Tech Support Forum - View Single Post

mohanlal2000 · 10-04-2007, 06:44 AM

HI,

I was finally able to get the scan done using Safe Mode. Here's the ComboFix.exe log file:

ComboFix 07-10-04.5 - Administrator 2007-10-04 1:50:17.4 - NTFSx86 MINIMAL
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.170 [GMT -4:00]
Running from: G:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\WINNT\system32\amqubrji.dll
G:\WINNT\system32\ijrbuqma.ini
G:\WINNT\system32\nnnlj.dll
G:\WINNT\system32\oifhkssa.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 00:26 77,376 --a------ G:\WINNT\system32\bivscagx.dll
2007-10-04 00:26 51,200 --a------ G:\WINNT\NirCmd.exe
2007-10-02 07:16 77,376 --a------ G:\WINNT\system32\lypndyud.dll
2007-10-01 22:08 87,104 --a------ G:\WINNT\system32\mkhxwxpf.dll
2007-10-01 22:07 87,104 --a------ G:\WINNT\system32\rtvndrsa.dll
2007-10-01 22:05 87,104 --a------ G:\WINNT\system32\yyggsufs.dll
2007-10-01 22:05 87,104 --a------ G:\WINNT\system32\lsuclnfq.dll
2007-10-01 22:02 87,104 --a------ G:\WINNT\system32\wriwqpnl.dll
2007-10-01 22:02 87,104 --a------ G:\WINNT\system32\cnqftivq.dll
2007-10-01 21:59 87,104 --a------ G:\WINNT\system32\roivkwhv.dll
2007-10-01 21:59 87,104 --a------ G:\WINNT\system32\iygqbexj.dll
2007-10-01 21:56 87,104 --a------ G:\WINNT\system32\qhqrdatp.dll
2007-10-01 21:56 87,104 --a------ G:\WINNT\system32\qeduvhdb.dll
2007-10-01 21:53 87,104 --a------ G:\WINNT\system32\offglegc.dll
2007-10-01 21:53 87,104 --a------ G:\WINNT\system32\gjatfvum.dll
2007-10-01 21:50 87,104 --a------ G:\WINNT\system32\kyevgupy.dll
2007-10-01 21:50 87,104 --a------ G:\WINNT\system32\gwodgcbg.dll
2007-10-01 21:47 87,104 --a------ G:\WINNT\system32\quuwjwfo.dll
2007-10-01 21:47 87,104 --a------ G:\WINNT\system32\bhjfpsan.dll
2007-10-01 21:44 87,104 --a------ G:\WINNT\system32\hruthwsn.dll
2007-10-01 21:44 87,104 --a------ G:\WINNT\system32\fvavyqds.dll
2007-10-01 21:42 87,104 --a------ G:\WINNT\system32\lusrxvfn.dll
2007-10-01 21:42 87,104 --a------ G:\WINNT\system32\lgtsgidi.dll
2007-10-01 21:38 87,104 --a------ G:\WINNT\system32\eurtyesj.dll
2007-10-01 21:35 87,104 --a------ G:\WINNT\system32\litpykwx.dll
2007-10-01 21:35 87,104 --a------ G:\WINNT\system32\hvxooxgp.dll
2007-10-01 21:31 87,104 --a------ G:\WINNT\system32\qvjkeosm.dll
2007-10-01 21:31 87,104 --a------ G:\WINNT\system32\bvuhlaee.dll
2007-10-01 21:28 87,104 --a------ G:\WINNT\system32\yjvmxdas.dll
2007-10-01 21:28 87,104 --a------ G:\WINNT\system32\inyqvjov.dll
2007-10-01 21:25 87,104 --a------ G:\WINNT\system32\xavsbaov.dll
2007-10-01 21:25 87,104 --a------ G:\WINNT\system32\ptmkrnhd.dll
2007-10-01 21:22 87,104 --a------ G:\WINNT\system32\nymqpqrg.dll
2007-10-01 21:22 87,104 --a------ G:\WINNT\system32\fkrglfbr.dll
2007-10-01 21:19 87,104 --a------ G:\WINNT\system32\txlyfbef.dll
2007-10-01 21:19 87,104 --a------ G:\WINNT\system32\qfjavudw.dll
2007-10-01 21:16 87,104 --a------ G:\WINNT\system32\ohghquvr.dll
2007-10-01 21:16 87,104 --a------ G:\WINNT\system32\cmmpabwe.dll
2007-10-01 21:13 87,104 --a------ G:\WINNT\system32\tpnhrdrl.dll
2007-10-01 21:13 87,104 --a------ G:\WINNT\system32\gaiwgjma.dll
2007-10-01 21:10 87,104 --a------ G:\WINNT\system32\ujvrdkrc.dll
2007-10-01 21:10 87,104 --a------ G:\WINNT\system32\jalbbgib.dll
2007-10-01 21:07 87,104 --a------ G:\WINNT\system32\xxteuidn.dll
2007-10-01 21:07 87,104 --a------ G:\WINNT\system32\svrxqcgd.dll
2007-10-01 21:04 87,104 --a------ G:\WINNT\system32\oipvkcea.dll
2007-10-01 21:04 87,104 --a------ G:\WINNT\system32\oibgggbn.dll
2007-10-01 21:01 87,104 --a------ G:\WINNT\system32\fhbblpuy.dll
