Same error as http://www.computing.net/security/w...
i knw each & every person's HJT file is different, so dint try to fix it on my own. any help appreciated. thx.

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download Atribune's VundoFix.exe from the following site to your desktop:

Vundofix.exe

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,
click "yes".

Once you click yes, your desktop will go blank as it starts removing
Vundo.

When completed, it will prompt that it will reboot your computer,
click "ok".

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Firstly, thanks a lot for your quick help. i really appreciate it.

secondly, there's a .dll that vundo couldnt fix. it's called nnnolli.dll & it's in my system32 folder. should i manually delete it? vundo kept rebootin & searched again & couldnt get rid of it over & over. i havent deleted it yet & got a HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:13 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\WINDOWS\ietorrntplug.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {91d55b48-ea45-4a4b-bec8-d4bf0aeaf62a} - C:\WINDOWS\system32\vueeyar.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O2 - BHO: (no name) - {BFD873D2-A606-43FC-BFFA-AF4CA287E672} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O2 - BHO: (no name) - {C847BF94-7206-4F16-B57B-A8BAAF08AC0E} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\nnnolli.dll
O2 - BHO: {d522db18-53f0-6e4b-8474-ab2d4ce3df9d} - {d9fd3ec4-d2ba-4748-b4e6-0f3581bd225d} - C:\WINDOWS\system32\frbhmmun.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [45541fa3] rundll32.exe "C:\WINDOWS\system32\fhltlrxn.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [active mail] C:\DOCUME~1\Owner\APPLIC~1\WINGPL~1\grimheart.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: DSLMON.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBA0DFF2-E59D-4531-9B8F-626BC5873388}: NameServer = 213.42.20.20 195.229.241.222
O20 - AppInit_DLLs: C:\WINDOWS\system32\shsvwsc.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnolli - C:\WINDOWS\SYSTEM32\nnnolli.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 9805 bytes

i just ran combofix & it apparently has deleted that file. also, on starting up, windows tells me of a .dll file that can't run (i deleted that file from my avg earlier, it might b in the vault, what do u suggest for that?)
here's the combofix log.

ComboFix 08-02-21 - Owner 2008-02-22 23:40:31.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.100 [GMT 4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Nero\vuxahi89104.dll
C:\Program Files\stem~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\scurit~1
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\k5
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\nnnolli.dll
C:\WINDOWS\system32\nxrltlhf.ini
C:\WINDOWS\system32\p9
C:\WINDOWS\system32\p9\liopud89104.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\w11
C:\WINDOWS\system32\w11\hiba3133.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR

((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-22 22:46 . 2008-02-22 22:46 <DIR> d-------- C:\VundoFix Backups
2008-02-22 16:02 . 2008-02-22 16:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2008-02-21 12:07 . 2008-02-21 12:07 <DIR> d--hs---- C:\FOUND.002
2008-02-20 22:41 . 2004-05-10 22:42 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-02-20 12:48 . 2008-02-20 12:48 <DIR> d-------- C:\Program Files\XoftSpySE
2008-02-20 12:00 . 2008-02-20 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-20 09:13 . 2008-02-20 09:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-19 18:34 . 2008-02-19 18:34 <DIR> d--hs---- C:\WINDOWS\T3duZXI
2008-02-19 18:32 . 2008-02-19 18:32 <DIR> d-------- C:\WINDOWS\system32\dv6
2008-02-19 18:32 . 2008-02-19 18:32 <DIR> d-------- C:\Temp
2008-02-17 22:37 . 2008-02-17 22:37 <DIR> d--hs---- C:\FOUND.001
2008-02-11 16:04 . 2008-02-11 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-11 16:01 . 2008-02-11 16:01 <DIR> d-------- C:\Program Files\DIFX
2008-02-11 16:00 . 2008-02-11 16:00 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-02-11 16:00 . 2008-02-11 16:00 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-02-11 16:00 . 2008-02-11 16:00 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-02-11 16:00 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-02-11 15:59 . 2008-02-11 15:59 <DIR> d-------- C:\Program Files\Nokia
2008-02-11 15:59 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-02-11 15:59 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-02-11 15:59 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-02-11 15:59 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-02-11 15:59 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-02-11 15:58 . 2008-02-11 15:58 19 --a------ C:\WINDOWS\SoundConverter.INI
2008-02-11 15:57 . 2008-02-11 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-02-05 11:41 . 2008-02-05 11:41 <DIR> d--hs---- C:\FOUND.000
2008-01-27 17:43 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-01-26 22:19 . 2008-01-26 22:19 <DIR> d-------- C:\Program Files\Morpheus Ultra
2008-01-26 22:09 . 2008-01-26 22:09 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-26 22:01 . 2008-01-26 22:02 <DIR> d-------- C:\Program Files\VS Revo Group
2008-01-24 14:22 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 23:19 --------- d-----w C:\Program Files\DX-Ball
2009-12-31 23:17 --------- d-----w C:\Program Files\Microsoft Games
2009-12-31 23:17 --------- d-----w C:\Program Files\Kaun Bane Crorepati
2009-12-31 23:16 --------- d-----w C:\Program Files\MSN Messenger
2009-12-31 23:12 --------- d-----w C:\Program Files\Symantec
2009-12-31 23:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2009-12-31 23:12 --------- d-----w C:\Program Files\Common Files\Novell Shared
2009-12-31 23:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2009-12-31 23:10 24,820 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2009-12-31 23:09 --------- d-----w C:\Program Files\MusicMatch
2009-12-31 21:40 --------- d-----w C:\Program Files\Common Files\xing shared
2009-12-31 21:38 --------- d-----w C:\Program Files\ACDSee32
2009-12-31 21:32 --------- d-----w C:\Program Files\Microsoft.NET
2009-12-31 21:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2009-12-31 21:32 --------- d-----w C:\Program Files\Common Files\L&H
2009-12-31 21:31 --------- d-----w C:\Program Files\Microsoft Works
2009-12-31 21:29 --------- d-----w C:\Program Files\Common Files\Adobe
2009-12-31 21:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2009-12-31 21:26 --------- d-----w C:\Program Files\Macromedia
2009-12-31 21:24 --------- d-----w C:\Program Files\Common Files\Java
2009-12-31 20:44 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2009-12-31 20:44 --------- d-----w C:\Program Files\Winamp
2009-12-31 20:44 --------- d-----w C:\Program Files\Real
2009-12-31 20:44 --------- d-----w C:\Program Files\Java Web Start
2009-12-31 20:44 --------- d-----w C:\Program Files\Java
2009-12-31 20:44 --------- d-----w C:\Program Files\Common Files\Real
2009-12-31 20:43 --------- d-----w C:\Program Files\Netscape
2009-12-31 20:30 --------- d-----w C:\Program Files\Analog Devices
2009-12-31 20:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-12-31 20:29 --------- d-----w C:\Program Files\Intel
2009-12-31 20:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2009-12-31 20:09 --------- d-----w C:\Program Files\microsoft frontpage
2009-12-31 20:06 --------- d-----w C:\Program Files\CONEXANT
2008-01-21 09:23 --------- d-----w C:\Program Files\Win gpl deaf
2008-01-21 09:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Win gpl deaf
2008-01-21 09:22 --------- d-----w C:\Program Files\Circle Developement
2008-01-05 15:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Morpheus
2008-01-05 06:18 98,304 ----a-w C:\WINDOWS\DUMPf8ec.tmp
2007-12-28 22:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\eMule
2005-07-29 12:24 472 --sha-r C:\WINDOWS\T3duZXI\naxRtrK.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}]
C:\WINDOWS\ietorrntplug.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91d55b48-ea45-4a4b-bec8-d4bf0aeaf62a}]
C:\WINDOWS\system32\vueeyar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFD873D2-A606-43FC-BFFA-AF4CA287E672}]
C:\WINDOWS\system32\pmkhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C847BF94-7206-4F16-B57B-A8BAAF08AC0E}]
C:\WINDOWS\system32\pmnnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9fd3ec4-d2ba-4748-b4e6-0f3581bd225d}]
C:\WINDOWS\system32\frbhmmun.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\shsvwsc]
@={D57A99A2-9216-730D-8B88-E5423F8392E4}

