Search Engines Hijacked - Please Help

[webby45wr]

Whenever I use yahoo, msn, google, etc. to search for something, the correct search results come up, but when I click the clink, it redirects me to some random site, usually shopping sites. If I type an address in the bar, it's no problem. Then, once I am at that page, I can click any link and it will work properly. THe only time I get the redirect is from a search page.

I have run Windows Defender, Spybot - Search and Destroy, and Ad-Aware, and fixed any problems that were found. I also ran my McAfee Virus Scan and again, fixed any issues found.

Here is my result from the Panda ActiveScan:

Incident Status Location Adware:adware/sidestep - Not disinfected - c:\windows\downloaded program files\SbCIe02a.inf
Adware:adware/searchexe - Not disinfected - Windows Registry
Spyware:Cookie/Atwola - Not disinfected - C:\Documents and Settings\NAME\Application Data\Mozilla\Profiles\default\g840fbyt.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/YieldManager - Not disinfected - C:\Documents and Settings\NAME\Application Data\Mozilla\Profiles\default\g840fbyt.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia - Not disinfected- C:\Documents and Settings\NAME\Application Data\Mozilla\Profiles\default\g840fbyt.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atwola - Not disinfected - C:\Documents and Settings\NAME\Cookies\NAME@atwola[1].txt
Spyware:Cookie/Enhance - Not disinfected- C:\Documents and Settings\NAME\Cookies\NAME@enhance[2].txt
Spyware:Cookie/Server.iad.Liveperson - Not disinfected - C:\Documents and Settings\NAME\Cookies\NAME@server.iad.liveperson[1].txt
Adware:Adware/Trymedia- Not disinfected - C:\Downloads\JDAmericanFarmer_Setup-dm[1].exe
Adware:Adware/Trymedia - Not disinfected - C:\Downloads\WarshipSetup-dm[1].exe
Possible Virus. - Not disinfected - C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe
Here is the DSS log: Deckard's System Scanner v20071014.68
Run by Jeffrey Webb on 2007-12-23 07:08:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2007-12-23 12:08:44 UTC - RP1585 - Deckard's System Scanner Restore Point
75: 2007-12-23 04:56:16 UTC - RP1584 - Software Distribution Service 3.0
74: 2007-12-22 20:59:55 UTC - RP1583 - Spybot-S&D Spyware removal
73: 2007-12-22 19:53:17 UTC - RP1582 - Windows Defender Checkpoint
72: 2007-12-22 15:31:15 UTC - RP1581 - Installed Windows Defender


-- First Restore Point --
1: 2007-10-20 05:13:45 UTC - RP1510 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as XXXXX.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:58 AM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\NAME\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\NAME.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\NAME\Application Data\Mozilla\Profiles\default\g840fbyt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\NAME\Application Data\Mozilla\Profiles\default\g840fbyt.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1198359029171
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...19/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C491C0B-7140-43C9-8F35-A43D55370320}: NameServer = 166.102.165.11 166.102.165.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 6181 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 HPFECP06 - c:\windows\system32\drivers\hpfecp06.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 L2XPSR - d:\release\l2xpsr.sys (file missing)
S3 LOGNT - c:\progra~1\effici~1\tangom~1\app\lognt.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP06\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP06\0000
Service: HPFECP06


-- Scheduled Tasks -------------------------------------------------------------

2007-12-23 02:28:22 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-15 01:14:58 364 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-12-01 01:00:17 366 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-11-23 and 2007-12-23 -----------------------------

