Completed the 5 Steps

[derrickt]

Deckard's System Scanner v20070804.61
Run by HP_Owner on 2007-08-05 at 16:46:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:37:16 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
c:\program files\common files\aol\1128887343\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
c:\program files\common files\aol\1128887343\ee\aexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\WINDOWS\TEMP\winD1E.tmp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malware Spyware Fix\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14B090B0-3621-4391-97BF-B4EE4AB38334} - C:\WINDOWS\system32\mljjh.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {23BA69E4-30C7-4247-A148-E44CD90FD800} - C:\WINDOWS\system32\vtsqo.dll
O2 - BHO: (no name) - {34F4A050-C52E-412F-AC5A-2D60066134CD} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\elrllblf.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\jkkligd.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\keokexbw.dll",forkonce
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winD1E.tmp.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhat.dll,startup
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/5eef92fa1bb3...ad449e1_35.exe
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O20 - Winlogon Notify: jkkligd - C:\WINDOWS\SYSTEM32\jkkligd.dll
O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll
O20 - Winlogon Notify: winemx32 - C:\WINDOWS\SYSTEM32\winemx32.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 14276 bytes

-- Files created between 2007-07-05 and 2007-08-05 -----------------------------

2007-08-05 15:52:49 0 d-------- C:\Program Files\Malware Spyware Fix
2007-08-05 15:42:52 0 d-------- C:\ie-spyad
2007-08-05 15:30:30 0 d-------- C:\Program Files\ZonedOut
2007-08-05 15:23:31 0 d-------- C:\Program Files\SpywareBlaster
2007-08-05 15:15:23 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-08-05 14:04:04 93696 --a------ C:\WINDOWS\system32\drvhat.dll
2007-08-05 14:03:53 31254 --a------ C:\WINDOWS\system32\yaywxyy.dll
2007-08-05 12:40:13 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-05 12:30:27 40183 ---hs---- C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
2007-08-05 12:27:44 31254 --a------ C:\WINDOWS\system32\hggghge.dll
2007-08-05 12:13:33 6467 ---hs---- C:\WINDOWS\system32\oqstv.bak1
2007-08-05 12:13:03 228960 --a------ C:\WINDOWS\system32\vtsqo.dll
2007-08-05 12:01:55 0 d-------- C:\WINDOWS\??sembly
2007-08-05 12:01:36 103 --a------ C:\WINDOWS\system32\mit.bat
2007-08-05 12:01:26 31254 --a------ C:\WINDOWS\system32\nnnlkkj.dll
2007-08-05 11:48:40 1731611 ---hs---- C:\WINDOWS\system32\ijjlm.ini2
2007-08-05 11:47:48 125504 --a------ C:\WINDOWS\system32\keokexbw.dll
2007-08-04 04:40:35 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-08-04 04:40:18 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-04 03:17:49 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Download Manager
2007-08-04 03:00:56 0 --a------ C:\Documents and Settings\HP_Owner\Application Data\Install.dat
2007-08-04 03:00:47 31254 --a------ C:\WINDOWS\system32\hgghhih.dll
2007-08-03 03:35:20 31254 --a------ C:\WINDOWS\system32\pmnoopn.dll
2007-08-03 01:31:54 31254 --a------ C:\WINDOWS\system32\awttrom.dll
2007-08-03 01:26:18 1731301 ---hs---- C:\WINDOWS\system32\ijjlm.bak2
2007-08-02 1408 31254 --a------ C:\WINDOWS\system32\mljjjjg.dll
2007-08-02 13:34:17 31254 --a------ C:\WINDOWS\system32\rqrsspq.dll
2007-08-02 13:22:04 0 d-------- C:\Program Files\Trend Micro
2007-08-02 13:21:53 6467 ---hs---- C:\WINDOWS\system32\ijjlm.bak1
2007-08-02 13:03:21 31254 --a------ C:\WINDOWS\system32\ddcccaw.dll
2007-08-02 11:37:24 31254 --a------ C:\WINDOWS\system32\yayxurq.dll
2007-08-02 09:52:45 31254 --a------ C:\WINDOWS\system32\jkkligd.dll
2007-08-01 12:44:40 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-08-01 12:44:27 0 d-------- C:\Program Files\Final Draft 5
2007-08-01 11:56:24 31254 --a------ C:\WINDOWS\system32\qomjkki.dll
2007-07-30 22:15:50 0 d-------- C:\Program Files\SmitfraudFix
2007-07-30 21:02:34 31254 --a------ C:\WINDOWS\system32\awtuvwv.dll
2007-07-30 19:14:25 31254 --a------ C:\WINDOWS\system32\khffdec.dll
2007-07-29 14:49:31 1733503 --ahs---- C:\WINDOWS\system32\ccbeg.bak2
2007-07-29 14:49:29 1734346 --ahs---- C:\WINDOWS\system32\ccbeg.ini2
2007-07-28 11:50:39 6467 --ahs---- C:\WINDOWS\system32\ccbeg.bak1
2007-07-28 11:48:51 5226 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-28 11:27:56 0 d-------- C:\VundoFix Backups
2007-07-28 10:54:42 69184 --a------ C:\WINDOWS\system32\elrllblf.dll
2007-07-28 10:54:11 1734844 --ahs---- C:\WINDOWS\system32\llnmp.ini2
2007-07-28 10:46:28 1733464 --ahs---- C:\WINDOWS\system32\llnmp.bak2
2007-07-27 12:05:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-07-27 12:05:06 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-27 11:48:11 6467 --ahs---- C:\WINDOWS\system32\llnmp.bak1