2007-10-01 21:01 87,104 --a------ G:\WINNT\system32\aklqnrje.dll
2007-10-01 20:58 87,104 --a------ G:\WINNT\system32\psklumhh.dll
2007-10-01 20:58 87,104 --a------ G:\WINNT\system32\ivociwvj.dll
2007-10-01 20:55 87,104 --a------ G:\WINNT\system32\htevgmkp.dll
2007-10-01 20:55 87,104 --a------ G:\WINNT\system32\ghopinwc.dll
2007-10-01 20:52 87,104 --a------ G:\WINNT\system32\opeqouao.dll
2007-10-01 20:52 87,104 --a------ G:\WINNT\system32\gdtjifyx.dll
2007-10-01 20:49 87,104 --a------ G:\WINNT\system32\icsrebhe.dll
2007-10-01 20:49 87,104 --a------ G:\WINNT\system32\hxefxvpq.dll
2007-10-01 20:46 87,104 --a------ G:\WINNT\system32\shwxvsre.dll
2007-10-01 20:46 87,104 --a------ G:\WINNT\system32\qwnvhrnm.dll
2007-10-01 20:43 87,104 --a------ G:\WINNT\system32\nqtobhxe.dll
2007-10-01 20:43 87,104 --a------ G:\WINNT\system32\ctxxdnhg.dll
2007-10-01 20:40 87,104 --a------ G:\WINNT\system32\xcjmqrsa.dll
2007-10-01 20:40 87,104 --a------ G:\WINNT\system32\hhkcxcmf.dll
2007-10-01 20:37 87,104 --a------ G:\WINNT\system32\xdmypggo.dll
2007-10-01 20:37 87,104 --a------ G:\WINNT\system32\vgjjtbyv.dll
2007-10-01 20:34 87,104 --a------ G:\WINNT\system32\tchepvri.dll
2007-10-01 20:34 87,104 --a------ G:\WINNT\system32\hikhvhab.dll
2007-10-01 20:31 87,104 --a------ G:\WINNT\system32\ppjaaong.dll
2007-10-01 20:31 87,104 --a------ G:\WINNT\system32\htgkstjr.dll
2007-10-01 20:31 87,104 --a------ G:\WINNT\system32\cuuswqsk.dll
2007-10-01 20:28 87,104 --a------ G:\WINNT\system32\ruaqdlka.dll
2007-10-01 20:25 87,104 --a------ G:\WINNT\system32\xwylcxuo.dll
2007-10-01 20:22 87,104 --a------ G:\WINNT\system32\gjbwjsgu.dll
2007-10-01 20:19 87,104 --a------ G:\WINNT\system32\iamuhakk.dll
2007-10-01 20:16 87,104 --a------ G:\WINNT\system32\riemfeeh.dll
2007-10-01 20:13 87,104 --a------ G:\WINNT\system32\ewcotnkr.dll
2007-10-01 20:10 87,104 --a------ G:\WINNT\system32\mfskrytk.dll
2007-10-01 20:07 87,104 --a------ G:\WINNT\system32\wlqvlcju.dll
2007-10-01 20:04 87,104 --a------ G:\WINNT\system32\vdlctiow.dll
2007-10-01 20:01 87,104 --a------ G:\WINNT\system32\jsatqwtb.dll
2007-10-01 19:58 87,104 --a------ G:\WINNT\system32\erjtxuup.dll
2007-10-01 19:55 87,104 --a------ G:\WINNT\system32\txxdnexa.dll
2007-10-01 19:52 87,104 --a------ G:\WINNT\system32\ghpoindo.dll
2007-10-01 19:49 87,104 --a------ G:\WINNT\system32\ekuvipoi.dll
2007-10-01 19:46 87,104 --a------ G:\WINNT\system32\dpahtugk.dll
2007-10-01 19:43 87,104 --a------ G:\WINNT\system32\cwhgscpj.dll
2007-10-01 19:40 87,104 --a------ G:\WINNT\system32\xhvlulcf.dll
2007-10-01 19:37 87,104 --a------ G:\WINNT\system32\sxlnoynq.dll
2007-10-01 19:34 87,104 --a------ G:\WINNT\system32\ruiaxmev.dll
2007-10-01 19:31 87,104 --a------ G:\WINNT\system32\qnhmfklh.dll
2007-10-01 19:28 87,104 --a------ G:\WINNT\system32\nidetfyv.dll
2007-10-01 19:25 87,104 --a------ G:\WINNT\system32\rmqvvjxt.dll
2007-10-01 19:22 87,104 --a------ G:\WINNT\system32\ydlgvdms.dll
2007-10-01 19:19 87,104 --a------ G:\WINNT\system32\vvlsrtde.dll
2007-10-01 19:16 87,104 --a------ G:\WINNT\system32\ftagujyy.dll
2007-10-01 19:13 87,104 --a------ G:\WINNT\system32\nnqlaftj.dll
2007-10-01 19:10 87,104 --a------ G:\WINNT\system32\nwvcglok.dll
2007-10-01 19:10 87,104 --a------ G:\WINNT\system32\cftohyqf.dll
2007-10-01 19:07 87,104 --a------ G:\WINNT\system32\yfluxlpb.dll
2007-10-01 19:07 87,104 --a------ G:\WINNT\system32\tebvclxe.dll
2007-10-01 19:04 87,104 --a------ G:\WINNT\system32\hpctiefw.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
07-10-04 01:27 --------- d-------- G:\Program Files\Common Files\Symantec Shared
07-10-04 00:12 --------- d-------- G:\Program Files\eMule
