HTXWOLF

This is Stephanie. Apparently my kids have downloaded winantivirius2007 at some point and now I can't stop the pop-ups and antispyware.com from happening. Continual notes stateing my computer is slow and infected. Internet options - try to select privacy on cookies to high, keeps going to 0. I have run both combofix and hijackthis scans.

combofix log
ComboFix 07-09-09.4 - "Joe Wolf" 2007-09-08 17:04:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.191 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\JOEWOL~1\APPLIC~1\CROSOF~1
C:\DOCUME~1\JOEWOL~1\err.log
C:\DOCUME~1\JOEWOL~1\MYDOCU~1\SSEMBL~1
C:\DOCUME~1\JOEWOL~1\MYDOCU~1\STEM~1
C:\DOCUME~1\JOEWOL~1\STARTM~1\Programs\Outerinfo
C:\DOCUME~1\JOEWOL~1\STARTM~1\Programs\Outerinfo\Terms.lnk
C:\DOCUME~1\JOEWOL~1\STARTM~1\Programs\Outerinfo\Uninstall.lnk
C:\DOCUME~1\JOEWOL~1\STARTM~1\Programs\Startup.\TA_Start.lnk
C:\DOCUME~1\JOEWOL~1\STARTM~1\Programs\Startup\ta_start.lnk
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\asembl~1
C:\Program Files\asks~1
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\curity~1\??curity\
C:\Program Files\Common Files\curity~1\tracert.exe
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\MSN\homeryvof4444.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\svhost\wr-1-77.exe
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\flt.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\poolsv.exe
C:\WINDOWS\smante~1
C:\WINDOWS\smbols~1
C:\WINDOWS\sstem~1
C:\WINDOWS\system32\aikyitpl.dll
C:\WINDOWS\system32\alfadjqa.ini
C:\WINDOWS\system32\alrthkdw.exe
C:\WINDOWS\system32\aqjdafla.dll
C:\WINDOWS\system32\asanwnfg.exe
C:\WINDOWS\system32\b10FdUe
C:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe
C:\WINDOWS\system32\bbtwtobx.ini
C:\WINDOWS\system32\bjrxwxlh.ini
C:\WINDOWS\system32\bljchfwq.ini
C:\WINDOWS\system32\cdfbcase.exe
C:\WINDOWS\system32\cjqqrstg.dll
C:\WINDOWS\system32\coggyqxf.exe
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\configs\chkq22011.exe
C:\WINDOWS\system32\cqollleu.dll
C:\WINDOWS\system32\cqpisiwd.dll
C:\WINDOWS\system32\csgtvqpt.dll
C:\WINDOWS\system32\cwwjnyks.exe
C:\WINDOWS\system32\dcbeg.bak1
C:\WINDOWS\system32\dcbeg.bak2
C:\WINDOWS\system32\dcbeg.ini
C:\WINDOWS\system32\dcbeg.ini2
C:\WINDOWS\system32\dcbeg.tmp
C:\WINDOWS\system32\didjlmao.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\asc3550.sys
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\dwisipqc.ini
C:\WINDOWS\system32\efrjybwn.exe
C:\WINDOWS\system32\ekguxeev.ini
C:\WINDOWS\system32\esloiwfd.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\fjbjelxp.exe
C:\WINDOWS\system32\fsstyhfm.ini
C:\WINDOWS\system32\gbtgbcjy.ini
C:\WINDOWS\system32\gebcd.dll
C:\WINDOWS\system32\gguprygp.exe
C:\WINDOWS\system32\gtsrqqjc.ini
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\hacwcelr.ini
C:\WINDOWS\system32\hgfkklny.dll
C:\WINDOWS\system32\hlxwxrjb.dll
C:\WINDOWS\system32\hpbrbjdj.exe
C:\WINDOWS\system32\hwgyyffy.exe
C:\WINDOWS\system32\hxsteqmx.ini
C:\WINDOWS\system32\icopqbcl.dll
C:\WINDOWS\system32\iiljqukn.ini
C:\WINDOWS\system32\inftbwby.ini
C:\WINDOWS\system32\iquamxpq.ini
C:\WINDOWS\system32\itsqyjny.exe
C:\WINDOWS\system32\iyxtrmly.ini
C:\WINDOWS\system32\jatylmha.exe
C:\WINDOWS\system32\jkrssooa.exe
C:\WINDOWS\system32\jntaedhx.dll
C:\WINDOWS\system32\jpmvsyqs.ini
C:\WINDOWS\system32\jweflvnc.exe