2007-12-23 07:11:44 0 d-------- C:\Program Files\Trend Micro
2007-12-23 00:14:38 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2007-12-22 19:24:20 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-22 18:41:33 0 d-------- C:\Documents and Settings\NAME\.housecall6.6
2007-12-22 10:31:18 0 d-------- C:\Program Files\Windows Defender
2007-12-17 13:08:13 0 d-------- C:\Documents and Settings\NAME\.jpi_cache
2007-12-17 13:08:12 0 d-------- C:\Documents and Settings\NAME\.java
2007-12-15 11:52:08 0 d-------- C:\Program Files\ACW
2007-12-15 11:49:51 0 d-------- C:\Documents and Settings\NAME\Application Data\Yahoo!
2007-12-15 11:14:20 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-12-15 09:05:57 0 d-------- C:\Documents and Settings\NAME\.javaws
2007-12-15 09:04:21 105168 --a------ C:\WINDOWS\NSUninst.exe
2007-12-15 09:03:49 105168 --a------ C:\WINDOWS\GREUninstall.exe
2007-12-15 09:03:44 9580 --a------ C:\WINDOWS\mozver.dat
2007-12-15 09:03:43 0 d-------- C:\Documents and Settings\NAME\Application Data\Mozilla
2007-12-15 09:03:40 0 d-------- C:\Program Files\Common Files\mozilla.org
2007-12-15 09:02:04 0 d-------- C:\Program Files\Netscape
2007-12-08 21:37:52 0 d-------- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2007-12-23 01:15:08 0 d-------- C:\Program Files\QuickTime
2007-12-23 01:05:00 0 d-------- C:\Program Files\Digital Line Detect
2007-12-22 23:39:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-22 20:07:59 0 d-------- C:\Program Files\LimeWire
2007-12-22 20:05:07 0 d-------- C:\Program Files\AIM
2007-12-22 20:03:30 0 d-------- C:\Program Files\Rhapsody
2007-12-22 19:15:08 0 d-------- C:\Program Files\Viewpoint
2007-12-22 19:12:10 0 d-------- C:\Program Files\SpywareBlaster
2007-12-22 15:48:19 0 d-------- C:\Documents and Settings\NAME\Application Data\Adobe
2007-12-22 15:10:55 0 d-------- C:\Program Files\Yahoo!
2007-12-22 15:09:20 0 d-------- C:\Program Files\ArcadeRockstar
2007-12-19 21:09:24 4 --a------ C:\WINDOWS\system32\49276C
2007-12-19 18:28:25 0 d-------- C:\Documents and Settings\NAME\Application Data\Real
2007-12-15 09:05:05 0 d-------- C:\Program Files\Java
2007-12-15 09:04:17 0 d-------- C:\Program Files\AOD
2007-12-15 09:03:40 0 d-------- C:\Program Files\Common Files
2007-11-21 19:19:03 0 d-------- C:\Program Files\McAfee
2007-11-07 20:56:19 0 d-------- C:\Program Files\MySpace


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 02:24 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [12/25/1724 02:46 PM]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\NAME\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 1:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 1:36:04 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/28/2003 10:37:46 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdxne.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - HNIBSCOENKSM



-- End of Deckard's System Scanner: finished at 2007-12-23 07:13:08 ------------

I have attached the extra.txt log.

Any help solve this aggravating problem would be greatly appreciated!

[sUBs]

www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[webby45wr]

Thanks! I can now click licks after using a search engine, and they actually work!

Here is the Hijackthis log as requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:23 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\NAME\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JEFFRE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\NAME\Application Data\Mozilla\Profiles\default\g840fbyt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\NAME\Application Data\Mozilla\Profiles\default\g840fbyt.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1198359029171
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...19/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C491C0B-7140-43C9-8F35-A43D55370320}: NameServer = 166.102.165.11 166.102.165.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 5839 bytes

