WinAble virus?

[Oct15]

Got this virus yesterday - slows down computer, lots of popups. Tries to disable HijackThis - I did rename it though.
Seems like something called Internet Speed Monitor has been installed to my computer - also I get popups asking me if I want to install WinAntiSpyware2007FreeInstall.exe
I always click CANCEL, but it always pops up - I get worse pop ups and general slowing down when I use IE, than when I'm using Firefox.
(I'm new to this - be gentle.)

Here's my latest log:



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:37:28 AM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Q3JhaWcgTWFydGlu\command.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Proxy Networks\Proxy Host\phsvc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\System32\rpcnetp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Proxy Networks\Proxy Host\phtray.exe
C:\Program Files\Interwrite Learning\Interwrite Workspace\IWStarter.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ISM\ISMModule4.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\martinc\Desktop\FindTJH.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nch.kcsdschools.com/home.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.12.177:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;172.16.15.200;172.16.15.202;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5549B3A2-E892-484F-995F-0B6702510945} - C:\WINDOWS\system32\vturp.dll
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\fccbyyy.dll
O3 - Toolbar: SynchronEyes - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SynchronEyes Teacher 7.0\SEyesIeToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Proxy Networks\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMART Mirror Driver Monitor Service] "C:\Program Files\Common Files\SMART Techno
O4 - HKLM\..\Run: [InterWrite Device Manager] "C:\Program Files\Interwrite Learning\Interwrite Workspace\IWStarter.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISMModule4] "C:\Program Files\ISM\ISMModule4.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kershaw.k12.sc.us
O17 - HKLM\Software\..\Telephony: DomainName = kershaw.k12.sc.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kershaw.k12.sc.us
O20 - Winlogon Notify: fccbyyy - C:\WINDOWS\SYSTEM32\fccbyyy.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q3JhaWcgTWFydGlu\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Proxy Host Service (ProxyHostService) - Proxy Networks, Inc. - C:\Program Files\Proxy Networks\Proxy Host\phsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SMART Mirror Driver Monitor Service - SMART Technologies - C:\Program Files\Common Files\SMART Technologies Inc\Mirror Driver\monitorservice.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\prohdyzer.html

--
End of file - 10442 bytes

[Oct15]

More info - I renamed the HiJackThis program, and the spyware found it anyway and automatically deleted it. While doing the Panda scan, I keep getting popups for Internet Speed Monitor and WinAntiSpyware2007FreeInstall.



Panda Log:


Incident Status Location

Adware:Adware/SearchAid Not disinfected C:\Program Files\Network Monitor\netmon.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q3JhaWcgTWFydGlu\command.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q3JhaWcgTWFydGlu\asappsrv.dll
Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Virus:trj/abwiz.a Disinfected Operating system
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator.KERSHAW\Cookies\administrator@2o7[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.enhance.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.overture.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.go.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[statse.webtrendslive.com/S005-01-8-9-269184-95692]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[hc2.humanclick.com/hc/89518444]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\martinc\Application Data\Mozilla\Firefox\Profiles\uax9z7mn.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@ad.yieldmanager[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@fastclick[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@hc2.humanclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@realmedia[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@statcounter[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@winantispyware[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\martinc\Cookies\martinc@zedo[1].txt
Adware:Adware/TTC Not disinfected C:\Documents and Settings\martinc\Desktop\backups\backup-20070916-090715-206.dll
Virus:Generic Malware Disinfected C:\Documents and Settings\martinc\Desktop\backups\backup-20070916-090715-333.dll
Adware:Adware/TTC Not disinfected C:\Documents and Settings\martinc\Desktop\backups\backup-20070916-090715-842.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\martinc\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\martinc\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\martinc\Local Settings\Temp\cmdinst.exe
Virus:Trj/Downloader.OXI Disinfected C:\Documents and Settings\martinc\Local Settings\Temp\k11u72.exe
Adware:Adware/WinAntiSpyware Not disinfected C:\Documents and Settings\martinc\Local Settings\Temp\WinAntiSpyware 2007 FreeInstall.exe
Virus:Trj/Downloader.QDR Disinfected C:\Documents and Settings\martinc\Local Settings\Temp\wr-1-77.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\martinc\Local Settings\Temporary Internet Files\Content.IE5\5O8R5XKX\is68267[1].exe
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\martinc\Local Settings\Temporary Internet Files\Content.IE5\6PQ5WNUD\installer[1].exe
Virus:Trj/Downloader.QDR Disinfected C:\Documents and Settings\martinc\Local Settings\Temporary Internet Files\Content.IE5\85AJCLM3\wr-1-77[1].exe
Adware:Adware/CWS Not disinfected C:\Documents and Settings\martinc\Local Settings\Temporary Internet Files\Content.IE5\CDM3GT6R\83122[1].exe
Adware:Adware/TTC Not disinfected C:\Documents and Settings\martinc\Local Settings\Temporary Internet Files\Content.IE5\CZEXW1MX\TTC-4444[1].exe
Virus:Trj/Downloader.OXI Disinfected C:\Documents and Settings\martinc\Local Settings\Temporary Internet Files\Content.IE5\KPE3092Z\k11u72[1].exe
Adware:Adware/WinAntiSpyware Not disinfected C:\Documents and Settings\martinc\Local Settings\Temporary Internet Files\Content.IE5\KTGNUJYV\WinAntiSpyware2007FreeInstall[1].exe
Adware:Adware/TTC Not disinfected C:\Documents and Settings\martinc\Local Settings\Temporary Internet Files\Content.IE5\U5KHQTW3\tk58[1].exe
Adware:Adware/TTC Not disinfected C:\Program Files\Common Files\homer4444.dll
Virus:Generic Malware Disinfected C:\Program Files\ComPlus Applications\laxulix.dll

[Oct15]

Any takers??

[forhockey]

Hi and welcome to TSF.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Download combofix from here

**Save it directly to your desktop**

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

A log will be produced that will ultimately be named C:\ComboFix.txt . I'll need that in your next reply

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

--------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt - Attached please

[Oct15]

Thanks for your help. I was not able to run ComboFix. I tried downloading and running it twice. Each time, the window would open and it would say "ComboFix is preparing to run" and then ultimately giving me this error:

Loading 'admin~1.ker\ntuser.dat' to 'nku\admini~1' was not successful


I was able to run DSS... it downloaded HijackThis for me - since every time I download it myself, the virus finds it and deletes the entire program.
Here are the logs (w/attachment):


Deckard's System Scanner v20070905.67
Run by martinc on 2007-09-18 18:55:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
79: 2007-09-18 22:55:31 UTC - RP79 - Deckard's System Scanner Restore Point
78: 2007-09-17 11:11:33 UTC - RP78 - Software Distribution Service 2.0
77: 2007-09-16 17:58:10 UTC - RP77 - Software Distribution Service 2.0
76: 2007-09-16 17:09:36 UTC - RP76 - Installed AVG 7.5
75: 2007-09-16 13:52:12 UTC - RP75 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-09-16 03:43:35 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as martinc.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-18 19:02:12
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Q3JhaWcgTWFydGlu\command.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Proxy Networks\Proxy Host\PhSvc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Proxy Networks\Proxy Host\PhTray.exe
C:\Program Files\Interwrite Learning\Interwrite Workspace\IWStarter.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ISM\ISMModule4.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Documents and Settings\martinc\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\martinc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nch.kcsdschools.com/home.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\fccbyyy.dll
O2 - BHO: (no name) - {F1CD5644-5A23-4B80-A45F-31480ADD7D4E} - C:\WINDOWS\system32\vturp.dll (file missing)
O3 - Toolbar: SynchronEyes - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files\SynchronEyes Teacher 7.0\SEyesIeToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKEY_LOCAL_MACHINE\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKEY_LOCAL_MACHINE\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKEY_LOCAL_MACHINE\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Proxy Networks\Proxy Host\phtray.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SMART Mirror Driver Monitor Service] "C:\Program Files\Common Files\SMART Techno
O4 - HKEY_LOCAL_MACHINE\..\Run: [InterWrite Device Manager] "C:\Program Files\Interwrite Learning\Interwrite Workspace\IWStarter.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISMModule4] "C:\Program Files\ISM\ISMModule4.exe"
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\Software\..\Telephony: DomainName = kershaw.k12.sc.us
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = kershaw.k12.sc.us
O17 - HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: Domain = kershaw.k12.sc.us
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = kershaw.k12.sc.us
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: fccbyyy - C:\WINDOWS\system32\fccbyyy.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q3JhaWcgTWFydGlu\command.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - "C:\Program Files\Network Associates\VirusScan\Mcshield.exe"
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe service
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SMART Mirror Driver Monitor Service - SMART Technologies - C:\Program Files\Common Files\SMART Technologies Inc\Mirror Driver\MonitorService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R2 cpqdfw (Diagnostics Driver) - c:\windows\system32\drivers\cpqdfw.sys
R2 cq_mem (Diagnostics Memory Driver) - c:\windows\system32\drivers\cq_mem.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 cqcpu (Diagnostics CPU Driver) - c:\windows\system32\drivers\cqcpu.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.2.1.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 cmdService (Command Service) - c:\windows\q3jhawcgtwfydglu\command.exe
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 Network Monitor - c:\program files\network monitor\netmon.exe service
R2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 Rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>