2007-07-27 11:43:16 2 --a------ C:\-1269735920
2007-07-27 11:42:43 19968 --a------ C:\WINDOWS\system32\winemx32.dll
2007-07-24 21:48:10 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Yahoo!
2007-07-24 21:48:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-07-17 13:21:19 0 d-------- C:\Program Files\iPod
2007-07-17 13:21:09 0 d-------- C:\Program Files\iTunes
2007-07-06 13:39:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-06 13:37:31 0 d-------- C:\Program Files\Yahoo!
2007-07-05 09:52:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2007-08-05 16:39:36 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-05 15:22:14 240904 --a------ C:\Program Files\ZonedOut.zip
2007-08-05 14:23:03 0 d-------- C:\Program Files\QuickTime
2007-08-05 14:21:13 0 d-------- C:\Program Files\Norton Internet Security
2007-08-05 14:14:37 0 d-------- C:\Program Files\Google
2007-08-05 14:13:43 0 d-------- C:\Program Files\Common Files\Scanner
2007-08-05 14:12:57 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-08-05 12:34:54 0 d-------- C:\Program Files\Common Files
2007-08-04 04:41:11 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2007-08-04 04:30:25 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-02 12:54:49 0 d-------- C:\Program Files\Java
2007-07-30 20:52:36 140 --a------ C:\Program Files\FixVundo.log
2007-07-27 11:59:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 11:46:34 112958 --a------ C:\WINDOWS\hpoins07.dat
2007-07-17 13:10:54 0 d-------- C:\Program Files\Apple Software Update
2007-07-14 10:24:08 0 d-------- C:\Program Files\Symantec
2007-07-06 13:23:32 0 d-------- C:\Program Files\Pure Networks
2007-07-06 13:23:32 0 d-------- C:\Program Files\Common Files\AOL
2007-07-06 13:20:33 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-07-05 09:21:18 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-07-03 14:25:27 0 d-------- C:\Program Files\Common Files\Apple
2007-06-27 11:44:55 0 d-------- C:\Program Files\HP
2007-06-27 11:25:48 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\HP
2007-06-26 14:37:00 0 d-------- C:\Program Files\Microsoft Works
2007-06-18 18:28:41 0 d-------- C:\Program Files\06WebSetup


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14B090B0-3621-4391-97BF-B4EE4AB38334}]
C:\WINDOWS\system32\mljjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34F4A050-C52E-412F-AC5A-2D60066134CD}]
C:\WINDOWS\system32\awvvs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C87FAA5-363F-4E8A-8A6D-B112EC5AFE5A}]
08/05/2007 12:13 PM 228960 --a------ C:\WINDOWS\system32\vtsqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
07/28/2007 10:54 AM 69184 --a------ C:\WINDOWS\system32\elrllblf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}]
08/02/2007 09:52 AM 31254 --a------ C:\WINDOWS\system32\jkkligd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/08/2005 12:07 AM C:\WINDOWS\system32\HdAShCut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/08/2005 10:59 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/08/2005 11:03 AM]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 11:35 PM]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/25/2005 10:34 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [05/10/2005 05:50 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe" [09/25/2006 05:52 PM]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/15/2005 07:49 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [05/12/2005 06:12 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [09/05/2006 06:22 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2007 09:18 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM]
"@"="" []
"SystemOptimizer"="C:\WINDOWS\system32\keokexbw.dll" [08/05/2007 11:47 AM]
"avp"="C:\WINDOWS\TEMP\winD1E.tmp.exe" []
"CTDrive"="C:\WINDOWS\system32\drvhat.dll" [08/05/2007 02:04 PM]
"smgr"="mgrs.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/24/2007 09:46 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [03/28/2007 03:10 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/27/2007 12:02:05 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 6:23:26 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9BD0828-1FD9-410C-A50F-43EBE65D310F}"= C:\WINDOWS\system32\jkkligd.dll [08/02/2007 09:52 AM 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkligd]
jkkligd.dll 08/02/2007 09:52 AM 31254 C:\WINDOWS\system32\jkkligd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqo]
C:\WINDOWS\system32\vtsqo.dll 08/05/2007 12:13 PM 228960 C:\WINDOWS\system32\vtsqo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winemx32]
winemx32.dll 07/27/2007 11:42 AM 19968 C:\WINDOWS\system32\winemx32.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f94b8e8-3766-11da-8e46-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-08-05 at 16:48:01 ---------

