help! virus, spyware, something!

Computing.Net > Forums > Security and Virus > help! virus, spyware, something!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

help! virus, spyware, something!

Name: michellebren
Date: October 27, 2007 at 13:06:37 Pacific
OS: XP
CPU/Ram: Intel celeron
Product: Dell

Comment:

I have AVG free antivirus and within the last 24 hrs a yellow triangle icon w/ an ! in the center of it on my taskbar is telling me that my computer has been infected with spyware. It keeps trying to access internet explorer and taking me to websites to purchase antispyware software. I am getting an insane amount of pop up msg boxes also saying there is a trojan virus. what should i do????

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: October 27, 2007 at 13:40:37 Pacific

Reply:

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Please download and install the latest version of HijackThis v2.0.2:
Download the HijackThis Installer from this link: HijackThis
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Response Number 2

Name: michellebren
Date: October 27, 2007 at 15:15:11 Pacific

Reply:

SmitFraudFix v2.242
Scan done at 17:12:26.23, Sat 10/27/2007
Run from C:\Documents and Settings\michelle brenczewski\Local Settings\Temp\SmitfraudFix-1\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\ace16win.dll FOUND !
C:\WINDOWS\system32\msole32.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\michelle brenczewski

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\michelle brenczewski\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MICHEL~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://images.sportsline.com/images/home/spln_logo.gif"
"SubscribedURL"="http://images.sportsline.com/images/home/spln_logo.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://mcbrodys1.football.sportsline.com/header-image?maintext=McBrody%27s%20Fantasy%20Football%20League&superscript="
"SubscribedURL"="http://mcbrodys1.football.sportsline.com/header-image?maintext=McBrody%27s%20Fantasy%20Football%20League&superscript="
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL c:\\windows\\system32\\ldcore.dll"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1FC682C6-6C2F-4779-9606-0D87FFA2F0AD}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1FC682C6-6C2F-4779-9606-0D87FFA2F0AD}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1FC682C6-6C2F-4779-9606-0D87FFA2F0AD}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Response Number 3

Name: michellebren
Date: October 27, 2007 at 15:23:06 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:18 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2A8C2C57-93A7-0675-5A40-098909C6F6CC} - C:\Program Files\Pyvddqjn\qavhytbh.dll (file missing)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: 0 - {813F3562-5D8D-451F-2E82-98DB074E0935} - C:\Program Files\Windows Media Player\lavuqafut557.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS\system32\aivskurq.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {CA7FC111-0689-49F1-91B3-C3BB5BC07B1A} - C:\WINDOWS\system32\jkkjg.dll (file missing)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {f606009b-1d44-448e-93fc-9cfbc2ff9d56} - C:\WINDOWS\system32\bavdlpl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{04-45-52-23-ZN}] C:\Documents and Settings\michelle brenczewski\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [lwrixgxo] rundll32.exe "C:\Program Files\grezcdwv\ktidenyl.dll",Init
O4 - HKLM\..\Run: [Windows Update Check] C:\WINDOWS\system32\syslodr.exe
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [dmhkxcfe] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dmhkxcfe.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.5\webbuying.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\michelle brenczewski\Local Settings\Temp\T0CHD001.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/Walgreen...
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.photoworks.com/pixami/BP...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/res...
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://michellebrenczewski.myphotoa...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUplo...
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uplo...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)
O20 - Winlogon Notify: xxyawtq - xxyawtq.dll (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - http://images.sportsline.com/images...
O24 - Desktop Component 1: (no name) - http://mcbrodys1.football.sportslin...
--
End of file - 10691 bytes

Response Number 4

Name: michellebren
Date: October 27, 2007 at 16:22:15 Pacific

Reply:

what happens now?

Response Number 5

Name: jabuck
Date: October 27, 2007 at 17:36:40 Pacific

Reply:

One more scan.
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

usbehci.sys usbstor.sys Playback Console driver	16 16 bmp deterministic network enhancer miniport ftdisk 45
See More

Response Number 6

Name: michellebren
Date: October 27, 2007 at 18:58:54 Pacific

Reply:

Are you sure this is appropriate for me to post these logs on such a public place? Furthermore, why can't I just install a new antispyware program to fix these issues?

Response Number 7

Name: jabuck
Date: October 27, 2007 at 19:32:27 Pacific

Reply:

There will be nothing exposed to the public by these scans that will compromise your system, however I would not type-in my email address anywhere if requested. You were put at risk many time more from the site that you were exposed to Vundo than you could ever be here.
You have a version of of spyware called Vundo that is going to start shuting down your computer. It will start by removing access to Safe Mode, Registry Editor, Task manager and Control Panel.
There is no "cure all" for it. Although it will look like Combofix removed it, it will only remove part of the bad files and will immediately re-infect the computer. The bad files, folder and registry entries will need to be "hand picked" from the scans then removed with Combofix and may take more than one attempt to get them all.

Response Number 8

Name: michellebren
Date: October 28, 2007 at 03:19:36 Pacific

Reply:

THANK YOU! I really appreciate your help w/ this matter. Here is the latest log you requested.

ComboFix 07-10-26.4 - michelle brenczewski 2007-10-27 20:57:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.475 [GMT -5:00]
Running from: C:\Documents and Settings\michelle brenczewski\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Starware358
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\celebrity_news.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\celebrity_search.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\U056C222E.exe
C:\Documents and Settings\michelle brenczewski\Application Data\macromedia\Flash Player\#SharedObjects\Y8UAD69D\www.broadcaster.com
C:\Documents and Settings\michelle brenczewski\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\michelle brenczewski\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\michelle brenczewski\Application Data\SMANTE~1
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebrityNews\CelebrityNewsOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebrityNews\CelebrityNewsOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebritySearch\CelebritySearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebritySearch\CelebritySearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Configurator\Configurator.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Configurator\Configurator.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Games\GamesOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Games\GamesOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\PitchLayout.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\PitchLayout.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\ToolbarLayout.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Manager\ManagerOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Movies\MoviesOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\YMANTE~1
C:\Documents and Settings\michelle brenczewski\Application Data\YMANTE~1\?ymantec\
C:\Documents and Settings\michelle brenczewski\My Documents\ASEMBL~1
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Outerinfo
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Startup\ta_start.lnk
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Starware358
C:\Program Files\Starware358\brand.bmp
C:\Program Files\Starware358\icons\star_16.ico
C:\Program Files\Starware358\Starware358Config.xml
C:\Program Files\Starware358\Starware358Uninstall.exe
C:\temp\[u]0[/u]b9
C:\temp\[u]0[/u]b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\temp\tn3
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\bavdlpl.dll
C:\WINDOWS\system32\d3
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drvkulr.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\f22
C:\WINDOWS\system32\fkmdvbtn
C:\WINDOWS\system32\fkmdvbtn\bg1.gif
C:\WINDOWS\system32\fkmdvbtn\bgtop.gif
C:\WINDOWS\system32\fkmdvbtn\bottom1.gif
C:\WINDOWS\system32\fkmdvbtn\essentials.gif
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn1.exe
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn2.exe
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn3.exe
C:\WINDOWS\system32\fkmdvbtn\icon1.ico
C:\WINDOWS\system32\fkmdvbtn\install1.gif
C:\WINDOWS\system32\fkmdvbtn\left1.gif
C:\WINDOWS\system32\fkmdvbtn\li.gif
C:\WINDOWS\system32\fkmdvbtn\logo.gif
C:\WINDOWS\system32\fkmdvbtn\main.htm
C:\WINDOWS\system32\fkmdvbtn\mainframe.htm
C:\WINDOWS\system32\fkmdvbtn\reinstall1.gif
C:\WINDOWS\system32\fkmdvbtn\right1.gif
C:\WINDOWS\system32\fkmdvbtn\s1.htm
C:\WINDOWS\system32\fkmdvbtn\s2.htm
C:\WINDOWS\system32\fkmdvbtn\s3.htm
C:\WINDOWS\system32\fkmdvbtn\SMTop1.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop2.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop3.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop4.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\softbottom_off.gif
C:\WINDOWS\system32\fkmdvbtn\softbottom_on.gif
C:\WINDOWS\system32\fkmdvbtn\softleft_off.gif
C:\WINDOWS\system32\fkmdvbtn\softleft_on.gif
C:\WINDOWS\system32\fkmdvbtn\top1.gif
C:\WINDOWS\system32\fkmdvbtn\top2.gif
C:\WINDOWS\system32\fkmdvbtn\turnoff1.gif
C:\WINDOWS\system32\fkmdvbtn\turnon1.gif
C:\WINDOWS\system32\kernelw.sys
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\oTt06e
C:\WINDOWS\system32\oTt08e
C:\WINDOWS\system32\p8
C:\WINDOWS\system32\p8\stallbb1.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\s2
C:\WINDOWS\system32\s2\EMDT83122.exe
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\T7\icm.exe
C:\WINDOWS\system32\T9
C:\WINDOWS\system32\v1
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wtsisvit.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\LEGACY_DRIVER
-------\LEGACY_NETWORK_MONITOR
-------\core
-------\Driver

