Need help cleaning a load of spyware + viruses

[Luxamar]

Hey guys.

I ran through the steps in the stickies as best I could, but it seems like the longer I try to scan and update, the worse things get, so I'm stopping for now and giving you what I've come up with so far.

First of all, the problems. First main, most noticeable problem, is the popups. They'll appear in IE, always, even if I'm using Firefox. This is a sample of one of the URLs it tries to load:

http://llehs.com/go/?cmp=vm_mg_ff_h&...7678&lid=&url=


I've seen this described as OIN? Or something like that.
Anyways, I ran through some of the steps on this site. I downloaded all XP and IE updates. I already had SP2. Now the viruses have a harder time loading their popup sites. It tells me the sites can't be found, but they're still very annoying. They appear at will unless the Internet connection is disabled. And then, it tries to dial out... somewhere. McAfee was able to eliminate several of these dialers and trojans. Some of the scarier ones I saw were CIH?, Smitfraud, PurityScan, and Mirar. Mirar keeps coming back. I'm not sure about the others. McAfee continually blocks generic trojans from being run, so these things are trying to replicate.

One of the other scary abilities these viruses have is knowing where I am. I'm currently on vacation in Cincinnati, and the popups knew where I was. Adultfriendfinder showed me girls from Cincinnati. Good Lord, what is the world coming to?

Now that I've been fighting them, they're fighting back. Almost all of my reserve HDD space is gone. Heeeeeellllp

EDIT: -_- I was about to edit and say that loading Firefox and Windows Explorer will crash "explorer.exe" but, when I tried, this URL took over the window:
http://www7.searchresults.zoomtown.c...WUJ1Qy9gNMoAMy
So there's a couple more symptoms for you guys to analyze. X_X

Here is the log I got from Panda ActiveScan (This was done BEFORE downloading updates from Microsoft):

Quote:

Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[www.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[systemdoctor.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.com.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.atwola.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.overture.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[server.iad.liveperson.net/hc/48996529]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.kmpads.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@ad.yieldmanager[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@ads.gorillanation[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@adultfriendfinder[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@atdmt[2].txt
Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@bilbo.counted[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@c2.gostats[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@cgi-bin[5].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@com[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@cs.sexcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@drivecleaner[1].txt
Spyware:Cookie/empnads Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@empnads[2].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@gator[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@go[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@kount[2].txt
Spyware:Cookie/LinkExchange Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@linkexchange[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@qksrv[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@questionmarket[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@rn11[2].txt
Spyware:Cookie/Servlet Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@servlet[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@smni[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@stats1.reliablestats[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@systemdoctor[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@terra.com[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@toplist[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@tribalfusion[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@winantivirus[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@www.burstbeacon[2].txt
Spyware:Cookie/seeqA Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@www.seeq[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@www.winantiviruspro[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Xarius\Cookies\xarius@xiti[1].txt
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Xarius\Desktop\Click to Find and Fix Errors.url
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Xarius\Local Settings\Temp\yazzlesnet.exe[¦++\Yazzle1281OinAdmin.exe]
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Xarius\Local Settings\Temporary Internet Files\Content.IE5\03GLUJWD\_jnvm[1]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Xarius\Local Settings\Temporary Internet Files\Content.IE5\8TQBS9MJ\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.exe]
Adware:Adware/WinAntivirus2006 Not disinfected C:\Documents and Settings\Xarius\Local Settings\Temporary Internet Files\Content.IE5\8TQBS9MJ\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.inf]
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Xarius\Local Settings\Temporary Internet Files\Content.IE5\G36JI9KZ\kcehc_eicooc20070702[1]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Xarius\Local Settings\Temporary Internet Files\Content.IE5\MPXA7QLC\!update-4395[1].0000
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Xarius\Local Settings\Temporary Internet Files\Content.IE5\MPXA7QLC\adfcook[1]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Xarius\Local Settings\Temporary Internet Files\Content.IE5\T7NN518Y\WinATS[1].cab[WinATS.dll]
Adware:adware/gator Not disinfected C:\GatorPatch.log
Possible Virus. Not disinfected C:\Nickel and Dimes\=(Inferno)=\psocharmngr\GCM2\GC151v\GC151v.zip[GClkr.dll]
Possible Virus. Not disinfected C:\Nickel and Dimes\=(Inferno)=\psocharmngr\GCM2\GC151v\GClkr.dll
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\s?curity\chkdsk.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041
Adware:Adware/TTC Not disinfected C:\Program Files\Common Files\woxe83122.dll
Spyware:Cookie/888 Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@888[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@ads.gorillanation[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@ads.pointroll[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@atwola[1].txt
Spyware:Cookie/Banner Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@banner[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@bs.serving-sys[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@c2.gostats[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@com[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@gostats[2].txt
Spyware:Cookie/Kount Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@kount[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@rn11[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@serving-sys[1].txt
Spyware:Cookie/Servlet Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@servlet[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@smni[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@terra.com[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@tickle[2].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@versiontracker[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@www.burstbeacon[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Program Files\EarthLink 5.0\jimbennetch@earthlink.net\Cookies\xarius@z1.adserver[1].txt
Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
Adware:Adware/ActiveSearch Not disinfected C:\WINDOWS\b122.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\rau001978.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\SYSTEM32\B0\mwspasrt83122.exe[TTC.dll]
Virus:Generic Trojan Disinfected C:\WINDOWS\SYSTEM32\B1\wr73.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\SYSTEM32\eeoodgkr.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINDOWS\SYSTEM32\hkxxtaym.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\SYSTEM32\pvuadsql.exe
Virus:Trj/Downloader.PJT Disinfected C:\WINDOWS\SYSTEM32\qgdrpown.exe
Virus:Trj/Downloader.PCQ Disinfected C:\WINDOWS\SYSTEM32\unjwjqju.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\SYSTEM32\vuhtiadu.dll
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\SYSTEM32\yioofsbf.exe