[Aaflac]

Please stay with this thread, and only post here for this problem. Do not start a new thread, otherwise it is too confusing...

Use Post Reply - left bottom corner. Thanks!!


Next, download ComboFix.exe

Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.[/quote]

[derrickt]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:30 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\common files\aol\1128887343\ee\aolsoftware.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
c:\program files\common files\aol\1128887343\ee\aexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14B090B0-3621-4391-97BF-B4EE4AB38334} - C:\WINDOWS\system32\mljjh.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {34F4A050-C52E-412F-AC5A-2D60066134CD} - C:\WINDOWS\system32\awvvs.dll (file missing)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Srro] "C:\WINDOWS\SEMBLY~1\javaw.exe" -vt yazb
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/5eef92fa1bb3...ad449e1_35.exe
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 13366 bytes

[Aaflac]

Please open Notepad (Start > Run, in the Open field type: notepad)
Click: OK

Copy/ paste the blue text below to Notepad:

File::
C:\Program Files\toolbar.exe
C:\WINDOWS\unvise32.exe
C:\WINDOWS\system32\gebcc.dll.vir
C:\WINDOWS\system32\pmnll.dll.vir
C:\WINDOWS\system32\xxyabxv.dll.vir

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14B090B0-3621-4391-97BF-B4EE4AB38334}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34F4A050-C52E-412F-AC5A-2D60066134CD}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Srro]

Save as CFScript.txt <-Important!!
Change the Save as type to: All Files
Save it to the Desktop.




Referring to the screenshot above, drag CFScript.txt >>> into >>> ComboFix.exe
ComboFix runs a scan on your system, and may reboot when it finishes. This is normal.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced: ComboFix.txt

~~~~
Please run HijackThis once again to obtain a new log.

~~~~
Please provide the contents of the new ComboFix.txt in your next reply, as well as the new HijackThis log.

[derrickt]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:12 PM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\common files\aol\1128887343\ee\aolsoftware.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\common files\aol\1128887343\ee\aexplore.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Srro] "C:\WINDOWS\SEMBLY~1\javaw.exe" -vt yazb
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/5eef92fa1bb3...ad449e1_35.exe
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 13194 bytes


ComboFix 07-08-07.5 - "HP_Owner" 2007-08-07 20:50:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.177 [GMT -7:00]
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\Program Files\toolbar.exe
C:\WINDOWS\unvise32.exe
C:\WINDOWS\system32\gebcc.dll.vir
C:\WINDOWS\system32\pmnll.dll.vir
C:\WINDOWS\system32\xxyabxv.dll.vir


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\toolbar.exe
C:\WINDOWS\system32\gebcc.dll.vir
C:\WINDOWS\system32\pmnll.dll.vir
C:\WINDOWS\system32\xxyabxv.dll.vir
C:\WINDOWS\unvise32.exe


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-06 22:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 16:24 <DIR> d-------- C:\Deckard
2007-08-05 15:52 <DIR> d-------- C:\Program Files\Malware Spyware Fix
2007-08-05 15:42 <DIR> d-------- C:\ie-spyad
2007-08-05 15:30 <DIR> d-------- C:\Program Files\ZonedOut
2007-08-05 15:23 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-05 15:15 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Viewpoint
2007-08-05 12:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-04 04:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-04 04:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-08-04 03:17 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Download Manager
2007-08-02 13:22 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-01 12:44 <DIR> d-------- C:\Program Files\Final Draft 5
2007-07-30 22:15 <DIR> d-------- C:\Program Files\SmitfraudFix
2007-07-30 21:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-29 18:31 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-07-28 11:48 5,226 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-28 11:27 <DIR> d-------- C:\VundoFix Backups
2007-07-27 12:05 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-07-27 12:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-07-24 21:48 <DIR> d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Yahoo!
2007-07-24 21:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-07-17 13:21 <DIR> d-------- C:\Program Files\iTunes
2007-07-17 13:21 <DIR> d-------- C:\Program Files\iPod