C:\WINDOWS\system32\kcoejlqk.dll
C:\WINDOWS\system32\khpokwbo.ini
C:\WINDOWS\system32\kjpmqqcq.dll
C:\WINDOWS\system32\kpmsnxdp.dll
C:\WINDOWS\system32\kqljeock.ini
C:\WINDOWS\system32\krburffo.exe
C:\WINDOWS\system32\lcbqpoci.ini
C:\WINDOWS\system32\lisxsbpt.exe
C:\WINDOWS\system32\llsuawwy.dll
C:\WINDOWS\system32\lptiykia.ini
C:\WINDOWS\system32\lqpiootn.exe
C:\WINDOWS\system32\mfhytssf.dll
C:\WINDOWS\system32\mnnrdovm.ini
C:\WINDOWS\system32\mqmiaqha.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mvodrnnm.dll
C:\WINDOWS\system32\mwsjgvcj.exe
C:\WINDOWS\system32\nctyfvfy.ini
C:\WINDOWS\system32\ndxlyqln.exe
C:\WINDOWS\system32\nfcpwvwq.dll
C:\WINDOWS\system32\nhandqey.dll
C:\WINDOWS\system32\nkuqjlii.dll
C:\WINDOWS\system32\nwhduffp.dll
C:\WINDOWS\system32\nysxicqq.ini
C:\WINDOWS\system32\obwkophk.dll
C:\WINDOWS\system32\oijygtvo.ini
C:\WINDOWS\system32\opnmnli.dll
C:\WINDOWS\system32\ovtgyjio.dll
C:\WINDOWS\system32\pbpuntad.exe
C:\WINDOWS\system32\pdxnsmpk.ini
C:\WINDOWS\system32\pffudhwn.ini
C:\WINDOWS\system32\pgnwihvv.dll
C:\WINDOWS\system32\pombnnxq.exe
C:\WINDOWS\system32\pqtwibrf.exe
C:\WINDOWS\system32\qchktgyx.dll
C:\WINDOWS\system32\qcqqmpjk.ini
C:\WINDOWS\system32\qgedjbkq.dll
C:\WINDOWS\system32\qhqvktry.ini
C:\WINDOWS\system32\qkbjdegq.ini
C:\WINDOWS\system32\qpmrtfgv.dll
C:\WINDOWS\system32\qpxmauqi.dll
C:\WINDOWS\system32\qqcixsyn.dll
C:\WINDOWS\system32\qukncpxr.dll
C:\WINDOWS\system32\qwfhcjlb.dll
C:\WINDOWS\system32\qwvwpcfn.ini
C:\WINDOWS\system32\rlecwcah.dll
C:\WINDOWS\system32\rqhqsdxf.exe
C:\WINDOWS\system32\rxpcnkuq.ini
C:\WINDOWS\system32\s.exe
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\sfyilsdy.exe
C:\WINDOWS\system32\smygesue.exe
C:\WINDOWS\system32\sqysvmpj.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\sugqvemx.exe
C:\WINDOWS\system32\susqoq.dll
C:\WINDOWS\system32\tjdswlbk.exe
C:\WINDOWS\system32\tpqvtgsc.ini
C:\WINDOWS\system32\uellloqc.ini
C:\WINDOWS\system32\ufwpnrxo.exe
C:\WINDOWS\system32\ukoaloqb.exe
C:\WINDOWS\system32\vaqgedxh.exe
C:\WINDOWS\system32\veexugke.dll
C:\WINDOWS\system32\vgftrmpq.ini
C:\WINDOWS\system32\vvhiwngp.ini
C:\WINDOWS\system32\vwqruyjr.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wcpit.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wvdscxuf.exe
C:\WINDOWS\system32\wxcgqvuc.exe
C:\WINDOWS\system32\xanejwop.exe
C:\WINDOWS\system32\xbotwtbb.dll
C:\WINDOWS\system32\xhdeatnj.ini
C:\WINDOWS\system32\xkfpmkdr.exe
C:\WINDOWS\system32\xkpgcorg.exe
C:\WINDOWS\system32\xmqetsxh.dll
C:\WINDOWS\system32\xrguusrv.exe
C:\WINDOWS\system32\xygtkhcq.ini
C:\WINDOWS\system32\Y0
C:\WINDOWS\system32\Y0\kmhp83122.exe
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\Y1\wr725.exe
C:\WINDOWS\system32\Y2
C:\WINDOWS\system32\ybwbtfni.dll
C:\WINDOWS\system32\yeqdnahn.ini
C:\WINDOWS\system32\yfvfytcn.dll
C:\WINDOWS\system32\yiiyhhmy.dll
C:\WINDOWS\system32\yjcbgtbg.dll
C:\WINDOWS\system32\ylmrtxyi.dll
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ymhhyiiy.ini
C:\WINDOWS\system32\ynlkkfgh.ini
C:\WINDOWS\system32\yrtkvqhq.dll
C:\WINDOWS\system32\ywwausll.ini
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\ystem3~1
C:\WINDOWS\ystem3~1\r?ndll32.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK


((((((((((((((((((((((((( Files Created from 2007-08-09 to 2007-09-09 )))))))))))))))))))))))))))))))
.