[sUBs]

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[Luxamar]

Here's combofix:

Quote:

"Xarius" - 2007-07-19 20:48:08 - ComboFix 07-07-20.5 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\gjlvstqa.dll
C:\WINDOWS\system32\ihndhwdy.dll
C:\WINDOWS\system32\mdwtqkrk.dll
C:\WINDOWS\system32\yivaguij.dll
C:\WINDOWS\system32\fdssxiiq.exe
C:\WINDOWS\system32\frvtwvnk.exe
C:\WINDOWS\system32\iibpqnmy.exe
C:\WINDOWS\system32\kkuxhlcq.exe
C:\WINDOWS\system32\catsdmtu.dll
C:\WINDOWS\system32\fxayanon.dll
C:\WINDOWS\system32\hhiyapwp.dll
C:\WINDOWS\system32\rttxgdnd.dll
C:\WINDOWS\SYSTEM32\aqtsvljg.ini
C:\WINDOWS\SYSTEM32\ydwhdnhi.ini
C:\WINDOWS\SYSTEM32\krkqtwdm.ini
C:\WINDOWS\SYSTEM32\sutss.bak1
C:\WINDOWS\SYSTEM32\sutss.bak2
C:\WINDOWS\SYSTEM32\sutss.ini
C:\WINDOWS\SYSTEM32\sutss.ini2
C:\WINDOWS\SYSTEM32\sutss.tmp
C:\WINDOWS\SYSTEM32\jiugaviy.ini
C:\WINDOWS\SYSTEM32\sutss.bak1
C:\WINDOWS\SYSTEM32\sutss.bak2
C:\WINDOWS\SYSTEM32\sutss.ini
C:\WINDOWS\SYSTEM32\sutss.ini2
C:\WINDOWS\SYSTEM32\sutss.tmp
C:\WINDOWS\system32\jkkhffg.dll
C:\WINDOWS\system32\sstus.dll
C:\WINDOWS\system32\jkkhffg.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Xarius\APPLIC~1.\racle~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\scurit~1\chkdsk.exe
C:\Program Files\Common Files\woxe83122.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\B0
C:\WINDOWS\system32\B0\mwspasrt83122.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\B2
C:\WINDOWS\system32\B5
C:\WINDOWS\system32\bpohjlxa.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\rxdqscoz.dll
C:\WINDOWS\system32\vqtbdrga.exe
C:\WINDOWS\system32\weykldkr.exe
C:\WINDOWS\system32\wnscpicomsv32.exe
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_NPF
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\nm
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))


2007-07-19 20:46 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-18 22:04 <DIR> d-------- C:\Deckard
2007-07-18 02:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-18 02:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-07-18 02:07 43,352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-18 02:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-07-18 01:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-17 23:08 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dhvxrocnewts.sys
2007-07-17 22:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-07-17 21:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-15 21:53 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2007-07-15 01:30 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-07-15 01:30 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-07-15 01:30 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-07-15 01:30 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-07-15 01:30 170,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-07-15 01:29 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-07-15 01:26 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-07-15 01:25 <DIR> d-------- C:\Program Files\McAfee
2007-07-15 01:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-15 01:15 224,654 --a------ C:\WINDOWS\dcqwn0578.exe
2007-07-15 00:40 <DIR> d-------- C:\temp\brr
2007-07-15 00:40 <DIR> d-------- C:\temp\0c2
2007-07-06 15:40 192,512 --a------ C:\WINDOWS\g4356cbvy63.exe
2007-06-25 09:53 53,248 --a------ C:\WINDOWS\uninst1014.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 00:46:16 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-07-18 07:11:20 -------- d-----w C:\Program Files\Messenger
2007-07-18 05:16:50 -------- d-----w C:\Program Files\Winamp5
2007-07-18 05:14:45 -------- d-----w C:\Program Files\QuickTime
2007-07-18 05:13:29 -------- d-----w C:\Program Files\PowerArchiver
2007-07-18 05:05:13 -------- d-----w C:\Program Files\iTunes
2007-07-18 05:04:07 -------- d-----w C:\Program Files\Google
2007-07-18 04:58:25 -------- d-----w C:\Program Files\EarthLink 5.0
2007-07-18 04:56:46 -------- d-----w C:\Program Files\DellSupport
2007-07-18 04:49:06 -------- d-----w C:\Program Files\ALZip
2007-07-18 04:49:00 -------- d-----w C:\Program Files\AIM
2007-07-16 02:27:51 48,265 ----a-w C:\WINDOWS\system32\nvModes.dat
2007-07-16 00:09:32 -------- d-----w C:\DOCUME~1\Xarius\APPLIC~1\Xfire
2007-07-15 05:44:33 0 ----a-w C:\WINDOWS\system32\csmss.exe
2007-07-15 05:26:30 -------- d-----w C:\Program Files\McAfee.com
2007-07-15 05:16:51 4 ----a-w C:\WINDOWS\info147.sys
2007-07-15 05:14:17 -------- d-s---w C:\Program Files\Xfire
2007-07-15 05:08:27 -------- d-----w C:\DOCUME~1\Xarius\APPLIC~1\.purple
2007-07-08 04:32:27 -------- d-----w C:\DOCUME~1\Xarius\APPLIC~1\gtk-2.0
2007-06-25 04:25:56 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-25 04:25:56 1,316 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-05-30 03:39:25 -------- d--h--w C:\DOCUME~1\Xarius\APPLIC~1\GTek
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2006-10-09 21:24:24 206,528 ----a-w C:\DOCUME~1\Xarius\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-07-09 21:54:58 207,759 ----a-w C:\Program Files\INSTALL.LOG
2001-10-05 16:53:04 21,866 ----a-w C:\Program Files\Common Files\tppupd2k.dll
2003-08-17 03:00:51 56 --sh--r C:\WINDOWS\SYSTEM32\AA0B40D7A8.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2003-01-31 12:27]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 18:29]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2003-04-10 12:16]
"ConMgr.exe"="C:\Program Files\EarthLink 5.0\conmgr.exe" [2002-01-04 00:18]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-23 05:16]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-10 23:32]
"nwiz"="nwiz.exe" [2004-10-26 12:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
"WinampAgent"="C:\Program Files\Winamp5\winampa.exe" [2005-12-09 02:30]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 12:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-02-04 16:29]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2004-05-12 01:03]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 18:44]