[HKEY_CLASSES_ROOT\CLSID\{D57A99A2-9216-730D-8B88-E5423F8392E4}]
C:\WINDOWS\system32\shsvwsc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-24 03:33 190024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52 94208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"active mail"="C:\DOCUME~1\Owner\APPLIC~1\WINGPL~1\grimheart.exe" [ ]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2010-01-01 01:40 180269]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-14 17:36 43008 C:\WINDOWS\system32\WFXSNT40.EXE]
"9xadiras"="9xadiras.exe" []
"adiras"="adiras.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-04 13:00 1836544]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"45541fa3"="C:\WINDOWS\system32\fhltlrxn.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-20 12:13 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-20 12:00 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe [2006-09-23 18:39:18 929889]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 04:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\shsvwsc.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-02-14 17:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0aa49c98-4b0c-11db-9b61-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 06:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 23:49:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
r Running Proce
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-22 23:51:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 19:51:04

What was the .dll file you deleted?

I suggest that you uninstall "XoftSpySE" and "Morpheus Ultra". XoftSpySE was once laced with spyware (claims to be clean now) and Morpheus is know to report back info on you.

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\system32\frbhmmun.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\vueeyar.dll
C:\WINDOWS\ietorrntplug.dll
C:\WINDOWS\system32\nnnolli.dll
C:\WINDOWS\system32\fhltlrxn.dll
C:\WINDOWS\T3duZXI\naxRtrK.vbs

Driver::
nnnolli
45541fa3

Folder::
C:\WINDOWS\T3duZXI
C:\WINDOWS\system32\dv6

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91d55b48-ea45-4a4b-bec8-d4bf0aeaf62a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFD873D2-A606-43FC-BFFA-AF4CA287E672}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C847BF94-7206-4F16-B57B-A8BAAF08AC0E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9fd3ec4-d2ba-4748-b4e6-0f3581bd225d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"45541fa3"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Please go to Virus Total and upload the following file for analysis:

C:\WINDOWS\system32\shsvwsc.dll

Post the results in your reply.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Post a new Combofix log.

the dll file is fhltlrxn.dll
about morpheus ultra & xoftspyse, it's not in my add\remove programs list. & my net doesnt seem to b workin enough to download them again. i've uninstalled both of them earlier, but they r still showing. i searched it on google desktop & this is the only address where "xoftspyse" shows
C:\Program Files\XoftSpySE\xAutoUpdate.dll
should i delete this?
morpheus ultra has a whole folder, but it's not installed & the setup file isnt here.
i ran the combofix after copy pastin the .txt & my pc juss crashed. the net stopped & everythin went blank, except firefox itself. is that normal?
i've rebooted now & doin the virustotal check.
ok, i dont seem to have the file that you told me to check, but the same named file is in .dat format. there's a dll file, but the name is shsvcs.dll. should i scan this one? i've scanned the file you told me, but it's in .dat format, so i'm not sure how useful it might be.

