HiJackThis , pretty sure I have a trojan

[ALO3000]

Hey Everyone, Merry Christmas.

I'm pretty sure I've got a virus of some kind, and it's blocking my access to the internet on both Firefox and IE. I've run McAfee, AdAware SE, and Bug Doctor, and I get new errors almost every time. I've also been having problems with having access permission to Program Files.

Here's my log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:17 PM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\DSentry .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Philips\PSA2\skin\QveCplSk .EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched .exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\WINDOWS\TEMP\win266.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\TEMP\win266 .exe
C:\PROGRA~1\mcafee.com\agent\MCREGW~1.EXE
C:\WINDOWS\lsass .exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld .exe
C:\PROGRA~1\mcafee.com\agent\MCREGW~1 .EXE
C:\PROGRA~1\mcafee.com\agent\mcagent .exe
C:\Program Files\McAfee.com\VSO\oasclnt .exe
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\DataStudio\PASPortal.exe
C:\Program Files\Skype\Phone\Skype .exe
C:\Documents and Settings\Kyle\Desktop\HiJackThis.exe
c:\program files\mcafee.com\agent\mcupdate.exe
c:\program files\mcafee.com\agent\mcupdate .exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrq.exe
O1 - Hosts: comments (such as these) may be inserted on individual
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
O4 - HKLM\..\Run: [SQInstaller] C:\Documents and Settings\Kristen\igetnet_3845_3645.exeSQInstaller.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142831782\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -scheduler
O4 - HKLM\..\Run: [qngxarut] rundll32.exe "C:\Program Files\qngxarut\wtqnohsn.dll",Init
O4 - HKLM\..\Run: [vebsvmni] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\vebsvmni.dll"
O4 - HKLM\..\Run: [sysrestore32.exe] C:\WINDOWS\system32\sysrestore32.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxaz.dll,startup
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win266 .exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [wpgtarir] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\wpgtarir.dll"
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe
O4 - HKLM\..\Run: [jcfabmlk] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\jcfabmlk.dll"
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\MCREGW~2.EXE /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam.exe" -silent
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BWCoach] C:\Documents and Settings\Kyle\Desktop\bwcoach\bwcoach.exe -auto
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: PASPortal.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\calsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39C4BE20-D97E-4987-B3A2-66EB993FA8A8}: NameServer = 206.13.29.12,206.13.30.12
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IP Monitor Network Address Monitor (IP Monitor) - Barefoot Productions, Inc. - C:\Program Files\IP Monitor\IPMonSvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13235 bytes


Any help would be much appreciated. Thanks!

[sUBs]

www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[ALO3000]

subs,

Thanks for replying so quickly.

Here are the new logs

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:50 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\mcafee.com\agent\MCREGW~3.EXE
C:\PROGRA~1\mcafee.com\agent\MCREGW~3 .EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\DataStudio\PASPortal.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Kyle\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrq.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
O4 - HKLM\..\Run: [SQInstaller] C:\Documents and Settings\Kristen\igetnet_3845_3645.exeSQInstaller.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [sysrestore32.exe] C:\WINDOWS\system32\sysrestore32.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\MCREGW~4.EXE /autorun
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\6.bin\MWSOEMON.EXE
O4 - Global Startup: PASPortal.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\calsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39C4BE20-D97E-4987-B3A2-66EB993FA8A8}: NameServer = 206.13.29.12,206.13.30.12
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IP Monitor Network Address Monitor (IP Monitor) - Barefoot Productions, Inc. - C:\Program Files\IP Monitor\IPMonSvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7336 bytes




ComboFix:

