AlwaysInternet

Here is my problem im using Mozilla Firefox 3.0.5, and whenever I go on a website another one pops up (occasionally) e.g Antivirus 2009, Blinkx etc.
I think its spyware.

P.S: Thank you Egwene for helping me with removing malware from my computer, it was succesful. This is on the laptop.



DDS (Version 1.1.0) - NTFSx86
Run by Lelouch Vi Britannia at 13:54:14.59 on Fri 12/26/2008
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.192 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Lelouch Vi Britannia\Desktop\gmer\gmer.exe
C:\Documents and Settings\Lelouch Vi Britannia\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {0704f673-46d9-d289-7154-2253351492f1}: {1f294153-3522-4517-982d-9d64376f4070} - c:\windows\system32\yuwvpj.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\khfEXpnK.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9b3217a5-87b8-4fd3-94eb-18528ff2c4e9} - c:\windows\system32\nnnkJAsT.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NAV CfgWiz] c:\program files\common files\symantec shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [9079b373] rundll32.exe "c:\windows\system32\hjocxppg.dll",b
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: khfEXpnK - khfEXpnK.dll
AppInit_DLLs: yuwvpj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\khfEXpnK.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnkJAsT

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lelouc~1\applic~1\mozilla\firefox\profiles\d6115m35.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 R592;R592;c:\windows\system32\drivers\R592.sys [2005-1-7 54912]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2004-9-6 234656]
R2 DOSMEMIO;MEMIO;\??\c:\windows\system32\MEMIO.SYS [2008-12-14 4300]
R2 navapsvc;Norton AntiVirus Auto Protect Service;"c:\program files\norton antivirus\navapsvc.exe" [2004-9-6 176256]
R2 SAVRTPEL;SAVRTPEL;\??\c:\program files\norton antivirus\SAVRTPEL.SYS [2004-9-6 37056]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20040811.020\NAVENG.SYS [2008-12-14 68168]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20040811.020\NAVEX15.SYS [2008-12-14 617288]
R3 SAVRT;SAVRT;\??\c:\program files\norton antivirus\SAVRT.SYS [2004-9-6 308416]
R3 SAVScan;SAVScan;"c:\program files\norton antivirus\SAVScan.exe" [2004-9-6 193816]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-25 66784]
S3 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2004-9-6 255136]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccPwdSvc.exe" [2004-9-6 87200]