C:\Documents and Settings\Xarius\Start Menu\Programs\Startup\
clipper.exe.lnk - C:\Nickel and Dimes\Clipper\clipper.exe [2003-07-15 02:52:08]
DESKTOP.INI [2002-09-03 10:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-08-26 12:12:19]
DESKTOP.INI [2003-07-15 16:24:09]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Shortcut to WKeyKill.exe.lnk - C:\Nickel and Dimes\WKeyKill\WKeyKill.exe [2000-08-13 11:47:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"= C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-02-10 23:32 93408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mallocator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CommTraffic Console.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CommTraffic Console.lnk
backup=C:\WINDOWS\pss\CommTraffic Console.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TFTP2380]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TFTP2380
backup=C:\WINDOWS\pss\TFTP2380Common Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^The Narnia Full Screen Experience.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\The Narnia Full Screen Experience.lnk
backup=C:\WINDOWS\pss\The Narnia Full Screen Experience.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Xarius\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
path=C:\Documents and Settings\Xarius\Start Menu\Programs\Startup\VirtuaGirl2.lnk
backup=C:\WINDOWS\pss\VirtuaGirl2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Xarius\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!xSpeed]
c:\GAMES\!xSpeednet\!xSpeednet.exe reg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!xSpeednet]
C:\Nickel and Dimes\xSpeed\!xSpeednet\!xSpeednet.exe reg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\829E1F6A]
C:\WINDOWS\System32\szziwongk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avserve2.exe]
C:\WINDOWS\avserve2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cryptographic Service]
C:\WINDOWS\System32\nphlnxk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
"C:\Nickel and Dimes\DynDNS\DynDNS.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63]
C:\WINDOWS\g4356cbvy63

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsasss.exe]
C:\WINDOWS\lsasss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
MSCONFIG32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]
C:\DOCUME~1\Xarius\LOCALS~1\Temp\MBDownloader_876919.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWAS7_0001_N91M2703]
"C:\DOCUME~1\Xarius\LOCALS~1\Temp\WinAntiSpyware2007FreeInstall.exe" -nag

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
C:\Program Files\Saitek\Software\SaiSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sho]
"C:\Program Files\Common Files\s?curity\chkdsk.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVX Control Service]
svxhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SyGateManager]
C:\Program Files\Sygate\SHN\Sygate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teso]
"C:\DOCUME~1\Xarius\APPLIC~1\RACLE~1\nopdb.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpsudyjA]
C:\WINDOWS\tpsudyjA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
C:\WINDOWS\PASSCFG16.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsRegKey update]
windns.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
C:\WINDOWS\TISKY009.exe SKY009


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\install.EXE id= ver=1.0.0.0


Contents of the 'Scheduled Tasks' folder
2007-03-05 02:54:44 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-15 05:28:16 C:\WINDOWS\tasks\McDefragTask.job
2007-07-15 05:28:15 C:\WINDOWS\tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 21:11:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120(Trial Version)"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-19 21:15:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-19 21:14

--- E O F ---

And DSS/HJT:

Quote:

Deckard's System Scanner v20070711.54
Run by Xarius on 2007-07-19 at 21:30:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Xarius.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:13 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NICKEL~1\NETWOR~1\COMMTR~1\CTserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
C:\Program Files\Winamp5\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\DellSupport\DSAgnt.exe
c:\program files\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Nickel and Dimes\WKeyKill\WKeyKill.exe
C:\Nickel and Dimes\Clipper\clipper.exe
C:\WINDOWS\system32\notepad.exe
C:\DRIVERS\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Xarius.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar16.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar16.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\conmgr.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp5\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: clipper.exe.lnk = C:\Nickel and Dimes\Clipper\clipper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Shortcut to WKeyKill.exe.lnk = C:\Nickel and Dimes\WKeyKill\WKeyKill.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1184740156451
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O18 - Protocol: bw+0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: maven-8110 - {91BCA660-93A0-4A83-9D26-F89E52AE3EC5} - G:\Program Files\disneymovies\bin\bin-1\protocolHandler.dll (file missing)
O18 - Protocol: offline-8876480 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: mallocator - C:\WINDOWS\
O23 - Service: CommTraffic Service (CTsvc) - TamoSoft, Inc. - C:\NICKEL~1\NETWOR~1\COMMTR~1\CTserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SyGateService (SaService) - Sygate technologies Inc. - C:\Program Files\Sygate\SHN\sgserv.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 21391 bytes

-- Files created between 2007-06-19 and 2007-07-19 -----------------------------

2007-07-19 21:30:54 0 d-------- C:\Program Files\Trend Micro
2007-07-18 02:16:12 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-18 02:16:00 0 d--h----- C:\WINDOWS\$hf_mig$
2007-07-18 02:07:22 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-18 01:53:39 0 d-------- C:\Program Files\SpywareBlaster
2007-07-17 23:08:00 8576 --a------ C:\WINDOWS\system32\drivers\dhvxrocnewts.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-07-17 22:56:28 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-17 21:57:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-07-15 01:26:05 0 d-------- C:\Program Files\Common Files\McAfee
2007-07-15 01:25:43 0 d-------- C:\Program Files\McAfee
2007-07-15 01:17:19 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-07-15 01:15:09 224654 --a------ C:\WINDOWS\dcqwn0578.exe
2007-07-06 15:40:24 192512 --a------ C:\WINDOWS\g4356cbvy63.exe <Not Verified; ; q432gf65>
2007-06-25 09:53:26 53248 --a------ C:\WINDOWS\uninst1014.exe <Not Verified; ; uninst1016>


-- Find3M Report ---------------------------------------------------------------

2007-07-19 21:13:09 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-07-18 03:11:20 0 d-------- C:\Program Files\Messenger
2007-07-18 01:16:50 0 d-------- C:\Program Files\Winamp5
2007-07-18 01:14:45 0 d-------- C:\Program Files\QuickTime
2007-07-18 01:13:29 0 d-------- C:\Program Files\PowerArchiver
2007-07-18 01:05:13 0 d-------- C:\Program Files\iTunes
2007-07-18 01:04:07 0 d-------- C:\Program Files\Google
2007-07-18 00:58:25 0 d-------- C:\Program Files\EarthLink 5.0
2007-07-18 00:56:46 0 d-------- C:\Program Files\DellSupport
2007-07-18 00:49:06 0 d-------- C:\Program Files\ALZip
2007-07-18 00:49:00 0 d-------- C:\Program Files\AIM
2007-07-15 22:27:51 48265 --a------ C:\WINDOWS\system32\nvModes.dat
2007-07-15 20:09:32 0 d-------- C:\Documents and Settings\Xarius\Application Data\Xfire
2007-07-15 01:44:33 0 --a------ C:\WINDOWS\system32\csmss.exe
2007-07-15 01:26:30 0 d-------- C:\Program Files\McAfee.com
2007-07-15 01:16:51 4 --a------ C:\WINDOWS\info147.sys
2007-07-15 01:14:17 0 d---s---- C:\Program Files\Xfire
2007-07-15 01:08:27 0 d-------- C:\Documents and Settings\Xarius\Application Data\.purple
2007-07-08 00:32:27 0 d-------- C:\Documents and Settings\Xarius\Application Data\gtk-2.0
2007-06-25 00:25:56 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-25 00:25:56 1316 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-29 23:39:25 0 d--h----- C:\Documents and Settings\Xarius\Application Data\GTek


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar16.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\QuickSet.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"
"ConMgr.exe"="\"C:\\Program Files\\EarthLink 5.0\\conmgr.exe\""
"DeadAIM"="rundll32.exe \"C:\\PROGRA~1\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"nwiz"="nwiz.exe /installquiet"
"WinampAgent"="C:\\Program Files\\Winamp5\\winampa.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mallocator