S2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
S2 SMART Mirror Driver Monitor Service - c:\program files\common files\smart technologies inc\mirror driver\monitorservice.exe <Not Verified; SMART Technologies; Mirror Driver Monitor Service>
S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-17 11:35:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-08-18 and 2007-09-18 -----------------------------

2007-09-18 18:58:56 0 d-------- C:\Program Files\Trend Micro
2007-09-18 17:20:46 244832 --a------ C:\WINDOWS\system32\ddcca.dll
2007-09-18 1355 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-09-18 13:04:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2007-09-17 06:44:44 2037590 --ahs---- C:\WINDOWS\system32\prutv.bak2
2007-09-16 22:27:04 0 d-------- C:\QUARANTINE
2007-09-16 13:52:11 0 dr-h----- C:\$VAULT$.AVG
2007-09-16 13:11:23 0 d-------- C:\Documents and Settings\martinc\Application Data\AVG7
2007-09-16 13:10:53 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-09-16 13:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-16 13:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-09-16 09:59:13 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-16 09:13:40 0 d-------- C:\Documents and Settings\martinc\Application Data\Help
2007-09-16 00:11:09 0 d-------- C:\WINDOWS\pss
2007-09-15 23:44:31 6444 --ahs---- C:\WINDOWS\system32\prutv.bak1
2007-09-15 23:41:58 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2007-09-15 23:40:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-09-15 23:40:30 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2007-09-15 23:40:30 0 d--hs---- C:\WINDOWS\Q3JhaWcgTWFydGlu
2007-09-15 23:40:30 0 d-------- C:\Program Files\Network Monitor
2007-09-15 23:40:12 0 d-------- C:\Program Files\InetGet2
2007-09-15 23:39:03 169147 --a------ C:\WINDOWS\TTC-4444.exe
2007-09-15 23:38:02 0 d-------- C:\Program Files\ISM
2007-09-15 23:38:00 0 d-------- C:\WINDOWS\system32\GRB3
2007-09-15 23:38:00 0 d-------- C:\WINDOWS\system32\DLL2
2007-09-15 23:38:00 0 d-------- C:\WINDOWS\system32\chks2
2007-09-15 23:38:00 0 d-------- C:\WINDOWS\system32\A1
2007-09-15 23:37:44 44054 --a------ C:\WINDOWS\system32\fccbyyy.dll
2007-09-15 23:37:23 0 d-------- C:\WINDOWS\system32\f10WtR
2007-09-15 23:37:22 0 d-------- C:\Temp
2007-09-15 23:36:53 0 d-------- C:\Program Files\svhost
2007-09-15 10:03:42 1751 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-09-15 10:00:48 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-12 20:10:22 0 d-------- C:\Documents and Settings\martinc\Application Data\Leadertech
2007-09-11 15:36:26 56832 --a------ C:\WINDOWS\b122.exe
2007-09-03 21:39:51 0 d-------- C:\Program Files\MindPoint
2007-09-03 09:53:06 0 d-------- C:\Program Files\PuzzleMaker
2007-08-25 11:27:53 1156 --a------ C:\WINDOWS\mozver.dat
2007-08-22 09:14:54 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-22 09:14:50 0 d-------- C:\Documents and Settings\martinc\Application Data\Mozilla
2007-08-19 18:30:30 0 d-------- C:\Documents and Settings\martinc\Application Data\Printer Info Cache
2007-08-19 18:30:28 0 d-------- C:\Documents and Settings\martinc\Application Data\Image Zone Express
2007-08-18 23:55:38 0 d-------- C:\WINDOWS\Cache