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 20:01 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-05 23:13 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\Apple Computer
2007-08-05 17:39 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 15:22 240904 --a------ C:\Program Files\ZonedOut.zip
2007-08-05 14:23 --------- d-------- C:\Program Files\QuickTime
2007-08-05 14:21 --------- d-------- C:\Program Files\Norton Internet Security
2007-08-05 14:14 --------- d-------- C:\Program Files\Google
2007-08-05 14:13 --------- d-------- C:\Program Files\Common Files\Scanner
2007-08-05 14:12 --------- d-a------ C:\Program Files\Common Files\LightScribe
2007-07-30 20:52 140 --a------ C:\Program Files\FixVundo.log
2007-07-21 11:46 112958 --a------ C:\WINDOWS\hpoins07.dat
2007-07-17 13:10 --------- d-------- C:\Program Files\Apple Software Update
2007-07-14 10:24 --------- d-------- C:\Program Files\Symantec
2007-07-14 10:23 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-14 10:23 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-14 10:23 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-14 10:23 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-11 10:25 --------- d-------- C:\Program Files\Yahoo!
2007-07-06 13:23 --------- d-------- C:\Program Files\Pure Networks
2007-07-06 13:23 --------- d-------- C:\Program Files\Common Files\AOL
2007-07-06 13:20 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AOL
2007-07-05 09:21 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\AdobeUM
2007-07-03 14:25 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-27 11:44 --------- d-------- C:\Program Files\HP
2007-06-27 11:25 --------- d-------- C:\DOCUME~1\HP_Owner\APPLIC~1\HP
2007-06-26 14:37 --------- d-------- C:\Program Files\Microsoft Works
2007-06-18 18:28 --------- d-------- C:\Program Files\06WebSetup
2007-05-16 08:12 86528 --a------ C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --a------ C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --a------ C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --a------ C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 02:24 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2005-10-09 14:06 0 --a------ C:\DOCUME~1\HP_Owner\APPLIC~1\wklnhst.dat
2005-05-12 06:36 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 00:07 C:\WINDOWS\system32\HdAShCut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 10:59]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 11:03]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 22:34]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 17:50]
"HostManager"="C:\Program Files\Common Files\AOL\1128887343\ee\AOLSoftware.exe" [2006-09-25 17:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-15 19:49]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 21:46]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 15:10]
"Srro"="C:\WINDOWS\SEMBLY~1\javaw.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-27 12:02:05]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56]

R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys
R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-08-03 22:58:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-04 04:05:27 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 20:54:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-07 20:59:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-07 20:57
C:\ComboFix2.txt ... 2007-08-06 22:17

--- E O F ---

[Aaflac]

Please run HijackThis, Scan
Check box for:

O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (file missing)

O4 - HKCU\..\Run: [Srro] "C:\WINDOWS\SEMBLY~1\javaw.exe" -vt yazb

O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/5eef92fa1bb3...ad449e1_35.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab

Select: Fix checked

Restart the computer.

~~~~
Are you still having malware problems?

[derrickt]

It appears the malware has been exterminated. Thanx a lot.

[Aaflac]

If you are not having malware problems, you are good to go!

~~~~
You can remove ComboFix, the C:\Qoobox folder (part of ComboFix), the C:\Deckard folder, C:\Program Files\SmitfraudFix, and C:\VundoFix\Backups.
Then, empty the Recycle Bin.

