Documents and Settings\tophman\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-08 20:06 --------- d-----w C:\Program Files\Java
2007-11-29 12:30 --------- d-----w C:\Program Files\Google
2007-11-15 18:46 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-11-15 18:46 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 11:45 155,995 ----a-w C:\WINDOWS\java\Packages\75RTBPJL.ZIP
2007-11-12 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-12 10:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-31 13:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 01:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 01:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 01:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 01:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 09:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 09:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 09:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-09 13:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 13:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 13:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 13:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 13:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 13:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 13:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 13:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 12:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
.
 
((((((((((((((((((((((((((((( snapshot@2007-12-17_17.18.50.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-08 20:14:48 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-26 10:39:50 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-08 20:14:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-26 10:39:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-08 20:14:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-26 10:39:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-17 18:09:23 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-12-17 18:09:25 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2007-12-17 18:09:25 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2007-12-20 19:06:04 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2007-12-20 19:05:50 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d31d2a3-821e-47a6-9fe7-8b95fd911b3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9674A2B-9BA5-42F0-833B-AB0E7C14F268}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 20:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 19:41 C:\WINDOWS\RTHDCPL.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 10:22]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 08:00]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 16:23]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 10:22]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 10:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 19:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-17 18:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BT Broadband Desktop Help.lnk - C:\Program Files\BT Total Broadband 210\Help\bin\matcli.exe [2007-11-12 11:45:12]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-29 12:30:02]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-12 10:50:27]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-12 10:48:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-02-06 18:52 462935 --a------ C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35]
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-08-18 08:00]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 10:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 10:20]
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-09-12 10:20]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2002-03-21 09:14]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-10-24 14:10]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-24 19:42:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-29 16:25:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 13:52:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\DLAAPI_W.DLL
.
Completion time: 2007-12-30 13:52:28
C:\ComboFix2.txt ... 2007-12-22 17:03
C:\ComboFix3.txt ... 2007-12-17 17:19
.
2007-12-13 15:55:24 --- E O F ---
 
HJT REPORT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:51, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\BT Total Broadband 210\Help\bin\mpbtn.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9d31d2a3-821e-47a6-9fe7-8b95fd911b3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D9674A2B-9BA5-42F0-833B-AB0E7C14F268} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Total Broadband 210\Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12016 bytes
 
Hi again :)

I don't think that you followed my instructions correctly. Did you move the CFScript to the ComboFix.exe? Please do this again:

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\system32\gunomwvg.ini
C:\WINDOWS\system32\ptjgrarx.ini
C:\WINDOWS\system32\ikvdvjmr.ini
C:\WINDOWS\system32\brdfvsss.ini
C:\WINDOWS\system32\qeawfrdl.ini
C:\WINDOWS\system32\mqpagrsi.ini
C:\WINDOWS\system32\iaynygvd.ini
C:\WINDOWS\system32\plncakwk.ini
C:\WINDOWS\system32\afxaegkd.ini
C:\WINDOWS\system32\domfcmim.ini
C:\WINDOWS\system32\utrnqsfu.ini
C:\WINDOWS\system32\riglxouk.ini
C:\WINDOWS\system32\rqqugeub.ini
C:\WINDOWS\system32\ydrqhjbn.ini
C:\WINDOWS\system32\bryvnhyx.ini
C:\WINDOWS\system32\gdvfxwmg.ini
C:\WINDOWS\system32\exnlwpat.ini
C:\WINDOWS\system32\ivogskfe.dll
C:\WINDOWS\system32\ddcabba.dll
C:\Documents and Settings\Carin\z.dat
C:\Documents and Settings\Carin\x.dat
C:\Documents and Settings\tophman\x.dat
C:\Documents and Settings\tophman\z.dat
C:\WINDOWS\Fonts\svchost.exe

Save this as "CFScript"