ComboFix 07-12-26.3 - Jim 2007-12-25 15:38:00.1 - NTFSx86
Running from: C:\Documents and Settings\Jim\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\jcfabmlk.dll
C:\Documents and Settings\All Users\Application Data.\vebsvmni.dll
C:\Documents and Settings\All Users\Application Data.\wpgtarir.dll
C:\Documents and Settings\Kyle\Application Data\macromedia\Flash Player\#SharedObjects\D7DECZJ5\www.broadcaster.com
C:\Documents and Settings\Kyle\Application Data\macromedia\Flash Player\#SharedObjects\D7DECZJ5\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Kyle\Application Data\macromedia\Flash Player\#SharedObjects\D7DECZJ5\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Kyle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Kyle\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\3269.exe
C:\Program Files\Common Files\AOL\1142831782\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Helper
C:\Program Files\Helper\Helper9.dll
C:\Program Files\Helper\superfinderusa.dll
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Kmfkrvjd
C:\Program Files\Kmfkrvjd\oxalacof.dll
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Pccgwisi
C:\Program Files\Pccgwisi\jacjgcrq.dll
C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\qngxarut
C:\Program Files\qngxarut\wtqnohsn.dll
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\spoolsv.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\Ultimate Defender
C:\Program Files\Ultimate Defender\program.info
C:\Program Files\Ultimate Defender\UltimateDefender.db
C:\Program Files\Ultimate Defender\UltimateDefender.exe
C:\Program Files\Ultimate Defender\Uninstall.exe
C:\Program Files\Upeiwzss
C:\Program Files\Upeiwzss\ahfrvyue.dll
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\install.exe
C:\WINDOWS\lsass .exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\ue5YDcS6Izuc.exe
C:\WINDOWS\system32\drvxazr.dll
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnmjkk.dll
C:\WINDOWS\SYSTEM32\qrqss.ini
C:\WINDOWS\SYSTEM32\qrqss.ini2
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrq.exe
C:\WINDOWS\system32\winzwr32.dll
C:\WINDOWS\TEMP\win266 .exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-26 15:58 . 2007-12-26 15:58 444 --ahs---- C:\WINDOWS\SYSTEM32\qrqss.ini2
2007-12-26 15:58 . 2007-12-26 15:58 444 --ahs---- C:\WINDOWS\SYSTEM32\qrqss.ini
2007-12-26 15:56 . 2007-12-26 15:56 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-26 15:56 . 2007-12-26 15:55 756,224 --a------ C:\WINDOWS\SYSTEM32\OLDC.tmp
2007-12-26 15:55 . 2007-12-26 15:56 388,608 --a------ C:\WINDOWS\SYSTEM32\cmd .exe
2007-12-26 15:55 . 2007-12-26 15:55 338,944 --------- C:\WINDOWS\SYSTEM32\ssqrq.dll
2007-12-25 13:08 . 2007-12-25 13:08 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\iolo
2007-12-25 13:08 . 2007-12-25 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-24 23:50 . 2005-07-14 12:33 114,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys
2007-12-24 23:49 . 2005-05-24 19:23 288,320 --a------ C:\WINDOWS\SYSTEM32\mcgdmgr.dll
2007-12-24 23:08 . 2007-12-24 23:08 342,236 --a------ C:\WINDOWS\SYSTEM32\RCX24B.tmp
2007-12-24 23:04 . 2007-12-24 23:04 26,624 -r-hs---- C:\Program Files\lsass.exe
2007-12-24 18:23 . 2007-12-24 18:23 27,648 --a------ C:\WINDOWS\xpupdate .exe
2007-12-24 17:24 . 2007-12-24 17:24 104,448 --a------ C:\WINDOWS\SYSTEM32\drvxaz.dll
2007-12-24 17:17 . 2007-12-24 22:22 1,266,936 --a------ C:\Program Files\Steam .exe
2007-12-24 17:16 . 2007-12-25 15:29 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry .exe
2007-12-24 13:37 . 2007-12-24 13:40 <DIR> d-------- C:\Program Files\PCPitstop
2007-12-24 13:17 . 2007-12-24 13:17 1,283,174 --a------ C:\Install