=============== Created Last 30 ================

2008-12-26 13:50 129,024 a------- c:\windows\system32\yuwvpj.dll
2008-12-26 13:50 129,024 a------- c:\windows\system32\darrhtbq.dll
2008-12-26 13:47 1,639,241 ---sh--- c:\windows\system32\gppxcojh.ini
2008-12-26 13:47 72,704 a------- c:\windows\system32\hjocxppg.dll
2008-12-26 13:45 41,472 a------- c:\windows\system32\gysmckhu.dll
2008-12-25 20:12 7,680 a--sh--- c:\windows\Thumbs.db
2008-12-25 19:53 250 a------- c:\windows\gmer.ini
2008-12-25 19:33 8,101 a------- c:\windows\mozver.dat
2008-12-25 16:30 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SITEguard
2008-12-25 16:29 <DIR> --d----- c:\program files\common files\iS3
2008-12-25 16:29 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\STOPzilla!
2008-12-25 10:39 129,024 a------- c:\windows\system32\cwxtce.dll
2008-12-25 10:39 129,024 a------- c:\windows\system32\cjidkamu.dll
2008-12-25 10:36 1,639,241 a--sh--- c:\windows\system32\vudfotjv.ini
2008-12-25 10:36 72,704 a------- c:\windows\system32\vjtofduv.dll
2008-12-25 10:34 41,472 a------- c:\windows\system32\mxjgpces.dll
2008-12-24 10:09 1,639,259 a--sh--- c:\windows\system32\ackongdb.ini
2008-12-24 10:09 72,704 a------- c:\windows\system32\bdgnokca.dll
2008-12-24 10:06 129,024 a------- c:\windows\system32\trbmqq.dll
2008-12-24 10:06 129,024 a------- c:\windows\system32\voiwtcne.dll
2008-12-24 10:05 41,472 a------- c:\windows\system32\rybbmwuh.dll
2008-12-23 20:26 1,639,241 a--sh--- c:\windows\system32\ljuljvex.ini
2008-12-23 20:26 72,704 a------- c:\windows\system32\xevjlujl.dll
2008-12-23 20:23 129,024 a------- c:\windows\system32\jdrntf.dll
2008-12-23 20:23 129,024 a------- c:\windows\system32\fimmwcti.dll
2008-12-23 20:20 41,472 a------- c:\windows\system32\whnocucr.dll
2008-12-22 20:21 1,639,241 a--sh--- c:\windows\system32\odarcckt.ini
2008-12-22 20:21 72,704 a------- c:\windows\system32\tkccrado.dll
2008-12-22 20:21 129,024 a------- c:\windows\system32\boyamp.dll
2008-12-22 20:21 129,024 a------- c:\windows\system32\palcwgro.dll
2008-12-22 20:19 41,472 a------- c:\windows\system32\yhkqwofp.dll
2008-12-20 04:46 129,024 a------- c:\windows\system32\yxnzrd.dll
2008-12-20 04:46 129,024 a------- c:\windows\system32\efufcgrq.dll
2008-12-20 04:43 1,639,241 a--sh--- c:\windows\system32\hpgvjbqm.ini
2008-12-20 04:43 72,704 a------- c:\windows\system32\mqbjvgph.dll
2008-12-20 04:40 41,472 a------- c:\windows\system32\xmqojcly.dll
2008-12-20 04:37 <DIR> --d----- c:\docume~1\lelouc~1\applic~1\s_5849_NTN8fHx8NTN8fHwxMjQyMzg0NjUzfA_
2008-12-20 04:36 83,456 a------- c:\program files\common files\ThfLE53I.exe
2008-12-20 04:30 83,456 a------- c:\windows\system32\msiconf.exe
2008-12-20 04:30 61,440 a------- c:\windows\system32\svch?st.exe
2008-12-20 03:16 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-20 03:16 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-19 04:46 129,024 a------- c:\windows\system32\rjeypa.dll
2008-12-19 04:46 129,024 a------- c:\windows\system32\kntlarws.dll
2008-12-19 04:43 1,640,240 a--sh--- c:\windows\system32\xfpvwhir.ini
2008-12-19 04:43 72,704 a------- c:\windows\system32\rihwvpfx.dll
2008-12-19 04:40 41,472 a------- c:\windows\system32\vihtiybw.dll
2008-12-18 06:51 687,592 a------- c:\windows\system32\atmtd.dll._
2008-12-18 06:51 687,592 a------- c:\windows\system32\atmtd.dll
2008-12-18 03:36 2,710 a------- c:\windows\system32\TDSSlxwp.dll
2008-12-18 03:36 1,989 a------- c:\windows\uninstall_nmon.vbs
2008-12-18 03:36 <DIR> --dsh--- c:\windows\S3lvdG8sIFdlbGNvbWUu
2008-12-18 03:36 73,728 a------- c:\windows\system32\TDSSxfum.dll
2008-12-18 03:36 31,232 a------- c:\windows\system32\TDSSmtql.dll
2008-12-18 03:36 29,696 a------- c:\windows\system32\TDSShmxr.dll
2008-12-18 03:36 441 a------- c:\windows\system32\TDSSlrvd.dat
2008-12-18 03:36 35,840 a------- c:\windows\system32\TDSSoiqt.dll
2008-12-18 03:36 60,416 a------- c:\windows\system32\drivers\TDSSmqlt.sys
2008-12-18 03:33 129,024 a------- c:\windows\system32\uevlmq(2).dll
2008-12-18 03:32 758,612 a--sh--- c:\windows\system32\TsAJknnn.ini2
2008-12-18 03:32 758,612 a--sh--- c:\windows\system32\TsAJknnn.ini
2008-12-18 03:32 302,592 a------- c:\windows\system32\nnnkJAsT.dll
2008-12-18 03:29 34,816 a------- c:\windows\system32\ssqNHwWM.dll
2008-12-18 03:27 <DIR> --d----- c:\docume~1\lelouc~1\applic~1\gadcom
2008-12-18 03:27 34,816 a------- c:\windows\system32\khfEXpnK.dll
2008-12-18 02:39 32,592 a------- c:\windows\system32\msonpmon.dll
2008-12-18 02:27 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2008-12-17 02:52 2,180,352 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-17 02:52 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-17 02:52 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-17 02:52 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-17 02:52 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-17 02:48 22,752 a------- c:\windows\system32\spupdsvc.exe
2008-12-16 02:44 268,648 a------- c:\windows\system32\mucltui.dll
2008-12-16 02:44 208,744 a------- c:\windows\system32\muweb.dll
2008-12-16 02:44 27,496 a------- c:\windows\system32\mucltui.dll.mui
2008-12-15 02:13 <DIR> --d----- c:\documents and settings\lelouch vi britannia\Contacts
2008-12-15 02:10 268 a---h--- C:\sqmdata08.sqm
2008-12-15 02:10 244 a---h--- C:\sqmnoopt08.sqm
2008-12-15 02:08 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-12-15 00:36 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PC Drivers HeadQuarters
2008-12-14 04:55 2,732,032 a------- c:\windows\system32\Netw2r32.dll
2008-12-14 04:55 557,056 a------- c:\windows\system32\Netw2c32.dll
2008-12-14 04:55 2,216,064 a------- c:\windows\system32\drivers\w29n51.sys