the file check is takin too long. it got cancelled once & i'm re doin it now. will post a log as soon as it goes up, but submitting this cos the net is really shaky now.

yea, it just seems as if it's a matter of time now and my win32 services get ended abruptly and the net goes blank. wanted to tell you that the .dll file error that was happenin at startup has stopped.
will run the virus check again.

the virus check wont run. it keeps saying it lost the file.
i did the system restore.
did the atf cleaner as well.
about kaspersky, it shows this age which i'm supposed to accept. i click accept and nothing happens.
i tried to open it from internet explorer but my explorer seems to have gone completely bust. it isnt working at all. it's not opening any site.

oh i saw the site again and it said it runs only on explorer. do you think i should download the scanner from the internet somewhere and do the check? and do you have any idea as to why my internet explorer isnt working? i tried creatin a new connection, but that dint help...

Go to start> run> type in combofix /u (note the space after combofix) then press ok.

Download combofix again and try to the suggestion in response #3 again and post a new combofix log.

ok, i uninstalled the program & installed it again. copy pasted it & put it in the combofix & made a log.

the problem is i dont have shsvwsc.dll. i have a different .dll & shsvwsc is in .dat format.

also, for the kaspersky, my explorer is still not working & i get the generic host error for win32 services which shuts down my internet in a little time. i restart my pc & it works for a while & then again gives the error. debugging it also doesnt help.

anyways, here's the combofix log. i hope it's of some use.

ComboFix 08-02-23 - Owner 2008-02-24 15:46:59.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.119 [GMT 4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\ietorrntplug.dll
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\system32\fhltlrxn.dll
C:\WINDOWS\system32\frbhmmun.dll
C:\WINDOWS\system32\nnnolli.dll
C:\WINDOWS\system32\pmkhg.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\vueeyar.dll
C:\WINDOWS\T3duZXI\naxRtrK.vbs
.

((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-24 11:07 . 2008-02-24 11:07 <DIR> d--hs---- C:\FOUND.003
2008-02-22 16:02 . 2008-02-22 16:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2008-02-21 12:07 . 2008-02-21 12:07 <DIR> d--hs---- C:\FOUND.002
2008-02-20 22:41 . 2004-05-10 22:42 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-02-20 12:48 . 2008-02-20 12:48 <DIR> d-------- C:\Program Files\XoftSpySE
2008-02-20 12:00 . 2008-02-20 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-20 09:13 . 2008-02-20 09:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-19 18:32 . 2008-02-19 18:32 <DIR> d-------- C:\Temp
2008-02-17 22:37 . 2008-02-17 22:37 <DIR> d--hs---- C:\FOUND.001
2008-02-11 16:04 . 2008-02-11 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-11 16:01 . 2008-02-11 16:01 <DIR> d-------- C:\Program Files\DIFX
2008-02-11 16:00 . 2008-02-11 16:00 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-02-11 16:00 . 2008-02-11 16:00 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-02-11 16:00 . 2008-02-11 16:00 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-02-11 16:00 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-02-11 15:59 . 2008-02-11 15:59 <DIR> d-------- C:\Program Files\Nokia
2008-02-11 15:59 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-02-11 15:59 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-02-11 15:59 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-02-11 15:59 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-02-11 15:59 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-02-11 15:58 . 2008-02-11 15:58 19 --a------ C:\WINDOWS\SoundConverter.INI
2008-02-11 15:57 . 2008-02-11 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-02-05 11:41 . 2008-02-05 11:41 <DIR> d--hs---- C:\FOUND.000
2008-01-26 22:19 . 2008-01-26 22:19 <DIR> d-------- C:\Program Files\Morpheus Ultra
2008-01-26 22:09 . 2008-01-26 22:09 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-26 22:01 . 2008-01-26 22:02 <DIR> d-------- C:\Program Files\VS Revo Group
2008-01-24 14:22 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 23:19 --------- d-----w C:\Program Files\DX-Ball
2009-12-31 23:17 --------- d-----w C:\Program Files\Microsoft Games
2009-12-31 23:17 --------- d-----w C:\Program Files\Kaun Bane Crorepati
2009-12-31 23:16 --------- d-----w C:\Program Files\MSN Messenger
2009-12-31 23:12 --------- d-----w C:\Program Files\Symantec
2009-12-31 23:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2009-12-31 23:12 --------- d-----w C:\Program Files\Common Files\Novell Shared
2009-12-31 23:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2009-12-31 23:10 24,820 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2009-12-31 23:09 --------- d-----w C:\Program Files\MusicMatch
2009-12-31 21:40 --------- d-----w C:\Program Files\Common Files\xing shared
2009-12-31 21:38 --------- d-----w C:\Program Files\ACDSee32
2009-12-31 21:32 --------- d-----w C:\Program Files\Microsoft.NET
2009-12-31 21:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2009-12-31 21:32 --------- d-----w C:\Program Files\Common Files\L&H
2009-12-31 21:31 --------- d-----w C:\Program Files\Microsoft Works
2009-12-31 21:29 --------- d-----w C:\Program Files\Common Files\Adobe
2009-12-31 21:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2009-12-31 21:26 --------- d-----w C:\Program Files\Macromedia
2009-12-31 21:24 --------- d-----w C:\Program Files\Common Files\Java
2009-12-31 20:44 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2009-12-31 20:44 --------- d-----w C:\Program Files\Winamp
2009-12-31 20:44 --------- d-----w C:\Program Files\Real
2009-12-31 20:44 --------- d-----w C:\Program Files\Java Web Start
2009-12-31 20:44 --------- d-----w C:\Program Files\Java
2009-12-31 20:44 --------- d-----w C:\Program Files\Common Files\Real
2009-12-31 20:43 --------- d-----w C:\Program Files\Netscape
2009-12-31 20:30 --------- d-----w C:\Program Files\Analog Devices
2009-12-31 20:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-12-31 20:29 --------- d-----w C:\Program Files\Intel
2009-12-31 20:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2009-12-31 20:09 --------- d-----w C:\Program Files\microsoft frontpage
2009-12-31 20:06 --------- d-----w C:\Program Files\CONEXANT
2008-01-21 09:23 --------- d-----w C:\Program Files\Win gpl deaf
2008-01-21 09:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Win gpl deaf
2008-01-21 09:22 --------- d-----w C:\Program Files\Circle Developement
2008-01-05 15:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Morpheus
2008-01-05 06:18 98,304 ----a-w C:\WINDOWS\DUMPf8ec.tmp
2007-12-28 22:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\eMule
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\shsvwsc]
@={D57A99A2-9216-730D-8B88-E5423F8392E4}