07-10-03 19:57 --------- d-------- G:\Documents and Settings\Administrator\Application Data\uTorrent
07-10-02 22:52 --------- d-------- G:\Program Files\vso
07-10-02 22:52 --------- d-------- G:\Program Files\RogueRemover FREE
07-10-01 12:26 --------- d-------- G:\Documents and Settings\Administrator\Application Data\RipIt4Me
07-09-28 17:26 --------- d-------- G:\Program Files\Media
07-09-28 17:18 --------- d-a------ G:\Program Files\Lycos
07-09-28 17:18 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Lycos
07-09-21 23:06 --------- d-------- G:\Documents and Settings\All Users\Application Data\DVD Shrink
07-09-08 09:08 --------- d-------- G:\Documents and Settings\Administrator\Application Data\SopCast
07-08-29 22:33 --------- d-------- G:\Program Files\SopCast
07-08-29 22:30 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Azureus
07-08-12 01:10 --------- d-------- G:\Program Files\SatFinder
07-07-16 17:54 73216 --a------ G:\WINNT\ST6UNST.EXE
07-07-16 17:54 249856 --------- G:\WINNT\Setup1.exe
03-01-04 20:18 271 ---h----- G:\Program Files\desktop.ini
03-01-04 20:18 21952 ---h----- G:\Program Files\folder.htt
02-04-16 09:17 61440 --a------ G:\WINNT\inf\i386\twotUSD.dll
02-04-16 09:16 61440 --a------ G:\WINNT\inf\i386\onetUSD.dll
02-04-16 09:16 57344 --a------ G:\WINNT\inf\i386\twotCPL.dll
01-08-15 15:21 15716 --a------ G:\WINNT\inf\i386\Pmxscan.sys
00-07-26 08:00 32528 --a------ G:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{232080F0-AE2B-48CA-81EE-76F28DC63385}]
G:\WINNT\system32\urqpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5927A15-756E-40c3-957E-C020262D53B7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [00-07-26 08:00 G:\WINNT\system32\mobsync.exe]
"AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-09-14 09:58 ]
"SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 04:23 ]
"PrinTray"="G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" [01-01-09 13:47 ]
"PCTVOICE"="pctspk.exe" [01-08-30 15:33 G:\WINNT\system32\pctspk.exe]
"Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [02-08-26 22:35 ]
"StrgSync.exe"="G:\Storage Sync\StrgSync.exe" [05-10-07 23:01 ]
"OneTouch Monitor"="G:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [02-04-16 09:12 ]
"ccRegVfy"="G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [03-07-17 11:16 ]
"ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-07-17 11:16 ]
"UnlockerAssistant"="G:\Program Files\Unlocker\UnlockerAssistant.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="G:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 14:55 ]
"PopUpStopperFreeEdition"="G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03-04-29 11:40 ]
"Uniblue RegistryBooster 2"="G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

G:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R3 NeroCd2k;NeroCd2k;G:\WINNT\system32\drivers\NeroCd2k.sys
S1 Avg7RsNT;AVG7 Rezident Driver;G:\WINNT\system32\Drivers\avg7rsnt.sys
S1 EACMOS;EACMOS;G:\WINNT\system32\drivers\EACMOS.SYS
S2 ppsio2;PPDevice;G:\WINNT\system32\drivers\ppsio2.sys
S3 allegro;ESS Allegro Audio Driver (WDM);G:\WINNT\system32\drivers\es198x.sys
S3 EN1207D;Accton EN1207D/EN2242A Series PCI Fast Ethernet Adapter Win2000 Driver;G:\WINNT\system32\DRIVERS\ACC07D5.SYS
S3 NPDriver;Norton Unerase Protection Driver;\??\G:\WINNT\System32\Drivers\NPDRIVER.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 04:00:00 G:\WINNT\Tasks\At1.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 13:00:01 G:\WINNT\Tasks\At10.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 14:00:00 G:\WINNT\Tasks\At11.job"