2008-12-14 04:42 22 a------- c:\windows\system32\ati64hlp.stb
2008-12-14 03:04 22 a------- c:\windows\system32\ati64hl2.stb
2008-12-14 02:58 <DIR> --d----- c:\program files\Norton AntiVirus
2008-12-14 02:58 82,984 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-14 02:58 82,136 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-14 02:57 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-12-14 02:57 <DIR> --d----- c:\docume~1\lelouc~1\applic~1\Symantec
2008-12-14 02:57 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Symantec
2008-12-14 02:33 6,803 a------- c:\windows\system32\MEMIO.VXD
2008-12-14 02:33 4,300 a------- c:\windows\system32\MEMIO.SYS
2008-12-14 02:33 186,112 ac------ c:\windows\system32\dllcache\b57xp32.sys
2008-12-14 02:33 186,112 a----r-- c:\windows\system32\drivers\b57xp32.sys
2008-12-14 02:33 <DIR> --d----- c:\program files\ltmoh
2008-12-14 02:31 272,128 ac------ c:\windows\system32\dllcache\bthport.sys
2008-12-14 02:30 145,792 ac------ c:\windows\system32\dllcache\portcls.sys
2008-12-14 02:30 130,048 ac------ c:\windows\system32\dllcache\ksproxy.ax
2008-12-14 02:30 60,288 ac------ c:\windows\system32\dllcache\drmk.sys
2008-12-14 02:30 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2008-12-14 02:30 145,792 a------- c:\windows\system32\drivers\portcls.sys
2008-12-14 02:30 130,048 a------- c:\windows\system32\ksproxy.ax
2008-12-14 02:30 60,288 a------- c:\windows\system32\drivers\drmk.sys
2008-12-14 02:30 4,096 a------- c:\windows\system32\ksuser.dll
2008-12-14 02:30 1,285,632 a------- c:\windows\system32\SMMedia.dll
2008-12-14 02:30 30,208 a------- c:\windows\system32\wdmioctl.dll
2008-12-14 02:30 49,152 a------- c:\windows\system32\DSndUp.exe
2008-12-14 02:30 45,056 a------- c:\windows\system32\CleanUp.exe
2008-12-14 02:29 294,912 a----r-- c:\windows\system32\atiiiexx.dll
2008-12-14 02:29 192,512 a----r-- c:\windows\system32\ATIDEMGR.dll
2008-12-14 02:29 9,054 a----r-- c:\windows\system32\atifglpf.xml
2008-12-14 02:07 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2008-12-14 02:06 0 a------- c:\windows\dsltest.INI
2008-12-13 22:16 81,920 a------- c:\windows\system32\ZDBRGDLL.dll
2008-12-13 22:16 24,576 a------- c:\windows\system32\ZyDelReg.exe
2008-12-13 22:16 19,200 a------- c:\windows\system32\ZDBRGSYS.sys
2008-12-13 22:16 17,151 a------- c:\windows\system32\ZDPNDIS5.sys
2008-12-13 22:16 81,920 a------- c:\windows\system32\ZDPN50.dll
2008-12-13 22:16 28,672 a------- c:\windows\system32\InsDrvZD.dll
2008-12-13 21:00 <DIR> --ds---- c:\documents and settings\lelouch vi britannia\UserData
2008-12-13 05:24 90,112 a------- c:\windows\system32\test.dll
2008-12-13 05:04 221,184 a------- c:\windows\system32\wmpns.dll
2008-12-13 05:03 <DIR> --d----- c:\documents and settings\Lelouch Vi Britannia
2008-12-13 05:01 8,192 a------- c:\windows\REGLOCS.OLD
2008-12-13 04:58 571,392 ac------ c:\windows\system32\dllcache\tintlgnt.ime
2008-12-13 04:57 1,875,968 ac------ c:\windows\system32\dllcache\msir3jp.lex
2008-12-13 04:56 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2008-12-13 04:55 49,664 ac------ c:\windows\system32\dllcache\adrot.dll
2008-12-13 04:54 2,577 a------- c:\windows\system32\CONFIG.NT
2008-12-13 04:54 0 a------- c:\windows\control.ini
2008-12-13 04:54 23,392 a------- c:\windows\system32\nscompat.tlb
2008-12-13 04:54 16,832 a------- c:\windows\system32\amcompat.tlb
2008-12-13 04:54 316,640 a------- c:\windows\WMSysPr9.prx
2008-12-13 04:53 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2008-12-13 04:52 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-12-13 04:52 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-12-13 04:52 749 a---hr-- c:\windows\WindowsShell.Manifest
2008-12-13 04:52 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-13 04:52 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2008-12-13 04:52 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2008-12-13 04:52 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2008-12-13 04:52 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2008-12-13 04:52 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2008-12-13 04:50 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-13 04:48 273,920 ac------ c:\windows\system32\dllcache\msiprov.dll
2008-12-12 20:44 3,072 a------- c:\windows\system32\drivers\audstub.sys
2008-12-12 20:44 57,472 a------- c:\windows\system32\drivers\redbook.sys
2008-12-12 20:43 23,040 a------- c:\windows\system32\drivers\mouclass.sys
2008-12-12 20:43 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2008-12-12 20:43 5,504 a------- c:\windows\system32\drivers\intelide.sys
2008-12-12 20:43 74,240 ac------ c:\windows\system32\dllcache\usbui.dll
2008-12-12 20:43 74,240 a------- c:\windows\system32\usbui.dll
2008-12-12 20:43 9,344 a------- c:\windows\system32\drivers\compbatt.sys
2008-12-12 20:43 14,080 a------- c:\windows\system32\drivers\CmBatt.sys
2008-12-12 20:43 14,080 a------- c:\windows\system32\drivers\battc.sys
2008-12-12 20:34 66,082 ac------ c:\windows\system32\dllcache\c_28603.nls
2008-12-12 20:34 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2008-12-12 20:31 462 a------- c:\windows\system32\$winnt$.inf
2008-12-06 22:55 <DIR> --d----- c:\windows\system32\Adobe
2008-12-06 13:02 <DIR> --d----- c:\windows\system32\CatRoot_bak
2008-12-05 22:36 <DIR> --d----- c:\windows\.jagex_cache_32
2008-12-04 20:04 268 a---h--- C:\sqmdata07.sqm
2008-12-04 20:04 244 a---h--- C:\sqmnoopt07.sqm
2008-12-02 20:10 268 a---h--- C:\sqmdata06.sqm
2008-12-02 20:10 244 a---h--- C:\sqmnoopt06.sqm
2008-12-02 19:57 268 a---h--- C:\sqmdata05.sqm
2008-12-02 19:57 244 a---h--- C:\sqmnoopt05.sqm