-- Find3M Report ---------------------------------------------------------------

2007-09-18 08:37:42 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2007-09-18 08:37:37 47104 --a------ C:\WINDOWS\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2007-09-17 22:15:30 2225 --a------ C:\Documents and Settings\martinc\Application Data\evpro32.prf
2007-09-16 11:54:53 0 d-------- C:\Program Files\SynchronEyes Teacher 7.0
2007-09-16 11:53:47 0 d-------- C:\Program Files\QuickTime
2007-09-16 11:53:07 0 d-------- C:\Program Files\MSN Messenger
2007-09-16 11:50:52 0 d-------- C:\Program Files\Microsoft LifeCam
2007-09-16 11:50:02 0 d-------- C:\Program Files\iTunes
2007-09-16 11:45:29 0 d-------- C:\Program Files\Dell AIO Printer A920
2007-09-16 11:44:03 0 d-------- C:\Program Files\Common Files\Funk Software
2007-09-16 10:08:30 47104 --a------ C:\WINDOWS\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2007-09-16 09:21:03 17408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2007-09-16 09:16:59 0 d-------- C:\Program Files\Common Files
2007-09-16 09:07:26 0 d-------- C:\Program Files\Google
2007-09-12 20:10:36 0 d-------- C:\Documents and Settings\martinc\Application Data\Sonic
2007-09-12 15:14:25 0 d-------- C:\Documents and Settings\martinc\Application Data\U3
2007-09-03 21:51:22 512155 --a------ C:\Documents and Settings\martinc\Application Data\MINDPOINTSE.PRF
2007-08-15 20:11:52 130501 --a------ C:\WINDOWS\HPHins13.dat
2007-08-15 20:11:28 0 d-------- C:\Documents and Settings\martinc\Application Data\HP
2007-08-15 20:10:55 0 d-------- C:\Program Files\Common Files\HP
2007-08-15 20:10:49 0 d-------- C:\Program Files\HP
2007-08-09 19:43:18 32256 --a------ C:\WINDOWS\system32\identprv.dll <Not Verified; Absolute Software Corporation; Installation/Management Application>
2007-08-07 22:28:12 0 d-------- C:\Program Files\LessonView
2007-08-07 22:26:51 0 d-------- C:\Program Files\TeacherEXPRESS
2007-08-03 11:09:13 0 d-------- C:\Documents and Settings\martinc\Application Data\Google
2007-08-02 09:43:59 282624 --a------ C:\Program Files\Common Files\homer4444.dll
2007-08-01 13:36:25 0 d-------- C:\Program Files\HMCO
2007-08-01 13:18:08 0 d-------- C:\Program Files\Common Files\Maris Technologies
2007-08-01 13:18:03 0 d-------- C:\Program Files\GeoDiscoveries
2007-08-01 12:10:31 0 d-------- C:\Documents and Settings\martinc\Application Data\ClassRoom GradeBook
2007-08-01 12:03:33 0 d-------- C:\Program Files\ClassRoom GradeBook
2007-08-01 11:02:31 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-08-01 11:02:08 0 d-------- C:\Program Files\ABBYY FineReader 6.0
2007-08-01 11:01:38 0 d-------- C:\Program Files\FaxTools
2007-08-01 11:01:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-31 23:28:47 0 d-------- C:\Documents and Settings\martinc\Application Data\Adobe
2007-07-29 22:16:28 0 d-------- C:\Program Files\Yahoo!
2007-07-29 10:25:54 0 d-------- C:\Documents and Settings\martinc\Application Data\Apple Computer
2007-07-26 11:02:23 0 d-------- C:\Program Files\Common Files\OverDrive Shared
2007-07-26 10:52:56 0 d-------- C:\Program Files\Common Files\L&H
2007-07-26 10:51:56 0 d-------- C:\Program Files\Microsoft Reader
2007-07-25 15:59:44 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-07-25 14:39:37 0 d-------- C:\Documents and Settings\martinc\Application Data\IGPro
2007-07-25 14:21:57 0 d-------- C:\Program Files\ContentGenerator.net
2007-07-22 12:56:14 0 d-------- C:\Documents and Settings\martinc\Application Data\InterVideo