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 8.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 8.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 8.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CommTraffic Console.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\CommTraffic Console.lnk"
"backup"="C:\\WINDOWS\\pss\\CommTraffic Console.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\NICKEL~1\\NETWOR~1\\COMMTR~1\\COMMTR~1.EXE "
"item"="CommTraffic Console"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech SetPoint.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\SETPOI~1\\SetPoint.exe "
"item"="Logitech SetPoint"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TFTP2380]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\TFTP2380"
"backup"="C:\\WINDOWS\\pss\\TFTP2380Common Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\TFTP2380"
"item"="TFTP2380"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^The Narnia Full Screen Experience.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\The Narnia Full Screen Experience.lnk"
"backup"="C:\\WINDOWS\\pss\\The Narnia Full Screen Experience.lnkCommon Startup"
"location"="Common Startup"
"command"="G:\\Program Files\\disneymovies\\bin\\bin-1\\disneymovies.exe -sendcommand \"<sendMessages waitForClient=\\\"_maven.controller\\\"><shortcutClicked>startup</shortcutClicked></sendMessages>\""
"item"="The Narnia Full Screen Experience"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^TA_Start.lnk]
"path"="C:\\Documents and Settings\\Xarius\\Start Menu\\Programs\\Startup\\TA_Start.lnk"
"backup"="C:\\WINDOWS\\pss\\TA_Start.lnkStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\TISKY009.exe SKY009"
"item"="TA_Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
"path"="C:\\Documents and Settings\\Xarius\\Start Menu\\Programs\\Startup\\VirtuaGirl2.lnk"
"backup"="C:\\WINDOWS\\pss\\VirtuaGirl2.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Vg\\VIRTUA~1.EXE "
"item"="VirtuaGirl2"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^Xfire.lnk]
"path"="C:\\Documents and Settings\\Xarius\\Start Menu\\Programs\\Startup\\Xfire.lnk"
"backup"="C:\\WINDOWS\\pss\\Xfire.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Xfire\\Xfire.exe "
"item"="Xfire"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!xSpeed]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="!xSpeednet"
"hkey"="HKLM"
"command"="c:\\GAMES\\!xSpeednet\\!xSpeednet.exe reg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!xSpeednet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="!xSpeednet"
"hkey"="HKLM"
"command"="C:\\Nickel and Dimes\\xSpeed\\!xSpeednet\\!xSpeednet.exe reg"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\829E1F6A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="szziwongk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\szziwongk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Apoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Apoint\\Apoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avserve2.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avserve2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\avserve2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cryptographic Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nphlnxk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\nphlnxk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DynDNS"
"hkey"="HKCU"
"command"="\"C:\\Nickel and Dimes\\DynDNS\\DynDNS.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="g4356cbvy63"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\g4356cbvy63"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsasss.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lsasss"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\lsasss.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSCONFIG32"
"hkey"="HKLM"
"command"="MSCONFIG32.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MBDownloader_876919"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Xarius\\LOCALS~1\\Temp\\MBDownloader_876919.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWAS7_0001_N91M2703]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinAntiSpyware2007FreeInstall"
"hkey"="HKLM"
"command"="\"C:\\DOCUME~1\\Xarius\\LOCALS~1\\Temp\\WinAntiSpyware2007FreeInstall.exe\" -nag "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pctspk"
"hkey"="HKLM"
"command"="pctspk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="retadpu1000106"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SaiSmart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Saitek\\Software\\SaiSmart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sho]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="chkdsk"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\s?curity\\chkdsk.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVX Control Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svxhost"
"hkey"="HKLM"
"command"="svxhost.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SyGateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sygate"
"hkey"="HKLM"
"command"="C:\\Program Files\\Sygate\\SHN\\Sygate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teso]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nopdb"
"hkey"="HKCU"
"command"="\"C:\\DOCUME~1\\Xarius\\APPLIC~1\\RACLE~1\\nopdb.exe\" -vt yazb"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpsudyjA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tpsudyjA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\tpsudyjA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcmdmgrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PASSCFG16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\PASSCFG16.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsRegKey update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="windns"
"hkey"="HKLM"
"command"="windns.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winpop"
"hkey"="HKCU"
"command"="C:\\Program Files\\WinPop\\winpop.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TISKY009"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\TISKY009.exe SKY009"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\install.EXE id= ver=1.0.0.0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CATCHME


-- End of Deckard's System Scanner: finished at 2007-07-19 at 21:31:53 ---------

[sUBs]

Do a HijackThis scan (not DSS) & place a check next to these items and select "Fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O20 - Winlogon Notify: mallocator - C:\WINDOWS\

Select every O18-Logitech entry

O18 - Protocol: bw+0 - {8DCE5638-4DDD-45B7-AAF7-55210392B00D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:

File::
C:\WINDOWS\dcqwn0578.exe
C:\WINDOWS\g4356cbvy63.exe
C:\WINDOWS\uninst1014.exe
C:\WINDOWS\system32\csmss.exe
C:\WINDOWS\info147.sys
C:\WINDOWS\pss\TFTP2380Common Startup
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\VirtuaGirl2.lnkStartup
Folder::
C:\temp\brr
C:\temp\0c2
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mallocator]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TFTP2380] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^TA_Start.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\829E1F6A]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cryptographic Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsasss.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWAS7_0001_N91M2703]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sho]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVX Control Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teso]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpsudyjA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsRegKey update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]

Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.