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
.
2007-10-27 21:10 <DIR> d-------- C:\Program Files\p2pnetworks
2007-10-27 21:10 <DIR> d-------- C:\Program Files\e-zshopper
2007-10-27 21:10 <DIR> d-------- C:\Program Files\amsys
2007-10-27 21:10 <DIR> d-------- C:\Program Files\akl
2007-10-27 21:10 <DIR> d-------- C:\Program Files\Accoona
2007-10-27 21:10 <DIR> d-------- C:\Program Files\3721
2007-10-27 20:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 19:25 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\Grisoft
2007-10-27 19:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-27 18:24 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-27 17:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-27 17:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-27 17:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-27 17:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-27 17:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-27 17:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-27 17:12 3,176 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-27 14:27 <DIR> d-------- C:\WINDOWS\pss
2007-10-27 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-27 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-27 09:55 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-27 09:50 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-27 09:50 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 09:47 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-27 07:13 18,432 --a------ C:\WINDOWS\fkwggshm.exe
2007-10-27 06:52 15,104 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-26 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-26 21:01 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-26 11:12 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-26 11:10 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-10-26 10:35 6,470 ---hs---- C:\WINDOWS\system32\gjkkj.bak1
2007-10-26 10:33 <DIR> d-------- C:\Program Files\Pyvddqjn
2007-10-26 10:32 <DIR> d-------- C:\Program Files\MalwareAlarm
2007-10-26 10:31 <DIR> d-------- C:\Program Files\grezcdwv
2007-10-26 10:31 123,910 --a------ C:\WINDOWS\system32\vvgeowbv.exe
2007-10-26 10:31 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-10-26 10:30 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
2007-10-26 10:26 <DIR> d--hs---- C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k
2007-10-10 00:50 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-02 16:53 <DIR> d-------- C:\Program Files\Infogrames Interactive
2007-09-28 09:29 <DIR> d-------- C:\Quicken Back-up
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 10:04 6,720 ----a-w C:\WINDOWS\system32\kernelw.sys
2007-10-28 02:09 9,984 ----a-w C:\WINDOWS\flt.dll
2007-10-28 02:09 8,192 ----a-w C:\WINDOWS\ngd.dll
2007-10-28 02:09 32,512 ----a-w C:\WINDOWS\wbeCheck.exe
2007-10-28 02:09 32,512 ----a-w C:\WINDOWS\fhfmm.exe
2007-10-28 02:09 32,000 ----a-w C:\WINDOWS\kkcomp.exe
2007-10-28 02:09 31,488 ----a-w C:\WINDOWS\liqad$.exe
2007-10-28 02:09 30,976 ----a-w C:\WINDOWS\liqui.exe
2007-10-28 02:09 30,464 ----a-w C:\WINDOWS\liqui.dll
2007-10-28 02:09 30,464 ----a-w C:\WINDOWS\daxtime.dll
2007-10-28 02:09 29,952 ----a-w C:\WINDOWS\kvnab.exe
2007-10-28 02:09 28,672 ----a-w C:\WINDOWS\settn.dll
2007-10-28 02:09 28,672 ----a-w C:\WINDOWS\hotporn.exe
2007-10-28 02:09 28,160 ----a-w C:\WINDOWS\eventlowg.dll
2007-10-28 02:09 26,880 ----a-w C:\WINDOWS\xxxvideo.exe
2007-10-28 02:09 26,112 ----a-w C:\WINDOWS\pbsysie.dll
2007-10-28 02:09 25,600 ----a-w C:\WINDOWS\xadbrk.dll
2007-10-28 02:09 25,344 ----a-w C:\WINDOWS\wbeInst$.exe
2007-10-28 02:09 25,088 ----a-w C:\WINDOWS\liqad.exe
2007-10-28 02:09 22,528 ----a-w C:\WINDOWS\liqad.dll
2007-10-28 02:09 21,760 ----a-w C:\WINDOWS\cbinst$.exe
2007-10-28 02:09 21,504 ----a-w C:\WINDOWS\system32\msole32.exe
2007-10-28 02:09 21,248 ----a-w C:\WINDOWS\iexplorr23.dll
2007-10-28 02:09 21,248 ----a-w C:\WINDOWS\aconti.exe
2007-10-28 02:09 20,736 ----a-w C:\WINDOWS\xadbrk_.exe
2007-10-28 02:09 18,944 ----a-w C:\WINDOWS\pbar.dll
2007-10-28 02:09 18,432 ----a-w C:\WINDOWS\spredirect.dll
2007-10-28 02:09 17,920 ----a-w C:\WINDOWS\vxddsk.exe
2007-10-28 02:09 17,664 ----a-w C:\WINDOWS\7search.dll
2007-10-28 02:09 17,152 ----a-w C:\WINDOWS\xadbrk.exe
2007-10-28 02:09 17,152 ----a-w C:\WINDOWS\wml.exe
2007-10-28 02:09 17,152 ----a-w C:\WINDOWS\adbar.dll
2007-10-28 02:09 16,896 ----a-w C:\WINDOWS\jd2002.dll
2007-10-28 02:09 16,128 ----a-w C:\WINDOWS\ie_32.exe
2007-10-28 02:09 14,592 ----a-w C:\WINDOWS\liqui-Uninstaller.exe
2007-10-28 02:09 14,080 ----a-w C:\WINDOWS\kvnab$.exe
2007-10-28 02:09 13,824 ----a-w C:\WINDOWS\kkcomp$.exe
2007-10-28 02:09 12,288 ----a-w C:\WINDOWS\kvnab.dll
2007-10-28 02:09 11,776 ----a-w C:\WINDOWS\kkcomp.dll
2007-10-28 02:09 11,264 ----a-w C:\WINDOWS\system32\ESHOPEE.exe
2007-10-28 02:09 11,264 ----a-w C:\WINDOWS\fhfmm-Uninstaller.exe
2007-10-28 02:09 11,008 ----a-w C:\WINDOWS\dp0.dll
2007-10-28 02:09 10,240 ----a-w C:\WINDOWS\hcwprn.exe
2007-10-28 02:04 9,984 ----a-w C:\WINDOWS\764.exe
2007-10-27 19:10 --------- d-----w C:\Program Files\PokerStars
2007-10-20 18:03 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-02 21:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-01 19:41 --------- d-----w C:\Program Files\ProjectionsDominator
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2005-08-02 21:58:38 293,888 --sha-r C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k\command.exe
2005-07-29 21:24:26 472 --sha-r C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k\vq53u3pPv3o0sBL5vAhdtrxWuZ4.vbs
2006-06-15 23:03:12 88 --sh--r C:\WINDOWS\system32\32593B2C62.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