2007-12-24 13:03 . 2007-12-24 13:03 342,528 --a------ C:\WINDOWS\SYSTEM32\RCX4A.tmp
2007-12-24 12:34 . 2007-12-25 09:31 0 --ah----- C:\BIT199.tmp
2007-12-24 12:29 . 2007-12-24 12:29 <DIR> d-------- C:\WINDOWS\ppqvmpqr
2007-12-24 12:29 . 2007-12-24 12:29 208,896 --a------ C:\WINDOWS\SYSTEM32\ndaTqsVqrX.dll
2007-12-24 12:29 . 2007-12-24 12:29 57,856 --a------ C:\fjls.exe
2007-12-24 12:29 . 2007-12-24 17:18 15,040 --a------ C:\WINDOWS\SYSTEM32\sysrest.sys
2007-12-24 12:29 . 2007-12-24 17:20 9,216 --a------ C:\WINDOWS\SYSTEM32\msvcrt32.dll
2007-12-24 12:29 . 2007-12-24 18:01 6,590 --a------ C:\WINDOWS\SYSTEM32\attrib.ini
2007-12-24 12:29 . 2007-12-24 12:29 2 --a------ C:\817904926
2007-12-24 12:28 . 2007-12-24 12:28 34,816 --a------ C:\gsyhv.exe
2007-12-24 11:43 . 2007-12-24 11:43 0 --a------ C:\WINDOWS\SYSTEM32\Ultra.dll
2007-12-24 11:27 . 2007-12-24 17:45 <DIR> d-------- C:\Program Files\Bug Doctor
2007-12-23 00:12 . 2007-12-23 00:14 <DIR> d--h----- C:\Program Files\old
2007-12-15 21:23 . 2007-12-15 21:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 21:23 . 2007-12-15 21:23 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 23:46 --------- d-----w C:\Program Files\QuickTime
2007-12-26 23:46 --------- d-----w C:\Program Files\ProcessGuard
2007-12-26 23:46 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 23:46 --------- d-----w C:\Program Files\iTunes
2007-12-26 23:46 --------- d-----w C:\Program Files\Dell AIO Printer A920
2007-12-25 22:41 --------- d-----w C:\Program Files\Viewpoint
2007-12-25 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-25 07:50 --------- d-----w C:\Program Files\McAfee.com
2007-12-25 07:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-25 07:01 --------- d-----w C:\Documents and Settings\Jim\Application Data\Lavasoft
2007-12-25 06:24 377,067 ----a-w C:\Program Files\ClientRegistry.blob
2007-12-25 06:23 32,332 ----a-w C:\Program Files\Steamexe__264972__2007_12_25T6_23_42C61828.mdmp
2007-12-25 03:39 33,981 ----a-w C:\Program Files\Steamexe__264972__2007_12_25T3_39_51C103328.mdmp
2007-12-25 02:26 --------- d-----w C:\Program Files\AIM6
2007-12-25 02:24 33,773 ----a-w C:\Program Files\Steamexe__264972__2007_12_25T2_24_38C80921.mdmp
2007-12-25 01:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 01:20 33,173 ----a-w C:\Program Files\Steamexe__264972__2007_12_25T1_20_5C102562.mdmp
2007-12-24 23:07 34,765 ----a-w C:\Program Files\Steamexe__264972__2007_12_24T23_6_50C97203.mdmp
2007-12-24 22:54 33,389 ----a-w C:\Program Files\Steamexe__264972__2007_12_24T22_54_19C57250.mdmp
2007-12-24 22:42 --------- d-----w C:\Documents and Settings\Kyle\Application Data\Skype
2007-12-24 22:41 33,601 ----a-w C:\Program Files\Steamexe__264972__2007_12_24T22_41_40C76765.mdmp
2007-12-24 22:27 32,506 ----a-w C:\Program Files\Steamexe__264972__2007_12_24T22_27_27C24562.mdmp
2007-12-24 21:06 33,561 ----a-w C:\Program Files\Steamexe__264972__2007_12_24T21_5_47C65781.mdmp
2007-12-24 19:18 103,720 ----a-w C:\Program Files\AppUpdateStats.blob
2007-12-24 19:17 565,116 ----a-w C:\Program Files\Steam.log
2007-12-24 19:12 --------- d-----w C:\Program Files\Plagiarism-Finder 1.2.2 TRIAL
2007-12-24 18:54 10,475 ----a-w C:\Program Files\GameOverlayUI.exe.log
2007-12-24 18:54 1,001 ----a-w C:\Program Files\GameOverlayRenderer.dll.log
2007-12-24 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-24 04:47 --------- d-----w C:\Program Files\AIM
2007-12-23 08:14 63,257 ----a-w C:\Program Files\SteamUI_447.mst
2007-12-23 08:14 540,672 ----a-w C:\Program Files\mss32_s.dll
2007-12-23 08:14 340,216 ----a-w C:\Program Files\vstdlib_s.dll
2007-12-23 08:14 206,072 ----a-w C:\Program Files\GameOverlayRenderer.dll
2007-12-23 08:14 1,008,888 ----a-w C:\Program Files\GameOverlayUI.exe