-- Files created between 2007-11-23 and 2007-12-23 -----------------------------

2007-12-23 07:11:44 0 d-------- C:\Program Files\Trend Micro
2007-12-23 00:14:38 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2007-12-22 19:24:20 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-22 18:41:33 0 d-------- C:\Documents and Settings\NAME\.housecall6.6
2007-12-22 10:31:18 0 d-------- C:\Program Files\Windows Defender
2007-12-17 13:08:13 0 d-------- C:\Documents and Settings\NAME\.jpi_cache
2007-12-17 13:08:12 0 d-------- C:\Documents and Settings\NAME\.java
2007-12-15 11:52:08 0 d-------- C:\Program Files\ACW
2007-12-15 11:49:51 0 d-------- C:\Documents and Settings\NAME\Application Data\Yahoo!
2007-12-15 11:14:20 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-12-15 09:05:57 0 d-------- C:\Documents and Settings\NAME\.javaws
2007-12-15 09:04:21 105168 --a------ C:\WINDOWS\NSUninst.exe
2007-12-15 09:03:49 105168 --a------ C:\WINDOWS\GREUninstall.exe
2007-12-15 09:03:44 9580 --a------ C:\WINDOWS\mozver.dat
2007-12-15 09:03:43 0 d-------- C:\Documents and Settings\NAME\Application Data\Mozilla
2007-12-15 09:03:40 0 d-------- C:\Program Files\Common Files\mozilla.org
2007-12-15 09:02:04 0 d-------- C:\Program Files\Netscape
2007-12-08 21:37:52 0 d-------- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2007-12-23 01:15:08 0 d-------- C:\Program Files\QuickTime
2007-12-23 01:05:00 0 d-------- C:\Program Files\Digital Line Detect
2007-12-22 23:39:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-22 20:07:59 0 d-------- C:\Program Files\LimeWire
2007-12-22 20:05:07 0 d-------- C:\Program Files\AIM
2007-12-22 20:03:30 0 d-------- C:\Program Files\Rhapsody
2007-12-22 19:15:08 0 d-------- C:\Program Files\Viewpoint
2007-12-22 19:12:10 0 d-------- C:\Program Files\SpywareBlaster
2007-12-22 15:48:19 0 d-------- C:\Documents and Settings\NAME\Application Data\Adobe
2007-12-22 15:10:55 0 d-------- C:\Program Files\Yahoo!
2007-12-22 15:09:20 0 d-------- C:\Program Files\ArcadeRockstar
2007-12-19 21:09:24 4 --a------ C:\WINDOWS\system32\49276C
2007-12-19 18:28:25 0 d-------- C:\Documents and Settings\NAME\Application Data\Real
2007-12-15 09:05:05 0 d-------- C:\Program Files\Java
2007-12-15 09:04:17 0 d-------- C:\Program Files\AOD
2007-12-15 09:03:40 0 d-------- C:\Program Files\Common Files
2007-11-21 19:19:03 0 d-------- C:\Program Files\McAfee
2007-11-07 20:56:19 0 d-------- C:\Program Files\MySpace


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 02:24 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [12/25/1724 02:46 PM]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\NAME\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 1:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 1:36:04 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/28/2003 10:37:46 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-12-23 21:00:45 ------------

Here is the ComboFix Log as well:

ComboFix 07-12-24.7 - NAME 2007-12-23 20:40:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.332 [GMT -5:00]
Running from: C:\Documents and Settings\NAME\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\NAME\Application Data\macromedia\Flash Player\#SharedObjects\A2YKBY7U\www.broadcaster.com
C:\Documents and Settings\NAME\Application Data\macromedia\Flash Player\#SharedObjects\A2YKBY7U\www.broadcaster.com\played_list.sol
C:\Documents and Settings\NAME\Application Data\macromedia\Flash Player\#SharedObjects\A2YKBY7U\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\NAME\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\NAME\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\kdxne.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-23 07:11 . 2007-12-23 07:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 07:08 . 2007-12-23 07:08 <DIR> d-------- C:\Deckard