C:\Program Files\Pyvddqjn\qavhytbh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{813F3562-5D8D-451F-2E82-98DB074E0935}]
C:\Program Files\Windows Media Player\lavuqafut557.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
2007-10-26 10:32 21504 --a------ C:\WINDOWS\system32\aivskurq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA7FC111-0689-49F1-91B3-C3BB5BC07B1A}]
C:\WINDOWS\system32\jkkjg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 19:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 19:23]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.exe" [2005-09-08 05:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 07:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-12 21:55]
"EPSON Stylus Photo 825"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-04-09 14:04]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"{04-45-52-23-ZN}"="C:\Documents and Settings\michelle brenczewski\Local Settings\Temp\T0CHD001.exe" []
"Windows Update Check"="C:\WINDOWS\system32\syslodr.exe" [2007-10-26 10:28]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-27 18:23]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"@BackupScheduler"="C:\Program Files\Online Backup\OnlineBackup.exe" [2007-02-28 02:36]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-12 21:51:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyawtq]
xxyawtq.dll
R0 ACPI;Microsoft ACPI Driver;C:\WINDOWS\system32\DRIVERS\ACPI.sys
R0 Disk;Disk Driver;C:\WINDOWS\system32\DRIVERS\disk.sys
R0 Ftdisk;Volume Manager Driver;C:\WINDOWS\system32\DRIVERS\ftdisk.sys
R0 isapnp;PnP ISA/EISA Bus Driver;C:\WINDOWS\system32\DRIVERS\isapnp.sys
R0 NDIS;NDIS System Driver;C:\WINDOWS\system32\drivers\NDIS.sys
R0 PCI;PCI Bus Driver;C:\WINDOWS\system32\DRIVERS\pci.sys
R0 sr;System Restore Filter Driver;C:\WINDOWS\system32\DRIVERS\sr.sys
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;C:\WINDOWS\system32\DRIVERS\WudfPf.sys
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
R1 Avg7RsW;AVG7 Wrap Driver;C:\WINDOWS\system32\Drivers\avg7rsw.sys
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
R1 AvgClean;AVG7 Clean Driver;C:\WINDOWS\system32\Drivers\avgclean.sys
R1 Cdrom;CD-ROM Driver;C:\WINDOWS\system32\DRIVERS\cdrom.sys
R1 Imapi;CD-Burning Filter Driver;C:\WINDOWS\system32\DRIVERS\imapi.sys
R1 intelppm;Intel Processor Driver;C:\WINDOWS\system32\DRIVERS\intelppm.sys
R1 IPSec;IPSEC driver;C:\WINDOWS\system32\DRIVERS\ipsec.sys
R1 Kbdclass;Keyboard Class Driver;C:\WINDOWS\system32\DRIVERS\kbdclass.sys
R1 kbdhid;Keyboard HID Driver;C:\WINDOWS\system32\DRIVERS\kbdhid.sys
R1 Mouclass;Mouse Class Driver;C:\WINDOWS\system32\DRIVERS\mouclass.sys
R1 RasAcd;Remote Access Auto Connection Driver;C:\WINDOWS\system32\DRIVERS\rasacd.sys
R1 redbook;Digital CD Audio Playback Filter Driver;C:\WINDOWS\system32\DRIVERS\redbook.sys
R1 Serial;Serial port driver;C:\WINDOWS\system32\DRIVERS\serial.sys
R1 Tcpip;TCP/IP Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip.sys
R1 TermDD;Terminal Device Driver;C:\WINDOWS\system32\DRIVERS\termdd.sys
R2 IpFilterDriver;IP Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
R3 audstub;Audio Stub Driver;C:\WINDOWS\system32\DRIVERS\audstub.sys
R3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 mouhid;Mouse HID Driver;C:\WINDOWS\system32\DRIVERS\mouhid.sys
R3 mssmbios;Microsoft System Management BIOS Driver;C:\WINDOWS\system32\DRIVERS\mssmbios.sys
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\WINDOWS\system32\DRIVERS\ndistapi.sys
R3 NdisWan;Remote Access NDIS WAN Driver;C:\WINDOWS\system32\DRIVERS\ndiswan.sys
R3 Parport;Parallel port driver;C:\WINDOWS\system32\DRIVERS\parport.sys
R3 Ptilink;Direct Parallel Link Driver;C:\WINDOWS\system32\DRIVERS\ptilink.sys
R3 RasPppoe;Remote Access PPPOE Driver;C:\WINDOWS\system32\DRIVERS\raspppoe.sys
R3 serenum;Serenum Filter Driver;C:\WINDOWS\system32\DRIVERS\serenum.sys
R3 swenum;Software Bus Driver;C:\WINDOWS\system32\DRIVERS\swenum.sys
R3 Update;Microcode Update Driver;C:\WINDOWS\system32\DRIVERS\update.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;Microsoft USB Standard Hub Driver;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
R3 Wanarp;Remote Access IP ARP Driver;C:\WINDOWS\system32\DRIVERS\wanarp.sys
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\system32\drivers\wdmaud.sys
S1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\WINDOWS\system32\DRIVERS\i8042prt.sys
S3 AsyncMac;RAS Asynchronous Media Driver;C:\WINDOWS\system32\DRIVERS\asyncmac.sys
S3 Fdc;Floppy Disk Controller Driver;C:\WINDOWS\system32\DRIVERS\fdc.sys
S3 Flpydisk;Floppy Disk Driver;C:\WINDOWS\system32\DRIVERS\flpydisk.sys
S3 Ip6Fw;IPv6 Windows Firewall Driver;C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
S3 IpInIp;IP in IP Tunnel Driver;C:\WINDOWS\system32\DRIVERS\ipinip.sys
S3 NwlnkFlt;IPX Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
S3 NwlnkFwd;IPX Traffic Forwarder Driver;C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
S3 rdpdr;Terminal Server Device Redirector Driver;C:\WINDOWS\system32\DRIVERS\rdpdr.sys
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4 amdagp;AMD AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\amdagp.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5f1a70-20dc-11db-89ce-0016767d980a}]
AutoRun\command - F:\LaunchU3.exe
*Newly Created Service* - AVGASCLN
*Newly Created Service* - DRIVER
.
Contents of the 'Scheduled Tasks' folder
"2007-10-28 06:31:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 05:05:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\system32\syslodr.exe [3624] 0x8588E510
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\syslodr.exe 11264 bytes executable
**************************************************************************
.
Completion time: 2007-10-28 5:07:02 - machine was rebooted
.
--- E O F ---