2007-12-23 08:14 --------- d-----w C:\Program Files\Graphics
2007-12-23 08:13 3,273,976 ----a-w C:\Program Files\Steam.dll
2007-12-23 08:13 229,624 ----a-w C:\Program Files\tier0_s.dll
2007-12-23 08:13 2,739,960 ----a-w C:\Program Files\SteamUI.dll
2007-12-23 08:13 112,128 ----a-w C:\Program Files\CSERHelper.dll
2007-12-23 08:13 1,595,128 ----a-w C:\Program Files\steamclient.dll
2007-12-23 08:13 1,039,192 ----a-w C:\Program Files\dbghelp.dll
2007-12-23 08:13 --------- d-----w C:\Program Files\resource
2007-12-23 08:13 --------- d-----w C:\Program Files\Public
2007-12-23 08:13 --------- d-----w C:\Program Files\bin
2007-12-23 08:12 251,128 ----a-w C:\Program Files\WriteMiniDump.exe
2007-12-23 08:11 14 ----a-w C:\Program Files\Steam_41.mst
2007-12-23 08:04 --------- d-----w C:\Program Files\World of Warcraft
2007-12-23 08:02 --------- d-----w C:\Program Files\LimeWire
2007-12-23 07:58 --------- d-----w C:\Program Files\Incomplete
2007-12-21 23:38 --------- d-----w C:\Program Files\config
2007-12-21 23:37 --------- d-----w C:\Program Files\appcache
2007-11-21 01:57 --------- d-----w C:\Program Files\mIRC
2007-11-16 23:20 --------- d-----w C:\Program Files\Common Files\aol
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 00:59 --------- d-----w C:\Program Files\Roni Music
2007-11-02 00:59 --------- d-----w C:\Documents and Settings\Kyle\Application Data\Roni Music
2007-10-31 02:58 62,267 ----a-w C:\Program Files\SteamUI_410.mst
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-06 20:48 14 ----a-w C:\Program Files\Steam_39.mst
2007-10-05 01:14 5,783,424 ----a-w C:\WINDOWS\SYSTEM32\nv4_disp(2).dll
2007-09-12 07:41 99,976 -c--a-w C:\Documents and Settings\Kyle\Application Data\GDIPFONTCACHEV1.DAT
2007-03-29 23:29 121 ----a-w C:\Program Files\Support.url
2006-11-22 02:08 17,374 ----a-w C:\Program Files\SteamUI_251.mst
2006-07-08 02:04 11,235 ----a-w C:\Program Files\SteamUI_164.mst
2006-05-22 06:16 99,632 -c--a-w C:\Documents and Settings\Kristen\Application Data\GDIPFONTCACHEV1.DAT
2005-11-04 14:56 318,111 -c--a-w C:\Documents and Settings\Kristen\Application Data\babupd.bin
2005-11-02 06:15 318,111 -c--a-w C:\Documents and Settings\Kyle\Application Data\babupd.bin
2005-10-21 02:35 10,761 -c--a-w C:\Program Files\SteamUI_72.mst
2005-09-15 23:20 318 ----a-r C:\Program Files\steam.ico
2005-09-14 01:49 9,653 ----a-w C:\Program Files\steam_install_agreement.rtf
2005-08-13 21:21 14 ----a-w C:\Program Files\Steam_14.mst
2005-05-09 22:29 2,509 -c--a-w C:\Program Files\INSTALL.LOG
2004-11-22 03:16 86,712 ----a-w C:\Documents and Settings\Teri\Application Data\GDIPFONTCACHEV1.DAT
2002-07-27 00:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85B75125-FC79-4D41-8723-3E5469AEC892}]
2007-12-26 15:55 338944 --------- C:\WINDOWS\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"Open Site"="C:\Program Files\Open Site\opnste.exe" []
"SQInstaller"="C:\Documents and Settings\Kristen\igetnet_3845_3645.exeSQInstaller.exe" []
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 01:50 C:\WINDOWS\LOGI_MWX.EXE]
"WildTangent CDA"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"sysrestore32.exe"="C:\WINDOWS\system32\sysrestore32.exe" []
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\MCREGW~4.exe" [2007-12-26 15:58]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\MCUPDA~2.EXE" [2007-12-26 15:58]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-05-05 20:31:58]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 06:25:38]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-08-01 13:33:37]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwwvt]
cbxwwvt.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ssqrq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqrq

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 15:58:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ssqrq.dll
.
Completion time: 2007-12-26 16:01:46 - machine was rebooted
.
2007-12-24 11:01:28 --- E O F ---

[sUBs]

Quite a few of your legit files have got infected. Please carry out the instructions from this page :> click here

[ALO3000]

Alright, here's the Log.txt I ended up with after running the check.bat

[sUBs]

All of those files got renamed by the infection. It added an extra space into the filename.

Example:

Original Name: "Reader_sl.exe"
Name modified by the infection: "Reader_sl .exe"

Please download this tool :> http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
Place the tool next to Log.txt




Refering to the picture above, drag Log.txt into RenV.exe

When finished, it shall produce a log for you. Post that log in your next reply.

[ALO3000]

sUBs,

I ran the RenV.exe file by dragging the Log.txt onto it like you said, but no log file was produced. I tried again a few times, and I noticed that as the process was running, the majority of the files checked did not exist, and four or five others had access denied, but still no log file.

I'm not sure if this matters, but the computer in question doesn't have internet access.

[sUBs]

Run ComboFIx now

[ALO3000]

New Combofix Log:

ComboFix 07-12-26.3 - Kyle 2007-12-27 12:25:23.2 - NTFSx86
Running from: C:\Documents and Settings\Kyle\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\SYSTEM32\qrqss.ini
C:\WINDOWS\SYSTEM32\qrqss.ini2
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\ssqrq.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.