==================== Find3M ====================

2008-12-13 06:27 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 10:37 659,456 a------- c:\windows\system32\wininet.dll
2008-10-03 10:15 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-01 00:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2005-08-03 00:46 187,904 a--shr-- c:\windows\s3lvdg8sifdlbgnvbwuu\asappsrv.dll
2005-08-03 00:58 293,888 a--shr-- c:\windows\s3lvdg8sifdlbgnvbwuu\command.exe
2005-07-30 00:24 472 a--shr-- c:\windows\s3lvdg8sifdlbgnvbwuu\ma5Sx3fPKIx5v3hSvqoR.vbs

============= FINISH: 13:56:37.17 ===============

Attached Files

	ARK.txt (1.8 KB, 0 views)
	DDS.zip (8.0 KB, 1 views)

AlwaysInternet

Bump, please

Ried

Hello AlwaysInternet,

I understand you just received assistance from Egwene on your other machine, but please understand there are many people awaiting assistance.

It's hasn't even been 24 hours and you've already bumped this thread twice. Kindly refer to the Bumping rules in our sticky topic at the top of this forum:

Someone will be along as soon as possible.

AlwaysInternet

Over 72 hours have passed since my last bump.
Bump, please.

Ried

Hello AlwaysInternet and thank you for your patience.

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.


We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

AlwaysInternet

Thank you for your help. Here is the Combofix.txt.