---------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. We only require a report from it.
  It does not provide an option to clean/disinfect.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan
* If you're downloading torrents in the background, please disconnect all of them.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


---------------


In your next post, please include fresh logs from:

1. Fresh Hijackthis log taken just before replying
2. Online scan
3. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[Luxamar]

Alright, haven't been seeing any more popups, but my HDD space is still MIA, and explorer.exe hangs while trying to load Windows Explorer. Other than that, doing good so far.

ok, here's HJT:

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:37 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NICKEL~1\NETWOR~1\COMMTR~1\CTserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\EarthLink 5.0\conmgr.exe
C:\Program Files\Winamp5\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\DellSupport\DSAgnt.exe
c:\program files\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Nickel and Dimes\WKeyKill\WKeyKill.exe
C:\Nickel and Dimes\Clipper\clipper.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar16.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar16.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\conmgr.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp5\winampa.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: clipper.exe.lnk = C:\Nickel and Dimes\Clipper\clipper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Shortcut to WKeyKill.exe.lnk = C:\Nickel and Dimes\WKeyKill\WKeyKill.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1184740156451
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O23 - Service: CommTraffic Service (CTsvc) - TamoSoft, Inc. - C:\NICKEL~1\NETWOR~1\COMMTR~1\CTserv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SyGateService (SaService) - Sygate technologies Inc. - C:\Program Files\Sygate\SHN\sgserv.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9382 bytes

Kapersky:

Quote:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, July 20, 2007 4:58:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 20/07/2007
Kaspersky Anti-Virus database records: 365918
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 142981
Number of viruses found: 24
Number of infected objects: 71
Number of suspicious objects: 0
Duration of the scan process: 02:16:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{4A679683-A990-48D3-80B1-12C862CD245D}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{D265DF36-3F6C-4FC8-BB4D-C2B49C820E70}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\cert8.db Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\history.dat Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\key3.db Object is locked skipped
C:\Documents and Settings\Xarius\Application Data\Mozilla\Firefox\Profiles\484d73wt.default\parent.lock Object is locked skipped
C:\Documents and Settings\Xarius\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Xarius\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Xarius\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Xarius\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Xarius\Local Settings\Temp\~DFCE34.tmp Object is locked skipped
C:\Documents and Settings\Xarius\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Xarius\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Xarius\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Xarius\ntuser.dat.LOG Object is locked skipped
C:\Nickel and Dimes\HACK TOOLS\rpcscan2\RPCScan2.exe Infected: not-a-virus:NetTool.Win32.RPCScan skipped
C:\Nickel and Dimes\HACK TOOLS\rpcscan2.zip/RPCScan2.exe Infected: not-a-virus:NetTool.Win32.RPCScan skipped
C:\Nickel and Dimes\HACK TOOLS\rpcscan2.zip ZIP: infected - 1 skipped
C:\Nickel and Dimes\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Nickel and Dimes\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Nickel and Dimes\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\SCURIT~1\chkdsk.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\woxe83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir/stream/data0002 Infected: not-a-virus:AdWare.Win32.Rond.b skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\B0\mwspasrt83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\B0\mwspasrt83122.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bpohjlxa.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\catsdmtu.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fdssxiiq.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\frvtwvnk.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fxayanon.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\gjlvstqa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hhiyapwp.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ihndhwdy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\iibpqnmy.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jkkhffg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kkuxhlcq.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mdwtqkrk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rttxgdnd.dll.vir Infected: Trojan.Win32.BHO.bd skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rxdqscoz.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sstus.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vqtbdrga.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\weykldkr.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yivaguij.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP226\A0020225.exe Infected: Trojan-Downloader.Win32.Esepor.m skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP226\A0020226.exe Infected: Trojan-Downloader.Win32.Esepor.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP226\A0020227.exe Infected: Trojan-Clicker.Win32.Small.an skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP226\A0020228.exe Infected: Trojan-Downloader.Win32.Esepor.x skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP226\A0020229.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP226\A0020251.dll Infected: Trojan-Downloader.Win32.Agent.co skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP227\A0020261.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP227\A0020262.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP227\A0020282.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP228\A0020315.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229\A0021473.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229\A0021474.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229\A0021475.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP229\A0021476.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230\A0021504.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022232.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022233.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022234.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022235.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022236.dll Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022240.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022241.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022241.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022243.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Rond.b skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022243.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022243.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022243.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022246.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022247.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022248.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022249.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022250.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022251.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022252.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022253.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022259.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0022260.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kr skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP234\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_2OjrvnbHHeoi2Ym Object is locked skipped
C:\WINDOWS\Temp\mcmsc_l08KZl7nXls22Qf Object is locked skipped
C:\WINDOWS\Temp\mcmsc_mh60nx7Lj08JjyB Object is locked skipped
C:\WINDOWS\Temp\mcmsc_mi8V5CS7LRfZGgc Object is locked skipped
C:\WINDOWS\Temp\mcmsc_uQ6y9d0chsDmYSc Object is locked skipped
C:\WINDOWS\Temp\mcmsc_wEZvxJQe2fRDX0h Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

And... Combofix:

Quote:

"Xarius" - 2007-07-20 13:03:59 - ComboFix 07-07-20.5 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Xarius\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\temp\0c2
C:\temp\0c2\tmpRC.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\WINDOWS\dcqwn0578.exe
C:\WINDOWS\g4356cbvy63.exe
C:\WINDOWS\info147.sys
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\TFTP2380Common Startup
C:\WINDOWS\pss\VirtuaGirl2.lnkStartup
C:\WINDOWS\system32\csmss.exe
C:\WINDOWS\uninst1014.exe