2007-12-27 11:21 . 2007-12-27 11:52 18,723 --a------ C:\temp00.cmd
2007-12-26 19:32 . 2007-12-26 19:32 <DIR> d-------- C:\Documents and Settings\Jim\Application Data\iolo
2007-12-26 15:55 . 2007-12-26 15:56 388,608 --a------ C:\WINDOWS\SYSTEM32\cmd .exe
2007-12-25 13:08 . 2007-12-25 13:08 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\iolo
2007-12-25 13:08 . 2007-12-25 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-24 23:50 . 2005-07-14 12:33 114,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys
2007-12-24 23:49 . 2005-05-24 19:23 288,320 --a------ C:\WINDOWS\SYSTEM32\mcgdmgr.dll
2007-12-24 23:08 . 2007-12-24 23:08 342,236 --a------ C:\WINDOWS\SYSTEM32\RCX24B.tmp
2007-12-24 23:04 . 2007-12-24 23:04 26,624 -r-hs---- C:\Program Files\lsass.exe
2007-12-24 17:24 . 2007-12-24 17:24 104,448 --a------ C:\WINDOWS\SYSTEM32\drvxaz.dll
2007-12-24 17:16 . 2007-12-25 15:29 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry .exe
2007-12-24 13:37 . 2007-12-24 13:40 <DIR> d-------- C:\Program Files\PCPitstop
2007-12-24 13:17 . 2007-12-24 13:17 1,283,174 --a------ C:\Install
2007-12-24 13:03 . 2007-12-24 13:03 342,528 --a------ C:\WINDOWS\SYSTEM32\RCX4A.tmp
2007-12-24 12:34 . 2007-12-25 09:31 0 --ah----- C:\BIT199.tmp
2007-12-24 12:29 . 2007-12-24 12:29 <DIR> d-------- C:\WINDOWS\ppqvmpqr
2007-12-24 12:29 . 2007-12-24 12:29 208,896 --a------ C:\WINDOWS\SYSTEM32\ndaTqsVqrX.dll
2007-12-24 12:29 . 2007-12-24 12:29 57,856 --a------ C:\fjls.exe
2007-12-24 12:29 . 2007-12-24 17:18 15,040 --a------ C:\WINDOWS\SYSTEM32\sysrest.sys
2007-12-24 12:29 . 2007-12-24 17:20 9,216 --a------ C:\WINDOWS\SYSTEM32\msvcrt32.dll
2007-12-24 12:29 . 2007-12-24 18:01 6,590 --a------ C:\WINDOWS\SYSTEM32\attrib.ini
2007-12-24 12:29 . 2007-12-24 12:29 2 --a------ C:\817904926
2007-12-24 12:28 . 2007-12-24 12:28 34,816 --a------ C:\gsyhv.exe
2007-12-24 11:43 . 2007-12-24 11:43 0 --a------ C:\WINDOWS\SYSTEM32\Ultra.dll
2007-12-24 11:27 . 2007-12-27 10:35 <DIR> d-------- C:\Program Files\Bug Doctor
2007-12-23 00:12 . 2007-12-23 00:14 <DIR> d--h----- C:\Program Files\old
2007-12-15 21:23 . 2007-12-15 21:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 21:23 . 2007-12-15 21:23 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 20:29 --------- d-----w C:\Program Files\QuickTime
2007-12-27 19:23 --------- d-----w C:\Program Files\ProcessGuard
2007-12-27 19:23 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 19:23 --------- d-----w C:\Program Files\iTunes
2007-12-27 19:23 --------- d-----w C:\Program Files\Dell AIO Printer A920
2007-12-25 22:41 --------- d-----w C:\Program Files\Viewpoint
2007-12-25 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-25 07:50 --------- d-----w C:\Program Files\McAfee.com
2007-12-25 07:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-25 07:01 --------- d-----w C:\Documents and Settings\Jim\Application Data\Lavasoft
2007-12-25 06:24 377,067 ----a-w C:\Program Files\ClientRegistry.blob
2007-12-25 06:23 32,332 ----a-w C:\Program Files\Steamexe__264972__2007_12_25T6_23_42C61828.mdmp
2007-12-25 03:39 33,981 ----a-w C:\Program Files\Steamexe__264972__2007_12_25T3_39_51C103328.mdmp
2007-12-25 02:26 --------- d-----w C:\Program Files\AIM6
2007-12-25 02:24 33,773 ----a-w C:\Program Files\Steamexe__264972__2007_12_25T2_24_38C80921.mdmp