"2007-10-03 15:00:00 G:\WINNT\Tasks\At12.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 16:00:00 G:\WINNT\Tasks\At13.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 17:00:00 G:\WINNT\Tasks\At14.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 18:00:00 G:\WINNT\Tasks\At15.job"
"2007-10-03 19:00:00 G:\WINNT\Tasks\At16.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 20:00:00 G:\WINNT\Tasks\At17.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 21:00:00 G:\WINNT\Tasks\At18.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 22:00:00 G:\WINNT\Tasks\At19.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-04 05:00:00 G:\WINNT\Tasks\At2.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 23:00:12 G:\WINNT\Tasks\At20.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 00:00:00 G:\WINNT\Tasks\At21.job"
"2007-10-04 01:00:02 G:\WINNT\Tasks\At22.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-04 02:00:00 G:\WINNT\Tasks\At23.job"
"2007-10-04 03:00:00 G:\WINNT\Tasks\At24.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 06:00:01 G:\WINNT\Tasks\At3.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 07:00:01 G:\WINNT\Tasks\At4.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 08:00:00 G:\WINNT\Tasks\At5.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 09:00:00 G:\WINNT\Tasks\At6.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 10:00:00 G:\WINNT\Tasks\At7.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 11:00:00 G:\WINNT\Tasks\At8.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-03 12:00:00 G:\WINNT\Tasks\At9.job"
- G:\WINNT\system32\kpOdCh6W.exe
"2007-10-02 11:11:17 G:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-10-04 05:27:06 G:\WINNT\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 02:03:27
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-04 7:23:36 - machine was rebooted
G:\ComboFix-quarantined-files.txt ... 07-10-04 07:23
.
--- E O F ---

And here's the Hijackthis log file(also in Safe Mode):

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:25:34 AM, on 10/4/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
Boot mode: Safe mode

Running processes:
G:\WINNT\System32\smss.exe
G:\WINNT\system32\winlogon.exe
G:\WINNT\system32\services.exe
G:\WINNT\system32\lsass.exe
G:\WINNT\system32\svchost.exe
G:\Program Files\Spyware Doctor\svcntaux.exe
G:\Program Files\Spyware Doctor\swdsvc.exe
G:\WINNT\System32\WBEM\WinMgmt.exe
G:\WINNT\Explorer.EXE
G:\WINNT\system32\notepad.exe
G:\Prudential\Torrents\HiJackThis_v2.exe

O2 - BHO: (no name) - {232080F0-AE2B-48CA-81EE-76F28DC63385} - G:\WINNT\system32\urqpp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Editor plugin - {E5927A15-756E-40c3-957E-C020262D53B7} - eurodol.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - G:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PrinTray] G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [StrgSync.exe] G:\Storage Sync\StrgSync.exe -w
O4 - HKLM\..\Run: [OneTouch Monitor] G:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "G:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "G:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/...tiveX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc/java/bc3_bridge_i.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINNT\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - G:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - G:\WINNT\system32\gearsec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - G:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - G:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6587 bytes

Thanks once again for your help!!