Response Number 9

Name: michellebren
Date: October 28, 2007 at 08:23:49 Pacific

Reply:

My computer "appears" to be working okay. Is there something else I need to do? Will the ComboFix continue working? How do I know that I'm virus free, spyware free, etc? My softwares say so, but then again they didn't catch it in the first place.
Thanks!!!!!!!!!!!!

Response Number 10

Name: jabuck
Date: October 28, 2007 at 08:53:49 Pacific

Reply:

Temporarily disable any of the following anti-spyware realtime protection programs that you may have Disable Realtime Protection or the fixes will not work. Be sure to turn yout anti-spyware programs back on once the computer is clean.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\celebrity_news.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\celebrity_search.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\U056C222E.exe
C:\Documents and Settings\michelle brenczewski\Application Data\macromedia\Flash Player\#SharedObjects\Y8UAD69D\www.broadcaster.com
C:\Documents and Settings\michelle brenczewski\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\michelle brenczewski\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebrityNews\CelebrityNewsOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebrityNews\CelebrityNewsOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebritySearch\CelebritySearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebritySearch\CelebritySearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Configurator\Configurator.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Configurator\Configurator.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Games\GamesOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Games\GamesOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\PitchLayout.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\PitchLayout.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\ToolbarLayout.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Manager\ManagerOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Movies\MoviesOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Startup\ta_start.lnk
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Starware358\brand.bmp
C:\Program Files\Starware358\icons\star_16.ico
C:\Program Files\Starware358\Starware358Config.xml
C:\Program Files\Starware358\Starware358Uninstall.exe
C:\temp\[u]0[/u]b9\tmpTF.log
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe\tOasF.log
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\bavdlpl.dll
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drvkulr.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\fkmdvbtn\bg1.gif
C:\WINDOWS\system32\fkmdvbtn\bgtop.gif
C:\WINDOWS\system32\fkmdvbtn\bottom1.gif
C:\WINDOWS\system32\fkmdvbtn\essentials.gif
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn1.exe
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn2.exe
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn3.exe
C:\WINDOWS\system32\fkmdvbtn\icon1.ico
C:\WINDOWS\system32\fkmdvbtn\install1.gif
C:\WINDOWS\system32\fkmdvbtn\left1.gif
C:\WINDOWS\system32\fkmdvbtn\li.gif
C:\WINDOWS\system32\fkmdvbtn\logo.gif
C:\WINDOWS\system32\fkmdvbtn\main.htm
C:\WINDOWS\system32\fkmdvbtn\mainframe.htm
C:\WINDOWS\system32\fkmdvbtn\reinstall1.gif
C:\WINDOWS\system32\fkmdvbtn\right1.gif
C:\WINDOWS\system32\fkmdvbtn\s1.htm
C:\WINDOWS\system32\fkmdvbtn\s2.htm
C:\WINDOWS\system32\fkmdvbtn\s3.htm
C:\WINDOWS\system32\fkmdvbtn\SMTop1.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop2.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop3.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop4.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\softbottom_off.gif
C:\WINDOWS\system32\fkmdvbtn\softbottom_on.gif
C:\WINDOWS\system32\fkmdvbtn\softleft_off.gif
C:\WINDOWS\system32\fkmdvbtn\softleft_on.gif
C:\WINDOWS\system32\fkmdvbtn\top1.gif
C:\WINDOWS\system32\fkmdvbtn\top2.gif
C:\WINDOWS\system32\fkmdvbtn\turnoff1.gif
C:\WINDOWS\system32\fkmdvbtn\turnon1.gif
C:\WINDOWS\system32\kernelw.sys
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\p8\stallbb1.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\s2\EMDT83122.exe
C:\WINDOWS\system32\T7\icm.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wtsisvit.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\gjkkj.bak1
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k\command.exe
C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k\vq53u3pPv3o0sBL5vAhdtrxWuZ4.vbs
C:\WINDOWS\system32\32593B2C62.sys
Folder::
C:\Documents and Settings\All Users\Application Data\Starware358
C:\Documents and Settings\michelle brenczewski\Application Data\SMANTE~1
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358
C:\Documents and Settings\michelle brenczewski\Application Data\YMANTE~1
C:\Documents and Settings\michelle brenczewski\Application Data\YMANTE~1\?ymantec\
C:\Documents and Settings\michelle brenczewski\My Documents\ASEMBL~1
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Outerinfo
C:\Program Files\3721
C:\Program Files\Accoona
C:\Program Files\akl
C:\Program Files\amsys
C:\Program Files\e-zshopper
C:\Program Files\outerinfo
C:\Program Files\p2pnetworks
C:\Program Files\SecCenter
C:\Program Files\Starware358
C:\temp\[u]0[/u]b9
C:\Temp\1cb
C:\Temp\fCOe
C:\temp\tn3
C:\WINDOWS\system32\d3
C:\WINDOWS\system32\f22
C:\WINDOWS\system32\fkmdvbtn
C:\WINDOWS\system32\oTt06e
C:\WINDOWS\system32\oTt08e
C:\WINDOWS\system32\p8
C:\WINDOWS\system32\s2
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T6
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\T9
C:\WINDOWS\system32\v1
C:\WINDOWS\system32\acespy
C:\Program Files\Pyvddqjn
C:\Program Files\MalwareAlarm
C:\Program Files\grezcdwv
C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
C:\Program Files\Pyvddqjn\qavhytbh.dll
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{813F3562-5D8D-451F-2E82-98DB074E0935}]
C:\Program Files\Windows Media Player\lavuqafut557.dll
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA7FC111-0689-49F1-91B3-C3BB5BC07B1A}]
C:\WINDOWS\system32\jkkjg.dll
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyawtq]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Hijack This log and a new Combofix log please.

Response Number 11

Name: michellebren
Date: October 28, 2007 at 12:14:34 Pacific

Reply:

ComboFix 07-10-26.4 - michelle brenczewski 2007-10-28 14:03:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.465 [GMT -5:00]
Running from: C:\Documents and Settings\michelle brenczewski\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\michelle brenczewski\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\celebrity_news.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\celebrity_search.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware358\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\U056C222E.exe
C:\Documents and Settings\michelle brenczewski\Application Data\macromedia\Flash Player\#SharedObjects\Y8UAD69D\www.broadcaster.com
C:\Documents and Settings\michelle brenczewski\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\michelle brenczewski\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebrityNews\CelebrityNewsOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebrityNews\CelebrityNewsOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebritySearch\CelebritySearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\CelebritySearch\CelebritySearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Configurator\Configurator.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Configurator\Configurator.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Games\GamesOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Games\GamesOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\PitchLayout.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\PitchLayout.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\ToolbarLayout.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Manager\ManagerOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Movies\MoviesOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\michelle brenczewski\Application Data\Starware358\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\michelle brenczewski\Start Menu\Programs\Startup\ta_start.lnk
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Starware358\brand.bmp
C:\Program Files\Starware358\icons\star_16.ico
C:\Program Files\Starware358\Starware358Config.xml
C:\Program Files\Starware358\Starware358Uninstall.exe
C:\temp\[u]0[/u]b9\tmpTF.log
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe\tOasF.log
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k\command.exe
C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k\vq53u3pPv3o0sBL5vAhdtrxWuZ4.vbs
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\32593B2C62.sys
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\bavdlpl.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drvkulr.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\fkmdvbtn\bg1.gif
C:\WINDOWS\system32\fkmdvbtn\bgtop.gif
C:\WINDOWS\system32\fkmdvbtn\bottom1.gif
C:\WINDOWS\system32\fkmdvbtn\essentials.gif
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn1.exe
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn2.exe
C:\WINDOWS\system32\fkmdvbtn\fkmdvbtn3.exe
C:\WINDOWS\system32\fkmdvbtn\icon1.ico
C:\WINDOWS\system32\fkmdvbtn\install1.gif
C:\WINDOWS\system32\fkmdvbtn\left1.gif
C:\WINDOWS\system32\fkmdvbtn\li.gif
C:\WINDOWS\system32\fkmdvbtn\logo.gif
C:\WINDOWS\system32\fkmdvbtn\main.htm
C:\WINDOWS\system32\fkmdvbtn\mainframe.htm
C:\WINDOWS\system32\fkmdvbtn\reinstall1.gif
C:\WINDOWS\system32\fkmdvbtn\right1.gif
C:\WINDOWS\system32\fkmdvbtn\s1.htm
C:\WINDOWS\system32\fkmdvbtn\s2.htm
C:\WINDOWS\system32\fkmdvbtn\s3.htm
C:\WINDOWS\system32\fkmdvbtn\SMTop1.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop2.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop3.gif
C:\WINDOWS\system32\fkmdvbtn\SMTop4.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft1_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft2_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_off.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_off_ext.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_on.gif
C:\WINDOWS\system32\fkmdvbtn\soft3_on_ext.gif
C:\WINDOWS\system32\fkmdvbtn\softbottom_off.gif
C:\WINDOWS\system32\fkmdvbtn\softbottom_on.gif
C:\WINDOWS\system32\fkmdvbtn\softleft_off.gif
C:\WINDOWS\system32\fkmdvbtn\softleft_on.gif
C:\WINDOWS\system32\fkmdvbtn\top1.gif
C:\WINDOWS\system32\fkmdvbtn\top2.gif
C:\WINDOWS\system32\fkmdvbtn\turnoff1.gif
C:\WINDOWS\system32\fkmdvbtn\turnon1.gif
C:\WINDOWS\system32\gjkkj.bak1
C:\WINDOWS\system32\kernelw.sys
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\p8\stallbb1.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\s2\EMDT83122.exe
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\T7\icm.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wtsisvit.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Program Files\akl
C:\Program Files\amsys
C:\Program Files\e-zshopper
C:\Program Files\grezcdwv
C:\Program Files\MalwareAlarm
C:\Program Files\MalwareAlarm\MalwareAlarm.lic
C:\Program Files\MalwareAlarm\Uninstall.exe
C:\Program Files\p2pnetworks
C:\Program Files\Pyvddqjn
C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k
C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k\command.exe
C:\WINDOWS\bWljaGVsbGUgYnJlbmN6ZXdza2k\vq53u3pPv3o0sBL5vAhdtrxWuZ4.vbs
C:\WINDOWS\plite731_uninstaller_.bat
C:\WINDOWS\system32\32593B2C62.sys
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\gjkkj.bak1
C:\WINDOWS\system32\stfv.bin
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DRIVER