ComboFix 09-01-01.01 - Lelouch Vi Britannia 2009-01-02 8:31:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.187 [GMT 0:00]
Running from: c:\documents and settings\Lelouch Vi Britannia\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lelouch Vi Britannia\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Lelouch Vi Britannia\Application Data\gadcom
c:\documents and settings\Lelouch Vi Britannia\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt
c:\windows\system32\atmtd.dll
c:\windows\system32\atmtd.dll._
c:\windows\system32\bdgnokca.dll
c:\windows\system32\boyamp.dll
c:\windows\system32\Cache
c:\windows\system32\cbkbpiet.dll
c:\windows\system32\cjidkamu.dll
c:\windows\system32\cmfkhcwf.dll
c:\windows\system32\cwxtce.dll
c:\windows\system32\darrhtbq.dll
c:\windows\system32\djaeyolr.dll
c:\windows\system32\Drivers\TDSSmqlt.sys
c:\windows\system32\efufcgrq.dll
c:\windows\system32\eihtpm.dll
c:\windows\system32\eockcasr.dll
c:\windows\system32\fimmwcti.dll
c:\windows\system32\gcrhvm.dll
c:\windows\system32\grhqiq.dll
c:\windows\system32\gysmckhu.dll
c:\windows\system32\ishjvlba.dll
c:\windows\system32\iuvtex.dll
c:\windows\system32\jdrntf.dll
c:\windows\system32\khfEXpnK.dll
c:\windows\system32\kntlarws.dll
c:\windows\system32\kremyn.dll
c:\windows\system32\krihqyvt.dll
c:\windows\system32\lmqxkmlm.dll
c:\windows\system32\lsfqrxen.dll
c:\windows\system32\lywrkkbf.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mqbjvgph.dll
c:\windows\system32\msiconf.exe
c:\windows\system32\mxjgpces.dll
c:\windows\system32\ngdqxslt.dll
c:\windows\system32\nnnkJAsT.dll
c:\windows\system32\palcwgro.dll
c:\windows\system32\pmnutgwj.dll
c:\windows\system32\rdjxwewn.dll
c:\windows\system32\rdlmtchu.dll
c:\windows\system32\rihwvpfx.dll
c:\windows\system32\rjeypa.dll
c:\windows\system32\rpwphupp.dll
c:\windows\system32\rybbmwuh.dll
c:\windows\system32\ssqNHwWM.dll
c:\windows\system32\svqrbvix.dll
c:\windows\system32\sxhpyvjl.dll
c:\windows\system32\TDSShmxr.dll
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSlrvd.dat
c:\windows\system32\TDSSmtql.dll
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\test.dll
c:\windows\system32\tkccrado.dll
c:\windows\system32\trbmqq.dll
c:\windows\system32\TsAJknnn.ini
c:\windows\system32\TsAJknnn.ini2
c:\windows\system32\uevlmq(2).dll
c:\windows\system32\vihtiybw.dll
c:\windows\system32\vjtofduv.dll
c:\windows\system32\voiwtcne.dll
c:\windows\system32\vsoyjreg.dll
c:\windows\system32\whnocucr.dll
c:\windows\system32\xevjlujl.dll
c:\windows\system32\xmqojcly.dll
c:\windows\system32\xxigve.dll
c:\windows\system32\yexdropu.dll
c:\windows\system32\yhkqwofp.dll
c:\windows\system32\yuwvpj.dll
c:\windows\system32\yxnzrd.dll
c:\windows\system32\yymjobad.dll
c:\windows\system32\yzdfnu.dll
c:\windows\uninstall_nmon.vbs