10-04-2007, 06:44 AM	#7 (permalink)
mohanlal2000 Registered User Join Date: Oct 2007 Posts: 13 OS: WIN 2000	Re: Machine Slow Down and Popups galore HI, I was finally able to get the scan done using Safe Mode. Here's the ComboFix.exe log file: ComboFix 07-10-04.5 - Administrator 2007-10-04 1:50:17.4 - NTFSx86 MINIMAL Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.170 [GMT -4:00] Running from: G:\Documents and Settings\Administrator\Desktop\ComboFix.exe Command switches used :: /killall . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . G:\WINNT\system32\amqubrji.dll G:\WINNT\system32\ijrbuqma.ini G:\WINNT\system32\nnnlj.dll G:\WINNT\system32\oifhkssa.exe . ((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))) . 2007-10-04 00:26 77,376 --a------ G:\WINNT\system32\bivscagx.dll 2007-10-04 00:26 51,200 --a------ G:\WINNT\NirCmd.exe 2007-10-02 07:16 77,376 --a------ G:\WINNT\system32\lypndyud.dll 2007-10-01 22:08 87,104 --a------ G:\WINNT\system32\mkhxwxpf.dll 2007-10-01 22:07 87,104 --a------ G:\WINNT\system32\rtvndrsa.dll 2007-10-01 22:05 87,104 --a------ G:\WINNT\system32\yyggsufs.dll 2007-10-01 22:05 87,104 --a------ G:\WINNT\system32\lsuclnfq.dll 2007-10-01 22:02 87,104 --a------ G:\WINNT\system32\wriwqpnl.dll 2007-10-01 22:02 87,104 --a------ G:\WINNT\system32\cnqftivq.dll 2007-10-01 21:59 87,104 --a------ G:\WINNT\system32\roivkwhv.dll 2007-10-01 21:59 87,104 --a------ G:\WINNT\system32\iygqbexj.dll 2007-10-01 21:56 87,104 --a------ G:\WINNT\system32\qhqrdatp.dll 2007-10-01 21:56 87,104 --a------ G:\WINNT\system32\qeduvhdb.dll 2007-10-01 21:53 87,104 --a------ G:\WINNT\system32\offglegc.dll 2007-10-01 21:53 87,104 --a------ G:\WINNT\system32\gjatfvum.dll 2007-10-01 21:50 87,104 --a------ G:\WINNT\system32\kyevgupy.dll 2007-10-01 21:50 87,104 --a------ G:\WINNT\system32\gwodgcbg.dll 2007-10-01 21:47 87,104 --a------ G:\WINNT\system32\quuwjwfo.dll 2007-10-01 21:47 87,104 --a------ G:\WINNT\system32\bhjfpsan.dll 2007-10-01 21:44 87,104 --a------ G:\WINNT\system32\hruthwsn.dll 2007-10-01 21:44 87,104 --a------ G:\WINNT\system32\fvavyqds.dll 2007-10-01 21:42 87,104 --a------ G:\WINNT\system32\lusrxvfn.dll 2007-10-01 21:42 87,104 --a------ G:\WINNT\system32\lgtsgidi.dll 2007-10-01 21:38 87,104 --a------ G:\WINNT\system32\eurtyesj.dll 2007-10-01 21:35 87,104 --a------ G:\WINNT\system32\litpykwx.dll 2007-10-01 21:35 87,104 --a------ G:\WINNT\system32\hvxooxgp.dll 2007-10-01 21:31 87,104 --a------ G:\WINNT\system32\qvjkeosm.dll 2007-10-01 21:31 87,104 --a------ G:\WINNT\system32\bvuhlaee.dll 2007-10-01 21:28 87,104 --a------ G:\WINNT\system32\yjvmxdas.dll 2007-10-01 21:28 87,104 --a------ G:\WINNT\system32\inyqvjov.dll 2007-10-01 21:25 87,104 --a------ G:\WINNT\system32\xavsbaov.dll 2007-10-01 21:25 87,104 --a------ G:\WINNT\system32\ptmkrnhd.dll 2007-10-01 21:22 87,104 --a------ G:\WINNT\system32\nymqpqrg.dll 2007-10-01 21:22 87,104 --a------ G:\WINNT\system32\fkrglfbr.dll 2007-10-01 21:19 87,104 --a------ G:\WINNT\system32\txlyfbef.dll 2007-10-01 21:19 87,104 --a------ G:\WINNT\system32\qfjavudw.dll 2007-10-01 21:16 87,104 --a------ G:\WINNT\system32\ohghquvr.dll 2007-10-01 21:16 87,104 --a------ G:\WINNT\system32\cmmpabwe.dll 2007-10-01 21:13 87,104 --a------ G:\WINNT\system32\tpnhrdrl.dll 2007-10-01 21:13 87,104 --a------ G:\WINNT\system32\gaiwgjma.dll 2007-10-01 21:10 87,104 --a------ G:\WINNT\system32\ujvrdkrc.dll 2007-10-01 21:10 87,104 --a------ G:\WINNT\system32\jalbbgib.dll 2007-10-01 21:07 87,104 --a------ G:\WINNT\system32\xxteuidn.dll 2007-10-01 21:07 87,104 --a------ G:\WINNT\system32\svrxqcgd.dll 2007-10-01 21:04 87,104 --a------ G:\WINNT\system32\oipvkcea.dll 2007-10-01 21:04 87,104 --a------ G:\WINNT\system32\oibgggbn.dll 2007-10-01 21:01 87,104 --a------ G:\WINNT\system32\fhbblpuy.dll 2007-10-01 21:01 87,104 --a------ G:\WINNT\system32\aklqnrje.dll 2007-10-01 20:58 87,104 --a------ G:\WINNT\system32\psklumhh.dll 2007-10-01 20:58 87,104 --a------ G:\WINNT\system32\ivociwvj.dll 2007-10-01 