Hi again, okay I've followed the steps and I'm posting the logs. I'm sorry it takes me so long to reply but I'm usually not in front of my computer until late! I've also noticed something, I'm not sure if this is relevant to anything, that stopping and restarting explorer.exe from the Task Manager will get all the websites that I couldn't access going again (such as Google, Yahoo Mail or even the combofix webpage). Anyway, here is the HJT log and I will attach the two others:
SDFix: Version 1.194
Run by Administrator on Tue 06/17/2008 at 10:08 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
services
Path :
C:\WINDOWS\Driver~1\i386\services.exe
services - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\xxyxWOgg.dll - Deleted
C:\WINDOWS\system32\eraseme_01464.exe - Deleted
C:\WINDOWS\system32\eraseme_65137.exe - Deleted
C:\WINDOWS\system32\setup_67384.exe - Deleted
C:\WINDOWS\system32\TFTP172 - Deleted
C:\WINDOWS\system32\TFTP3292 - Deleted
C:\WINDOWS\system32\TFTP3388 - Deleted
C:\WINDOWS\system32\TFTP3504 - Deleted
C:\WINDOWS\system32\TFTP3512 - Deleted
C:\WINDOWS\system32\TFTP3576 - Deleted
C:\WINDOWS\system32\TFTP3956 - Deleted
C:\WINDOWS\system32\TFTP4020 - Deleted
C:\WINDOWS\system32\TFTP4556 - Deleted
C:\WINDOWS\system32\TFTP4720 - Deleted
C:\WINDOWS\system32\TFTP4848 - Deleted
C:\WINDOWS\system32\TFTP5048 - Deleted
C:\WINDOWS\system32\TFTP5264 - Deleted
C:\WINDOWS\system32\TFTP5444 - Deleted
C:\WINDOWS\system32\TFTP908 - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-17 22:26:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem20.CAT 12431 bytes
C:\WINDOWS\KB951698.log 4631 bytes
C:\WINDOWS\LastGood
C:\WINDOWS\LastGood\INF
C:\WINDOWS\LastGood\INF\oem20.inf 0 bytes
C:\WINDOWS\LastGood\INF\oem20.PNF 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Mozilla Firefox\\firefox.exe"="C:\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Media Player Classic\\mplayerc.exe"="C:\\Program Files\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Winamp\\winamp.exe"="C:\\Winamp\\winamp.exe:*:Enabled:Winamp"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:ęTorrent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:RTC App Sharing"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 27 Dec 2007 88 A.SHR --- "C:\WINDOWS\system32\460A1FC05D.sys"
Thu 27 Dec 2007 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 16 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 16 Nov 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Tue 22 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 7 Mar 2007 24,576 ...H. --- "C:\Documents and Settings\TP\My Documents\My Received Files\~WRL0001.tmp"
Wed 16 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\TP\My Documents\My Music\License Backup\drmv1key.bak"
Thu 3 May 2007 401 A..H. --- "C:\Documents and Settings\TP\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 25 Mar 2006 488 A.SH. --- "C:\Documents and Settings\TP\My Documents\My Music\License Backup\drmv2key.bak"
Sun 18 May 2008 49,102,622 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\download\BITF9.tmp"
Finished!
=======
ComboFix 08-06-16.5 - TP 2008-06-17 23:25:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.532 [GMT -4:00]
Running from: C:\Documents and Settings\TP\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\TP\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\TP\Application Data\macromedia\Flash Player\#SharedObjects\P7YFLHTC\iforex.com
C:\Documents and Settings\TP\Application Data\macromedia\Flash Player\#SharedObjects\P7YFLHTC\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\TP\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\TP\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\Common Files\download
C:\Program Files\Common Files\download\freeprodtb.exe
C:\WINDOWS\BM53af381a.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bqjhkqsa.ini
C:\WINDOWS\system32\csivbipt.ini
C:\WINDOWS\system32\dllvhpjn.ini
C:\WINDOWS\system32\eywqmals.ini
C:\WINDOWS\system32\fbmprjau.dll
C:\WINDOWS\system32\fpiyymxg.ini
C:\WINDOWS\system32\ghbjlapi.ini
C:\WINDOWS\system32\kpsxtyap.dll
C:\WINDOWS\system32\lkycoxdg.dll
C:\WINDOWS\system32\niborofo.dll
C:\WINDOWS\system32\njkvdxsp.dll
C:\WINDOWS\system32\njphvlld.dll
C:\WINDOWS\system32\psxdvkjn.ini
C:\WINDOWS\system32\QWEfNXyb.ini
C:\WINDOWS\system32\QWEfNXyb.ini2
C:\WINDOWS\system32\rCbKRqss.ini
C:\WINDOWS\system32\rCbKRqss.ini2
C:\WINDOWS\system32\ssqRKbCr.dll
C:\WINDOWS\system32\tbkyxsvc.dll
C:\WINDOWS\system32\tecjhunf.dll
C:\WINDOWS\system32\typhjwwn.ini
C:\WINDOWS\system32\wcpit.exe
C:\WINDOWS\system32\wnaalqjp.dll
C:\WINDOWS\system32\ybycujsf.dll
C:\WINDOWS\whcc-giant.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.