2007-12-25 01:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 01:20 33,173 ----a-w C:\Program Files\Steamexe__264972__2007_12_25T1_20_5C102562.mdmp
2007-12-24 23:07 34,765 ----a-w C:\Program Files\Steamexe__264972__2007_12_24T23_6_50C97203.mdmp
2007-12-24 22:54 33,389 ----a-w C:\Program Files\Steamexe__264972__2007_12_24T22_54_19C57250.mdmp
2007-12-24 22:42 --------- d-----w C:\Documents and Settings\Kyle\Application Data\Skype
2007-12-24 22:41 33,601 ----a-w C:\Program Files\Steamexe__264972__2007_12_24T22_41_40C76765.mdmp
2007-12-24 22:27 32,506 ----a-w C:\Program Files\Steamexe__264972__2007_12_24T22_27_27C24562.mdmp
2007-12-24 21:06 33,561 ----a-w C:\Program Files\Steamexe__264972__2007_12_24T21_5_47C65781.mdmp
2007-12-24 19:18 103,720 ----a-w C:\Program Files\AppUpdateStats.blob
2007-12-24 19:17 565,116 ----a-w C:\Program Files\Steam.log
2007-12-24 19:12 --------- d-----w C:\Program Files\Plagiarism-Finder 1.2.2 TRIAL
2007-12-24 18:54 10,475 ----a-w C:\Program Files\GameOverlayUI.exe.log
2007-12-24 18:54 1,001 ----a-w C:\Program Files\GameOverlayRenderer.dll.log
2007-12-24 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-24 04:47 --------- d-----w C:\Program Files\AIM
2007-12-23 08:14 63,257 ----a-w C:\Program Files\SteamUI_447.mst
2007-12-23 08:14 540,672 ----a-w C:\Program Files\mss32_s.dll
2007-12-23 08:14 340,216 ----a-w C:\Program Files\vstdlib_s.dll
2007-12-23 08:14 206,072 ----a-w C:\Program Files\GameOverlayRenderer.dll
2007-12-23 08:14 1,008,888 ----a-w C:\Program Files\GameOverlayUI.exe
2007-12-23 08:14 --------- d-----w C:\Program Files\Graphics
2007-12-23 08:13 3,273,976 ----a-w C:\Program Files\Steam.dll
2007-12-23 08:13 229,624 ----a-w C:\Program Files\tier0_s.dll
2007-12-23 08:13 2,739,960 ----a-w C:\Program Files\SteamUI.dll
2007-12-23 08:13 112,128 ----a-w C:\Program Files\CSERHelper.dll
2007-12-23 08:13 1,595,128 ----a-w C:\Program Files\steamclient.dll
2007-12-23 08:13 1,039,192 ----a-w C:\Program Files\dbghelp.dll
2007-12-23 08:13 --------- d-----w C:\Program Files\resource
2007-12-23 08:13 --------- d-----w C:\Program Files\Public
2007-12-23 08:13 --------- d-----w C:\Program Files\bin
2007-12-23 08:12 251,128 ----a-w C:\Program Files\WriteMiniDump.exe
2007-12-23 08:11 14 ----a-w C:\Program Files\Steam_41.mst
2007-12-23 08:04 --------- d-----w C:\Program Files\World of Warcraft
2007-12-23 08:02 --------- d-----w C:\Program Files\LimeWire
2007-12-23 07:58 --------- d-----w C:\Program Files\Incomplete
2007-12-21 23:38 --------- d-----w C:\Program Files\config
2007-12-21 23:37 --------- d-----w C:\Program Files\appcache
2007-11-21 01:57 --------- d-----w C:\Program Files\mIRC
2007-11-16 23:20 --------- d-----w C:\Program Files\Common Files\aol
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-02 00:59 --------- d-----w C:\Program Files\Roni Music
2007-11-02 00:59 --------- d-----w C:\Documents and Settings\Kyle\Application Data\Roni Music
2007-10-31 02:58 62,267 ----a-w C:\Program Files\SteamUI_410.mst
2007-10-06 20:48 14 ----a-w C:\Program Files\Steam_39.mst
2007-09-12 07:41 99,976 -c--a-w C:\Documents and Settings\Kyle\Application Data\GDIPFONTCACHEV1.DAT
2007-03-29 23:29 121 ----a-w C:\Program Files\Support.url
2006-11-22 02:08 17,374 ----a-w C:\Program Files\SteamUI_251.mst
2006-07-08 02:04 11,235 ----a-w C:\Program Files\SteamUI_164.mst
2006-05-22 06:16 99,632 -c--a-w C:\Documents and Settings\Kristen\Application Data\GDIPFONTCACHEV1.DAT