Also, clean out System Restore:

Go to Start > Run, and in the Open area, copy the following: control sysdm.cpl,,4

• Press: Enter
• Check the box: Turn off System Restore on all drives
• Click: Apply
• You are prompted to restart the computer.
• Click: Yes

Now, turn on System Restore by removing the check on: Turn off System Restore on all drives
Click: OK

Next, create a Restore Point:

• Go to: Start > All Programs
• Go to: Accessories > System Tools, and select: System Restore
• In the System Restore wizard, select: Create a restore point
• Click the Next button.
• Type a description for the restore point, like: Clean Slate (or whatever you like)
• Click Create.

~~~~

Some of the best suggestions and programs to remain malware free are contained in Tony Klein’s article:
How Did I Get Infected In The First Place

It is also a very good practice to perform an online virus scan on a regular basis.
Scanners do not have identical malware definitions, and what one misses, another one can catch.
Some of the scanners are:
BitDefender Online Scanner
ESET NOD32 Online Scanner
F-Secure Online Scanner
Panda ActiveScan
TrendMicro HouseCall

~~~~
Thank you for your patience, and performing the procedures requested.
If you have any questions or comments, post back. Otherwise...


Good luck, and safe journey through the Internet!!

[derrickt]

My computer is not allowing the Qoobox and Vundo backup files to delete. When the files reach the recycle bin, an error message pops-up, and my Symantec auto-protect window pops-up stating it has blocked it, which is the name of the trojan.vundo and the other is purity scan.

Should I continue with the Restore process?

Please advise.

[Aaflac]

Do you have a Norton Protected Recycle Bin?

Can you be more specific about the error message that shows up?

[derrickt]

When I attempt to delete Qoobox, a Windows message "Cannot delete awttrrs.dll.vir: Cannot find the specified file. Make sure you specify the correct path and file name" pops-up.

Then, a Norton message alert "Auto-Protect has detected trojan.vundo as a security risk" pops-up. Then a few seconds later, another Norton message says that it has blocked and removed trojan.vundo from my computer." Then asks do a want to restart my computer or wait.

And yes, I have a Norton protected Recycle Bin.

[Aaflac]

If you do not need any of the Norton Recycler/NPROTECT files, right click the Recycle bin, and select:
You can also go to Start > Run, and type in: cmd
Copy/paste the following:

del \\?\c:\recycler\nprotect\*.*

[Make SURE that you don't need any of the files, because the command deletes all the files in the NPROPTECT folder]

~~~~
Start the computer in Safe Mode :

• When the machine first starts again, tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
• Select the option for Safe Mode using the arrow keys.
• Press Enter to boot into Safe Mode.

~~~~
See if you can remove any remaining folder while in Safe Mode.

~~~~
Post back on how it goes, and whether Norton keeps giving alerts.

[derrickt]

Is there another option for Safe Mode... tapping the F8 key doesn't work. I tried it four times to no avail. It starts up like normal with no advance options window.

[Aaflac]

Please launch Notepad, (Start > Run, type in: notepad)
Copy/paste all the blue text below to it:

Code:

  @echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
%systemdrive%\VundoFix Backups
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs

(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg

regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0

In Notepad, go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: Fix.bat
Save as Type: All files
Click: Save
Exit out of Notepad

Next, on the Desktop, double click on Fix.bat and allow it to run
It should look like this:


Please post the Fix.bat report in your reply.

[derrickt]

I ran the Fix.bat from the desktop, but oddly enough, when it finished, the original fix.bat icon and the report(s) disappeared from the desktop. I searched for them in programs and in the batch files, but to no avail. And I did notice that the Qoobox and Vundo folders are gone.

[Aaflac]

Did you get a "Deleted successfully"?

[derrickt]

Yes, the files were deleted.

[Aaflac]

Can you boot to Safe Mode?

If this is an HP machine, the following has worked:

When the system starts, an HP splash screen lists options such as (example below):

• F1: Summary / Boot Process
• F2: Setup
• F8: Boot Menu
• F12: Network Boot

At this time, hit the F8 key on the keyboard and allow the system to bring up the boot menu. Eventually, a screen listing boot options (example below) shows up:

1. Removable Devices
2. CD-ROM Drive
3. Hard Drive
4. Network Boot
5. Etc…..

Hit Enter on the keyboard, and immediately follow it with F8 again.

This should bring up a menu allowing you to select Safe Mode, and several other boot options.

[Aaflac]

One more thing, if you cannot access Safe Mode, are you using a USB keyboard?

If you do, does the BIOS recognize it?

When the computer boots it normally tells you to hit one of the F keys to get into the BIOS. Once you get into the BIOS, look, but do not change anything.

[derrickt]

The flash screen only gives me 3 options:

Esc key for Boot Device
F1 key for Bios Setup Utility
F10 key for System Recovery

There is no Safe Mode key or access from any of the above.

I did peruse in the BIOS Setup. But didn't touch anything.

Also, my computer is still in the Recovery Mode from earlier steps.