20:55 87,104 --a------ G:\WINNT\system32\htevgmkp.dll 2007-10-01 20:55 87,104 --a------ G:\WINNT\system32\ghopinwc.dll 2007-10-01 20:52 87,104 --a------ G:\WINNT\system32\opeqouao.dll 2007-10-01 20:52 87,104 --a------ G:\WINNT\system32\gdtjifyx.dll 2007-10-01 20:49 87,104 --a------ G:\WINNT\system32\icsrebhe.dll 2007-10-01 20:49 87,104 --a------ G:\WINNT\system32\hxefxvpq.dll 2007-10-01 20:46 87,104 --a------ G:\WINNT\system32\shwxvsre.dll 2007-10-01 20:46 87,104 --a------ G:\WINNT\system32\qwnvhrnm.dll 2007-10-01 20:43 87,104 --a------ G:\WINNT\system32\nqtobhxe.dll 2007-10-01 20:43 87,104 --a------ G:\WINNT\system32\ctxxdnhg.dll 2007-10-01 20:40 87,104 --a------ G:\WINNT\system32\xcjmqrsa.dll 2007-10-01 20:40 87,104 --a------ G:\WINNT\system32\hhkcxcmf.dll 2007-10-01 20:37 87,104 --a------ G:\WINNT\system32\xdmypggo.dll 2007-10-01 20:37 87,104 --a------ G:\WINNT\system32\vgjjtbyv.dll 2007-10-01 20:34 87,104 --a------ G:\WINNT\system32\tchepvri.dll 2007-10-01 20:34 87,104 --a------ G:\WINNT\system32\hikhvhab.dll 2007-10-01 20:31 87,104 --a------ G:\WINNT\system32\ppjaaong.dll 2007-10-01 20:31 87,104 --a------ G:\WINNT\system32\htgkstjr.dll 2007-10-01 20:31 87,104 --a------ G:\WINNT\system32\cuuswqsk.dll 2007-10-01 20:28 87,104 --a------ G:\WINNT\system32\ruaqdlka.dll 2007-10-01 20:25 87,104 --a------ G:\WINNT\system32\xwylcxuo.dll 2007-10-01 20:22 87,104 --a------ G:\WINNT\system32\gjbwjsgu.dll 2007-10-01 20:19 87,104 --a------ G:\WINNT\system32\iamuhakk.dll 2007-10-01 20:16 87,104 --a------ G:\WINNT\system32\riemfeeh.dll 2007-10-01 20:13 87,104 --a------ G:\WINNT\system32\ewcotnkr.dll 2007-10-01 20:10 87,104 --a------ G:\WINNT\system32\mfskrytk.dll 2007-10-01 20:07 87,104 --a------ G:\WINNT\system32\wlqvlcju.dll 2007-10-01 20:04 87,104 --a------ G:\WINNT\system32\vdlctiow.dll 2007-10-01 20:01 87,104 --a------ G:\WINNT\system32\jsatqwtb.dll 2007-10-01 19:58 87,104 --a------ G:\WINNT\system32\erjtxuup.dll 2007-10-01 19:55 87,104 --a------ G:\WINNT\system32\txxdnexa.dll 2007-10-01 19:52 87,104 --a------ G:\WINNT\system32\ghpoindo.dll 2007-10-01 19:49 87,104 --a------ G:\WINNT\system32\ekuvipoi.dll 2007-10-01 19:46 87,104 --a------ G:\WINNT\system32\dpahtugk.dll 2007-10-01 19:43 87,104 --a------ G:\WINNT\system32\cwhgscpj.dll 2007-10-01 19:40 87,104 --a------ G:\WINNT\system32\xhvlulcf.dll 2007-10-01 19:37 87,104 --a------ G:\WINNT\system32\sxlnoynq.dll 2007-10-01 19:34 87,104 --a------ G:\WINNT\system32\ruiaxmev.dll 2007-10-01 19:31 87,104 --a------ G:\WINNT\system32\qnhmfklh.dll 2007-10-01 19:28 87,104 --a------ G:\WINNT\system32\nidetfyv.dll 2007-10-01 19:25 87,104 --a------ G:\WINNT\system32\rmqvvjxt.dll 2007-10-01 19:22 87,104 --a------ G:\WINNT\system32\ydlgvdms.dll 2007-10-01 19:19 87,104 --a------ G:\WINNT\system32\vvlsrtde.dll 2007-10-01 19:16 87,104 --a------ G:\WINNT\system32\ftagujyy.dll 2007-10-01 19:13 87,104 --a------ G:\WINNT\system32\nnqlaftj.dll 2007-10-01 19:10 87,104 --a------ G:\WINNT\system32\nwvcglok.dll 2007-10-01 19:10 87,104 --a------ G:\WINNT\system32\cftohyqf.dll 2007-10-01 19:07 87,104 --a------ G:\WINNT\system32\yfluxlpb.dll 2007-10-01 19:07 87,104 --a------ G:\WINNT\system32\tebvclxe.dll 2007-10-01 19:04 87,104 --a------ G:\WINNT\system32\hpctiefw.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 07-10-04 01:27 --------- d-------- G:\Program Files\Common Files\Symantec Shared 07-10-04 00:12 --------- d-------- G:\Program Files\eMule 07-10-03 19:57 --------- d-------- G:\Documents and Settings\Administrator\Application Data\uTorrent 07-10-02 22:52 --------- d-------- G:\Program Files\vso 07-10-02 22:52 --------- d-------- G:\Program Files\RogueRemover FREE 07-10-01 12:26 --------- d-------- G:\Documents and Settings\Administrator\Application Data\RipIt4Me 07-09-28 17:26 --------- d-------- G:\Program Files\Media 07-09-28 17:18 --------- d-a------ G:\Program Files\Lycos 07-09-28 17:18 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Lycos 07-09-21 23:06 --------- d-------- G:\Documents