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
ComboFix 08-01-04.1 - tophman 2008-01-06 15:52:42.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1069 [GMT 0:00]
Running from: C:\Documents and Settings\tophman\Local Settings\Temporary Internet Files\Content.IE5\611XN8WX\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 15:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-26 10:30 . 2007-12-26 10:31 <DIR> d-------- C:\Documents and Settings\Carin\Application Data\AVG7
2007-12-22 16:55 . 2008-01-06 15:49 <DIR> d-------- C:\Documents and Settings\tophman\Application Data\AVG7
2007-12-20 19:10 . 2007-12-20 19:10 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-17 19:58 . 2006-11-07 08:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys
2007-12-17 18:09 . 2007-12-17 18:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-17 18:09 . 2008-01-06 14:45 <DIR> d-------- C:\Documents and Settings\lizzy\Application Data\AVG7
2007-12-17 18:09 . 2007-12-17 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-17 18:09 . 2007-12-18 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-14 14:53 . 2007-12-17 16:38 2,506 --ahs---- C:\WINDOWS\system32\gunomwvg.ini
2007-12-13 18:18 . 2006-11-07 08:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2007-12-13 18:18 . 2006-11-07 08:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2007-12-13 18:13 . 2006-11-07 08:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2007-12-13 18:13 . 2006-11-07 08:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2007-12-13 18:13 . 2006-11-07 08:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2007-12-13 13:50 . 2007-12-14 14:48 2,386 --ahs---- C:\WINDOWS\system32\ptjgrarx.ini
2007-12-12 03:01 . 2007-12-13 13:47 2,206 --ahs---- C:\WINDOWS\system32\ikvdvjmr.ini
2007-12-12 02:57 . 2007-12-12 02:57 268 --ah----- C:\sqmdata10.sqm
2007-12-12 02:57 . 2007-12-12 02:57 244 --ah----- C:\sqmnoopt10.sqm
2007-12-11 21:18 . 2007-12-12 02:59 2,026 --ahs---- C:\WINDOWS\system32\brdfvsss.ini
2007-12-10 13:43 . 2007-12-11 21:12 1,906 --ahs---- C:\WINDOWS\system32\qeawfrdl.ini
2007-12-09 21:55 . 2007-12-10 13:31 1,606 --ahs---- C:\WINDOWS\system32\mqpagrsi.ini
2007-12-09 20:15 . 2007-12-09 20:15 <DIR> d-------- C:\Program Files\Ares
2007-12-09 19:38 . 2007-12-09 21:54 1,306 --ahs---- C:\WINDOWS\system32\iaynygvd.ini
2007-12-08 21:53 . 2007-12-09 19:35 1,074 --ahs---- C:\WINDOWS\system32\plncakwk.ini
2007-12-08 20:06 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-08 17:52 . 2007-12-08 22:00 894 --ahs---- C:\WINDOWS\system32\afxaegkd.ini
2007-12-08 13:41 . 2007-12-08 17:47 834 --ahs---- C:\WINDOWS\system32\domfcmim.ini
2007-12-07 21:19 . 2007-12-08 13:36 714 --ahs---- C:\WINDOWS\system32\utrnqsfu.ini
2007-12-07 20:06 . 2007-12-07 21:13 594 --ahs---- C:\WINDOWS\system32\riglxouk.ini
2007-12-07 19:49 . 2007-12-07 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-07 15:19 . 2007-12-07 20:03 474 --ahs---- C:\WINDOWS\system32\rqqugeub.ini
2007-12-07 15:18 . 2007-12-07 15:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-07 15:18 . 2007-12-07 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-06 22:56 . 2007-12-06 22:56 <DIR> d-------- C:\VundoFix Backups
2007-12-06 22:24 . 2007-12-07 15:14 354 --ahs---- C:\WINDOWS\system32\ydrqhjbn.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-03 02:58 --------- d-----w C:\Documents and Settings\lizzy\Application Data\Apple Computer
2007-12-20 19:11 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-09 14:36 --------- d-----w C:\Program Files\LogMeIn
2007-12-08 20:06 --------- d-----w C:\Program Files\Java
2007-12-05 18:48 --------- d-----w C:\Program Files\LimeWire
2007-12-04 16:46 --------- d-----w C:\Program Files\Microsoft Games
2007-12-03 16:58 --------- d-----w C:\Documents and Settings\tophman\Application Data\LimeWire
2007-12-01 23:57 5,620 ----a-w C:\WINDOWS\system32\ivogskfe.dll
2007-11-29 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-29 12:59 --------- d-----w C:\Program Files\MSBuild
2007-11-29 12:56 --------- d-----w C:\Program Files\Reference Assemblies
2007-11-29 12:49 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-29 12:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-29 12:30 --------- d-----w C:\Program Files\Google
2007-11-27 13:47 --------- d-----w C:\Program Files\Incomplete
2007-11-27 12:32 --------- d-----w C:\Documents and Settings\lizzy\Application Data\LimeWire
2007-11-27 08:54 --------- d-----w C:\Program Files\IrfanView
2007-11-20 23:17 2,740 ----a-w C:\Documents and Settings\Carin\z.dat
2007-11-20 23:17 1,176 ----a-w C:\Documents and Settings\Carin\x.dat
2007-11-20 14:34 --------- d-----w C:\Program Files\IGZones
2007-11-20 10:55 881 ----a-w C:\Documents and Settings\tophman\x.dat
2007-11-20 10:55 4,328 ----a-w C:\Documents and Settings\tophman\z.dat
2007-11-19 21:10 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-11-15 18:46 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2007-11-15 18:46 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-11-15 18:46 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2007-11-15 18:46 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll
2007-11-15 18:46 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2007-11-14 22:03 --------- d-----w C:\Program Files\World of Warcraft
2007-11-13 23:29 --------- d--h--w C:\Documents and Settings\lizzy\Application Data\GTek
2007-11-13 21:17 --------- d--h--w C:\Documents and Settings\tophman\Application Data\GTek
2007-11-13 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 01:04 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-12 23:28 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-12 19:34 --------- d--h--w C:\Documents and Settings\tophman\Application Data\yahoo!
2007-11-12 19:22 --------- d-----w C:\Documents and Settings\tophman\Application Data\Apple Computer
2007-11-12 18:58 --------- d-----w C:\Documents and Settings\tophman\Application Data\Logitech
2007-11-12 17:40 --------- d-----w C:\Program Files\iTunes
2007-11-12 17:31 --------- d-----w C:\Program Files\QuickTime
2007-11-12 17:31 --------- d-----w C:\Program Files\iPod
2007-11-12 17:31 --------- d-----w C:\Program Files\Apple Software Update
2007-11-12 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-12 17:30 --------- d-----w C:\Program Files\Common Files\Apple
2007-11-12 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-12 16:51 --------- d-----w C:\Documents and Settings\lizzy\Application Data\Yahoo!
2007-11-12 16:51 --------- d-----w C:\Documents and Settings\lizzy\Application Data\Logitech