((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))


2007-07-19 21:30 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-19 20:46 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-18 22:04 <DIR> d-------- C:\Deckard
2007-07-18 02:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-18 02:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-07-18 02:07 43,352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-18 02:07 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
2007-07-18 01:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-17 23:08 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dhvxrocnewts.sys
2007-07-17 22:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-07-17 21:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-15 21:53 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2007-07-15 01:30 71,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-07-15 01:30 37,480 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-07-15 01:30 34,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-07-15 01:30 32,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-07-15 01:30 170,408 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-07-15 01:29 109,608 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-07-15 01:26 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-07-15 01:25 <DIR> d-------- C:\Program Files\McAfee
2007-07-15 01:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 16:55:56 -------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-07-18 07:11:20 -------- d-----w C:\Program Files\Messenger
2007-07-18 05:16:50 -------- d-----w C:\Program Files\Winamp5
2007-07-18 05:14:45 -------- d-----w C:\Program Files\QuickTime
2007-07-18 05:13:29 -------- d-----w C:\Program Files\PowerArchiver
2007-07-18 05:05:13 -------- d-----w C:\Program Files\iTunes
2007-07-18 05:04:07 -------- d-----w C:\Program Files\Google
2007-07-18 04:58:25 -------- d-----w C:\Program Files\EarthLink 5.0
2007-07-18 04:56:46 -------- d-----w C:\Program Files\DellSupport
2007-07-18 04:49:06 -------- d-----w C:\Program Files\ALZip
2007-07-18 04:49:00 -------- d-----w C:\Program Files\AIM
2007-07-16 02:27:51 48,265 ----a-w C:\WINDOWS\system32\nvModes.dat
2007-07-16 00:09:32 -------- d-----w C:\DOCUME~1\Xarius\APPLIC~1\Xfire
2007-07-15 05:26:30 -------- d-----w C:\Program Files\McAfee.com
2007-07-15 05:14:17 -------- d-s---w C:\Program Files\Xfire
2007-07-15 05:08:27 -------- d-----w C:\DOCUME~1\Xarius\APPLIC~1\.purple
2007-07-08 04:32:27 -------- d-----w C:\DOCUME~1\Xarius\APPLIC~1\gtk-2.0
2007-06-25 04:25:56 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-06-25 04:25:56 1,316 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-05-30 03:39:25 -------- d--h--w C:\DOCUME~1\Xarius\APPLIC~1\GTek
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2006-10-09 21:24:24 206,528 ----a-w C:\DOCUME~1\Xarius\APPLIC~1\GDIPFONTCACHEV1.DAT
2003-07-09 21:54:58 207,759 ----a-w C:\Program Files\INSTALL.LOG
2001-10-05 16:53:04 21,866 ----a-w C:\Program Files\Common Files\tppupd2k.dll
2003-08-17 03:00:51 56 --sh--r C:\WINDOWS\SYSTEM32\AA0B40D7A8.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe" [2003-01-31 12:27]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 18:29]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 13:28]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2003-04-10 12:16]
"ConMgr.exe"="C:\Program Files\EarthLink 5.0\conmgr.exe" [2002-01-04 00:18]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-23 05:16]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-10 23:32]
"nwiz"="nwiz.exe" [2004-10-26 12:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
"WinampAgent"="C:\Program Files\Winamp5\winampa.exe" [2005-12-09 02:30]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 12:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-02-04 16:29]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2004-05-12 01:03]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 18:44]

C:\Documents and Settings\Xarius\Start Menu\Programs\Startup\
clipper.exe.lnk - C:\Nickel and Dimes\Clipper\clipper.exe [2003-07-15 02:52:08]
DESKTOP.INI [2002-09-03 10:00:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-08-26 12:12:19]
DESKTOP.INI [2003-07-15 16:24:09]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Shortcut to WKeyKill.exe.lnk - C:\Nickel and Dimes\WKeyKill\WKeyKill.exe [2000-08-13 11:47:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"= C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-02-10 23:32 93408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CommTraffic Console.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CommTraffic Console.lnk
backup=C:\WINDOWS\pss\CommTraffic Console.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TFTP2380]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TFTP2380
backup=C:\WINDOWS\pss\TFTP2380Common Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^The Narnia Full Screen Experience.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\The Narnia Full Screen Experience.lnk
backup=C:\WINDOWS\pss\The Narnia Full Screen Experience.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Xarius\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
path=C:\Documents and Settings\Xarius\Start Menu\Programs\Startup\VirtuaGirl2.lnk
backup=C:\WINDOWS\pss\VirtuaGirl2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Xarius\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!xSpeed]
c:\GAMES\!xSpeednet\!xSpeednet.exe reg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!xSpeednet]
C:\Nickel and Dimes\xSpeed\!xSpeednet\!xSpeednet.exe reg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\829E1F6A]
C:\WINDOWS\System32\szziwongk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avserve2.exe]
C:\WINDOWS\avserve2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cryptographic Service]
C:\WINDOWS\System32\nphlnxk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
"C:\Nickel and Dimes\DynDNS\DynDNS.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63]
C:\WINDOWS\g4356cbvy63