----- BITS: Possible infected sites -----

hxxp://www.i5i.in
.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-01-02 01:14 . 2009-01-02 01:14 268 --ah----- C:\sqmdata15.sqm
2009-01-02 01:14 . 2009-01-02 01:14 244 --ah----- C:\sqmnoopt15.sqm
2009-01-02 00:40 . 2009-01-02 00:40 1,311,620 --ahs---- c:\windows\system32\ljvyphxs.ini
2009-01-01 22:51 . 2009-01-01 22:51 268 --ah----- C:\sqmdata14.sqm
2009-01-01 22:51 . 2009-01-01 22:51 244 --ah----- C:\sqmnoopt14.sqm
2008-12-31 23:37 . 2008-12-31 23:37 268 --ah----- C:\sqmdata13.sqm
2008-12-31 23:37 . 2008-12-31 23:37 244 --ah----- C:\sqmnoopt13.sqm
2008-12-31 23:04 . 2008-12-31 23:04 268 --ah----- C:\sqmdata12.sqm
2008-12-31 23:04 . 2008-12-31 23:04 244 --ah----- C:\sqmnoopt12.sqm
2008-12-31 22:20 . 2008-12-31 22:35 <DIR> d-------- c:\documents and settings\Lelouch Vi Britannia\Application Data\gtk-2.0
2008-12-31 22:20 . 2008-12-31 22:20 <DIR> d-------- c:\documents and settings\Lelouch Vi Britannia\.thumbnails
2008-12-31 22:17 . 2008-12-31 22:57 <DIR> d-------- c:\documents and settings\Lelouch Vi Britannia\.gimp-2.6
2008-12-31 22:17 . 2008-12-31 22:17 <DIR> d-------- c:\documents and settings\Lelouch Vi Britannia\.gegl-0.0
2008-12-31 22:15 . 2008-12-31 22:15 <DIR> d-------- c:\program files\GIMP-2.0
2008-12-31 11:12 . 2008-12-31 11:13 1,311,620 --ahs---- c:\windows\system32\teipbkbc.ini
2008-12-30 23:07 . 2008-12-30 23:07 268 --ah----- C:\sqmdata11.sqm
2008-12-30 23:07 . 2008-12-30 23:07 244 --ah----- C:\sqmnoopt11.sqm
2008-12-30 18:11 . 2008-12-30 18:11 1,312,205 --ahs---- c:\windows\system32\tlsxqdgn.ini
2008-12-30 02:29 . 2008-12-30 02:29 268 --ah----- C:\sqmdata10.sqm
2008-12-30 02:29 . 2008-12-30 02:29 244 --ah----- C:\sqmnoopt10.sqm
2008-12-29 17:04 . 2008-12-30 17:05 1,312,205 --ahs---- c:\windows\system32\trcxeyye.ini
2008-12-29 16:00 . 2008-12-29 16:00 268 --ah----- C:\sqmdata09.sqm
2008-12-29 16:00 . 2008-12-29 16:00 244 --ah----- C:\sqmnoopt09.sqm
2008-12-29 12:59 . 2008-12-29 12:59 1,311,778 --ahs---- c:\windows\system32\fwchkfmc.ini
2008-12-28 12:57 . 2008-12-29 12:57 1,311,778 --ahs---- c:\windows\system32\rofwjrxi.ini
2008-12-27 13:49 . 2008-12-27 13:49 1,723,954 --ahs---- c:\windows\system32\nwewxjdr.ini
2008-12-26 13:47 . 2008-12-27 13:48 1,723,954 --ahs---- c:\windows\system32\gppxcojh.ini
2008-12-25 20:12 . 2008-12-25 20:12 7,680 --ahs---- c:\windows\Thumbs.db
2008-12-25 19:53 . 2008-12-26 14:20 250 --a------ c:\windows\gmer.ini
2008-12-25 19:34 . 2008-12-25 19:34 <DIR> d-------- c:\documents and settings\Lelouch Vi Britannia\Application Data\Talkback
2008-12-25 19:33 . 2008-12-25 19:34 8,101 --a------ c:\windows\mozver.dat
2008-12-25 16:30 . 2008-12-25 18:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
2008-12-25 16:29 . 2008-12-25 16:29 <DIR> d-------- c:\program files\Common Files\iS3
2008-12-25 16:29 . 2008-12-25 19:21 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2008-12-25 10:36 . 2008-12-25 10:36 1,639,241 --ahs---- c:\windows\system32\vudfotjv.ini
2008-12-24 10:09 . 2008-12-24 21:06 1,639,259 --ahs---- c:\windows\system32\ackongdb.ini
2008-12-23 20:26 . 2008-12-23 20:27 1,639,241 --ahs---- c:\windows\system32\ljuljvex.ini
2008-12-22 20:21 . 2008-12-22 20:21 1,639,241 --ahs---- c:\windows\system32\odarcckt.ini
2008-12-20 04:43 . 2008-12-20 04:43 1,639,241 --ahs---- c:\windows\system32\hpgvjbqm.ini
2008-12-20 04:37 . 2008-12-20 04:37 <DIR> d-------- c:\documents and settings\Lelouch Vi Britannia\Application Data\s_5849_NTN8fHx8NTN8fHwxMjQyMzg0NjUzfA_
2008-12-20 04:36 . 2008-12-20 04:36 83,456 --a------ c:\program files\Common Files\ThfLE53I.exe
2008-12-20 04:30 . 2004-08-04 12:00 61,440 --a------ c:\windows\system32\svchost.exe
2008-12-20 03:16 . 2008-12-20 03:15 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-20 03:16 . 2008-12-20 03:15 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-19 04:43 . 2008-12-19 04:45 1,640,240 --ahs---- c:\windows\system32\xfpvwhir.ini
2008-12-18 03:36 . 2008-12-18 03:36 <DIR> d--hs---- c:\windows\S3lvdG8sIFdlbGNvbWUu
2008-12-18 03:36 . 2008-12-20 18:24 2,710 --a------ c:\windows\system32\TDSSlxwp.dll
2008-12-18 02:39 . 2006-10-27 03:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-12-18 02:27 . 2008-12-18 02:27 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2008-12-18 02:24 . 2008-12-18 02:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-12-17 02:52 . 2008-08-14 10:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-17 02:52 . 2008-08-14 09:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-17 02:52 . 2008-08-14 09:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-17 02:52 . 2008-08-14 09:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-17 02:52 . 2008-10-24 11:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-17 02:48 . 2005-02-25 03:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-12-16 02:44 . 2008-10-16 22:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-16 02:44 . 2008-10-16 22:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-16 02:44 . 2008-10-16 22:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-15 02:13 . 2009-01-02 08:09 <DIR> d-------- c:\documents and settings\Lelouch Vi Britannia\Contacts
2008-12-15 02:10 . 2008-12-15 02:10 268 --ah----- C:\sqmdata08.sqm
2008-12-15 02:10 . 2008-12-15 02:10 244 --ah----- C:\sqmnoopt08.sqm
2008-12-15 02:08 . 2008-12-15 02:09 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-15 02:07 . 2008-12-20 03:08 <DIR> d-------- c:\program files\Windows Live
2008-12-15 02:07 . 2008-12-15 02:07 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\WLInstaller
2008-12-15 00:36 . 2008-12-15 00:36 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2008-12-14 04:55 . 2007-02-12 19:41 2,732,032 --a------ c:\windows\system32\Netw2r32.dll
2008-12-14 04:55 . 2008-01-09 13:19 2,216,064 --a------ c:\windows\system32\drivers\w29n51.sys