2007-11-12 16:47 --------- d-----w C:\Program Files\Windows Live
2007-11-12 16:45 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-12 16:45 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-12 16:41 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-12 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-12 12:28 --------- d--h--w C:\Documents and Settings\Carin\Application Data\GTek
2007-11-12 12:15 --------- d-----w C:\Documents and Settings\Carin\Application Data\Motive
2007-11-12 11:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-12 11:54 --------- d-----w C:\Documents and Settings\Carin\Application Data\Yahoo!
2007-11-12 11:52 --------- d-----w C:\Program Files\Yahoo!
2007-11-12 11:48 --------- d-----w C:\Program Files\BT Total Broadband 210
2007-11-12 11:45 155,995 ----a-w C:\WINDOWS\java\Packages\75RTBPJL.ZIP
2007-11-12 11:45 --------- d-----w C:\Program Files\Motive
2007-11-12 11:45 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-12 11:45 --------- d-----w C:\Program Files\btbb_wcm
2007-11-12 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2007-11-12 11:30 --------- d-----w C:\Program Files\SereneScreen
2007-11-12 11:25 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-12 11:25 --------- d-----w C:\Program Files\Common Files\L&H
2007-11-12 11:23 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-12 11:17 --------- d-----w C:\Program Files\Network Associates
2007-11-12 11:17 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-11-12 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-11-12 11:16 --------- d-----w C:\Program Files\Common Files\Network Associates
2007-11-12 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-12 10:51 --------- d-----w C:\Documents and Settings\Carin\Application Data\Logitech
2007-11-12 10:50 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-12 10:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 10:50 --------- d-----w C:\Program Files\Logitech
2007-11-12 10:49 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-12 10:49 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-11-12 10:48 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-12 10:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-31 13:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 01:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 01:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 01:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 01:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 09:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 09:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 09:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-17_17.18.50.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-08 20:14:48 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-06 15:55:17 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-08 20:14:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-06 15:55:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-08 20:14:48 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-06 15:55:17 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-17 18:09:23 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-12-17 18:09:25 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2007-12-17 18:09:25 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2007-12-20 19:06:04 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2007-12-20 19:05:50 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2007-12-13 21:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 08:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d31d2a3-821e-47a6-9fe7-8b95fd911b3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9674A2B-9BA5-42F0-833B-AB0E7C14F268}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 20:56 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 19:41 16132608 C:\WINDOWS\RTHDCPL.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 10:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 08:00 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 16:23 118784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2005-12-29 10:22 543232]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 10:20 63048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 19:05 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-17 18:09 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
BT Broadband Desktop Help.lnk - C:\Program Files\BT Total Broadband 210\Help\bin\matcli.exe [2007-11-12 11:45:12]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-29 12:30:02]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-12 10:50:27]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-12 10:48:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-02-06 18:52 462935 --a------ C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 09:35]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 10:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 10:20]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2002-03-21 09:14]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-10-24 14:10]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 08:42]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-24 19:42:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-06 15:25:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 15:56:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\DLAAPI_W.DLL

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\DLAAPI_W.DLL
.
Completion time: 2008-01-06 15:57:56
ComboFix-quarantined-files.txt 2008-01-06 15:57:44
ComboFix2.txt 2007-12-30 13:52:31
ComboFix3.txt 2007-12-22 17:03:59
ComboFix4.txt 2007-12-17 17:19:13
.
2007-12-13 15:55:24 --- E O F ---
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:21, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\BT Total Broadband 210\Help\bin\mpbtn.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9d31d2a3-821e-47a6-9fe7-8b95fd911b3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D9674A2B-9BA5-42F0-833B-AB0E7C14F268} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-409634851-2572144968-2680715156-1010\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'lizzy')
O4 - HKUS\S-1-5-21-409634851-2572144968-2680715156-1010\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'lizzy')
O4 - HKUS\S-1-5-21-409634851-2572144968-2680715156-1010\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'lizzy')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Total Broadband 210\Help\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12620 bytes
 
You must log in or register to reply here.
Back
Top