2007-12-23 00:14 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-22 19:24 . 2007-12-23 01:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-22 19:24 . 2007-12-23 00:06 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-22 19:24 . 2007-12-23 00:06 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-22 19:24 . 2007-12-23 00:06 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-22 18:41 . 2007-12-22 21:07 <DIR> d-------- C:\Documents and Settings\NAME\.housecall6.6
2007-12-22 10:31 . 2007-12-23 01:17 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-17 13:08 . 2007-12-17 13:08 <DIR> d-------- C:\Documents and Settings\NAME\.jpi_cache
2007-12-17 13:08 . 2007-12-17 13:08 <DIR> d-------- C:\Documents and Settings\NAME\.java
2007-12-16 13:09 . 2007-12-16 21:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-16 13:09 . 2007-12-16 13:09 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-15 11:52 . 2007-12-15 11:52 <DIR> d-------- C:\Program Files\ACW
2007-12-15 11:49 . 2007-12-15 11:49 <DIR> d-------- C:\Documents and Settings\NAME\Application Data\Yahoo!
2007-12-15 11:14 . 2007-12-15 11:15 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-15 09:05 . 2007-12-15 09:05 <DIR> d-------- C:\Documents and Settings\NAME\.javaws
2007-12-15 09:05 . 2003-02-20 16:42 229,487 --a------ C:\WINDOWS\SYSTEM32\jpicpl32.cpl
2007-12-15 09:04 . 2007-12-15 09:04 105,168 --a------ C:\WINDOWS\NSUninst.exe
2007-12-15 09:03 . 2007-12-15 09:03 <DIR> d-------- C:\Program Files\Common Files\mozilla.org
2007-12-15 09:03 . 2007-12-15 09:03 105,168 --a------ C:\WINDOWS\GREUninstall.exe
2007-12-15 09:03 . 2007-12-15 09:06 9,580 --a------ C:\WINDOWS\mozver.dat
2007-12-15 09:02 . 2007-12-15 09:02 <DIR> d-------- C:\Program Files\Netscape
2007-12-11 20:34 . 2007-12-11 20:34 127 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2007-12-08 21:37 . 2007-12-08 21:37 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 06:15 --------- d-----w C:\Program Files\QuickTime
2007-12-23 06:05 --------- d-----w C:\Program Files\Digital Line Detect
2007-12-23 04:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 01:07 --------- d-----w C:\Program Files\LimeWire
2007-12-23 01:05 --------- d-----w C:\Program Files\AIM
2007-12-23 01:03 --------- d-----w C:\Program Files\Rhapsody
2007-12-23 00:15 --------- d-----w C:\Program Files\Viewpoint
2007-12-23 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-23 00:12 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-22 20:10 --------- d-----w C:\Program Files\Yahoo!
2007-12-22 20:09 --------- d-----w C:\Program Files\ArcadeRockstar
2007-12-15 14:05 --------- d-----w C:\Program Files\Java
2007-12-15 14:04 --------- d-----w C:\Program Files\AOD
2007-11-22 00:19 --------- d-----w C:\Program Files\McAfee
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 01:56 --------- d-----w C:\Program Files\MySpace
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [1724-12-25 14:46]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-28 10:37:46]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 HPFECP06;HPFECP06;C:\WINDOWS\system32\drivers\HPFECP06.SYS [2003-09-03 18:51]
S3 L2XPSR;L2XPSR;D:\Release\L2XPSR.SYS []
S3 LOGNT;LOGNT;C:\PROGRA~1\EFFICI~1\TANGOM~1\app\lognt.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 06:14:58 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-12-01 06:00:17 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-12-24 01:53:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 20:50:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 20:54:33 - machine was rebooted [NAME]
.
2007-12-12 01:35:18 --- E O F ---