2008-12-14 04:55 . 2007-02-12 19:40 557,056 --a------ c:\windows\system32\Netw2c32.dll
2008-12-14 04:42 . 2008-12-14 04:42 22 --a------ c:\windows\system32\ati64hlp.stb
2008-12-14 04:04 . 2008-12-25 19:34 335 --a------ c:\windows\nsreg.dat
2008-12-14 03:04 . 2008-12-14 03:04 22 --a------ c:\windows\system32\ati64hl2.stb
2008-12-14 02:58 . 2008-12-14 03:00 <DIR> d-------- c:\program files\Norton AntiVirus
2008-12-14 02:58 . 2004-09-06 12:19 82,984 --a------ c:\windows\system32\S32EVNT1.DLL
2008-12-14 02:58 . 2004-09-06 12:19 82,136 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-14 02:57 . 2008-12-14 03:00 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-12-14 02:57 . 2008-12-14 02:57 <DIR> d-------- c:\documents and settings\Lelouch Vi Britannia\Application Data\Symantec
2008-12-14 02:57 . 2008-12-14 03:00 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2008-12-14 02:33 . 2008-12-14 02:33 <DIR> d-------- c:\program files\ltmoh
2008-12-14 02:33 . 2004-04-30 02:55 186,112 -ra------ c:\windows\system32\drivers\b57xp32.sys
2008-12-14 02:33 . 2004-04-30 02:55 186,112 --a--c--- c:\windows\system32\dllcache\b57xp32.sys
2008-12-14 02:33 . 2000-07-27 10:39 6,803 --a------ c:\windows\system32\MEMIO.VXD
2008-12-14 02:33 . 2000-08-23 17:19 4,300 --a------ c:\windows\system32\MEMIO.SYS
2008-12-14 02:31 . 2008-06-13 13:10 272,128 --a------ c:\windows\system32\drivers\bthport.sys
2008-12-14 02:30 . 2001-09-11 23:20 1,285,632 --a------ c:\windows\system32\SMMedia.dll
2008-12-14 02:30 . 2004-08-04 07:15 145,792 --a------ c:\windows\system32\drivers\portcls.sys
2008-12-14 02:30 . 2004-08-04 07:15 145,792 --a--c--- c:\windows\system32\dllcache\portcls.sys
2008-12-14 02:30 . 2004-08-04 08:56 130,048 --a------ c:\windows\system32\ksproxy.ax
2008-12-14 02:30 . 2004-08-04 08:56 130,048 --a--c--- c:\windows\system32\dllcache\ksproxy.ax
2008-12-14 02:30 . 2004-08-04 07:08 60,288 --a------ c:\windows\system32\drivers\drmk.sys
2008-12-14 02:30 . 2004-08-04 07:08 60,288 --a--c--- c:\windows\system32\dllcache\drmk.sys
2008-12-14 02:30 . 2003-06-16 16:32 49,152 --a------ c:\windows\system32\DSndUp.exe
2008-12-14 02:30 . 2002-04-17 23:05 45,056 --a------ c:\windows\system32\CleanUp.exe
2008-12-14 02:30 . 2001-09-11 23:20 30,208 --a------ c:\windows\system32\wdmioctl.dll
2008-12-14 02:30 . 2004-08-04 08:56 4,096 --a------ c:\windows\system32\ksuser.dll
2008-12-14 02:30 . 2004-08-04 08:56 4,096 --a--c--- c:\windows\system32\dllcache\ksuser.dll
2008-12-14 02:29 . 2004-11-10 06:22 294,912 -ra------ c:\windows\system32\atiiiexx.dll
2008-12-14 02:29 . 2004-11-10 06:09 192,512 -ra------ c:\windows\system32\ATIDEMGR.dll
2008-12-14 02:29 . 2004-09-09 04:09 9,054 -ra------ c:\windows\system32\atifglpf.xml
2008-12-14 02:07 . 2004-08-04 07:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-12-14 02:06 . 2008-12-14 02:06 0 --a------ c:\windows\dsltest.INI
2008-12-13 22:16 . 2004-01-14 19:25 81,920 --a------ c:\windows\system32\ZDPN50.dll
2008-12-13 22:16 . 2004-04-29 00:32 81,920 --a------ c:\windows\system32\ZDBRGDLL.dll
2008-12-13 22:16 . 2004-03-24 00:38 28,672 --a------ c:\windows\system32\InsDrvZD.dll
2008-12-13 22:16 . 2003-03-14 20:24 24,576 --a------ c:\windows\system32\ZyDelReg.exe
2008-12-13 22:16 . 2004-06-02 05:45 19,200 --a------ c:\windows\system32\ZDBRGSYS.sys
2008-12-13 22:16 . 2004-01-14 19:30 17,151 --a------ c:\windows\system32\ZDPNDIS5.sys
2008-12-13 21:00 . 2008-12-13 21:00 <DIR> d---s---- c:\documents and settings\Lelouch Vi Britannia\UserData
2008-12-13 05:04 . 2004-08-04 12:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-13 05:03 . 2008-12-31 22:57 <DIR> d-------- c:\documents and settings\Lelouch Vi Britannia
2008-12-13 05:01 . 2008-12-21 21:41 <DIR> d--hs---- c:\documents and settings\NetworkService.NT AUTHORITY
2008-12-13 05:01 . 2008-12-21 21:41 <DIR> d--hs---- c:\documents and settings\LocalService.NT AUTHORITY
2008-12-13 05:01 . 2008-12-13 05:01 8,192 --a------ c:\windows\REGLOCS.OLD
2008-12-13 04:58 . 2004-08-04 12:00 571,392 --a--c--- c:\windows\system32\dllcache\tintlgnt.ime
2008-12-13 04:57 . 2004-08-04 12:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-12-13 04:56 . 2004-08-04 12:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2008-12-13 04:55 . 2004-08-04 12:00 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-12-13 04:54 . 2008-12-13 04:54 316,640 --a------ c:\windows\WMSysPr9.prx
2008-12-13 04:54 . 2008-12-13 04:54 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-13 04:54 . 2008-12-13 04:54 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-13 04:54 . 2008-12-13 04:54 2,577 --a------ c:\windows\system32\CONFIG.NT
2008-12-13 04:54 . 2008-12-13 04:54 0 --a------ c:\windows\control.ini
2008-12-13 04:53 . 2008-12-13 04:54 <DIR> d--hs---- c:\documents and settings\All Users.WINDOWS\DRM
2008-12-13 04:52 . 2004-08-04 12:00 4,399,505 --a--c--- c:\windows\system32\dllcache\nls302en.lex
2008-12-13 04:52 . 2008-12-13 04:52 749 -rah----- c:\windows\WindowsShell.Manifest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 19:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 02:36 --------- d-----w c:\program files\Microsoft Works
2008-12-15 08:11 --------- d-----w c:\program files\Samsung
2008-12-14 02:58 --------- d-----w c:\program files\Symantec
2005-08-03 00:46 187,904 --sha-r c:\windows\S3lvdG8sIFdlbGNvbWUu\asappsrv.dll
2005-08-03 00:58 293,888 --sha-r c:\windows\S3lvdG8sIFdlbGNvbWUu\command.exe
2005-07-30 00:24 472 --sha-r c:\windows\S3lvdG8sIFdlbGNvbWUu\ma5Sx3fPKIx5v3hSvqoR.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-05-25 184320]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2004-04-14 151552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-09-06 70816]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2004-09-06 124056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-14 54472]