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733E9132-53CA-4C97-9AC9-145C4502FA20}]
2007-09-15 23:37 44054 --a------ C:\WINDOWS\system32\fccbyyy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1CD5644-5A23-4B80-A45F-31480ADD7D4E}]
C:\WINDOWS\system32\vturp.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8E1233B3-485A-4E51-B77E-9E075A68C588}"= C:\Program Files\SynchronEyes Teacher 7.0\SEyesIeToolbar.dll [2007-02-22 06:38 476688]

[-HKEY_CLASSES_ROOT\CLSID\{8E1233B3-485A-4E51-B77E-9E075A68C588}]
[HKEY_CLASSES_ROOT\IeToolbar.IEToolbarClass.1]
[HKEY_CLASSES_ROOT\TypeLib\{C66C5266-E7EA-42EC-8B3B-144D60BFB30A}]
[HKEY_CLASSES_ROOT\IeToolbar.IEToolbarClass]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-09-12 13:47 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 15:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 15:08]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-30 04:46]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-30 04:33]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-12-05 16:52]
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 02:36]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 16:19]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe" [2007-05-25 08:53]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"ProxyHostTrayIcon"="C:\Program Files\Proxy Networks\Proxy Host\phtray.exe" [2007-01-16 19:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SMART Mirror Driver Monitor Service"="C:\Program Files\Common Files\SMART Techno" []
"InterWrite Device Manager"="C:\Program Files\Interwrite Learning\Interwrite Workspace\IWStarter.exe" [2007-04-27 10:36]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 14:25]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 19:54]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-29 19:55]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-16 13:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" []
"RecordNow!"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 19:48]
"ISMModule4"="C:\Program Files\ISM\ISMModule4.exe" [2007-09-11 08:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

C:\Documents and Settings\martinc\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 1414]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-06-02 17:48:22]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\ComPlus Applications\prohdyzer.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{733E9132-53CA-4C97-9AC9-145C4502FA20}"= C:\WINDOWS\system32\fccbyyy.dll [2007-09-15 23:37 44054]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbyyy]
fccbyyy.dll 2007-09-15 23:37 44054 C:\WINDOWS\system32\fccbyyy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\system32\LgNotify.dll 2003-12-16 16:49 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\vturp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80994d96-3ae9-11dc-8514-001185859971}]
AutoRun\command- E:\LaunchU3.exe

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2007-09-18 19:05:09 ------------

[forhockey]

Please try carrying out these instructions for running ComboFix:

Download combofix from here

**Save it directly to your desktop**

Go to <<Start>> then <<Run>> then paste in the single line command then click OK

"%userprofile%\desktop\combofix.exe" /killall



A log will be produced that will ultimately be named C:\ComboFix.txt I'll need that in your next reply.

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[Oct15]

Ok I must be doing something wrong. Every time I try to run ComboFix, it gives me an error message, and then goes to a blue screen for at least 30 minutes. Is that right? Should I just leave it and wait it out? Should I be connected to the internet when I run it? I have done it both ways.
(And I havent clicked in the window while it's running either... )

This virus is making my computer worse by the day, I am beyond frustrated.

I will try one more time tonight, if there's no log from me, that means I can't get it to run.