2007-09-09 17:12 30,208 --a------ C:\WINDOWS\pbar.dll
2007-09-09 17:12 29,696 --a------ C:\WINDOWS\7search.dll
2007-09-09 17:12 23,040 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-09-09 17:12 22,272 --a------ C:\WINDOWS\vxddsk.exe
2007-09-09 17:12 20,480 --a------ C:\WINDOWS\system32\wml.exe
2007-09-09 17:12 19,456 --a------ C:\WINDOWS\flt.dll
2007-09-09 17:12 18,688 --a------ C:\WINDOWS\wml.exe
2007-09-09 17:12 <DIR> d-------- C:\Program Files\p2pnetworks
2007-09-09 17:12 <DIR> d-------- C:\Program Files\3721
2007-09-09 17:11 23,040 --a------ C:\WINDOWS\764.exe
2007-09-09 17:10 125,504 --a------ C:\WINDOWS\system32\shjvupmx.dll
2007-09-09 17:07 75,328 --a------ C:\WINDOWS\system32\reacmbwv.exe
2007-09-08 17:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 16:21 20,480 --a------ C:\WINDOWS\system32\ace16win.dll
2007-09-08 16:21 <DIR> d-------- C:\Program Files\e-zshopper
2007-09-08 16:21 <DIR> d-------- C:\Program Files\akl
2007-09-08 16:21 <DIR> d-------- C:\Program Files\Accoona
2007-09-08 13:47 75,088 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-08 13:47 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-08 13:47 288,848 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-08 13:47 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-08 13:47 111,888 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2007-09-08 13:47 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-08 13:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-09-08 13:43 <DIR> d-------- C:\Program Files\download
2007-09-08 13:29 29,952 --a------ C:\WINDOWS\system32\msole32.exe
2007-09-08 12:46 8,960 --a------ C:\WINDOWS\kvnab.exe
2007-09-08 12:46 31,744 --a------ C:\WINDOWS\kkcomp.dll
2007-09-08 12:46 27,904 --a------ C:\WINDOWS\pbsysie.dll
2007-09-08 12:46 25,088 --a------ C:\WINDOWS\kvnab$.exe
2007-09-08 12:46 22,784 --a------ C:\WINDOWS\wbeCheck.exe
2007-09-08 12:46 21,504 --a------ C:\WINDOWS\liqui.dll
2007-09-08 12:46 18,944 --a------ C:\WINDOWS\liqad.dll
2007-09-08 12:46 15,616 --a------ C:\WINDOWS\xadbrk.dll
2007-09-08 12:46 15,360 --a------ C:\WINDOWS\kvnab.dll
2007-09-08 12:26 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-08 12:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-08 12:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 12:01 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-09-08 11:23 3,532 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-08 08:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-08 08:39 <DIR> d-------- C:\Program Files\AntiSpywareApp
2007-09-08 08:39 <DIR> d-------- C:\DOCUME~1\JOEWOL~1\APPLIC~1\AntiSpyware
2007-09-04 17:21 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-04 17:00 9,728 --a------ C:\WINDOWS\eventlowg.dll
2007-09-04 17:00 20,736 --a------ C:\WINDOWS\daxtime.dll
2007-09-04 16:59 <DIR> d-------- C:\Program Files\amsys
2007-09-04 16:36 21,504 --a------ C:\WINDOWS\system32\oembios32.dll
2007-09-04 16:36 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-09-04 16:35 20,992 --a------ C:\WINDOWS\system32\big1050v8.exe
2007-09-02 07:25 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-09-02 07:16 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-09-02 06:35 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2007-09-02 06:35 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-09-02 06:15 23,040 --a------ C:\WINDOWS\system32\pusha.dll
2007-08-17 06:51 22,528 --a------ C:\WINDOWS\system32\gorem2.dll
2007-08-14 22:31 <DIR> d-------- C:\WINDOWS\pss
2007-08-09 11:41 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 16:56 246 --a------ C:\Program Files\Common Files\laxul874
2007-09-08 16:03 --------- d-------- C:\Program Files\Trend Micro
2007-09-07 22:33 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-04 16:59 9984 --a------ C:\WINDOWS\kkcomp.exe
2007-09-04 16:59 9472 --a------ C:\WINDOWS\ngd.dll
2007-09-04 16:59 8960 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-09-04 16:59 8960 --a------ C:\WINDOWS\ie_32.exe
2007-09-04 16:59 32512 --a------ C:\WINDOWS\fhfmm.exe
2007-09-04 16:59 32256 --a------ C:\WINDOWS\wbeInst$.exe
2007-09-04 16:59 32256 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2007-09-04 16:59 31232 --a------ C:\WINDOWS\iexplorr23.dll
2007-09-04 16:59 29696 --a------ C:\WINDOWS\xadbrk_.exe
2007-09-04 16:59 27136 --a------ C:\WINDOWS\xxxvideo.exe
2007-09-04 16:59 26880 --a------ C:\WINDOWS\spredirect.dll
2007-09-04 16:59 26624 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-09-04 16:59 25088 --a------ C:\WINDOWS\aconti.exe
2007-09-04 16:59 22016 --a------ C:\WINDOWS\xadbrk.exe
2007-09-04 16:59 20992 --a------ C:\WINDOWS\settn.dll
2007-09-04 16:59 20992 --a------ C:\WINDOWS\liqui.exe
2007-09-04 16:59 20480 --a------ C:\WINDOWS\liqad$.exe
2007-09-04 16:59 20480 --a------ C:\WINDOWS\dp0.dll
2007-09-04 16:59 19968 --a------ C:\WINDOWS\jd2002.dll
2007-09-04 16:59 16640 --a------ C:\WINDOWS\liqad.exe