[HKEY_CLASSES_ROOT\CLSID\{D57A99A2-9216-730D-8B88-E5423F8392E4}]
C:\WINDOWS\system32\shsvwsc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-24 03:33 190024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52 94208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"active mail"="C:\DOCUME~1\Owner\APPLIC~1\WINGPL~1\grimheart.exe" [ ]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2010-01-01 01:40 180269]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-14 17:36 43008 C:\WINDOWS\system32\WFXSNT40.EXE]
"9xadiras"="9xadiras.exe" []
"adiras"="adiras.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-04 13:00 1836544]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-20 12:13 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-20 12:00 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe [2006-09-23 18:39:18 929889]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 04:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\shsvwsc.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16087:TCP"= 16087:TCP:BitComet 16087 TCP
"16087:UDP"= 16087:UDP:BitComet 16087 UDP

R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-02-14 17:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0aa49c98-4b0c-11db-9b61-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 06:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 15:48:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-24 15:49:24
ComboFix4.txt 2008-02-23 07:12:44
ComboFix3.txt 2008-02-24 07:15:22
ComboFix2.txt 2008-02-24 11:22:46

Please go to Virus Total and upload the following file for analysis:

C:\WINDOWS\system32\shsvwsc.dll

Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file".

Post the results in your reply.

i dont seem to have that particular dll file. shsvwsc.dll is not there in my system32 folder.

i have shsvwsc.dat & shsvcs.dll

Run C:\Windows
System32\shsvwsc.dat through Virus Total

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner
Next, please reboot your computer in Safe Mode by doing the following :

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

ran the virus tool on that file. here's the report.

File shsvwsc.dat received on 02.25.2008 23:11:13 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 12.
Estimated start time is between 73 and 104 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.2.22.0 2008.02.22 -
AntiVir 7.6.0.67 2008.02.25 -
Authentium 4.93.8 2008.02.24 -
Avast 4.7.1098.0 2008.02.25 -
AVG 7.5.0.516 2008.02.25 -
BitDefender 7.2 2008.02.25 -
CAT-QuickHeal 9.50 2008.02.22 -
ClamAV 0.92.1 2008.02.25 -
DrWeb 4.44.0.09170 2008.02.25 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5562 2008.02.25 -
Ewido 4.0 2008.02.25 -
FileAdvisor 1 2008.02.25 -
Fortinet 3.14.0.0 2008.02.25 -
F-Prot 4.4.2.54 2008.02.25 -
F-Secure 6.70.13260.0 2008.02.25 -
Ikarus T3.1.1.20 2008.02.25 -
Kaspersky 7.0.0.125 2008.02.25 -
McAfee 5237 2008.02.25 -
Microsoft 1.3204 2008.02.25 -
NOD32v2 2900 2008.02.25 -
Norman 5.80.02 2008.02.25 -
Panda 9.0.0.4 2008.02.25 -
Prevx1 V2 2008.02.25 -
Rising 20.33.02.00 2008.02.25 -
Sophos 4.26.0 2008.02.25 -
Sunbelt 3.0.893.0 2008.02.23 -
Symantec 10 2008.02.25 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.25 -
Webwasher-Gateway 6.6.2 2008.02.25 -
Additional information
File size: 436 bytes
MD5: 8c1189bf83735c02a31116db49601005
SHA1: afd21661fce3ac0833e02f16ed6297d67c91fafe
PEiD: -

undid the system restore & switched it back on.

cleaned the ATFCleaner in safe mode.

Got the Kaspersky online scanner report.

