Greetings, I went online to try and find some drivers for an old Lamaqq Super Blue external modem. After a Google search, I tried to access a website that said I needed to download and install an update for Macromedia flash player. STUPID me!!! I immediately received a notice that I had been hi-jacked by an unknown trojan, and that I needed to download some new trojan software to combat it. I didn't...but I keep getting this warning and have no idea how to fight this 'virus'. I used Norton anti-virus, AVG-free, and Spyware Terminator, but so far there have been no results. What else can I do to figure this out??? Any and all help is greatly appreciated. I have looked at some of the archival posts, but haven't enough knowledge to know what is what!!! Thanks in advance.

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Thanks, jabuck for your assistance. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:37 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sierra\Planner\Plnrnote.exe
C:\Program Files\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\My Download Files\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Adobe PDF Reader Link Helper - {358A14C3-CB2F-4366-9A6C-1AEB63F0B036} - C:\WINDOWS\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: Wireless PCI_CardBus utility V1.01.exe.lnk = ?
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A7DF5D1-345D-4541-A3E1-18ACB6722CF3}: NameServer = 129.237.32.1,129.237.32.2
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14815 bytes

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Turn off Norton's scriptblocking:

Start Norton AntiVirus.
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
(1) Click Options.
If you see a menu, click Norton AntiVirus.
(2) In the left pane, click Script Blocking.
(3) In the right pane, uncheck Enable Script Blocking (recommended).
(4) Click OK.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

jabuck,...the log from ComboFix:

ComboFix 08-02-15.1 - Willslen 2008-02-14 21:56:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.735 [GMT -6:00]
Running from: C:\My Download Files\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Willslen\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 15:25 . 2008-02-14 15:29 230,400 --a------ C:\WINDOWS\AcroIEHelper.dll
2008-02-14 15:25 . 2008-02-14 15:29 50 --a------ C:\tmp.bat
2008-02-13 17:11 . 2008-02-13 17:12 <DIR> d-------- C:\Harvest Home Summer
2008-02-11 17:05 . 2008-02-11 17:22 <DIR> d-------- C:\another february mix
2008-02-11 16:30 . 2008-02-11 17:20 <DIR> d-------- C:\mixmeister february tunes
2008-02-11 13:10 . 2008-02-11 13:26 <DIR> d-------- C:\HAWTIN WAVED
2008-02-10 10:35 . 2008-02-10 10:35 <DIR> d-------- C:\WINDOWS\system32\drivex
2008-02-10 10:35 . 2008-02-10 10:36 28 --a------ C:\WINDOWS\system32\vfw_32.reg
2008-02-09 11:49 . 2008-02-11 13:28 <DIR> d-------- C:\LATIN MIX CD
2008-02-09 09:11 . 2008-02-09 12:25 <DIR> d-------- C:\LATIN MIX CASSETTE
2008-02-08 11:35 . 2008-02-08 11:38 <DIR> d-------- C:\MUSIC FOR BILL EVANS
2008-02-04 13:03 . 2008-02-04 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-03 09:08 . 2008-02-03 09:08 <DIR> d-------- C:\Program Files\Common Files\HCS Common
2008-02-03 09:06 . 2002-01-05 03:18 102,400 --a------ C:\WINDOWS\system32\atl70.dll
2008-02-03 09:04 . 2008-02-03 09:05 <DIR> d-------- C:\Program Files\Sierra
2008-02-03 09:04 . 2008-02-03 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sierra
2008-01-31 14:40 . 2008-02-14 17:17 <DIR> d-------- C:\ACADEMIC ELIGIBILITY
2008-01-30 12:45 . 2008-01-30 13:42 <DIR> d-------- C:\NEW NEW mixmeister tunes
2008-01-28 16:48 . 2008-01-28 16:48 <DIR> d-------- C:\Documents and Settings\Willslen\Application Data\dBpoweramp
2008-01-28 12:40 . 2008-01-28 13:15 <DIR> d-------- C:\new tunes new mode
2008-01-26 10:23 . 2008-01-26 10:38 <DIR> d-------- C:\SUSAN KING NEW TAPES II WAVED
2008-01-26 10:22 . 2008-01-26 12:27 <DIR> d-------- C:\SUSAN KING NEW TAPES I WAVED
2008-01-26 09:45 . 2008-02-07 17:44 <DIR> d-------- C:\SUSAN KING NEW TAPES II
2008-01-26 09:45 . 2008-01-26 13:56 <DIR> d-------- C:\SUSAN KING NEW TAPES I
2008-01-26 09:38 . 2008-02-03 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-25 11:38 . 2002-05-29 08:45 311,296 --a------ C:\WINDOWS\system32\cdintf.dll
2008-01-25 11:33 . 2008-01-25 11:33 <DIR> d-------- C:\Program Files\Broderbund
2008-01-25 11:33 . 1999-04-21 04:08 29,184 --------- C:\WINDOWS\system32\Popup.ocx
2008-01-24 18:29 . 2008-01-24 18:35 <DIR> d-------- C:\DRUMS de Nouveau
2008-01-23 16:50 . 2008-01-23 16:50 <DIR> d-------- C:\Program Files\MixMeister Pro 6
2008-01-23 12:55 . 2008-01-23 17:12 <DIR> d-------- C:\Toons For A New Class
2008-01-18 13:38 . 2008-01-18 13:40 <DIR> d-------- C:\Pics & Jpegs
2008-01-18 11:53 . 2008-01-18 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Broderbund Software
2008-01-18 11:18 . 2008-01-18 11:18 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-01-18 11:18 . 2008-01-18 11:18 3,625 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-01-18 11:12 . 2008-01-18 11:23 <DIR> d-------- C:\first class danc 305
2008-01-17 15:21 . 2008-01-17 15:21 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-01-17 15:14 . 2008-01-17 15:14 <DIR> d--h----- C:\BJPrinter
2008-01-17 15:14 . 2002-12-17 23:00 88,576 --a------ C:\WINDOWS\system32\CNMLM4y.DLL
2008-01-17 15:14 . 2002-10-03 09:23 73,728 -ra------ C:\WINDOWS\system32\CNMCP4y.exe
2008-01-17 15:14 . 2002-12-17 23:00 5,632 --a------ C:\WINDOWS\system32\CNMVS4y.DLL
2008-01-17 15:13 . 2002-11-10 14:20 6,016 --a------ C:\WINDOWS\system32\drivers\bjhid.sys
2008-01-16 13:01 . 2008-01-18 11:11 <DIR> d-------- C:\percussion
2008-01-15 13:57 . 2008-01-15 18:25 <DIR> d-------- C:\loreley again