2005-11-04 14:56 318,111 -c--a-w C:\Documents and Settings\Kristen\Application Data\babupd.bin
2005-11-02 06:15 318,111 -c--a-w C:\Documents and Settings\Kyle\Application Data\babupd.bin
2005-10-21 02:35 10,761 -c--a-w C:\Program Files\SteamUI_72.mst
2005-09-15 23:20 318 ----a-r C:\Program Files\steam.ico
2005-09-14 01:49 9,653 ----a-w C:\Program Files\steam_install_agreement.rtf
2005-08-13 21:21 14 ----a-w C:\Program Files\Steam_14.mst
2005-05-09 22:29 2,509 -c--a-w C:\Program Files\INSTALL.LOG
2004-11-22 03:16 86,712 ----a-w C:\Documents and Settings\Teri\Application Data\GDIPFONTCACHEV1.DAT
2002-07-27 00:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2007-12-26_15.59.52.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 1999-07-05 10:00:00 75,763 ----a-w C:\WINDOWS\SYSTEM32\mfc45.dll
- 2007-12-25 01:12:11 928,948 -c--a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
+ 2007-12-27 08:04:09 236,320 -c--a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" []
"IPMonitor"="" []
"!1_ProcessGuard_Startup"="C:\Program Files\ProcessGuard\procguard.exe" []
"Steam"="C:\Program Files\Steam.exe" []
"Microsoft Works Update Detection"="???\WkDetect.exe" []
"BWCoach"="C:\Documents and Settings\Kyle\Desktop\bwcoach\bwcoach.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"Open Site"="C:\Program Files\Open Site\opnste.exe" []
"SQInstaller"="C:\Documents and Settings\Kristen\igetnet_3845_3645.exeSQInstaller.exe" []
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 01:50 C:\WINDOWS\LOGI_MWX.EXE]
"WildTangent CDA"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"sysrestore32.exe"="C:\WINDOWS\system32\sysrestore32.exe" []
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\MCREGW~1.exe" []
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" []
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" []
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" []
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwwvt]
cbxwwvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 procguard;procguard;C:\WINDOWS\system32\drivers\procguard.sys [2005-01-20 14:13]
R3 PSC60x;Philips PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\pscaudio.sys [2002-08-27 15:33]
R3 QsndEnum;QSound Virtual Audio Devices Bus Enumerator;C:\WINDOWS\system32\DRIVERS\QsndEnum.sys [2002-07-18 13:47]
R3 QSoftAud;Philips Sound Agent 2 (WDM);C:\WINDOWS\system32\drivers\QSoftAud.sys [2002-10-28 10:17]
S2 DCSPGSRV;DiamondCS Process Guard Service v3.000;"C:\Program Files\ProcessGuard\dcsuserprot.exe" [2005-01-20 14:25]
S2 IP Monitor;IP Monitor Network Address Monitor;C:\Program Files\IP Monitor\IPMonSvc.exe [2005-05-11 08:41]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys [2003-06-24 19:17]
S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys [2007-12-24 17:18]
S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 09:27]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 12:33:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-27 12:37:14 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-26 16:01
.
2007-12-24 11:01:28 --- E O F ---

[sUBs]

Quote:

I ran the RenV.exe file by dragging the Log.txt onto it like you said, but no log file was produced.

I know now why RenV failed to produce a log. Please remove this line from Log.txt

Quote:

----a-w 388,608 2007-12-26 23:56:10 C:\WINDOWS\SYSTEM32\cmd .exe

Then try RenV.exe again.