---------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 26, 2008 8:22:53 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/02/2008
Kaspersky Anti-Virus database records: 580704
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\

Scan Statistics:
Total number of scanned objects: 126625
Number of viruses found: 13
Number of infected objects: 27
Number of suspicious objects: 0
Duration of the scan process: 01:31:08

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\tett765z.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\tett765z.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\tett765z.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\tett765z.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\dbeam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\dbeao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\dbdam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\dbdao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\dbm Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\fii.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\hp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop\b7d8bc9a950c\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF62A0.tmp Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts\WIN Genuine.rar/WIN Genuine/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts\WIN Genuine.rar/WIN Genuine/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts\WIN Genuine.rar/WIN Genuine/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts\WIN Genuine.rar RAR: infected - 3 skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tett765z.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tett765z.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tett765z.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tett765z.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tett765z.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tett765z.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\tett765z.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFF Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFR Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFG Object is locked skipped
C:\Program Files\DAP\Offers\VA_11_DAPSO.1187_1.exe/WISE0009.BIN Infected: not-a-virus:AdTool.Win32.MyWebSearch.bk skipped
C:\Program Files\DAP\Offers\VA_11_DAPSO.1187_1.exe WiseSFX: infected - 1 skipped
C:\Program Files\DAP\Offers\VA_11_DAPSO.1187_1.exe WiseSFXDropper: infected - 1 skipped
C:\System Volume Information\_restore{F7A80B63-5F3D-4BD9-88DF-34B560B6B167}\RP4\change.log Object is locked skipped
D:\Backup As 26 04 05\My Documents\winamp skins\al2.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.EZula.j skipped
D:\Backup As 26 04 05\My Documents\winamp skins\al2.exe WiseSFX: infected - 1 skipped
D:\Backup As 26 04 05\My Documents\winamp skins\aaliyah.exe/WISE0015.BIN/WISE0009.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
D:\Backup As 26 04 05\My Documents\winamp skins\aaliyah.exe/WISE0015.BIN/WISE0010.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
D:\Backup As 26 04 05\My Documents\winamp skins\aaliyah.exe/WISE0015.BIN/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
D:\Backup As 26 04 05\My Documents\winamp skins\aaliyah.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Exact.a skipped
D:\Backup As 26 04 05\My Documents\winamp skins\aaliyah.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.IGetNet skipped
D:\Backup As 26 04 05\My Documents\winamp skins\aaliyah.exe WiseSFX: infected - 5 skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.F1Organizer.l skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0025.BIN/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.a skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0025.BIN/data0010 Infected: not-a-virus:AdWare.Win32.CommonName.c skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.CommonName.c skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0028.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0028.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0029.BIN Infected: not-a-virus:AdWare.Win32.EZula.bx skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe/WISE0031.BIN Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
D:\Backup As 26 04 05\My Documents\setups\iMeshV4.exe WiseSFX: infected - 11 skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

The following will disable DAP, this download accelerator is known to have spyware in it.Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Program Files\DAP\Offers\VA_11_DAPSO.1187_1.exe

Folder::
C:\Program Files\DAP

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

And as you can see in the Kaspersky scan the D: drive (back-up) is pretty much infected. You should delete a make a new back-up.

ok, i undid the DAP. do u want the combofix?

& about the back up. the person who made me the pc told me not to format it. so shud i? it has this hidden folder which is empty but is 3.8mb :S

it is getting better, but still not perfect. do u think there's anything else left to do?

since you are gonna b online after a while (approx 17 hrs) i think i'll juss give u the combofix log. mayb u can find out somethin else that's wrong?