c:\documents and settings\AJ\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 59080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kremyn.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 R592;R592;c:\windows\system32\DRIVERS\R592.sys [2005-01-07 54912]
R2 DOSMEMIO;MEMIO;\??\c:\windows\system32\MEMIO.SYS [2008-12-14 4300]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e65557f8-cca9-11dd-bf47-0000f097112f}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-26 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Lelouch Vi Britannia.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-09-06 10:50]

2009-01-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-14 02:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{05225940-b8ee-4c49-b098-13cecb94b6b3} - c:\windows\system32\kremyn.dll
BHO-{E8906515-B9A5-4BFF-AA4D-D7779E3F8DBC} - c:\windows\system32\nnnkJAsT.dll
Toolbar-SITEguard - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
HKLM-Run-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lelouch Vi Britannia\Application Data\Mozilla\Firefox\Profiles\pp1t3fu8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 08:57:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\Samsung\MagicKBD\MagicKBD.exe
c:\program files\Norton AntiVirus\navapsvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Norton AntiVirus\SAVScan.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\windows\SoftwareDistribution\Download\8129b778ea6ca8125bb950bab610db01\update\update.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-01-02 9:04:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-02 09:04:34

Pre-Run: 21,547,630,592 bytes free
Post-Run: 23,169,392,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

340 --- E O F --- 2008-12-18 02:30:38

Attached Files

combofix.txt (21.8 KB, 1 views)

Ried

You're welcome, AlwaysInternet.


Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
• A browser will open.
• Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
Update on system behavior

Ried

If you're having difficulty carrying out the online scan, at least post the ComboFix.txt for review.

AlwaysInternet

Here is the combofix.txt.
Your help is appreciated to its fullest.
The combofix.txt has already been submitted please look at it.

Ried

I'm sorry...I do not see the ComboFix.txt. Please copy/paste it in your next reply.