Thanks!

[sUBs]

Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:

• ViewPoint

Please note any other programs that you dont recognize in that list in your next response


---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:

Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------


In your next post, please include fresh logs from:

1. Fresh Hijackthis log taken just before replying
2. Online scan
3. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[webby45wr]

Everything appears to be working properly. THe computer does not seem sluggish either.

Here is the HijackThis Log:
Deckard's System Scanner v20071014.68
Run by NAME on 2007-12-24 10:51:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as NAME.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:17 AM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\QuickTime\qttask.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NAME\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JEFFRE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\NAME\Application Data\Mozilla\Profiles\default\g840fbyt.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\NAME\Application Data\Mozilla\Profiles\default\g840fbyt.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...6/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1198359029171
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...19/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C491C0B-7140-43C9-8F35-A43D55370320}: NameServer = 166.102.165.11 166.102.165.13
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 5669 bytes

-- Files created between 2007-11-24 and 2007-12-24 -----------------------------

2007-12-24 08:25:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-24 08:25:17 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-24 08:25:12 0 d-------- C:\WINDOWS\LastGood
2007-12-23 07:11:44 0 d-------- C:\Program Files\Trend Micro
2007-12-23 00:14:38 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2007-12-22 19:24:20 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-22 18:41:33 0 d-------- C:\Documents and Settings\NAME\.housecall6.6
2007-12-22 10:31:18 0 d-------- C:\Program Files\Windows Defender
2007-12-17 13:08:13 0 d-------- C:\Documents and Settings\NAME\.jpi_cache
2007-12-17 13:08:12 0 d-------- C:\Documents and Settings\NAME\.java
2007-12-15 11:52:08 0 d-------- C:\Program Files\ACW
2007-12-15 11:49:51 0 d-------- C:\Documents and Settings\NAME\Application Data\Yahoo!
2007-12-15 11:14:20 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-12-15 09:05:57 0 d-------- C:\Documents and Settings\NAME\.javaws
2007-12-15 09:04:21 105168 --a------ C:\WINDOWS\NSUninst.exe
2007-12-15 09:03:49 105168 --a------ C:\WINDOWS\GREUninstall.exe
2007-12-15 09:03:44 9580 --a------ C:\WINDOWS\mozver.dat
2007-12-15 09:03:43 0 d-------- C:\Documents and Settings\NAME\Application Data\Mozilla
2007-12-15 09:03:40 0 d-------- C:\Program Files\Common Files\mozilla.org
2007-12-15 09:02:04 0 d-------- C:\Program Files\Netscape
2007-12-08 21:37:52 0 d-------- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2007-12-23 01:15:08 0 d-------- C:\Program Files\QuickTime
2007-12-23 01:05:00 0 d-------- C:\Program Files\Digital Line Detect
2007-12-22 23:39:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-22 20:07:59 0 d-------- C:\Program Files\LimeWire
2007-12-22 20:05:07 0 d-------- C:\Program Files\AIM
2007-12-22 20:03:30 0 d-------- C:\Program Files\Rhapsody
2007-12-22 19:12:10 0 d-------- C:\Program Files\SpywareBlaster
2007-12-22 15:48:19 0 d-------- C:\Documents and Settings\NAME\Application Data\Adobe
2007-12-22 15:10:55 0 d-------- C:\Program Files\Yahoo!
2007-12-22 15:09:20 0 d-------- C:\Program Files\ArcadeRockstar
2007-12-19 21:09:24 4 --a------ C:\WINDOWS\system32\49276C
2007-12-19 18:28:25 0 d-------- C:\Documents and Settings\NAME\Application Data\Real
2007-12-15 09:05:05 0 d-------- C:\Program Files\Java
2007-12-15 09:04:17 0 d-------- C:\Program Files\AOD
2007-12-15 09:03:40 0 d-------- C:\Program Files\Common Files
2007-11-21 19:19:03 0 d-------- C:\Program Files\McAfee
2007-11-07 20:56:19 0 d-------- C:\Program Files\MySpace


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 02:24 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [12/25/1724 02:46 PM]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\NAME\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 1:36:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 1:36:04 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/28/2003 10:37:46 AM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-12-24 10:51:46 ------------

Kaspersky Scan Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 24, 2007 10:50:15 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/12/2007
Kaspersky Anti-Virus database records: 493039
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 73711
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:27:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{20076451-A487-4C96-8A99-8C55D0D6A953}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{A0F6CDC4-18EF-4942-8DCC-BB95B837A4EE}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12222007-103137.log Object is locked skipped
C:\Documents and Settings\NAME\Application Data\Aim\rkynjexm\webby27de\cert8.db Object is locked skipped
C:\Documents and Settings\NAME\Application Data\Aim\rkynjexm\webby27de\key3.db Object is locked skipped
C:\Documents and Settings\NAME\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\NAME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NAME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NAME\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F5D750D2-0889-436B-ABFC-D156C811CB7D} Object is locked skipped
C:\Documents and Settings\NAME\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\NAME\Local Settings\History\History.IE5\MSHist012007122420071225\index.dat Object is locked skipped
C:\Documents and Settings\NAME\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\NAME\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NAME\Local Settings\Temporary Internet Files\Content.IE5\WQOZG7LC\bind[2].htm Object is locked skipped
C:\Documents and Settings\NAME\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NAME\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\JDAmericanFarmer_Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Downloads\WarshipSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010004.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1588\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{90CB09A1-C9E9-4A9C-B1A6-2F079AFE18F2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_0EouMNEL02Kg1yC Object is locked skipped
C:\WINDOWS\Temp\mcmsc_CpjFj48pc7BCZMy Object is locked skipped
C:\WINDOWS\Temp\mcmsc_g49LDm15fIvGDwy Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Nv0huNZqvEZ2UL0 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_tvjms9bxDJbil9l Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

I had the following errors when running the ComboFix.exe program:

Windows Error - swreg.cfexe Application error - instruction at 0x7c9111de referenced memory at 0x00780065. The memory could not be read. click to terminate program.

ComboFix gave this error - could not find C:\ComboFix\temp0?