ComboFix 08-02-23 - Owner 2008-02-27 11:13:20.6 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.85 [GMT 4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\Program Files\DAP\Offers\VA_11_DAPSO.1187_1.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\DAP\_dapm_amdc.dll
C:\Program Files\DAP\_dapm_Context_games.dll
C:\Program Files\DAP\cabex.dll
C:\Program Files\DAP\Cancel.gif
C:\Program Files\DAP\comtest.gif
C:\Program Files\DAP\DAP.exe
C:\Program Files\DAP\dap_premium.gif
C:\Program Files\DAP\DAP86.EXE
C:\Program Files\DAP\DAPBHO.dll
C:\Program Files\DAP\dapextie.htm
C:\Program Files\DAP\dapextie2.htm
C:\Program Files\DAP\DAPFireFox\chrome.manifest
C:\Program Files\DAP\DAPFireFox\chrome\dapff.jar
C:\Program Files\DAP\DAPFireFox\components\.autoreg
C:\Program Files\DAP\DAPFireFox\components\DAPFireFox.dll
C:\Program Files\DAP\DAPFireFox\components\dapservice.js
C:\Program Files\DAP\DAPFireFox\components\IDAPComponent.xpt
C:\Program Files\DAP\DAPFireFox\install.rdf
C:\Program Files\DAP\DAPFireFox\install.xpi
C:\Program Files\DAP\dapie.dll
C:\Program Files\DAP\DAPIEBar.dll
C:\Program Files\DAP\DAPIEEngine.dll
C:\Program Files\DAP\DAPIEMonitor.dll
C:\Program Files\DAP\dapm_Context_search.dll
C:\Program Files\DAP\dapm_ftp.dll
C:\Program Files\DAP\dapmm.dll
C:\Program Files\DAP\dapns.dll
C:\Program Files\DAP\dapop.dll
C:\Program Files\DAP\DapRemove.exe
C:\Program Files\DAP\dapres.dll
C:\Program Files\DAP\dapres32.dll
C:\Program Files\DAP\dapupd.exe
C:\Program Files\DAP\dapxrpt.exe
C:\Program Files\DAP\dapxrpt.ini
C:\Program Files\DAP\dbghelp.dll
C:\Program Files\DAP\delete_animation.gif
C:\Program Files\DAP\dexthlp.dll
C:\Program Files\DAP\gui.xml
C:\Program Files\DAP\History\20070415.dat
C:\Program Files\DAP\History\Owner\_lasthist.dat
C:\Program Files\DAP\History\Owner\20080203.dat
C:\Program Files\DAP\History\Owner\20080210.dat
C:\Program Files\DAP\History\Owner\20080217.dat
C:\Program Files\DAP\History\Owner\20080224.dat
C:\Program Files\DAP\Icons\dapgames.ico
C:\Program Files\DAP\INSTALL.LOG
C:\Program Files\DAP\license.txt
C:\Program Files\DAP\Locales\DAPCHS.lng
C:\Program Files\DAP\Locales\DAPCHT.lng
C:\Program Files\DAP\Locales\DAPDEU.lng
C:\Program Files\DAP\Locales\DAPENU.lng
C:\Program Files\DAP\Locales\DAPESP.lng
C:\Program Files\DAP\Locales\DAPFRA.lng
C:\Program Files\DAP\Locales\DAPITA.lng
C:\Program Files\DAP\Locales\DAPJPN.lng
C:\Program Files\DAP\Locales\DAPM_FTPCHT.lng
C:\Program Files\DAP\Locales\DAPM_FTPDEU.lng
C:\Program Files\DAP\Locales\DAPM_FTPENU.lng
C:\Program Files\DAP\Locales\DAPM_FTPESP.lng
C:\Program Files\DAP\Locales\DAPM_FTPFRA.lng
C:\Program Files\DAP\Locales\DAPM_FTPITA.lng
C:\Program Files\DAP\Locales\DAPM_FTPJPN.lng
C:\Program Files\DAP\Locales\DAPM_FTPNLD.lng
C:\Program Files\DAP\Locales\DAPM_FTPPTB.lng
C:\Program Files\DAP\Locales\DAPM_FTPRUS.lng
C:\Program Files\DAP\Locales\DAPNLD.lng
C:\Program Files\DAP\Locales\DAPPOL.lng
C:\Program Files\DAP\Locales\DAPPTB.lng
C:\Program Files\DAP\Locales\DAPRUS.lng
C:\Program Files\DAP\Log\DAP.LOG
C:\Program Files\DAP\Log\DAP_BETA.LOG
C:\Program Files\DAP\Log\DAP_REPORT.LOG
C:\Program Files\DAP\Log\DAP_WIZARD.LOG
C:\Program Files\DAP\Log\DAPCRASH.DMP
C:\Program Files\DAP\Log\DAPIE.LOG
C:\Program Files\DAP\Log\ERRORLOG.TXT
C:\Program Files\DAP\MCFiles\error.bmp
C:\Program Files\DAP\MCFiles\ExtractedIcon.bmp
C:\Program Files\DAP\MCFiles\info.bmp
C:\Program Files\DAP\MCFiles\warning.bmp
C:\Program Files\DAP\MCMgr.dll
C:\Program Files\DAP\mfc42.dll
C:\Program Files\DAP\mmc.xml
C:\Program Files\DAP\msvcrt.dll
C:\Program Files\DAP\Offers\VA_11_DAPSO.1187_1.exe
C:\Program Files\DAP\OK.gif
C:\Program Files\DAP\Privacy Package\CleanerIEMenu.dll
C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
C:\Program Files\DAP\Privacy Package\DAPCtxMenuShell.dll
C:\Program Files\DAP\Privacy Package\DAPPrivacyPackage.exe
C:\Program Files\DAP\Privacy Package\DAPShred.exe
C:\Program Files\DAP\Privacy Package\DAPTraceCleaner.exe
C:\Program Files\DAP\Privacy Package\shred_animation4.gif
C:\Program Files\DAP\Privacy Package\trace_ani.gif
C:\Program Files\DAP\privacy.txt
C:\Program Files\DAP\progbar.gif
C:\Program Files\DAP\progress_bar_ani.gif
C:\Program Files\DAP\RestartApp.exe
C:\Program Files\DAP\SBSearch.dll
C:\Program Files\DAP\screen.dat
C:\Program Files\DAP\Skins\dap\arrows.bmp
C:\Program Files\DAP\Skins\dap\bms.bmp
C:\Program Files\DAP\Skins\dap\bmstool.bmp
C:\Program Files\DAP\Skins\dap\C-Close.bmp
C:\Program Files\DAP\Skins\dap\C-end.bmp
C:\Program Files\DAP\Skins\dap\C-Max.bmp
C:\Program Files\DAP\Skins\dap\C-Min.bmp
C:\Program Files\DAP\Skins\dap\C-Restore.bmp
C:\Program Files\DAP\Skins\dap\checkbox.bmp
C:\Program Files\DAP\Skins\dap\ComboButton.bmp
C:\Program Files\DAP\Skins\dap\combobuttonextra.bmp
C:\Program Files\DAP\Skins\dap\DAP.uis
C:\Program Files\DAP\Skins\dap\Dialog.bmp
C:\Program Files\DAP\Skins\dap\Explorer.bmp
C:\Program Files\DAP\Skins\dap\F-Bottom.bmp
C:\Program Files\DAP\Skins\dap\F-Left.bmp
C:\Program Files\DAP\Skins\dap\F-Right.bmp
C:\Program Files\DAP\Skins\dap\F-Top.bmp
C:\Program Files\DAP\Skins\dap\grip.bmp
C:\Program Files\DAP\Skins\dap\GroupBox.bmp
C:\Program Files\DAP\Skins\dap\GroupBoxTitle.bmp
C:\Program Files\DAP\Skins\dap\Header.bmp
C:\Program Files\DAP\Skins\dap\hscroll.bmp
C:\Program Files\DAP\Skins\dap\hscroll2.bmp
C:\Program Files\DAP\Skins\dap\mdi-button.bmp
C:\Program Files\DAP\Skins\dap\Mdi.bmp
C:\Program Files\DAP\Skins\dap\Menu-Border.bmp
C:\Program Files\DAP\Skins\dap\MenuBar.bmp
C:\Program Files\DAP\Skins\dap\menuborder.bmp
C:\Program Files\DAP\Skins\dap\menutool.bmp
C:\Program Files\DAP\Skins\dap\ProgressBar.bmp
C:\Program Files\DAP\Skins\dap\radiobutton.bmp
C:\Program Files\DAP\Skins\dap\shade.bmp
C:\Program Files\DAP\Skins\dap\Status.bmp
C:\Program Files\DAP\Skins\dap\SunkenEdge.bmp
C:\Program Files\DAP\Skins\dap\tabborders.bmp
C:\Program Files\DAP\Skins\dap\tabs.bmp
C:\Program Files\DAP\Skins\dap\vscroll.bmp
C:\Program Files\DAP\Skins\dap\vscroll2.bmp
C:\Program Files\DAP\Skins\skins.url
C:\Program Files\DAP\Temp\ADS7.tmp
C:\Program Files\DAP\Temp\LDND4.tmp
C:\Program Files\DAP\Temp\LDND5.tmp
C:\Program Files\DAP\Temp\LDND6.tmp
C:\Program Files\DAP\Temp\LDND7.tmp
C:\Program Files\DAP\Temp\LDNDD.tmp
C:\Program Files\DAP\Temp\LDNDE.tmp
C:\Program Files\DAP\Temp\LDNDF.tmp
C:\Program Files\DAP\Temp\LDNE0.tmp
C:\Program Files\DAP\Temp\TAG15B.tmp
C:\Program Files\DAP\Temp\TAG311.tmp
C:\Program Files\DAP\Temp\ZAFA.tmp
C:\Program Files\DAP\Temp\ZAU9.tmp
C:\Program Files\DAP\UNWISE.EXE
C:\Program Files\DAP\v_html.gif
C:\Program Files\DAP\v_i.gif
C:\Program Files\DAP\v_logo.gif
C:\Program Files\DAP\v_noconn.gif
C:\Program Files\DAP\v_notf.gif
C:\Program Files\DAP\v_ok.gif
C:\Program Files\DAP\v_pass.gif
C:\Program Files\DAP\v_unk.gif
C:\Program Files\DAP\v_working.gif
C:\Program Files\DAP\website.url
C:\Program Files\DAP\zlib.dll
C:\Program Files\DAP