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
.
2007-10-27 20:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 19:25 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\Grisoft
2007-10-27 19:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-27 18:24 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-27 17:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-27 17:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-27 17:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-27 17:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-27 17:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-27 17:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-27 17:12 3,176 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-27 14:27 <DIR> d-------- C:\WINDOWS\pss
2007-10-27 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-27 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-27 09:55 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-27 09:50 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-27 09:50 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 09:47 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-26 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-26 10:33 11,264 --a------ C:\WINDOWS\system32\syslodr.exe
2007-10-10 00:50 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-02 16:53 <DIR> d-------- C:\Program Files\Infogrames Interactive
2007-09-28 09:29 <DIR> d-------- C:\Quicken Back-up
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 18:58 --------- d-----w C:\Program Files\Google
2007-10-27 19:10 --------- d-----w C:\Program Files\PokerStars
2007-10-02 21:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-01 19:41 --------- d-----w C:\Program Files\ProjectionsDominator
.
((((((((((((((((((((((((((((( snapshot@2007-10-28_ 5.05.36.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-27 23:23:36 775,680 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-10-28 13:54:30 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
- 2007-10-27 23:23:39 19,392 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-10-28 13:54:30 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-10-28 18:58:09 1,145,896 ----atw C:\WINDOWS\system32\Macromed\Shockwave 10\gt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A8C2C57-93A7-0675-5A40-098909C6F6CC}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{813F3562-5D8D-451F-2E82-98DB074E0935}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA7FC111-0689-49F1-91B3-C3BB5BC07B1A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 19:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 19:23]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.exe" [2005-09-08 05:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 07:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-12 21:55]
"EPSON Stylus Photo 825"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-04-09 14:04]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"{04-45-52-23-ZN}"="C:\Documents and Settings\michelle brenczewski\Local Settings\Temp\T0CHD001.exe" []
"Windows Update Check"="C:\WINDOWS\system32\syslodr.exe" [2007-10-26 10:28]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-28 08:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"@BackupScheduler"="C:\Program Files\Online Backup\OnlineBackup.exe" [2007-02-28 02:36]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-12 21:51:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
R0 ACPI;Microsoft ACPI Driver;C:\WINDOWS\system32\DRIVERS\ACPI.sys
R0 Disk;Disk Driver;C:\WINDOWS\system32\DRIVERS\disk.sys
R0 Ftdisk;Volume Manager Driver;C:\WINDOWS\system32\DRIVERS\ftdisk.sys
R0 isapnp;PnP ISA/EISA Bus Driver;C:\WINDOWS\system32\DRIVERS\isapnp.sys
R0 NDIS;NDIS System Driver;C:\WINDOWS\system32\drivers\NDIS.sys
R0 PCI;PCI Bus Driver;C:\WINDOWS\system32\DRIVERS\pci.sys
R0 sr;System Restore Filter Driver;C:\WINDOWS\system32\DRIVERS\sr.sys
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;C:\WINDOWS\system32\DRIVERS\WudfPf.sys
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
R1 Avg7RsW;AVG7 Wrap Driver;C:\WINDOWS\system32\Drivers\avg7rsw.sys
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
R1 AvgClean;AVG7 Clean Driver;C:\WINDOWS\system32\Drivers\avgclean.sys
R1 Cdrom;CD-ROM Driver;C:\WINDOWS\system32\DRIVERS\cdrom.sys
R1 Imapi;CD-Burning Filter Driver;C:\WINDOWS\system32\DRIVERS\imapi.sys
R1 intelppm;Intel Processor Driver;C:\WINDOWS\system32\DRIVERS\intelppm.sys
R1 IPSec;IPSEC driver;C:\WINDOWS\system32\DRIVERS\ipsec.sys
R1 Kbdclass;Keyboard Class Driver;C:\WINDOWS\system32\DRIVERS\kbdclass.sys
R1 kbdhid;Keyboard HID Driver;C:\WINDOWS\system32\DRIVERS\kbdhid.sys
R1 Mouclass;Mouse Class Driver;C:\WINDOWS\system32\DRIVERS\mouclass.sys
R1 RasAcd;Remote Access Auto Connection Driver;C:\WINDOWS\system32\DRIVERS\rasacd.sys
R1 redbook;Digital CD Audio Playback Filter Driver;C:\WINDOWS\system32\DRIVERS\redbook.sys
R1 Serial;Serial port driver;C:\WINDOWS\system32\DRIVERS\serial.sys
R1 Tcpip;TCP/IP Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip.sys
R1 TermDD;Terminal Device Driver;C:\WINDOWS\system32\DRIVERS\termdd.sys
R2 IpFilterDriver;IP Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
R3 audstub;Audio Stub Driver;C:\WINDOWS\system32\DRIVERS\audstub.sys
R3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 mouhid;Mouse HID Driver;C:\WINDOWS\system32\DRIVERS\mouhid.sys
R3 mssmbios;Microsoft System Management BIOS Driver;C:\WINDOWS\system32\DRIVERS\mssmbios.sys
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\WINDOWS\system32\DRIVERS\ndistapi.sys
R3 NdisWan;Remote Access NDIS WAN Driver;C:\WINDOWS\system32\DRIVERS\ndiswan.sys
R3 Parport;Parallel port driver;C:\WINDOWS\system32\DRIVERS\parport.sys
R3 Ptilink;Direct Parallel Link Driver;C:\WINDOWS\system32\DRIVERS\ptilink.sys
R3 RasPppoe;Remote Access PPPOE Driver;C:\WINDOWS\system32\DRIVERS\raspppoe.sys
R3 serenum;Serenum Filter Driver;C:\WINDOWS\system32\DRIVERS\serenum.sys
R3 swenum;Software Bus Driver;C:\WINDOWS\system32\DRIVERS\swenum.sys
R3 Update;Microcode Update Driver;C:\WINDOWS\system32\DRIVERS\update.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;Microsoft USB Standard Hub Driver;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
R3 Wanarp;Remote Access IP ARP Driver;C:\WINDOWS\system32\DRIVERS\wanarp.sys
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\system32\drivers\wdmaud.sys
S1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\WINDOWS\system32\DRIVERS\i8042prt.sys
S3 AsyncMac;RAS Asynchronous Media Driver;C:\WINDOWS\system32\DRIVERS\asyncmac.sys
S3 Fdc;Floppy Disk Controller Driver;C:\WINDOWS\system32\DRIVERS\fdc.sys
S3 Flpydisk;Floppy Disk Driver;C:\WINDOWS\system32\DRIVERS\flpydisk.sys
S3 Ip6Fw;IPv6 Windows Firewall Driver;C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
S3 IpInIp;IP in IP Tunnel Driver;C:\WINDOWS\system32\DRIVERS\ipinip.sys
S3 NwlnkFlt;IPX Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
S3 NwlnkFwd;IPX Traffic Forwarder Driver;C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
S3 rdpdr;Terminal Server Device Redirector Driver;C:\WINDOWS\system32\DRIVERS\rdpdr.sys
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4 amdagp;AMD AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\amdagp.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5f1a70-20dc-11db-89ce-0016767d980a}]
AutoRun\command - F:\LaunchU3.exe
*Newly Created Service* - DRIVER
.
Contents of the 'Scheduled Tasks' folder
"2007-10-28 06:31:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 14:07:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\system32\syslodr.exe [3104] 0x85A89020
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\syslodr.exe 11264 bytes executable
**************************************************************************
.
Completion time: 2007-10-28 14:10:06 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-28 05:07
.
--- E O F ---
HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:53 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...
O1 - Hosts: 1315771170 google.com
O1 - Hosts: 1315771170 www.google.com
O1 - Hosts: 1315771170 www.altavista.com
O1 - Hosts: 1315771170 altavista.com
O1 - Hosts: 1315771170 www.alltheweb.com
O1 - Hosts: 1315771170 alltheweb.com
O1 - Hosts: 1315771170 search.google.com
O1 - Hosts: 1315771170 search.yahoo.com
O1 - Hosts: 1315771170 search.lycos.com
O1 - Hosts: 1315771170 search.live.com
O1 - Hosts: 1315771170 search.msn.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{04-45-52-23-ZN}] C:\Documents and Settings\michelle brenczewski\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [Windows Update Check] C:\WINDOWS\system32\syslodr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/Walgreen...
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.photoworks.com/pixami/BP...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/res...
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://michellebrenczewski.myphotoa...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUplo...
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uplo...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - http://images.sportsline.com/images...
O24 - Desktop Component 1: (no name) - http://mcbrodys1.football.sportslin...
--
End of file - 10248 bytes

Response Number 12

Name: jabuck
Date: October 28, 2007 at 14:44:41 Pacific

Reply:

Turn off Spybot's teatimer and any other realtime scanner you might have.
Download "HostXpert" from this link HostXpert to your desktop.
Open up the HostsXpert program.
Make sure that the "make hosts writable?" button in the upper right corner is enabled.
Click back up Host files.
Then click Restore orginal host files.
Close the program.
Go to this link, VirusTotal copy the following files one at the time into the "upload and scan box", click submit then post the results.
C:\WINDOWS\system32\syslodr.exe