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 23:18 --------- d-----w C:\Documents and Settings\Willslen\Application Data\AVG7
2008-02-14 23:04 --------- d-----w C:\Documents and Settings\Willslen\Application Data\Spyware Terminator
2008-02-14 22:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 21:56 --------- d-----w C:\Program Files\Spyware Terminator
2008-02-08 23:55 --------- d-----w C:\Program Files\Norton SystemWorks
2008-02-08 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-08 14:42 --------- d-----w C:\Documents and Settings\Willslen\Application Data\Vso
2008-02-04 19:03 --------- d-----w C:\Program Files\Apple Software Update
2008-02-03 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 15:04 7 ----a-w C:\WINDOWS\Fonts\Key.txt
2008-01-28 18:37 --------- d-----w C:\Program Files\Winamp Toolbar
2008-01-28 18:37 --------- d-----w C:\Program Files\Winamp
2008-01-25 17:38 --------- d-----w C:\Program Files\Web Publish
2008-01-23 22:50 --------- d-----w C:\Documents and Settings\Willslen\Application Data\MixMeister Technology
2008-01-23 22:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-18 17:53 --------- d-----w C:\Program Files\The Print Shop 22
2008-01-18 17:18 1,071,480 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-01-17 21:23 --------- d-----w C:\Program Files\Canon
2008-01-16 16:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-12 21:07 --------- d-----w C:\Documents and Settings\Willslen\Application Data\dvdcss
2008-01-05 20:38 --------- d-----w C:\Documents and Settings\Willslen\Application Data\Talkback
2008-01-05 20:37 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-05 20:37 --------- d-----w C:\Program Files\Common Files\Real
2008-01-03 19:44 --------- d-----w C:\Documents and Settings\Willslen\Application Data\AdobeUM
2008-01-02 23:01 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-02 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-02 22:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-02 19:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-12-31 18:42 --------- d-----w C:\Program Files\Xilisoft
2007-12-28 22:22 --------- d-----w C:\Documents and Settings\Willslen\Application Data\1clickPro
2007-12-27 21:11 --------- d-----w C:\Documents and Settings\Willslen\Application Data\AccurateRip
2007-12-24 19:05 --------- d-----w C:\Documents and Settings\Willslen\Application Data\Ulead Systems
2007-12-23 19:51 --------- d-----w C:\Program Files\UWC
2007-12-21 22:05 --------- d-----w C:\Program Files\dvd43
2007-12-21 22:04 18,816 ----a-w C:\WINDOWS\system32\drivers\dvd43llh.sys
2007-12-21 21:57 --------- d-----w C:\Program Files\LG Software Innovations
2007-12-21 18:13 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-12-21 00:15 --------- d-----w C:\Documents and Settings\Willslen\Application Data\Roxio
2007-12-18 19:55 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-12-18 19:50 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-12-18 19:50 --------- d-----w C:\Documents and Settings\Willslen\Application Data\ScanSoft
2007-12-18 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2007-12-18 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2007-12-18 19:49 --------- d-----w C:\Program Files\ScanSoft
2007-12-18 19:48 --------- d-----w C:\Program Files\ArcSoft
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-16 17:54 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-12-16 17:36 --------- d-----w C:\Program Files\Roxio
2007-12-16 17:20 --------- d-----w C:\Documents and Settings\Willslen\Application Data\InstallShield
2007-12-16 17:18 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-16 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-08-12 20:12 47,360 ----a-w C:\Documents and Settings\Willslen\Application Data\pcouffin.sys
2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
2007-07-09 18:16 32 --sha-w C:\WINDOWS\{085AE951-A3C1-4BEE-A623-622AF024D25B}.dat
2007-07-09 18:18 32 --sha-w C:\WINDOWS\{0EA7C881-62F9-4CF0-9F5D-5A5ACC7C8623}.dat
2007-07-09 18:17 32 --sha-w C:\WINDOWS\{4476743B-81BD-4432-A0BF-B377192061C9}.dat
2007-07-09 18:17 32 --sha-w C:\WINDOWS\{CD6DD2DC-EC93-46F6-8795-A9B5B4D7A514}.dat
2007-07-09 18:19 32 --sha-w C:\WINDOWS\{CEF06517-C555-4DED-8310-0A92A93FDAA6}.dat
2007-07-09 18:17 32 --sha-w C:\WINDOWS\{D6341D96-6E2E-4A39-826B-9E9C0FCFE6FB}.dat
2007-07-09 18:19 32 --sha-w C:\WINDOWS\{EE02A753-69BC-485E-8E5E-F325030DFDFE}.dat
.
[code]