.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-26 02:32 . 2008-02-26 02:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-26 02:32 . 2008-02-26 02:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-24 15:54 . 2008-02-24 15:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-02-24 11:07 . 2008-02-24 11:07 <DIR> d--hs---- C:\FOUND.003
2008-02-22 16:02 . 2008-02-22 16:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2008-02-21 12:07 . 2008-02-21 12:07 <DIR> d--hs---- C:\FOUND.002
2008-02-20 12:00 . 2008-02-20 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-20 09:13 . 2008-02-20 09:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-19 18:32 . 2008-02-19 18:32 <DIR> d-------- C:\Temp
2008-02-17 22:37 . 2008-02-17 22:37 <DIR> d--hs---- C:\FOUND.001
2008-02-11 16:04 . 2008-02-11 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-11 16:01 . 2008-02-11 16:01 <DIR> d-------- C:\Program Files\DIFX
2008-02-11 16:00 . 2008-02-11 16:00 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-02-11 16:00 . 2008-02-11 16:00 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-02-11 16:00 . 2008-02-11 16:00 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-02-11 16:00 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-02-11 15:59 . 2008-02-11 15:59 <DIR> d-------- C:\Program Files\Nokia
2008-02-11 15:59 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-02-11 15:59 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-02-11 15:59 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-02-11 15:59 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-02-11 15:59 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-02-11 15:58 . 2008-02-11 15:58 19 --a------ C:\WINDOWS\SoundConverter.INI
2008-02-11 15:57 . 2008-02-11 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-02-05 11:41 . 2008-02-05 11:41 <DIR> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 23:19 --------- d-----w C:\Program Files\DX-Ball
2009-12-31 23:17 --------- d-----w C:\Program Files\Microsoft Games
2009-12-31 23:17 --------- d-----w C:\Program Files\Kaun Bane Crorepati
2009-12-31 23:16 --------- d-----w C:\Program Files\MSN Messenger
2009-12-31 23:12 --------- d-----w C:\Program Files\Symantec
2009-12-31 23:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2009-12-31 23:12 --------- d-----w C:\Program Files\Common Files\Novell Shared
2009-12-31 23:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2009-12-31 23:10 24,820 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2009-12-31 23:09 --------- d-----w C:\Program Files\MusicMatch
2009-12-31 21:40 --------- d-----w C:\Program Files\Common Files\xing shared
2009-12-31 21:38 --------- d-----w C:\Program Files\ACDSee32
2009-12-31 21:32 --------- d-----w C:\Program Files\Microsoft.NET
2009-12-31 21:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2009-12-31 21:32 --------- d-----w C:\Program Files\Common Files\L&H
2009-12-31 21:31 --------- d-----w C:\Program Files\Microsoft Works
2009-12-31 21:29 --------- d-----w C:\Program Files\Common Files\Adobe
2009-12-31 21:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2009-12-31 21:26 --------- d-----w C:\Program Files\Macromedia
2009-12-31 21:24 --------- d-----w C:\Program Files\Common Files\Java
2009-12-31 20:44 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2009-12-31 20:44 --------- d-----w C:\Program Files\Winamp
2009-12-31 20:44 --------- d-----w C:\Program Files\Real
2009-12-31 20:44 --------- d-----w C:\Program Files\Java Web Start
2009-12-31 20:44 --------- d-----w C:\Program Files\Java
2009-12-31 20:44 --------- d-----w C:\Program Files\Common Files\Real
2009-12-31 20:43 --------- d-----w C:\Program Files\Netscape
2009-12-31 20:30 --------- d-----w C:\Program Files\Analog Devices
2009-12-31 20:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-12-31 20:29 --------- d-----w C:\Program Files\Intel
2009-12-31 20:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2009-12-31 20:09 --------- d-----w C:\Program Files\microsoft frontpage
2009-12-31 20:06 --------- d-----w C:\Program Files\CONEXANT
2008-02-24 21:44 20 ----a-w C:\sccfg.sys
2008-01-26 18:19 --------- d-----w C:\Program Files\Morpheus Ultra
2008-01-26 18:09 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-26 18:02 --------- d-----w C:\Program Files\VS Revo Group
2008-01-21 09:23 --------- d-----w C:\Program Files\Win gpl deaf
2008-01-21 09:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Win gpl deaf
2008-01-21 09:22 --------- d-----w C:\Program Files\Circle Developement
2008-01-05 15:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Morpheus
2008-01-05 06:18 98,304 ----a-w C:\WINDOWS\DUMPf8ec.tmp
2007-12-28 22:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\eMule
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\shsvwsc]
@={D57A99A2-9216-730D-8B88-E5423F8392E4}