2007-09-04 16:59 16128 --a------ C:\WINDOWS\hcwprn.exe
2007-09-04 16:59 15360 --a------ C:\WINDOWS\cbinst$.exe
2007-09-04 16:59 14848 --a------ C:\WINDOWS\hotporn.exe
2007-09-04 16:59 12032 --a------ C:\WINDOWS\kkcomp$.exe
2007-09-04 16:59 12032 --a------ C:\WINDOWS\adbar.dll
2007-09-04 16:36 1014 --a------ C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
2007-09-04 16:35 8852 --a------ C:\WINDOWS\system32\drivers\download_btn.jpg
2007-09-04 16:35 877 --a------ C:\WINDOWS\system32\drivers\header_red_bg.gif
2007-09-04 16:35 838 --a------ C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
2007-09-04 16:35 821 --a------ C:\WINDOWS\system32\drivers\shadow_bg.gif
2007-09-04 16:35 72 --a------ C:\WINDOWS\system32\drivers\bg_bg.gif
2007-09-04 16:35 64 --a------ C:\WINDOWS\system32\drivers\close_ico.gif
2007-09-04 16:35 4448 --a------ C:\WINDOWS\system32\drivers\download_now_btn.gif
2007-09-04 16:35 4008 --a------ C:\WINDOWS\system32\drivers\rating.gif
2007-09-04 16:35 3552 --a------ C:\WINDOWS\system32\drivers\cell_header_remove.gif
2007-09-04 16:35 3479 --a------ C:\WINDOWS\system32\drivers\cell_header_scan.gif
2007-09-04 16:35 3313 --a------ C:\WINDOWS\system32\drivers\cell_header_block.gif
2007-09-04 16:35 3216 --a------ C:\WINDOWS\system32\drivers\header_red_free_scan.gif
2007-09-04 16:35 3031 --a------ C:\WINDOWS\system32\drivers\spyware_detected.gif
2007-09-04 16:35 26487 --a------ C:\WINDOWS\system32\drivers\screenshot.jpg
2007-09-04 16:35 1743 --a------ C:\WINDOWS\system32\drivers\remove_spyware_header.gif
2007-09-04 16:35 16977 --a------ C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
2007-09-04 16:35 16941 --a------ C:\WINDOWS\system32\drivers\icon_warning_big.gif
2007-09-04 16:35 1381 --a------ C:\WINDOWS\system32\drivers\warning_ico.gif
2007-09-04 16:35 1373 --a------ C:\WINDOWS\system32\drivers\cell_footer.gif
2007-09-04 16:35 1342 --a------ C:\WINDOWS\system32\drivers\cell_bg.gif
2007-09-03 11:10 --------- d-------- C:\Program Files\Google
2007-09-02 21:49 --------- d-------- C:\DOCUME~1\JOEWOL~1\APPLIC~1\Corel
2007-08-14 20:34 --------- d-------- C:\Program Files\LimeWire
2007-08-08 15:43 --------- d-------- C:\DOCUME~1\JOEWOL~1\APPLIC~1\LimeWire
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-04 15:26 --------- d-------- C:\Program Files\America Online 9.0
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 04:06 135 --a------ C:\Program Files\Common Files\prohdyz.html
2007-07-24 17:04 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-20 03:04 --------- d-------- C:\DOCUME~1\JOEWOL~1\APPLIC~1\AOL
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-11 21:26 --------- d-------- C:\DOCUME~1\JOEWOL~1\APPLIC~1\Viewpoint
2007-07-11 21:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-11 10:30 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-11 10:30 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-11 10:28 --------- d-------- C:\Program Files\Doom 3
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CDCD9EE-340B-33F8-7F00-38B60D3CF1C3}]
C:\WINDOWS\system32\xlfteb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83A6AADF-6045-434a-939F-48E5760C600C}]
2007-09-02 06:15 23040 --a------ C:\WINDOWS\system32\pusha.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236}]
2007-09-04 16:36 21504 --a------ C:\WINDOWS\system32\oembios32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 08:08]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-07 13:36]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 18:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"{C3-35-54-49-ZN}"="C:\Documents and Settings\Joe Wolf\Local Settings\Temp\thinksnet.exe" []
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 16:05]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20]
"hotyhes"="C:\Program Files\Windows Media Player\hotyhes22011.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 12:07]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 01:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 19:41]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Uaol"="C:\PROGRA~1\COMMON~1\CURITY~1\tracert.exe" []
"Aggolbf"="C:\WINDOWS\?ystem32\r?ndll32.exe" [2004-08-10 05:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"Zeyrj"="C:\Documents and Settings\Joe Wolf\Application Data\??crosoft\??ool32.exe" []
"Ocpmesy"="C:\WINDOWS\system32\?ymbols\l?gonui.exe" []
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
"Idmhai"="C:\WINDOWS\s?stem\?explore.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-07 13:23:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrrqr]
rqrrrqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - TMCOMM
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 17:17:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-09 17:19:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-09 17:19
.
--- E O F ---


hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:50 PM, on 9/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {6CDCD9EE-340B-33F8-7F00-38B60D3CF1C3} - C:\WINDOWS\system32\xlfteb.dll (file missing)
O2 - BHO: 3 - {83A6AADF-6045-434a-939F-48E5760C600C} - C:\WINDOWS\system32\pusha.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{C3-35-54-49-ZN}] C:\Documents and Settings\Joe Wolf\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [hotyhes] C:\Program Files\Windows Media Player\hotyhes22011.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\CURITY~1\tracert.exe" -vt yazb
O4 - HKCU\..\Run: [Aggolbf] C:\WINDOWS\?ystem32\r?ndll32.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Zeyrj] "C:\Documents and Settings\Joe Wolf\Application Data\??crosoft\??ool32.exe"
O4 - HKCU\..\Run: [Ocpmesy] C:\WINDOWS\system32\?ymbols\l?gonui.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Idmhai] C:\WINDOWS\s?stem\?explore.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{276B3606-58A9-45FC-9DB3-4D284205A8F8}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: rqrrrqr - rqrrrqr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12167 bytes

could not load DSS.

Pancake

Hi Steph...
Wow.Your kids have been busy....I will start clean the files in the log first and work back from there that way I can see whats left.ComboFix has fixed quite a lot of the problems ....





Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {6CDCD9EE-340B-33F8-7F00-38B60D3CF1C3} - C:\WINDOWS\system32\xlfteb.dll (file missing)
O2 - BHO: 3 - {83A6AADF-6045-434a-939F-48E5760C600C} - C:\WINDOWS\system32\pusha.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: oembios32.msdn_hlp - {AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKCU\..\Run: [Aggolbf] C:\WINDOWS\?ystem32\r?ndll32.exe
O4 - HKCU\..\Run: [Ocpmesy] C:\WINDOWS\system32\?ymbols\l?gonui.exe
O4 - HKCU\..\Run: [Idmhai] C:\WINDOWS\s?stem\?explore.exe
O20 - Winlogon Notify: rqrrrqr - rqrrrqr.dll (file missing)


Please run another Combo fix and post the log...

__________________

Pancake

You have a virus file that our analyst would like to have a closer look at.These instructions will mail it.



Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

__________________

HTXWOLF

Thank you. I followed your directions, but was not sure about the last part. A browser did not open when I selected "ok" in the message box, so I copied all below. Let me know if I need to run it again.

<html>
Submit malware to Bleeping Computer for analysis.
<br /><br />
<form enctype="multipart/form-data" action="http://www.bleepingcomputer.com/pf.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="5120000" />
<input type="hidden" name="User" value="Submitted via ComboFix." />
<input type="hidden" name="Referer" value="" />
<input type="hidden" name="channel" value="8" />
<input type="file" name="userfile" />
<input type="submit" value="Send File" />
<br /><br />
Copy/Paste the filepath below into the box above and click Send.
<br /><br />
<B>C:\DOCUME~1\JOEWOL~1\Desktop.\[8]-Submit_2007-09-11@20.37.zip</B>
</form></html>

ComboFix 07-09-09.4 - "Joe Wolf" 2007-09-11 20:37:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.435 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Joe Wolf\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\system32\drivers\asc3550.sys
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe


((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
.