Response Number 13

Name: michellebren
Date: October 28, 2007 at 17:45:44 Pacific

Reply:

File syslodr.exe received on 10.29.2007 01:35:07 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 10/32 (31.25%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.10.27.0 2007.10.29 -
AntiVir 7.6.0.30 2007.10.28 TR/Crypt.ULPM.Gen
Authentium 4.93.8 2007.10.28 -
Avast 4.7.1074.0 2007.10.28 -
AVG 7.5.0.503 2007.10.28 -
BitDefender 7.2 2007.10.29 -
CAT-QuickHeal 9.00 2007.10.26 -
ClamAV 0.91.2 2007.10.28 -
DrWeb 4.44.0.09170 2007.10.28 -
eSafe 7.0.15.0 2007.10.28 suspicious Trojan/Worm
eTrust-Vet 31.2.5244 2007.10.26 -
Ewido 4.0 2007.10.28 -
FileAdvisor 1 2007.10.29 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.3.2.48 2007.10.29 -
F-Secure 6.70.13030.0 2007.10.28 -
Ikarus T3.1.1.12 2007.10.29 -
Kaspersky 7.0.0.125 2007.10.29 Rootkit.Win32.Agent.jf
McAfee 5150 2007.10.26 New Malware.cn
Microsoft 1.2908 2007.10.29 Trojan:Win32/SystemHijack.gen
NOD32v2 2622 2007.10.28 -
Norman 5.80.02 2007.10.26 -
Panda 9.0.0.4 2007.10.28 Suspicious file
Prevx1 V2 2007.10.29 Heuristic: Suspicious File With Outbound Communications
Rising 19.46.61.00 2007.10.28 -
Sophos 4.23.0 2007.10.28 Mal/HckPk-A
Sunbelt 2.2.907.0 2007.10.27 Trojan.Vxgame.CWS-Hijacker
Symantec 10 2007.10.29 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.10.28 -
VirusBuster 4.3.26:9 2007.10.28 -
Webwasher-Gateway 6.6.1 2007.10.28 Trojan.Crypt.ULPM.Gen
Additional information
File size: 11264 bytes
MD5: 1f161868a69d8cdd360f8e734312105e
SHA1: b76e74a228bd38db9f59ba87ded0967242270534
Prevx info: http://fileinfo.prevx.com/fileinfo....

Response Number 14

Name: jabuck
Date: October 28, 2007 at 18:19:37 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\syslodr.exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Hijack This log and a new Combofix log please.

Response Number 15

Name: michellebren
Date: October 28, 2007 at 19:28:54 Pacific

Reply:

ComboFix 07-10-26.4 - michelle brenczewski 2007-10-28 20:38:29.3 - NTFSx86
Running from: C:\Documents and Settings\michelle brenczewski\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\michelle brenczewski\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\syslodr.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kernelw.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DRIVER
-------\Driver

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))
.
2007-10-27 20:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 19:25 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\Grisoft
2007-10-27 19:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-27 18:24 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-27 17:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-27 17:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-27 17:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-27 17:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-27 17:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-27 17:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-27 17:12 3,176 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-27 14:27 <DIR> d-------- C:\WINDOWS\pss
2007-10-27 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-27 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-27 09:55 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-27 09:50 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-27 09:50 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 09:47 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-26 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-26 10:33 11,264 --a------ C:\WINDOWS\system32\syslodr.exe
2007-10-10 00:50 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-02 16:53 <DIR> d-------- C:\Program Files\Infogrames Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 18:58 --------- d-----w C:\Program Files\Google
2007-10-27 19:10 --------- d-----w C:\Program Files\PokerStars
2007-10-02 21:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-01 19:41 --------- d-----w C:\Program Files\ProjectionsDominator
.
((((((((((((((((((((((((((((( snapshot@2007-10-28_ 5.05.36.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-27 23:23:36 775,680 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-10-28 13:54:30 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
- 2007-10-27 23:23:39 19,392 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-10-28 13:54:30 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-10-28 18:58:09 1,145,896 ----atw C:\WINDOWS\system32\Macromed\Shockwave 10\gt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 19:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 19:23]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.exe" [2005-09-08 05:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 07:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-12 21:55]
"EPSON Stylus Photo 825"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-04-09 14:04]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"{04-45-52-23-ZN}"="C:\Documents and Settings\michelle brenczewski\Local Settings\Temp\T0CHD001.exe" []
"Windows Update Check"="C:\WINDOWS\system32\syslodr.exe" [2007-10-26 10:28]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-28 08:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"@BackupScheduler"="C:\Program Files\Online Backup\OnlineBackup.exe" [2007-02-28 02:36]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-12 21:51:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
R0 ACPI;Microsoft ACPI Driver;C:\WINDOWS\system32\DRIVERS\ACPI.sys
R0 Disk;Disk Driver;C:\WINDOWS\system32\DRIVERS\disk.sys
R0 Ftdisk;Volume Manager Driver;C:\WINDOWS\system32\DRIVERS\ftdisk.sys
R0 isapnp;PnP ISA/EISA Bus Driver;C:\WINDOWS\system32\DRIVERS\isapnp.sys
R0 NDIS;NDIS System Driver;C:\WINDOWS\system32\drivers\NDIS.sys
R0 PCI;PCI Bus Driver;C:\WINDOWS\system32\DRIVERS\pci.sys
R0 sr;System Restore Filter Driver;C:\WINDOWS\system32\DRIVERS\sr.sys
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;C:\WINDOWS\system32\DRIVERS\WudfPf.sys
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
R1 Avg7RsW;AVG7 Wrap Driver;C:\WINDOWS\system32\Drivers\avg7rsw.sys
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
R1 AvgClean;AVG7 Clean Driver;C:\WINDOWS\system32\Drivers\avgclean.sys
R1 Cdrom;CD-ROM Driver;C:\WINDOWS\system32\DRIVERS\cdrom.sys
R1 Imapi;CD-Burning Filter Driver;C:\WINDOWS\system32\DRIVERS\imapi.sys
R1 intelppm;Intel Processor Driver;C:\WINDOWS\system32\DRIVERS\intelppm.sys
R1 IPSec;IPSEC driver;C:\WINDOWS\system32\DRIVERS\ipsec.sys
R1 Kbdclass;Keyboard Class Driver;C:\WINDOWS\system32\DRIVERS\kbdclass.sys
R1 kbdhid;Keyboard HID Driver;C:\WINDOWS\system32\DRIVERS\kbdhid.sys
R1 Mouclass;Mouse Class Driver;C:\WINDOWS\system32\DRIVERS\mouclass.sys
R1 RasAcd;Remote Access Auto Connection Driver;C:\WINDOWS\system32\DRIVERS\rasacd.sys
R1 redbook;Digital CD Audio Playback Filter Driver;C:\WINDOWS\system32\DRIVERS\redbook.sys
R1 Serial;Serial port driver;C:\WINDOWS\system32\DRIVERS\serial.sys
R1 Tcpip;TCP/IP Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip.sys
R1 TermDD;Terminal Device Driver;C:\WINDOWS\system32\DRIVERS\termdd.sys
R2 IpFilterDriver;IP Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
R3 audstub;Audio Stub Driver;C:\WINDOWS\system32\DRIVERS\audstub.sys
R3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 mouhid;Mouse HID Driver;C:\WINDOWS\system32\DRIVERS\mouhid.sys
R3 mssmbios;Microsoft System Management BIOS Driver;C:\WINDOWS\system32\DRIVERS\mssmbios.sys
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\WINDOWS\system32\DRIVERS\ndistapi.sys
R3 NdisWan;Remote Access NDIS WAN Driver;C:\WINDOWS\system32\DRIVERS\ndiswan.sys
R3 Parport;Parallel port driver;C:\WINDOWS\system32\DRIVERS\parport.sys
R3 Ptilink;Direct Parallel Link Driver;C:\WINDOWS\system32\DRIVERS\ptilink.sys
R3 RasPppoe;Remote Access PPPOE Driver;C:\WINDOWS\system32\DRIVERS\raspppoe.sys
R3 serenum;Serenum Filter Driver;C:\WINDOWS\system32\DRIVERS\serenum.sys
R3 swenum;Software Bus Driver;C:\WINDOWS\system32\DRIVERS\swenum.sys
R3 Update;Microcode Update Driver;C:\WINDOWS\system32\DRIVERS\update.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;Microsoft USB Standard Hub Driver;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
R3 Wanarp;Remote Access IP ARP Driver;C:\WINDOWS\system32\DRIVERS\wanarp.sys
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\system32\drivers\wdmaud.sys
S1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\WINDOWS\system32\DRIVERS\i8042prt.sys
S3 AsyncMac;RAS Asynchronous Media Driver;C:\WINDOWS\system32\DRIVERS\asyncmac.sys
S3 Fdc;Floppy Disk Controller Driver;C:\WINDOWS\system32\DRIVERS\fdc.sys
S3 Flpydisk;Floppy Disk Driver;C:\WINDOWS\system32\DRIVERS\flpydisk.sys
S3 Ip6Fw;IPv6 Windows Firewall Driver;C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
S3 IpInIp;IP in IP Tunnel Driver;C:\WINDOWS\system32\DRIVERS\ipinip.sys
S3 NwlnkFlt;IPX Traffic Filter Driver;C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
S3 NwlnkFwd;IPX Traffic Forwarder Driver;C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
S3 rdpdr;Terminal Server Device Redirector Driver;C:\WINDOWS\system32\DRIVERS\rdpdr.sys
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S4 amdagp;AMD AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\amdagp.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5f1a70-20dc-11db-89ce-0016767d980a}]
AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-29 01:44:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 20:59:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-28 21:01:33 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-28 14:10
C:\ComboFix3.txt ... 2007-10-28 05:07
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:20 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\syslodr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...
O1 - Hosts: 1315771170 google.com
O1 - Hosts: 1315771170 www.google.com
O1 - Hosts: 1315771170 www.altavista.com
O1 - Hosts: 1315771170 altavista.com
O1 - Hosts: 1315771170 www.alltheweb.com
O1 - Hosts: 1315771170 alltheweb.com
O1 - Hosts: 1315771170 search.google.com
O1 - Hosts: 1315771170 search.yahoo.com
O1 - Hosts: 1315771170 search.lycos.com
O1 - Hosts: 1315771170 search.live.com
O1 - Hosts: 1315771170 search.msn.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{04-45-52-23-ZN}] C:\Documents and Settings\michelle brenczewski\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [Windows Update Check] C:\WINDOWS\system32\syslodr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/Walgreen...
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.photoworks.com/pixami/BP...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/res...
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://michellebrenczewski.myphotoa...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUplo...
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uplo...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - http://images.sportsline.com/images...
O24 - Desktop Component 1: (no name) - http://mcbrodys1.football.sportslin...
--
End of file - 10006 bytes