[HKEY_CLASSES_ROOT\CLSID\{D57A99A2-9216-730D-8B88-E5423F8392E4}]
C:\WINDOWS\system32\shsvwsc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-24 03:33 190024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52 94208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"active mail"="C:\DOCUME~1\Owner\APPLIC~1\WINGPL~1\grimheart.exe" [ ]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42 585728]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2010-01-01 01:40 180269]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-14 17:36 43008 C:\WINDOWS\system32\WFXSNT40.EXE]
"9xadiras"="9xadiras.exe" []
"adiras"="adiras.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-04 13:00 1836544]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-20 12:13 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-20 12:00 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe [2006-09-23 18:39:18 929889]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 04:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\shsvwsc.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16087:TCP"= 16087:TCP:BitComet 16087 TCP
"16087:UDP"= 16087:UDP:BitComet 16087 UDP

R2 wfxsvc;WinFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-02-14 17:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0aa49c98-4b0c-11db-9b61-806d6172696f}]
\Shell\AutoRun\command - G:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 06:01:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 11:17:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
r Running Proce
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-27 11:18:04 - machine was rebooted
ComboFix5.txt 2008-02-23 07:12:44
ComboFix4.txt 2008-02-24 07:15:22
ComboFix3.txt 2008-02-24 11:22:46
ComboFix2.txt 2008-02-24 11:49:26
ComboFix-quarantined-files.txt 2008-02-27 07:18:02

oh btw, those millions of .tmp files r gone! woohoo

As for the D: drive all I can do is tell you that it is infected. It looks like winamp and imesh filesm maybe music.

Contact the person that built the computer and ask why you would not want to clean out the infected backup files.

u mean u can't find anything wrong anymore? :(
generic host process for win32 services ends after a while & then the svchost.exe has an application error.... this dint happen earlier, u think some dll or some program was deleted which is causing this to happen? i also get the invite to get connected off & on.

also, i deleted those 2 folders off my d drive. u want another virus check?

Run Hijack This> click the "open misc. tools section" button> click the "open uninstall manager" button> click "save list..."> click save> post the list that is produced.

Post a new Hijack This, a new Combofix log and a ne Kaspersky scan please.

ok, got all the 3 scans done.

uninstall list.

ACDSee 32
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0.1
Adobe Shockwave Player
ADSL USB MODEM
Apple Mobile Device Support
Apple Software Update
AVG 7.5
BitComet 0.70
Cricket 2002
CueClub
DivX Content Uploader
DivX Web Player
Download Accelerator Plus (DAP)
DX-Ball 1.09
EA SPORTS(TM) Cricket 07
Eudora Light 3.0.6
Google Desktop
HDDlife plug-in for Google Desktop 1.1
HijackThis 2.0.2
Hitman: Contracts
iTunes
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
Java(TM) 6 Update 3
Kaspersky Online Scanner
KBC By Chirag
LiveAdvisor (Symantec Corporation)
LiveUpdate
Macromedia Flash 5
Messenger Plus! 3
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 2.0
Microsoft Midtown Madness Trial Version
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Mozilla Firefox (2.0.0.12)
MP3 To Ringtone Gold 3.50
MSVC80_x86
MusicMatch Jukebox
MyVideoConverter 1.34
Nero 7 Ultra Edition
Netscape (7.0)
Nokia Connectivity Cable Driver
Nokia Multimedia Factory
Nokia Multimedia Factory
Nokia PC Suite
Nokia PC Suite
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Oshobooks - the complete works
PC Connectivity Solution
PowerDVD
PowerISO
QuickTime
RealPlayer
SonicStage 3.4
Sony USB Driver
SoundMAX
Spybot - Search & Destroy 1.4
Symantec WinFax PRO 10.0
System Requirements Lab
VideoLAN VLC media player 0.8.6a
Winamp
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
WinZip
XMLinst
Yahoo! Install Manager
Yahoo! Messenger

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:28 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"