2007-09-09 18:42 <DIR> d-------- C:\Deckard
2007-09-09 17:56 <DIR> d-------- C:\Program Files\MetaStream
2007-09-09 17:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-08 17:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 16:21 20,480 --a------ C:\WINDOWS\system32\ace16win.dll
2007-09-08 16:21 <DIR> d-------- C:\Program Files\e-zshopper
2007-09-08 16:21 <DIR> d-------- C:\Program Files\akl
2007-09-08 16:21 <DIR> d-------- C:\Program Files\Accoona
2007-09-08 13:47 75,088 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2007-09-08 13:47 36,112 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-08 13:47 288,848 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2007-09-08 13:47 203,024 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-08 13:47 111,888 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2007-09-08 13:47 1,126,328 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-08 13:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-09-08 13:43 <DIR> d-------- C:\Program Files\download
2007-09-08 13:29 29,952 --a------ C:\WINDOWS\system32\msole32.exe
2007-09-08 12:46 8,960 --a------ C:\WINDOWS\kvnab.exe
2007-09-08 12:46 31,744 --a------ C:\WINDOWS\kkcomp.dll
2007-09-08 12:46 27,904 --a------ C:\WINDOWS\pbsysie.dll
2007-09-08 12:46 25,088 --a------ C:\WINDOWS\kvnab$.exe
2007-09-08 12:46 22,784 --a------ C:\WINDOWS\wbeCheck.exe
2007-09-08 12:46 21,504 --a------ C:\WINDOWS\liqui.dll
2007-09-08 12:46 18,944 --a------ C:\WINDOWS\liqad.dll
2007-09-08 12:46 15,616 --a------ C:\WINDOWS\xadbrk.dll
2007-09-08 12:46 15,360 --a------ C:\WINDOWS\kvnab.dll
2007-09-08 12:26 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-08 12:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-08 12:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-08 12:01 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-09-08 11:23 3,532 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-08 08:39 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-08 08:39 <DIR> d-------- C:\Program Files\AntiSpywareApp
2007-09-08 08:39 <DIR> d-------- C:\DOCUME~1\JOEWOL~1\APPLIC~1\AntiSpyware
2007-09-04 17:21 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-04 17:00 9,728 --a------ C:\WINDOWS\eventlowg.dll
2007-09-04 17:00 20,736 --a------ C:\WINDOWS\daxtime.dll
2007-09-04 16:59 <DIR> d-------- C:\Program Files\amsys
2007-09-04 16:36 21,504 --a------ C:\WINDOWS\system32\oembios32.dll
2007-09-04 16:35 20,992 --a------ C:\WINDOWS\system32\big1050v8.exe
2007-09-02 07:25 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-09-02 07:16 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-09-02 06:35 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2007-09-02 06:35 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-08-14 22:31 <DIR> d-------- C:\WINDOWS\pss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 08:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-09 18:23 --------- d-------- C:\Program Files\Picasa2
2007-09-09 18:23 --------- d-------- C:\Program Files\NetWaiting
2007-09-09 18:22 --------- d-------- C:\Program Files\iTunes
2007-09-09 18:17 --------- d-------- C:\Program Files\Digital Line Detect
2007-09-09 18:17 --------- d-------- C:\Program Files\DellSupport
2007-09-09 18:17 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-09 18:16 --------- d-------- C:\Program Files\Common Files\AOL
2007-09-09 18:15 --------- d-------- C:\Program Files\America Online 9.0
2007-09-09 18:15 --------- d-------- C:\Program Files\AIM6
2007-09-09 17:28 --------- d-------- C:\Program Files\WildTangent
2007-09-08 16:56 246 --a------ C:\Program Files\Common Files\laxul874
2007-09-08 16:03 --------- d-------- C:\Program Files\Trend Micro
2007-09-04 16:59 9984 --a------ C:\WINDOWS\kkcomp.exe
2007-09-04 16:59 9472 --a------ C:\WINDOWS\ngd.dll
2007-09-04 16:59 8960 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2007-09-04 16:59 8960 --a------ C:\WINDOWS\ie_32.exe
2007-09-04 16:59 32512 --a------ C:\WINDOWS\fhfmm.exe
2007-09-04 16:59 32256 --a------ C:\WINDOWS\wbeInst$.exe
2007-09-04 16:59 31232 --a------ C:\WINDOWS\iexplorr23.dll
2007-09-04 16:59 29696 --a------ C:\WINDOWS\xadbrk_.exe
2007-09-04 16:59 27136 --a------ C:\WINDOWS\xxxvideo.exe
2007-09-04 16:59 26880 --a------ C:\WINDOWS\spredirect.dll