and Settings\All Users\Application Data\DVD Shrink 07-09-08 09:08 --------- d-------- G:\Documents and Settings\Administrator\Application Data\SopCast 07-08-29 22:33 --------- d-------- G:\Program Files\SopCast 07-08-29 22:30 --------- d-------- G:\Documents and Settings\Administrator\Application Data\Azureus 07-08-12 01:10 --------- d-------- G:\Program Files\SatFinder 07-07-16 17:54 73216 --a------ G:\WINNT\ST6UNST.EXE 07-07-16 17:54 249856 --------- G:\WINNT\Setup1.exe 03-01-04 20:18 271 ---h----- G:\Program Files\desktop.ini 03-01-04 20:18 21952 ---h----- G:\Program Files\folder.htt 02-04-16 09:17 61440 --a------ G:\WINNT\inf\i386\twotUSD.dll 02-04-16 09:16 61440 --a------ G:\WINNT\inf\i386\onetUSD.dll 02-04-16 09:16 57344 --a------ G:\WINNT\inf\i386\twotCPL.dll 01-08-15 15:21 15716 --a------ G:\WINNT\inf\i386\Pmxscan.sys 00-07-26 08:00 32528 --a------ G:\WINNT\inf\wbfirdma.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{232080F0-AE2B-48CA-81EE-76F28DC63385}] G:\WINNT\system32\urqpp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5927A15-756E-40c3-957E-C020262D53B7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [00-07-26 08:00 G:\WINNT\system32\mobsync.exe] "AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [07-09-14 09:58 ] "SunJavaUpdateSched"="G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [06-12-15 04:23 ] "PrinTray"="G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe" [01-01-09 13:47 ] "PCTVOICE"="pctspk.exe" [01-08-30 15:33 G:\WINNT\system32\pctspk.exe] "Advanced Tools Check"="G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [02-08-26 22:35 ] "StrgSync.exe"="G:\Storage Sync\StrgSync.exe" [05-10-07 23:01 ] "OneTouch Monitor"="G:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [02-04-16 09:12 ] "ccRegVfy"="G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [03-07-17 11:16 ] "ccApp"="G:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-07-17 11:16 ] "UnlockerAssistant"="G:\Program Files\Unlocker\UnlockerAssistant.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="G:\Program Files\Yahoo!\Messenger\ypager.exe" [05-12-08 14:55 ] "PopUpStopperFreeEdition"="G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [03-04-29 11:40 ] "Uniblue RegistryBooster 2"="G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe G:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Office Startup.lnk - G:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R3 NeroCd2k;NeroCd2k;G:\WINNT\system32\drivers\NeroCd2k.sys S1 Avg7RsNT;AVG7 Rezident Driver;G:\WINNT\system32\Drivers\avg7rsnt.sys S1 EACMOS;EACMOS;G:\WINNT\system32\drivers\EACMOS.SYS S2 ppsio2;PPDevice;G:\WINNT\system32\drivers\ppsio2.sys S3 allegro;ESS Allegro Audio Driver (WDM);G:\WINNT\system32\drivers\es198x.sys S3 EN1207D;Accton EN1207D/EN2242A Series PCI Fast Ethernet Adapter Win2000 Driver;G:\WINNT\system32\DRIVERS\ACC07D5.SYS S3 NPDriver;Norton Unerase Protection Driver;\??\G:\WINNT\System32\Drivers\NPDRIVER.SYS . Contents of the 'Scheduled Tasks' folder "2007-10-04 04:00:00 G:\WINNT\Tasks\At1.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 13:00:01 G:\WINNT\Tasks\At10.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 14:00:00 G:\WINNT\Tasks\At11.job" "2007-10-03 15:00:00 G:\WINNT\Tasks\At12.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 16:00:00 G:\WINNT\Tasks\At13.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 17:00:00 G:\WINNT\Tasks\At14.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 18:00:00 G:\WINNT\Tasks\At15.job" "2007-10-03 19:00:00 G:\WINNT\Tasks\At16.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 20:00:00 G:\WINNT\Tasks\At17.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 21:00:00 G:\WINNT\Tasks\At18.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 22:00:00 G:\WINNT\Tasks\At19.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-04 05:00:00 G:\WINNT\Tasks\At2.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 23:00:12 G:\WINNT\Tasks\At20.