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsasss.exe]
C:\WINDOWS\lsasss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
MSCONFIG32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]
C:\DOCUME~1\Xarius\LOCALS~1\Temp\MBDownloader_876919.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWAS7_0001_N91M2703]
"C:\DOCUME~1\Xarius\LOCALS~1\Temp\WinAntiSpyware2007FreeInstall.exe" -nag

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]
C:\Program Files\Saitek\Software\SaiSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sho]
"C:\Program Files\Common Files\s?curity\chkdsk.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVX Control Service]
svxhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SyGateManager]
C:\Program Files\Sygate\SHN\Sygate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teso]
"C:\DOCUME~1\Xarius\APPLIC~1\RACLE~1\nopdb.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpsudyjA]
C:\WINDOWS\tpsudyjA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
C:\WINDOWS\PASSCFG16.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsRegKey update]
windns.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]
C:\WINDOWS\TISKY009.exe SKY009


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\install.EXE id= ver=1.0.0.0

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-03-05 02:54:44 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-15 05:28:16 C:\WINDOWS\tasks\McDefragTask.job
2007-07-15 05:28:15 C:\WINDOWS\tasks\McQcTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 13:11:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120(Trial Version)"

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-20 13:13:54
C:\ComboFix-quarantined-files.txt ... 2007-07-20 13:12
C:\ComboFix2.txt ... 2007-07-19 21:15

--- E O F ---

[sUBs]

TeaTimer is an excellent tool for the prevention of spyware but it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose Yes at the Warning prompt.
• Expand the Tools menu.
• Click Resident.
• Uncheck the Resident "TeaTimer" (Protection of overall system settings) active. box.
• In the File menu click Exit to exit Spybot Search & Destroy.

Download http://www.techsupportforum.com/sect...etTeaTimer.zip
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.


---------------


Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TFTP2380]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^TA_Start.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Xarius^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\829E1F6A]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avserve2.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cryptographic Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g4356cbvy63]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsasss.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWAS7_0001_N91M2703]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sho]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVX Control Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teso]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpsudyjA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsRegKey update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{ZN}]

Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry


---------------


C:\QooBox\ is ComboFix's quarantine folder. You can safely delete it

CLEAR & RESET SYSTEM RESTORE'S CACHE - (System Volume Information folder)
Go to Start → Run → type control sysdm.cpl,,4 & press Enter

• Tick on the checkbox - Turn off System Restore on all drives
• Click Apply

Turn it back 'On' by unticking the same checkbox & click OK


How much hdd space did you lose?

[Luxamar]

I lost ~1.5GB from the time I started working with this site until I reported missing space. Part of that process was downloading and installing a lot of updates from Microsoft (including IE 7). But would that munch up that much space?

[Luxamar]

After a restart, things are running pretty smoothly now.
I was wondering... OIN, or whatever that thing was that was causing popups, I heard eats a lot of space? Did it get deleted during all this or just disabled?

Let me know if you want any more scan logs. Thanks for the excellent support so far!

[sUBs]

1.5 GB is a lot of disk space. Did not reseting System Restore return much of the space?

Delete the C:\Deckard folder. We dont need it anymore.

Let's clear up your temp folders. There's probably a lot of rubbish files in there. Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Let us know how that went

[Luxamar]

Ok, yea, resetting System Restore gave me ~1gb. I think it's alright now.
Cleaning the temp folders cleared up ~10MB.

[sUBs]

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

1. DISABLE THE VIEWING OF SYSTEM FILES
   From Windows Explorer, go to Tools>Folder Options> View tab.
   • Untick - Show hidden files and folder
   • Tick - Hide protected operating system files
   Click Yes to confirm & then click OK
   
   
   
2. SECURING INTERNET EXPLORER
   From within Internet Explorer click on the Tools menu and then click on Internet Options.
   • Select the Security tab
     • Click once on the Internet icon so it becomes highlighted.
     • Select Custom Level .
       • Change 'Download signed ActiveX controls' to Prompt
       • Change 'Download unsigned ActiveX controls' to Disable
       • Change 'Initialize and script ActiveX controls not marked as safe' to Disable
       • Change 'Installation of desktop items' to Prompt
       • Change 'Launching programs and files in an IFRAME' to Prompt
       • Change 'Navigate sub-frames across different domains' to Prompt
       • When all these changes have been made, click on the OK button.
     • If it prompts you as to whether or not you want to save the settings, press the Yes button.
   • Select OK to exit the Internet Properties page.
   
   
   
3. ANTIVIRUS SOFTWARE
   It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources → http://www.bleepingcomputer.com/forums/topict405.html
   
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
4. FIREWALL
   Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here → http://www.bleepingcomputer.com/forums/tutorial60.html
   
   
   
5. Microsoft Windows Update → http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
   
6. SPYBOT - SEARCH & DESTROY
   Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial43.html
   
   
7. AD-AWARE
   Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial48.html
   
   
   
8. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html
   
   
   
9. IE-SPYAD
   IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here http://www.spywarewarrior.com/uiuc/resource.htm

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://toolbar.google.com/ - Google Toolbar - Get the free google toolbar to help stop pop up windows.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

[Luxamar]

Hey, I'm going to go ahead and reply to this now. When I get back home, I'll work on these steps. Thanks SO much for your support.