2007-09-04 16:59 26624 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2007-09-04 16:59 25088 --a------ C:\WINDOWS\aconti.exe
2007-09-04 16:59 22016 --a------ C:\WINDOWS\xadbrk.exe
2007-09-04 16:59 20992 --a------ C:\WINDOWS\settn.dll
2007-09-04 16:59 20992 --a------ C:\WINDOWS\liqui.exe
2007-09-04 16:59 20480 --a------ C:\WINDOWS\liqad$.exe
2007-09-04 16:59 20480 --a------ C:\WINDOWS\dp0.dll
2007-09-04 16:59 19968 --a------ C:\WINDOWS\jd2002.dll
2007-09-04 16:59 16640 --a------ C:\WINDOWS\liqad.exe
2007-09-04 16:59 16128 --a------ C:\WINDOWS\hcwprn.exe
2007-09-04 16:59 15360 --a------ C:\WINDOWS\cbinst$.exe
2007-09-04 16:59 14848 --a------ C:\WINDOWS\hotporn.exe
2007-09-04 16:59 12032 --a------ C:\WINDOWS\kkcomp$.exe
2007-09-04 16:59 12032 --a------ C:\WINDOWS\adbar.dll
2007-09-04 16:36 1014 --a------ C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
2007-09-04 16:35 8852 --a------ C:\WINDOWS\system32\drivers\download_btn.jpg
2007-09-04 16:35 877 --a------ C:\WINDOWS\system32\drivers\header_red_bg.gif
2007-09-04 16:35 838 --a------ C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
2007-09-04 16:35 821 --a------ C:\WINDOWS\system32\drivers\shadow_bg.gif
2007-09-04 16:35 72 --a------ C:\WINDOWS\system32\drivers\bg_bg.gif
2007-09-04 16:35 64 --a------ C:\WINDOWS\system32\drivers\close_ico.gif
2007-09-04 16:35 4448 --a------ C:\WINDOWS\system32\drivers\download_now_btn.gif
2007-09-04 16:35 4008 --a------ C:\WINDOWS\system32\drivers\rating.gif
2007-09-04 16:35 3552 --a------ C:\WINDOWS\system32\drivers\cell_header_remove.gif
2007-09-04 16:35 3479 --a------ C:\WINDOWS\system32\drivers\cell_header_scan.gif
2007-09-04 16:35 3313 --a------ C:\WINDOWS\system32\drivers\cell_header_block.gif
2007-09-04 16:35 3216 --a------ C:\WINDOWS\system32\drivers\header_red_free_scan.gif
2007-09-04 16:35 3031 --a------ C:\WINDOWS\system32\drivers\spyware_detected.gif
2007-09-04 16:35 26487 --a------ C:\WINDOWS\system32\drivers\screenshot.jpg
2007-09-04 16:35 1743 --a------ C:\WINDOWS\system32\drivers\remove_spyware_header.gif
2007-09-04 16:35 16977 --a------ C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
2007-09-04 16:35 16941 --a------ C:\WINDOWS\system32\drivers\icon_warning_big.gif
2007-09-04 16:35 1381 --a------ C:\WINDOWS\system32\drivers\warning_ico.gif
2007-09-04 16:35 1373 --a------ C:\WINDOWS\system32\drivers\cell_footer.gif
2007-09-04 16:35 1342 --a------ C:\WINDOWS\system32\drivers\cell_bg.gif
2007-09-03 11:10 --------- d-------- C:\Program Files\Google
2007-09-02 21:49 --------- d-------- C:\DOCUME~1\JOEWOL~1\APPLIC~1\Corel
2007-08-14 20:34 --------- d-------- C:\Program Files\LimeWire
2007-08-08 15:43 --------- d-------- C:\DOCUME~1\JOEWOL~1\APPLIC~1\LimeWire
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-28 04:06 135 --a------ C:\Program Files\Common Files\prohdyz.html
2007-07-20 03:04 --------- d-------- C:\DOCUME~1\JOEWOL~1\APPLIC~1\AOL
2007-07-11 21:26 --------- d-------- C:\DOCUME~1\JOEWOL~1\APPLIC~1\Viewpoint
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((( snapshot_2007-09-09_171858.12 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 141,424 2006-08-24 13:28:54 C:\WINDOWS\Downloaded Program Files\asinst.dll
----a-w 73,728 2006-08-02 17:39:06 C:\WINDOWS\system32\asuninst.exe
----a-w 11,776 2003-03-25 23:53:50 C:\WINDOWS\system32\ZPORT4AS.dll
----a-w 110,592 2007-03-29 14:20:50 C:\WINDOWS\system32\ActiveScan\as.dll
----a-w 233,472 2006-10-05 21:15:26 C:\WINDOWS\system32\ActiveScan\ascontrol.dll
----a-w 96,256 2005-06-03 19:03:18 C:\WINDOWS\system32\ActiveScan\asmdat.dll
----a-w 36,864 2003-08-01 16:00:16 C:\WINDOWS\system32\ActiveScan\certdll.dll
----a-w 86,016 2005-05-20 18:42:44 C:\WINDOWS\system32\ActiveScan\instlsp.dll
----a-w 4,608 2006-02-16 23:20:20 C:\WINDOWS\system32\ActiveScan\memvfile.dll
----a-w 348,160 2005-10-25 23:08:32 C:\WINDOWS\system32\ActiveScan\msvcr71.dll
----a-w 139,264 2004-05-04 20:01:02 C:\WINDOWS\system32\ActiveScan\pavaleas.dll
----a-w 45,056 2006-07-14 18:04:10 C:\WINDOWS\system32\ActiveScan\pavdr.exe
----a-w 159,832 2006-04-10 15:50:02 C:\WINDOWS\system32\ActiveScan\pavexcom.dll
----a-w 94,208 2006-02-14 18:05:38 C:\WINDOWS\system32\ActiveScan\pavinas.dll
----a-w 180,224 2006-02-16 23:35:38 C:\WINDOWS\system32\ActiveScan\pavoe.dll