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 00:00:00 G:\WINNT\Tasks\At21.job" "2007-10-04 01:00:02 G:\WINNT\Tasks\At22.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-04 02:00:00 G:\WINNT\Tasks\At23.job" "2007-10-04 03:00:00 G:\WINNT\Tasks\At24.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 06:00:01 G:\WINNT\Tasks\At3.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 07:00:01 G:\WINNT\Tasks\At4.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 08:00:00 G:\WINNT\Tasks\At5.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 09:00:00 G:\WINNT\Tasks\At6.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 10:00:00 G:\WINNT\Tasks\At7.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 11:00:00 G:\WINNT\Tasks\At8.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-03 12:00:00 G:\WINNT\Tasks\At9.job" - G:\WINNT\system32\kpOdCh6W.exe "2007-10-02 11:11:17 G:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job" "2007-10-04 05:27:06 G:\WINNT\Tasks\Symantec NetDetect.job" . ************************************************************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-04 02:03:27 Windows 5.0.2195 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-10-04 7:23:36 - machine was rebooted G:\ComboFix-quarantined-files.txt ... 07-10-04 07:23 . --- E O F --- And here's the Hijackthis log file(also in Safe Mode): Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 7:25:34 AM, on 10/4/2007 Platform: Windows 2000 SP3 (WinNT 5.00.2195) Boot mode: Safe mode Running processes: G:\WINNT\System32\smss.exe G:\WINNT\system32\winlogon.exe G:\WINNT\system32\services.exe G:\WINNT\system32\lsass.exe G:\WINNT\system32\svchost.exe G:\Program Files\Spyware Doctor\svcntaux.exe G:\Program Files\Spyware Doctor\swdsvc.exe G:\WINNT\System32\WBEM\WinMgmt.exe G:\WINNT\Explorer.EXE G:\WINNT\system32\notepad.exe G:\Prudential\Torrents\HiJackThis_v2.exe O2 - BHO: (no name) - {232080F0-AE2B-48CA-81EE-76F28DC63385} - G:\WINNT\system32\urqpp.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Editor plugin - {E5927A15-756E-40c3-957E-C020262D53B7} - eurodol.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - G:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [PrinTray] G:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [StrgSync.exe] G:\Storage Sync\StrgSync.exe -w O4 - HKLM\..\Run: [OneTouch Monitor] G:\Program Files\Visioneer OneTouch\OneTouchMon.exe O4 - HKLM\..\Run: [ccRegVfy] "G:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "G:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "G:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "G:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] G:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] G:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] G:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Office Startup.lnk = G:\Program Files\Microsoft Office\Office\OSA.EXE O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://G:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/...tiveX/smsx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc/java/bc3_bridge_i.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup162.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126 O17 - HKLM\System\CS1\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126 O17 - HKLM\System\CS2\Services\Tcpip\..\{0EA86094-A7A3-4B7C-A081-C81B06D9C999}: NameServer = 24.93.41.125,24.93.41.126 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINNT\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINNT\System32\browseui.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - G:\WINNT\System32\dmadmin.exe O23 - Service: GEARSecurity - GEAR Software - G:\WINNT\system32\gearsec.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - G:\WINNT\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - G:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - G:\Program Files\Spyware Doctor\swdsvc.exe -- End of file - 6587 bytes Thanks once again for your help!!