Response Number 16

Name: jabuck
Date: October 29, 2007 at 03:50:26 Pacific

Reply:

Turn off teatimer.
Your java is out of date and can be exploited.
Download the latest version of http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
. Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version.
Run Hijack This , close all window and browsers except Hijack This, place a check to the left of the following items and press "fix checked":
O1 - Hosts: 1315771170 google.com
O1 - Hosts: 1315771170 www.google.com
O1 - Hosts: 1315771170 www.altavista.com
O1 - Hosts: 1315771170 altavista.com
O1 - Hosts: 1315771170 www.alltheweb.com
O1 - Hosts: 1315771170 alltheweb.com
O1 - Hosts: 1315771170 search.google.com
O1 - Hosts: 1315771170 search.yahoo.com
O1 - Hosts: 1315771170 search.lycos.com
O1 - Hosts: 1315771170 search.live.com
O1 - Hosts: 1315771170 search.msn.com
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [{04-45-52-23-ZN}] C:\Documents and Settings\michelle brenczewski\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [Windows Update Check] C:\WINDOWS\system32\syslodr.exe
Exit Hijack This.
Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In safe mode navigate to and delete thes files:
C:\Documents and Settings\michelle brenczewski\Local Settings\Temp\T0CHD001.exe
C:\WINDOWS\system32\syslodr.exe
c:\Program Files\BAE\BAE.dll
In safe mode navigate to and delete this folder if found:
c:\Program Files\BAE

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Post a new Combofix log please.

Response Number 17

Name: michellebren
Date: October 29, 2007 at 17:58:58 Pacific

Reply:

When I tried to find those files to delete, I was only able to find the last one c:\ProgramFiles\BAE. The rest did not exist.
Here is the new log:
ComboFix 07-10-26.4 - michelle brenczewski 2007-10-29 19:47:59.4 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\michelle brenczewski\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kernelw.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Driver

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.
2007-10-29 19:27 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-27 20:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 19:25 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\Grisoft
2007-10-27 19:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-27 18:24 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-27 17:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-27 17:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-27 17:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-27 17:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-27 17:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-27 17:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-27 17:12 3,176 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-27 14:27 <DIR> d-------- C:\WINDOWS\pss
2007-10-27 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-27 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-27 09:55 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-27 09:50 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-27 09:50 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 09:47 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-26 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-26 10:33 11,264 --a------ C:\WINDOWS\system32\syslodr.exe
2007-10-10 00:50 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-02 16:53 <DIR> d-------- C:\Program Files\Infogrames Interactive
2007-09-28 09:29 <DIR> d-------- C:\Quicken Back-up
2007-09-01 14:26 <DIR> d-------- C:\Program Files\ProjectionsDominator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 00:28 --------- d-----w C:\Program Files\Java
2007-10-28 18:58 --------- d-----w C:\Program Files\Google
2007-10-27 19:10 --------- d-----w C:\Program Files\PokerStars
2007-10-02 21:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
.
((((((((((((((((((((((((((((( snapshot@2007-10-28_ 5.05.36.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-27 23:23:36 775,680 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-10-28 13:54:30 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
- 2007-10-27 23:23:39 19,392 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-10-28 13:54:30 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2003-11-19 21:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-11-19 21:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-10-20 18:03:51 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
+ 2007-10-29 21:14:40 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
+ 2007-10-28 18:58:09 1,145,896 ----atw C:\WINDOWS\system32\Macromed\Shockwave 10\gt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 19:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 19:23]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.exe" [2005-09-08 05:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 07:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-12 21:55]
"EPSON Stylus Photo 825"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-04-09 14:04]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-28 08:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"@BackupScheduler"="C:\Program Files\Online Backup\OnlineBackup.exe" [2007-02-28 02:36]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-12 21:51:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5f1a70-20dc-11db-89ce-0016767d980a}]
AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-30 00:51:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 19:52:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-29 19:55:36 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-28 21:01
C:\ComboFix3.txt ... 2007-10-28 14:10
.
--- E O F ---

Response Number 18

Name: jabuck
Date: October 29, 2007 at 19:19:59 Pacific

Reply:

Please download SDFix by AndyManchesta and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, a menu with options should appear.
Select the first option, to run Windows in "Safe Mode", then press "Enter".
Choose your usual account.

Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt

Response Number 19

Name: michellebren
Date: October 30, 2007 at 04:44:30 Pacific

Reply:

I did not get these options once it rebooted. And, I cannot find the SDFix folder, only the SDFix.exe to install the program.....
"When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt"

Response Number 20

Name: michellebren
Date: October 30, 2007 at 09:26:47 Pacific

Reply:

Found it!!! Here is the report below...
SDFix: Version 1.112
Run by michelle brenczewski on Tue 10/30/2007 at 06:21 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...

Normal Mode:
Checking Files:
No Trojan Files Found

Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------

Files with Hidden Attributes:
Thu 15 Jun 2006 88 A.SHR --- "C:\i386\32593B2C62.sys"
Thu 15 Jun 2006 3,350 A.SH. --- "C:\i386\KGyGaAvL.sys"
Mon 29 Oct 2007 56 ..SHR --- "C:\WINDOWS\system32\622C3B5932.sys"
Mon 29 Oct 2007 4,184 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 21 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 7 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 21 Jun 2006 4,348 ...H. --- "C:\Documents and Settings\michelle brenczewski\My Documents\My Music\License Backup\drmv1key.bak"
Thu 31 Aug 2006 20 A..H. --- "C:\Documents and Settings\michelle brenczewski\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 14 Aug 2006 400 A.SH. --- "C:\Documents and Settings\michelle brenczewski\My Documents\My Music\License Backup\drmv2key.bak"
Wed 9 May 2007 8 A..H. --- "C:\Documents and Settings\jack brenczewski\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Wed 9 May 2007 8 A..H. --- "C:\Documents and Settings\jack brenczewski\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 10 May 2007 8 A..H. --- "C:\Documents and Settings\jack brenczewski\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Wed 16 May 2007 8 A..H. --- "C:\Documents and Settings\jack brenczewski\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Finished!