2008-06-17 22:34 . 2008-06-17 22:34 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-06-17 21:58 . 2008-06-17 21:59 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-17 20:56 . 2008-06-17 22:41 <DIR> d-------- C:\SDFix
2008-06-16 23:44 . 2008-06-16 23:44 <DIR> d-------- C:\Deckard
2008-06-11 21:27 . 2008-06-11 21:27 <DIR> d-------- C:\TaskKiller
2008-06-10 22:05 . 2008-06-10 22:05 93 --a------ C:\WINDOWS\wininit.ini
2008-06-10 20:33 . 2008-06-10 21:00 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-09 23:03 . 2008-06-09 23:03 167,613 --a------ C:\87100_3_123_1122lo.jpg
2008-06-09 23:03 . 2008-06-09 23:03 162,937 --a------ C:\87113_5_123_255lo.jpg
2008-06-09 23:03 . 2008-06-09 23:03 160,617 --a------ C:\87112_4_123_416lo.jpg
2008-06-08 01:06 . 1998-08-27 00:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-06-08 01:06 . 1998-08-20 07:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-06-08 01:06 . 1998-09-02 04:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-06-08 01:06 . 1998-09-02 04:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-06-08 01:06 . 2008-06-08 01:18 777 --a------ C:\WINDOWS\videoimp.ini
2008-06-08 01:05 . 2008-06-08 01:05 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-08 01:05 . 1998-09-02 04:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-06-08 01:05 . 1998-08-17 05:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-06-08 01:05 . 1998-08-17 05:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-06-08 01:05 . 1998-08-17 05:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-06-08 01:05 . 2008-06-08 01:05 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-06-08 01:05 . 2008-06-08 01:05 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-06-08 01:05 . 2001-06-20 10:04 21 --a------ C:\WINDOWS\VI_setup.ini
2008-06-08 01:04 . 2008-06-08 01:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-08 01:04 . 2008-06-08 01:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-08 00:58 . 2008-06-08 00:58 <DIR> d-------- C:\Program Files\directx
2008-06-03 19:45 . 2008-06-17 20:58 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-03 19:44 . 2008-06-03 19:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-03 19:44 . 2008-06-03 19:44 2,521 --a------ C:\WINDOWS\unins000.dat
2008-06-03 00:45 . 2008-06-03 00:45 38,528 --a------ C:\CV.pdf
2008-05-19 22:38 . 2008-05-19 22:38 118,784 --a------ C:\Lexus-IS-F_2008_5b.jpg
2008-05-19 22:38 . 2008-05-19 22:38 108,290 --a------ C:\Lexus-IS-F_2008_09.jpg
2008-05-19 22:37 . 2008-05-19 22:37 190,120 --a------ C:\Lexus-IS-F_2008_2c.jpg
2008-05-19 22:37 . 2008-05-19 22:37 135,168 --a------ C:\Lexus-IS-F_2008_5a.jpg
2008-05-19 22:37 . 2008-05-19 22:37 110,325 --a------ C:\Lexus-IS-F_2008_22.jpg
2008-05-19 22:29 . 2008-05-19 22:29 133,834 --a------ C:\m3sedan08_07.jpg
2008-05-19 22:29 . 2008-05-19 22:29 92,213 --a------ C:\lexusisf08_05.jpg
2008-05-19 22:24 . 2008-05-19 22:24 29,805 --a------ C:\
08.audi.rs6.act.f34.1.500.jpg
2008-05-19 22:24 . 2008-05-19 22:25 28,634 --a------ C:\
08.audi.rs6.act.r34.3.500.jpg
2008-05-19 22:23 . 2008-05-19 22:23 32,122 --a------ C:\
08.audi.rs6.act.f34.8.500.jpg
2008-05-19 22:21 . 2008-05-19 22:25 209,366 --a------ C:\rs608_interior21600.jpg
2008-05-19 22:18 . 2008-05-19 22:18 97,022 --a------ C:\car_photo_248796_25.jpg
2008-05-19 22:14 . 2008-05-19 22:14 112,603 --a------ C:\m3sedan08_06.jpg
2008-05-19 22:08 . 2008-05-19 22:08 249,645 --a------ C:\186_1.jpg
2008-05-18 02:38 . 2003-08-29 15:09 578,304 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2008-05-18 02:38 . 2002-04-01 14:15 4,816 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-05-18 02:38 . 2003-04-08 11:30 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2008-05-18 02:22 . 2008-05-18 02:22 <DIR> d-------- C:\Program Files\Intel Desktop Board Audio Driver