----a-w        51,911,672 2004-07-31 10:23:38  C:\DVD UTILITIES\(WBA) ACE Mega CoDecS Pack - Professional Edition v5.93.8971 .exe

[/code]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 10:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{358A14C3-CB2F-4366-9A6C-1AEB63F0B036}]
2008-02-14 15:29 230400 --a------ C:\WINDOWS\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
{C17590D2-ECB4-4B15-8820-F58798DCC118}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 10:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 06:00 15360]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 15:27 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18 94208]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 04:40 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-14 18:54 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2007-04-25 15:41 176128 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 577536 C:\WINDOWS\soundman.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 21:22 50880]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 21:23 34504]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-11-17 14:17 2778112]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 13:20 94208]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 08:57 90112]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 13:12 341488]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 23:45 77892]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 04:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 16:08 579072]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 21:13 1695744]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 13:26 694272]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-05 14:36 185896]
"BJPD HID Control"="C:\Program Files\Canon\BJPV\TVMon.exe" [2003-01-21 16:35 45056]
"BJLaunchEXE"="C:\Program Files\Canon\BJCard\BJLaunch.exe" [2002-12-20 14:26 716800]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 16:54 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-04 20:04 219136]

C:\Documents and Settings\Willslen\Start Menu\Programs\Startup\
Norton System Doctor.LNK - C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [2007-07-09 12:18:11 24614]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-07-09 13:24:25 63064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-01-02 17:00:50 25214]
Event Planner Reminders Tray Icon.lnk - C:\Program Files\Sierra\Planner\Plnrnote.exe [2008-02-03 09:04:32 184320]
Forget Me Not.lnk - C:\Program Files\Broderbund\AG CreataCard\agremind.exe [2008-01-25 11:34:03 331776]
Wireless PCI_CardBus utility V1.01.exe.lnk - C:\Program Files\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe [2007-07-19 14:09:09 913408]