----a-w 122,880 2006-10-05 21:15:38 C:\WINDOWS\system32\ActiveScan\pavpz.dll
----a-w 8,704 2006-06-30 19:13:38 C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
----a-w 49,152 2004-02-04 19:08:42 C:\WINDOWS\system32\ActiveScan\port32.dll
----a-w 69,632 2006-08-01 18:23:10 C:\WINDOWS\system32\ActiveScan\pscpu.dll
----a-w 1,388,544 2006-08-23 1808 C:\WINDOWS\system32\ActiveScan\pskahk.dll
----a-w 10,752 2006-08-17 16:38:14 C:\WINDOWS\system32\ActiveScan\pskalloc.dll
----a-w 61,440 2006-09-04 16:49:54 C:\WINDOWS\system32\ActiveScan\pskas.dll
----a-w 779,264 2006-08-18 13:46:18 C:\WINDOWS\system32\ActiveScan\pskavs.dll
----a-w 417,792 2007-03-26 19:25:34 C:\WINDOWS\system32\ActiveScan\pskcmp.dll
----a-w 90,112 2006-08-09 15:42:24 C:\WINDOWS\system32\ActiveScan\pskfss.dll
----a-w 208,896 2006-07-19 15:55:58 C:\WINDOWS\system32\ActiveScan\pskhtml.dll
----a-w 9,728 2006-01-20 21:57:00 C:\WINDOWS\system32\ActiveScan\pskmas.dll
----a-w 14,336 2006-05-17 14:50:12 C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
----a-w 33,280 2006-08-16 15:58:12 C:\WINDOWS\system32\ActiveScan\pskpack.dll
----a-w 266,240 2006-06-30 19:42:36 C:\WINDOWS\system32\ActiveScan\pskscs.dll
----a-w 62,976 2006-08-17 19:33:14 C:\WINDOWS\system32\ActiveScan\pskutil.dll
----a-w 13,312 2006-08-08 18:13:10 C:\WINDOWS\system32\ActiveScan\pskvfile.dll
----a-w 69,632 2006-08-18 13:53:08 C:\WINDOWS\system32\ActiveScan\pskvfs.dll
----a-w 167,936 2006-08-18 13:49:50 C:\WINDOWS\system32\ActiveScan\pskvm.dll
----a-w 353,840 2007-04-18 22:16:04 C:\WINDOWS\system32\ActiveScan\psscan.dll
----a-w 35,328 2007-01-22 19:42:48 C:\WINDOWS\system32\ActiveScan\rawvfile.dll
----a-w 9,488 1997-09-18 11:12:32 C:\WINDOWS\system32\ActiveScan\sporder.dll
----a-w 69,632 2006-02-28 22:23:40 C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB5FE6E5-7C72-4B89-85D0-D57E7AEAC236}]
2007-09-11 20:24 21504 --a------ C:\WINDOWS\system32\oembios32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 08:08]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-08-07 13:36]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 18:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"{C3-35-54-49-ZN}"="C:\Documents and Settings\Joe Wolf\Local Settings\Temp\thinksnet.exe" []
"Norton Ghost 10.0"="C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 16:05]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 19:20]
"hotyhes"="C:\Program Files\Windows Media Player\hotyhes22011.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 15:30]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 12:07]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 01:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 19:41]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Uaol"="C:\PROGRA~1\COMMON~1\CURITY~1\tracert.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"Zeyrj"="C:\Documents and Settings\Joe Wolf\Application Data\??crosoft\??ool32.exe" []
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-07 13:23:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL


R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 20:40:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ATWPKT2]
"ImagePath"="\??\C:\PROGRA~1\COMMON~1\AOL\ACS\ATWPKT2.SYS"
.
Completion time: 2007-09-11 20:41:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 20:41
C:\ComboFix2.txt ... 2007-09-11 20:31
C:\ComboFix3.txt ... 2007-09-09 17:19
.
--- E O F ---

Pancake

It looks as if it has sent the file but just as a fall back can you put that file here on this site.It will allow you to browse for it.

http://www.bleepingcomputer.com/subm....php?channel=8


Just put this heading in the link so they know where it has come from..thanks

http://www.techsupportforum.com/secu...ml#post1073150

In the mean time I will work on your log....it may take a few hours..

__________________

Pancake

Ok.A spot more cleaning to do......



Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Open *notepad* and copy/paste the text in the quotebox below into it:


Save this as *CFScript.txt*, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at *C:\ComboFix.txt*

Post back the combofix.txt along with a fresh HijackThis log and the DSS log please


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

__________________