I was still able to run the program and follow your instructions. Here is the log:
ComboFix 07-12-24.7 - NAME 2007-12-23 20:40:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.332 [GMT -5:00]
Running from: C:\Documents and Settings\NAME\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\NAME\Application Data\macromedia\Flash Player\#SharedObjects\A2YKBY7U\www.broadcaster.com
C:\Documents and Settings\NAME\Application Data\macromedia\Flash Player\#SharedObjects\A2YKBY7U\www.broadcaster.com\played_list.sol
C:\Documents and Settings\NAME\Application Data\macromedia\Flash Player\#SharedObjects\A2YKBY7U\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\NAME\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\NAME\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\kdxne.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-23 07:11 . 2007-12-23 07:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 07:08 . 2007-12-23 07:08 <DIR> d-------- C:\Deckard
2007-12-23 00:14 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2007-12-22 19:24 . 2007-12-23 01:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-22 19:24 . 2007-12-23 00:06 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-22 19:24 . 2007-12-23 00:06 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-22 19:24 . 2007-12-23 00:06 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-22 18:41 . 2007-12-22 21:07 <DIR> d-------- C:\Documents and Settings\NAME\.housecall6.6
2007-12-22 10:31 . 2007-12-23 01:17 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-17 13:08 . 2007-12-17 13:08 <DIR> d-------- C:\Documents and Settings\NAME\.jpi_cache
2007-12-17 13:08 . 2007-12-17 13:08 <DIR> d-------- C:\Documents and Settings\NAME\.java
2007-12-16 13:09 . 2007-12-16 21:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-16 13:09 . 2007-12-16 13:09 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-15 11:52 . 2007-12-15 11:52 <DIR> d-------- C:\Program Files\ACW
2007-12-15 11:49 . 2007-12-15 11:49 <DIR> d-------- C:\Documents and Settings\NAME\Application Data\Yahoo!
2007-12-15 11:14 . 2007-12-15 11:15 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-15 09:05 . 2007-12-15 09:05 <DIR> d-------- C:\Documents and Settings\NAME\.javaws
2007-12-15 09:05 . 2003-02-20 16:42 229,487 --a------ C:\WINDOWS\SYSTEM32\jpicpl32.cpl
2007-12-15 09:04 . 2007-12-15 09:04 105,168 --a------ C:\WINDOWS\NSUninst.exe
2007-12-15 09:03 . 2007-12-15 09:03 <DIR> d-------- C:\Program Files\Common Files\mozilla.org
2007-12-15 09:03 . 2007-12-15 09:03 105,168 --a------ C:\WINDOWS\GREUninstall.exe
2007-12-15 09:03 . 2007-12-15 09:06 9,580 --a------ C:\WINDOWS\mozver.dat
2007-12-15 09:02 . 2007-12-15 09:02 <DIR> d-------- C:\Program Files\Netscape
2007-12-11 20:34 . 2007-12-11 20:34 127 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2007-12-08 21:37 . 2007-12-08 21:37 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 06:15 --------- d-----w C:\Program Files\QuickTime
2007-12-23 06:05 --------- d-----w C:\Program Files\Digital Line Detect
2007-12-23 04:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 01:07 --------- d-----w C:\Program Files\LimeWire
2007-12-23 01:05 --------- d-----w C:\Program Files\AIM
2007-12-23 01:03 --------- d-----w C:\Program Files\Rhapsody
2007-12-23 00:15 --------- d-----w C:\Program Files\Viewpoint
2007-12-23 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-23 00:12 --------- d-----w C:\Program Files\SpywareBlaster
2007-12-22 20:10 --------- d-----w C:\Program Files\Yahoo!
2007-12-22 20:09 --------- d-----w C:\Program Files\ArcadeRockstar
2007-12-15 14:05 --------- d-----w C:\Program Files\Java
2007-12-15 14:04 --------- d-----w C:\Program Files\AOD
2007-11-22 00:19 --------- d-----w C:\Program Files\McAfee
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 01:56 --------- d-----w C:\Program Files\MySpace
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\PROGRA~1\INCRED~1\bin\IncMail.exe" [1724-12-25 14:46]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 02:24]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-08-28 10:37:46]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 HPFECP06;HPFECP06;C:\WINDOWS\system32\drivers\HPFECP06.SYS [2003-09-03 18:51]
S3 L2XPSR;L2XPSR;D:\Release\L2XPSR.SYS []
S3 LOGNT;LOGNT;C:\PROGRA~1\EFFICI~1\TANGOM~1\app\lognt.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 06:14:58 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-12-01 06:00:17 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-12-24 01:53:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 20:50:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 20:54:33 - machine was rebooted [NAME]
.
2007-12-12 01:35:18 --- E O F ---

[sUBs]

Go to Start > Control Panel > Add or Remove Programs and uninstall the following programs:

• ViewPoint

Please note any other programs that you dont recognize in that list in your next response


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\Downloads\JDAmericanFarmer_Setup-dm[1].exe
C:\Downloads\WarshipSetup-dm[1].exe
Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

[webby45wr]

I could not find viewpoint under Add/Remove Prog