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 21:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 21:39]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-08 16:35]
R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14]
R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2005-11-30 10:43]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 11:24]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2002-08-14 05:03]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" []
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;C:\WINDOWS\system32\Drivers\avcuwfl.sys [2003-05-29 00:47]
S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;C:\WINDOWS\system32\DRIVERS\avcuwilo.sys [2003-05-29 00:47]
S3 MRV6X32P;Vista 32-bits Native WiFi Driver;C:\WINDOWS\system32\DRIVERS\MRVW13B.sys [2006-11-02 01:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6948d0dc-b24f-11dc-8802-001921e73ffc}]
\Shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 22:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-05 19:11:44 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2008-02-08 23:55:17 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-02-15 02:07:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 21:58:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-14 21:58:34
ComboFix-quarantined-files.txt 2008-02-15 03:58:26
.
2008-02-13 19:30:32 --- E O F ---

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RenV::
----a-w 51,911,672 2004-07-31 10:23:38 C:\DVD UTILITIES\(WBA) ACE Mega CoDecS Pack - Professional Edition v5.93.8971 .exe


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Please go to Virus Total and upload the following file one at the time for analysis:

C:\WINDOWS\{085AE951-A3C1-4BEE-A623-622AF024D25B}.dat

C:\WINDOWS\{0EA7C881-62F9-4CF0-9F5D-5A5ACC7C8623}.dat

C:\WINDOWS\{4476743B-81BD-4432-A0BF-B377192061C9}.dat

C:\WINDOWS\{CD6DD2DC-EC93-46F6-8795-A9B5B4D7A514}.dat

C:\WINDOWS\{CEF06517-C555-4DED-8310-0A92A93FDAA6}.dat

C:\WINDOWS\{D6341D96-6E2E-4A39-826B-9E9C0FCFE6FB}.dat

C:\WINDOWS\{EE02A753-69BC-485E-8E5E-F325030DFDFE}.dat

Post the results in your reply.

Post a new Combofix log.

Thanks, again jabuck for your help. It seems I have run into a problem. I am now on a different computer than the one infected. After dragging the Notepad txt into ComboFix, my browser would not allow me to go to Virus Total
(nor any other site). Is is possible to upload the files onto a jump drive and then have them analyzed on this different computer, and then post the results???

Well, back again, jabuck! I finally got my browser to work again and was able to go to Virus Total. But I was not able to find the dat files you said to upload! The only ones I was able to find were in C:\WINDOWS\SYSTEM32, and they did not have the 'numerical' values you mentioned. Am I looking in the wrong place??? Signed...Not Yet Frustrated :)

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Willslen, can you copy the anti-virus results identifying the string where the virus resides and post it here, ie. c:/windows/windows32/(nameofvirus).

Val, CompuSword

jabuck, Sorry for the delay in getting back to you, but this inclement weather here in Kansas has prevented me from getting to the 'infected' computer in my office. Again, thanks for your time, your expertise, and your PATIENCE!!!

---------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 17, 2008 6:15:59 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 570227
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 82525
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:38:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Willslen\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\cert8.db Object is locked skipped
C:\Documents and Settings\Willslen\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\history.dat Object is locked skipped
C:\Documents and Settings\Willslen\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\key3.db Object is locked skipped
C:\Documents and Settings\Willslen\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\linkpad.sqlite Object is locked skipped
C:\Documents and Settings\Willslen\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\newslive.sqlite Object is locked skipped
C:\Documents and Settings\Willslen\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\parent.lock Object is locked skipped
C:\Documents and Settings\Willslen\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Willslen\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Willslen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\Application Data\Netscape\Navigator\Profiles\a17jqshs.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\History\History.IE5\MSHist012008021720080218\index.dat Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\Temp\~DF9A8B.tmp Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Willslen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Willslen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Willslen\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7A026A56.t$m Infected: Trojan-Proxy.Win32.Agent.kj skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C25A43E0-EFBB-413C-9CC6-1F9EAB77667B}\RP192\change.log Object is locked skipped
C:\WINDOWS\AcroIEHelper.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AB735077-75FC-487A-B992-23C571C31D83}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

CompuSword, I hope the Kaspersky Report is the one you wre asking for,...and thanks for your input!!!

Looks like the only remnant of the malware is locked in Norton's quarantine folder.

Navigate to and delete the contents of the following folder, not the folder itself:

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine

How is the computer operating?

Greeting again, jabuck. While attempting to access my program files in order to delete the items in quarantine, I had a pop-up from AVG FREE that said they had detected a virus in
C:Windows\AcroIEHelper.dll called
Trojan horse Generic9.BBMB I clicked on heal, and it said the file WAS healed. Other than that the system is running a little slower than normal. Could this have been the culprit all along, and why was it not detected sooner???
And, again, many thanks!!!

Glad we could help.