2008-05-18 01:03 . 2008-05-18 01:03 76,939 --a------ C:\Copyofmeltdown.jpg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 03:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-18 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 03:06 --------- d-----w C:\Documents and Settings\TP\Application Data\Lavasoft
2008-06-08 05:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 07:10 --------- d-----w C:\Program Files\eMule
2008-05-16 02:01 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-05-13 01:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-11 05:57 --------- d-----w C:\Program Files\nFLVPlayer
2008-05-10 03:53 --------- d-----w C:\Program Files\X-COM
2008-05-08 23:50 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-05-08 02:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 02:48 --------- d-----w C:\Documents and Settings\TP\Application Data\AdobeUM
2008-01-14 00:18 23,864 -c--a-w C:\Documents and Settings\TP\Application Data\GDIPFONTCACHEV1.DAT
2007-12-27 04:07 88 --sha-r C:\WINDOWS\system32\460A1FC05D.sys
2007-12-27 04:07 2,516 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 21:24 472 -csha-r C:\WINDOWS\VHJhaWFuIFBvcGVzY3U\pJL1uqIRKI1Sw3pWsao.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{638EC501-5504-421A-BB69-5C2FDBBC6886}]
C:\WINDOWS\system32\byXNfEWQ.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"="" []
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft viri-check"="viri-check.exe" []
"CU1"="C:\Program Files\Common Files\VCClient\VCClient.exe" [ ]
"CU2"="C:\Program Files\Common Files\VCClient\VCMain.exe" [ ]
"Microsoft Configs 32"="msgconfigrs.exe" []
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\
0]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Warning homepage
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
--a--c--- 2003-09-03 22:33 106496 C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
--a--c--- 2003-06-13 10:57 294912 C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RasAuto"=3 (0x3)
"SavRoam"=3 (0x3)
"sysmgr64"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Winamp\\winamp.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 11:17]
S4 aolsoftware;AolSoftware;"C:\WINDOWS\qwert.exe" []
S4 dll service;windows dll service;"C:\WINDOWS\rund1132.exe" []
S4 dllmgr64;dllmgr64;"C:\WINDOWS\dllmgr64.exe" []
S4 sysmgr64;sysmgr64;"C:\WINDOWS\sysmgr64.exe" []
.
Contents of the 'Scheduled Tasks' folder
"2007-07-23 13:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-17 23:38:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
.
**************************************************************************
.
Completion time: 2008-06-17 23:51:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 03:51:17
Pre-Run: 725,151,744 bytes free
Post-Run: 589,213,696 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
212 --- E O F --- 2008-05-29 02:11:01
========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:31 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {638EC501-5504-421A-BB69-5C2FDBBC6886} - C:\WINDOWS\system32\byXNfEWQ.dll (file missing)
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE lebeca web camera driver
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft viri-check] viri-check.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Configs 32] msgconfigrs.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft viri-check] viri-check.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\TP\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) -
http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) -
https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: Warning homepage - C:\WINDOWS\warnhp.html
--
End of file - 6551 bytes
___________
Thanks again for your help!