Response Number 21

Name: jabuck
Date: October 30, 2007 at 16:27:02 Pacific

Reply:

Reboot into safe mode.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Windows\system32\kernelw.sys
C:\Windows\system32\kernelwind32.exe
C:\WINDOWS\system32\syslodr.exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
For a double check from safe mode navigate to and delete these files if found.

C:\Windows\system32\kernelw.sys
C:\Windows\system32\kernelwind32.exe
C:\WINDOWS\system32\syslodr.exe
Post a new Combofix log please.

Response Number 22

Name: michellebren
Date: October 30, 2007 at 18:19:50 Pacific

Reply:

Did not find these two to delete:
C:\Windows\system32\kernelw.sys
C:\Windows\system32\kernelwind32.exe
Here is the new log:
ComboFix 07-10-26.4 - michelle brenczewski 2007-10-30 20:10:11.5 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\michelle brenczewski\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\michelle brenczewski\Desktop\CFScript.txt
FILE::
C:\Windows\system32\kernelw.sys
C:\Windows\system32\kernelwind32.exe
C:\WINDOWS\system32\syslodr.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))
.
2007-10-30 06:20 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-29 19:27 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-27 20:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 19:25 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\Grisoft
2007-10-27 19:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-27 18:24 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-27 17:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-27 17:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-27 17:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-27 17:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-27 17:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-27 17:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-27 17:12 3,176 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-27 14:27 <DIR> d-------- C:\WINDOWS\pss
2007-10-27 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-27 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-27 09:55 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-27 09:50 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-27 09:50 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 09:47 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-26 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 00:50 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-02 16:53 <DIR> d-------- C:\Program Files\Infogrames Interactive
2007-09-28 09:29 <DIR> d-------- C:\Quicken Back-up
2007-09-01 14:26 <DIR> d-------- C:\Program Files\ProjectionsDominator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 00:28 --------- d-----w C:\Program Files\Java
2007-10-29 21:14 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-28 18:58 --------- d-----w C:\Program Files\Google
2007-10-27 19:10 --------- d-----w C:\Program Files\PokerStars
2007-10-02 21:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 13:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-28_ 5.05.36.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-25 14:52:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.exe
+ 2007-10-30 11:20:51 5,718,016 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-10-30 11:20:51 270,336 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-10-25 14:52:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.exe
+ 2007-10-30 11:20:39 5,718,016 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-10-30 11:20:39 270,336 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2007-10-27 23:23:36 775,680 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-10-28 13:54:30 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
- 2007-10-27 23:23:39 19,392 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-10-28 13:54:30 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2003-11-19 21:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-11-19 21:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-10-28 18:58:09 1,145,896 ----atw C:\WINDOWS\system32\Macromed\Shockwave 10\gt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 19:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 19:23]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.exe" [2005-09-08 05:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 07:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-12 21:55]
"EPSON Stylus Photo 825"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-04-09 14:04]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-28 08:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"@BackupScheduler"="C:\Program Files\Online Backup\OnlineBackup.exe" [2007-02-28 02:36]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-12 21:51:50]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5f1a70-20dc-11db-89ce-0016767d980a}]
AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 01:09:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 20:12:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-30 20:13:44
C:\ComboFix2.txt ... 2007-10-29 19:55
C:\ComboFix3.txt ... 2007-10-28 21:01
.
--- E O F ---

Response Number 23

Name: jabuck
Date: October 30, 2007 at 18:43:50 Pacific

Reply:

Good job, it appears that you were able to kill the rootkit.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
You should add "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
Could you post one more Hijack This and Combofix log.

Response Number 24

Name: michellebren
Date: November 2, 2007 at 05:04:53 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:05 AM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe /P22 "EPSON Stylus Photo 825" /O6 "USB001" /M "Stylus Photo 825"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [@BackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/Walgreen...
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.photoworks.com/pixami/BP...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/res...
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://michellebrenczewski.myphotoa...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.dotphoto.com/DPImageUplo...
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uplo...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - http://images.sportsline.com/images...
O24 - Desktop Component 1: (no name) - http://mcbrodys1.football.sportslin...
--
End of file - 9287 bytes
ComboFix 07-10-26.4 - michelle brenczewski 2007-11-02 6:40:00.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.623 [GMT -5:00]
Running from: C:\Documents and Settings\michelle brenczewski\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
.
2007-10-30 06:20 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-29 19:27 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-27 20:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-27 19:25 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\Grisoft
2007-10-27 19:25 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-27 18:24 <DIR> d-------- C:\Documents and Settings\michelle brenczewski\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-27 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-27 17:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-27 17:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-27 17:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-27 17:12 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-27 17:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-27 17:12 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-27 17:12 3,176 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-27 14:27 <DIR> d-------- C:\WINDOWS\pss
2007-10-27 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-27 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-27 09:55 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-27 09:50 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-27 09:50 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-27 09:47 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-26 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 00:50 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-02 16:53 <DIR> d-------- C:\Program Files\Infogrames Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 18:06 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-30 00:28 --------- d-----w C:\Program Files\Java
2007-10-28 18:58 --------- d-----w C:\Program Files\Google
2007-10-27 19:10 --------- d-----w C:\Program Files\PokerStars
2007-10-02 21:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-28_ 5.05.36.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-25 14:52:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.exe
+ 2007-10-30 11:20:51 5,718,016 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-10-30 11:20:51 270,336 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-10-25 14:52:29 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.exe
+ 2007-10-30 11:20:39 5,718,016 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-10-30 11:20:39 270,336 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2007-10-27 23:23:36 775,680 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-10-28 13:54:30 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
- 2007-10-27 23:23:39 19,392 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-10-28 13:54:30 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
- 2003-11-19 21:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-11-19 21:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-10-28 18:58:09 1,145,896 ----atw C:\WINDOWS\system32\Macromed\Shockwave 10\gt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 19:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 19:19]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 19:23]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.exe" [2005-09-08 05:20]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 07:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-12 21:55]
"EPSON Stylus Photo 825"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-04-09 14:04]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-28 08:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"@BackupScheduler"="C:\Program Files\Online Backup\OnlineBackup.exe" [2007-02-28 02:36]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-12 21:51:50]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5f1a70-20dc-11db-89ce-0016767d980a}]
AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 11:39:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 06:42:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-02 6:44:04
C:\ComboFix2.txt ... 2007-10-30 20:13
C:\ComboFix3.txt ... 2007-10-29 19:55
.
--- E O F ---

Response Number 25

Name: jabuck
Date: November 2, 2007 at 14:45:27 Pacific

Reply:

Your logs are clean.
Is the computer operating better?

Response Number 26

Name: michellebren
Date: November 2, 2007 at 17:45:36 Pacific

Reply:

Yes it is!! I cannot thank you enough for your assistance. Can I uninstall the programs you had me install? i.e. combofix, hijack this, atf cleaner, sd fix, aschwar...
Thank you!!!!!!!!!!

Response Number 27

Name: jabuck
Date: November 2, 2007 at 18:52:19 Pacific

Reply:

You can uninstall all the programs we used to clean the computer. ATF Claener may be good one to keep or at least remember where to find it if you need it.
Glad we could help.

Response Number 28

Name: SCADAMON
Date: January 13, 2008 at 12:26:30 Pacific

Reply:

Same simptoms here...
Started new thread...
Thanks...

Sponsored Link

Ads by Google

Help I think I have a Tro...

Something is eating my pr...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: help! virus, spyware, something!

Kalvsys virus? Spyware? Help please

Summary

www.computing.net/answers/security/kalvsys-virus-spyware-help-please/14438.html

Help Virus Cant Log in Cant Restore/recover

Summary

www.computing.net/answers/security/help-virus-cant-log-in-cant-restorerecover/26217.html

Help with a virus/spyware

Summary

www.computing.net/answers/security/help-with-a-virusspyware/17973.html

From the Geek Dictionary
Phishing - Phishing is the method of attempting to gain personal & financial informa...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 6 Days.
Discuss in The Lounge
Poll History

Recent Posts
sound card

Vbs talking to batch

locate and isolate bad sectors on vista

spybot or windows defender

unable to open jpg files which are recovered

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE