Virus (logs included)

[WTFman]

I clicked on an executable file and the second I did I knew it was a mistake. Blah. Now windows explorer gets killed all the time which naturally make life on the computer a little annoying. Below is my Deckard scan main.txt and attached is the extra.txt.

Any assistance is welcome. Thanks in advance for your help!


Deckard's System Scanner v20071014.68
Run by Rich on 2008-06-06 07:14:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2008-06-06 11:14:55 UTC - RP268 - Deckard's System Scanner Restore Point
89: 2008-06-05 11:58:37 UTC - RP267 - Installed Windows XP KB918439.
88: 2008-06-04 13:37:56 UTC - RP266 - System Checkpoint
87: 2008-06-03 12:51:21 UTC - RP265 - System Checkpoint
86: 2008-06-02 12:29:47 UTC - RP264 - Last known good configuration


-- First Restore Point --
1: 2008-06-02 12:29:38 UTC - RP179 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rich.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:03 AM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Download\Virus\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rich.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mnm.manheim.com/webvpn.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\rqRKEWPf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {D432055C-3C34-4BC7-9AB3-075839717783} - C:\WINDOWS\system32\pmnnLFuu.dll
O2 - BHO: (no name) - {D8390EDF-2603-4BDD-A9EB-328A4C7AA1BA} - C:\WINDOWS\system32\jkkJyYqN.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\ALLYS\EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\DOCUME~1\Rich\LOCALS~1\Temp\E_S122.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1060284298-115176313-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
O4 - Startup: Tardis.lnk = C:\Program Files\Tardis2000\Tardis.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197915538656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A75C0A01-6285-4004-BCC9-BCEE1F391774}: NameServer = 205.152.0.20,207.69.188.185
O20 - Winlogon Notify: rqRKEWPf - C:\WINDOWS\SYSTEM32\rqRKEWPf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9099 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems SSL VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems SSL VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CSVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-05-31 08:59:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-06 07:15:58 0 d-------- C:\Program Files\Trend Micro
2008-06-05 08:28:52 345 --ahs---- C:\WINDOWS\system32\qqsrqtwa.ini2
2008-06-05 08:28:47 371712 --a------ C:\WINDOWS\system32\awtqrsqq.dll
2008-06-05 07:58:28 0 d-------- C:\WINDOWS\LastGood
2008-06-05 07:19:21 345 --ahs---- C:\WINDOWS\system32\GPXHOUvw.ini2
2008-06-05 07:19:11 371712 --a------ C:\WINDOWS\system32\wvUOHXPG.dll
2008-06-05 07:09:15 0 d-------- C:\Program Files\Panda Security
2008-06-04 07:13:40 345 --ahs---- C:\WINDOWS\system32\BayGQqru.ini2
2008-06-04 07:13:30 371712 --a------ C:\WINDOWS\system32\urqQGyaB.dll
2008-06-03 21:38:09 345 --ahs---- C:\WINDOWS\system32\xxbdfMoq.ini2
2008-06-03 21:38:02 373248 --a------ C:\WINDOWS\system32\qoMfdbxx.dll
2008-06-03 19:39:08 345 --ahs---- C:\WINDOWS\system32\RsDeNXbc.ini2
2008-06-03 19:39:04 373248 --a------ C:\WINDOWS\system32\cbXNeDsR.dll
2008-06-03 16:40:37 345 --ahs---- C:\WINDOWS\system32\jiRuvGgh.ini2
2008-06-03 16:40:33 373248 --a------ C:\WINDOWS\system32\hgGvuRij.dll
2008-06-03 05:56:17 0 d-------- C:\Documents and Settings\Rich\Application Data\HouseCall 6.6
2008-06-02 22:20:20 345 --ahs---- C:\WINDOWS\system32\stCfikkj.ini2
2008-06-02 22:20:14 373248 --a------ C:\WINDOWS\system32\jkkifCts.dll
2008-06-02 21:12:15 736518 --ahs---- C:\WINDOWS\system32\uuFLnnmp.ini2
2008-06-02 21:12:11 373248 --a------ C:\WINDOWS\system32\pmnnLFuu.dll
2008-06-02 20:14:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-06-02 20:13:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-02 20:11:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-02 20:11:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-02 20:11:44 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-02 20:11:44 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-02 20:11:44 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-02 20:11:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-02 20:11:44 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-02 20:11:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-02 20:11:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-02 20:11:43 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-02 08:29:28 5537 --ahs---- C:\WINDOWS\system32\NqYyJkkj.ini2
2008-06-02 08:24:17 57344 --a------ C:\WINDOWS\system32\rqRKEWPf.dll
2008-06-01 12:37:09 0 d-------- C:\Documents and Settings\Rich\Application Data\Move Networks
2008-05-31 12:35:55 0 d-------- C:\Documents and Settings\Rich\Application Data\ACD Systems
2008-05-31 12:34:32 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-05-31 12:34:32 0 d-------- C:\Program Files\ACD Systems
2008-05-31 12:34:32 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-31 12:34:13 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-27 21:23:51 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-21 19:10:01 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-21 18:03:05 0 d-------- C:\Age of Conan
2008-05-21 17:18:05 0 d-------- C:\Pictures
2008-05-10 10:20:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 05:13:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-06 18:43:32 0 d-------- C:\DVDFiles


-- Find3M Report ---------------------------------------------------------------

2008-06-05 07:14:08 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-05 06:05:38 0 d-------- C:\Program Files\mIRC
2008-06-01 17:18:34 0 d-------- C:\Documents and Settings\Rich\Application Data\uTorrent
2008-05-31 12:35:36 0 d-------- C:\Program Files\Thumbs6
2008-05-31 12:34:32 0 d-------- C:\Program Files\Common Files
2008-05-31 09:08:04 0 d-------- C:\Program Files\Safari
2008-05-30 07:46:12 0 d-------- C:\Program Files\AnyDVD
2008-05-25 21:57:20 0 d-------- C:\Program Files\Trillian
2008-05-19 07:31:26 0 d-------- C:\Program Files\uTorrent
2008-05-14 20:45:16 0 d-------- C:\Documents and Settings\Rich\Application Data\Apple Computer
2008-05-07 21:38:12 0 d-------- C:\Program Files\Ad-Aware 2007
2008-05-07 07:46:52 0 d-------- C:\Program Files\EPSON Print CD
2008-05-05 20:13:31 0 d-------- C:\Program Files\coverXP
2008-05-05 19:26:18 0 d-------- C:\Program Files\EPSON
2008-05-05 19:26:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-03 22:17:53 17144 --a------ C:\Documents and Settings\Rich\Application Data\GDIPFONTCACHEV1.DAT
2008-05-03 22:05:11 0 d-------- C:\Program Files\VobBlanker
2008-04-16 10:50:57 0 d-------- C:\Program Files\iTunes
2008-04-16 10:50:50 0 d-------- C:\Program Files\iPod
2008-04-16 10:50:01 0 d-------- C:\Program Files\QuickTime
2008-04-16 10:41:15 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}]
06/02/2008 08:24 AM 57344 --a------ C:\WINDOWS\system32\rqRKEWPf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D432055C-3C34-4BC7-9AB3-075839717783}]
06/02/2008 09:12 PM 373248 --a------ C:\WINDOWS\system32\pmnnLFuu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8390EDF-2603-4BDD-A9EB-328A4C7AA1BA}]
C:\WINDOWS\system32\jkkJyYqN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 05:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 AM C:\WINDOWS\Alcmtr.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 08:44 AM]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [10/30/2006 08:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/28/2007 05:52 PM]
"nwiz"="nwiz.exe" [10/28/2007 05:52 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/28/2007 05:52 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 06:38 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 08:49 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 04:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 10:51 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\AnyDVD\AnyDVDtray.exe" [05/28/2008 07:10 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"\\ALLYS\EPSON Stylus Photo R260 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [05/19/2006 04:00 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 04:35 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

C:\Documents and Settings\Rich\Start Menu\Programs\Startup\
mIRC.lnk - C:\Program Files\mIRC\mirc.exe [11/1/2007 3:57:24 PM]
Tardis.lnk - C:\Program Files\Tardis2000\Tardis.exe [12/21/2007 11:46:35 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{487C9905-26A8-42C8-8033-C58AD3D2AEC3}"= C:\WINDOWS\system32\rqRKEWPf.dll [06/02/2008 08:24 AM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRKEWPf]
rqRKEWPf.dll 06/02/2008 08:24 AM 57344 C:\WINDOWS\system32\rqRKEWPf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnnLFuu

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-06-06 07:16:25 ------------

[WTFman]

A semi-bump with more information. As it turns out that anything using explorer is slow. That obviously includes browsing for files, but also when launching a file from explorer (say an MP3) takes MUCH longer than being opened from the application for that filetype.

Any direction is welcome. Thank you again in advance.

[tetonbob]

Quote:

I clicked on an executable file and the second I did I knew it was a mistake.

And where did this executable file come from?

==============================

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

If you have any questions along the way, STOP and ask them before proceeding.

[WTFman]

Quote:

Originally Posted by tetonbob

And where did this executable file come from?

Downloaded from a questionable source. Was a dumb mistake especially considering my IT background. I'll blame the alcohol. ;)

Attached is the ComboFix log (log.txt) and a new HijackThis log (hijackthis.log.txt - attachment manager said that the filename without the .txt was invalid... dunno why).

Thanks for your help!


EDIT : At first glance, it appears that the explorer closing issue has either been resolved or greatly reduced (no issues since I ran ComboFix appx 20 minutes ago which is a vast improvement). I'll update with status when I get home from work, but so far... so good!

ComboFix 08-06-08.8 - Nighthawk 2008-06-09 8:11:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2888 [GMT -4:00]
Running from: C:\Download\Virus\ComboFix.exe
Command switches used :: C:\Download\Virus\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtqrsqq.dll
C:\WINDOWS\system32\BayGQqru.ini
C:\WINDOWS\system32\BayGQqru.ini2
C:\WINDOWS\system32\byXQGYrR.dll
C:\WINDOWS\system32\GgOVvyay.ini
C:\WINDOWS\system32\GgOVvyay.ini2
C:\WINDOWS\system32\GPXHOUvw.ini
C:\WINDOWS\system32\GPXHOUvw.ini2
C:\WINDOWS\system32\hgiOYJjl.ini
C:\WINDOWS\system32\hgiOYJjl.ini2
C:\WINDOWS\system32\iifFWOGV.dll
C:\WINDOWS\system32\jiRuvGgh.ini
C:\WINDOWS\system32\jiRuvGgh.ini2
C:\WINDOWS\system32\ljJDWNGY.dll
C:\WINDOWS\system32\ljJYOigh.dll
C:\WINDOWS\system32\NqYyJkkj.ini
C:\WINDOWS\system32\NqYyJkkj.ini2
C:\WINDOWS\system32\opAaIRqr.ini
C:\WINDOWS\system32\opAaIRqr.ini2
C:\WINDOWS\system32\qqsrqtwa.ini
C:\WINDOWS\system32\qqsrqtwa.ini2
C:\WINDOWS\system32\rqRIaApo.dll
C:\WINDOWS\system32\rqRKEWPf.dll
C:\WINDOWS\system32\RrYGQXyb.ini
C:\WINDOWS\system32\RrYGQXyb.ini2
C:\WINDOWS\system32\RsDeNXbc.ini
C:\WINDOWS\system32\RsDeNXbc.ini2
C:\WINDOWS\system32\stCfikkj.ini
C:\WINDOWS\system32\stCfikkj.ini2
C:\WINDOWS\system32\urqQGyaB.dll
C:\WINDOWS\system32\uuFLnnmp.ini
C:\WINDOWS\system32\uuFLnnmp.ini2
C:\WINDOWS\system32\VGOWFfii.ini
C:\WINDOWS\system32\VGOWFfii.ini2
C:\WINDOWS\system32\wvUOHXPG.dll
C:\WINDOWS\system32\xxbdfMoq.ini
C:\WINDOWS\system32\xxbdfMoq.ini2
C:\WINDOWS\system32\yayvVOgG.dll
C:\WINDOWS\system32\yayYQGAS.dll
C:\WINDOWS\system32\YGNWDJjl.ini
C:\WINDOWS\system32\YGNWDJjl.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-06 07:15 . 2008-06-06 07:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-06 07:14 . 2008-06-06 07:14 <DIR> d-------- C:\Deckard
2008-06-05 07:09 . 2008-06-05 07:15 <DIR> d-------- C:\Program Files\Panda Security
2008-06-03 05:57 . 2007-12-24 17:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-03 05:56 . 2008-06-04 07:05 <DIR> d-------- C:\Documents and Settings\Rich\Application Data\HouseCall 6.6
2008-06-02 20:14 . 2008-06-02 20:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-06-02 20:11 . 2008-06-02 20:11 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-02 20:09 . 2008-06-02 20:10 153 --a------ C:\WINDOWS\wininit.ini
2008-06-01 12:37 . 2008-06-01 12:37 <DIR> d-------- C:\Documents and Settings\Rich\Application Data\Move Networks
2008-05-31 12:35 . 2008-05-31 12:36 <DIR> d-------- C:\Documents and Settings\Rich\Application Data\ACD Systems
2008-05-31 12:34 . 2008-05-31 12:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 12:34 . 2008-05-31 12:34 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-05-31 12:34 . 2008-05-31 12:34 <DIR> d-------- C:\Program Files\ACD Systems
2008-05-31 12:34 . 2008-05-31 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-28 06:45 . 2008-05-28 06:45 99,264 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-05-27 21:23 . 2008-05-27 21:23 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-21 19:10 . 2008-05-21 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-21 18:03 . 2008-06-04 08:34 <DIR> d-------- C:\Age of Conan
2008-05-21 17:18 . 2008-05-31 00:36 <DIR> d-------- C:\Pictures
2008-05-10 10:20 . 2008-05-10 10:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-10 10:20 . 2008-05-10 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 05:13 . 2008-05-10 05:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Funcom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 12:13 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-09 12:00 --------- d-----w C:\Program Files\mIRC
2008-06-01 21:18 --------- d-----w C:\Documents and Settings\Rich\Application Data\uTorrent
2008-06-01 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-31 16:35 --------- d-----w C:\Program Files\Thumbs6
2008-05-31 13:08 --------- d-----w C:\Program Files\Safari
2008-05-30 11:46 --------- d-----w C:\Program Files\AnyDVD
2008-05-26 01:57 --------- d-----w C:\Program Files\Trillian
2008-05-19 11:31 --------- d-----w C:\Program Files\uTorrent
2008-05-15 00:45 --------- d-----w C:\Documents and Settings\Rich\Application Data\Apple Computer
2008-05-08 01:38 --------- d-----w C:\Program Files\Ad-Aware 2007
2008-05-07 11:46 --------- d-----w C:\Program Files\EPSON Print CD
2008-05-06 00:13 --------- d-----w C:\Program Files\coverXP
2008-05-05 23:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 23:26 --------- d-----w C:\Program Files\EPSON
2008-05-05 11:36 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-05-05 11:36 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-05-04 02:17 17,144 ----a-w C:\Documents and Settings\Rich\Application Data\GDIPFONTCACHEV1.DAT
2008-05-04 02:05 --------- d-----w C:\Program Files\VobBlanker
2008-04-16 14:50 --------- d-----w C:\Program Files\QuickTime
2008-04-16 14:50 --------- d-----w C:\Program Files\iTunes
2008-04-16 14:50 --------- d-----w C:\Program Files\iPod
2008-04-16 14:41 --------- d-----w C:\Program Files\Apple Software Update
.

------- Sigcheck -------

2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-04-20 07:38 340480 b8158e2a6112c0a5ca67bc158fc70218 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2003-03-31 08:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-05-05 07:36 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-05-05 07:36 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D8390EDF-2603-4BDD-A9EB-328A4C7AA1BA}]
C:\WINDOWS\system32\jkkJyYqN.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\AnyDVD\AnyDVDtray.exe" [2008-05-28 07:10 2120640]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"\\ALLYS\EPSON Stylus Photo R260 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [2006-05-19 04:00 139264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 05:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 08:44 36864]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [2006-10-30 08:44 1953792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 17:52 8531968]
"nwiz"="nwiz.exe" [2007-10-28 17:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-28 17:52 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 18:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 20:49 125632]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\Rich\Start Menu\Programs\Startup\
mIRC.lnk - C:\Program Files\mIRC\mirc.exe [2007-11-01 15:57:24 2076672]
Tardis.lnk - C:\Program Files\Tardis2000\Tardis.exe [2007-12-21 23:46:35 291328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Tardis2000\\Tardis.exe"=
"C:\\Games\\UO\\client.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\World Of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enUS-downloader.exe"=
"C:\\World Of Warcraft\\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS\system32\DRIVERS\CSVirtA.sys [2008-01-02 10:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 08:15:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\ALLYS\\EPSON Stylus Photo R260 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBNA.EXE /FU \"C:\\DOCUME~1\\Rich\\LOCALS~1\\Temp\\E_S122.tmp\" /EF \"HKCU\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Cisco Systems\SSL VPN Client\Agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-06-09 8:20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 12:20:41

Pre-Run: 39,302,840,320 bytes free
Post-Run: 39,290,425,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

219 --- E O F --- 2008-05-28 01:21:09



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:49 AM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mnm.manheim.com/webvpn.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {D8390EDF-2603-4BDD-A9EB-328A4C7AA1BA} - C:\WINDOWS\system32\jkkJyYqN.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\ALLYS\EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\DOCUME~1\Rich\LOCALS~1\Temp\E_S122.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
O4 - Startup: Tardis.lnk = C:\Program Files\Tardis2000\Tardis.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197915538656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A75C0A01-6285-4004-BCC9-BCEE1F391774}: NameServer = 205.152.0.20,207.69.188.185
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8520 bytes

[tetonbob]

Please do not attach the logs unless it's requested. Most are easier to review when posted.

Thanks.

Looks like a pretty clean sweep. Still some more work to do.

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked

O2 - BHO: (no name) - {D8390EDF-2603-4BDD-A9EB-328A4C7AA1BA} - C:\WINDOWS\system32\jkkJyYqN.dll (file missing)


Close HijackThis now.

---------------------------------------------------------------------------------------------


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

How is the machine behaving?

[WTFman]

The system seems to be back to its old self. After plenty of gaming and general computer use, explorer is as stable as ever. I really cannot say thanks enough.

Per your request here are the two logs posted and not attached (the latter appears to have found some issues). :

Deckard's System Scanner v20071014.68
Run by Nighthawk on 2008-06-09 20:53:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nighthawk.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:33 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rich\Local Settings\Temp\jkos-Nighthawk\binaries\ScanningProcess.exe
C:\Documents and Settings\Rich\Local Settings\Temp\jkos-Nighthawk\binaries\ScanningProcess.exe
C:\Program Files\Cisco Systems\SSL VPN Client\GUI.exe
C:\Program Files\DameWare Development\DameWare NT Utilities\DWRCC.exe
C:\Download\Virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nighthawk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mnm.manheim.com/webvpn.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [\\ALLYS\EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.EXE /FU "C:\DOCUME~1\Rich\LOCALS~1\Temp\E_S122.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
O4 - Startup: Tardis.lnk = C:\Program Files\Tardis2000\Tardis.exe
O4 - Global Startup: VME 1.2.lnk = C:\Program Files\VME 1.2\VME Manager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197915538656
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D88669A-E51C-4270-B64D-5386F6210399}: Domain = man.cox.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D88669A-E51C-4270-B64D-5386F6210399}: NameServer = 10.100.10.16,10.100.11.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{A75C0A01-6285-4004-BCC9-BCEE1F391774}: NameServer = 205.152.0.20,207.69.188.185
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = man.cox.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D88669A-E51C-4270-B64D-5386F6210399}: Domain = man.cox.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D88669A-E51C-4270-B64D-5386F6210399}: NameServer = 10.100.10.16,10.100.11.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = man.cox.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9588 bytes

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

2008-06-09 19:08:14 0 d-------- C:\Program Files\VME 1.2
2008-06-09 18:09:14 0 d-------- C:\Program Files\Common Files\Java
2008-06-09 08:11:46 0 d-------- C:\cmdcons
2008-06-09 08:10:38 68096 --a------ C:\WINDOWS\zip.exe
2008-06-09 08:10:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-09 08:10:37 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-09 08:10:37 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-09 08:10:37 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-09 08:10:37 98816 --a------ C:\WINDOWS\sed.exe
2008-06-09 08:10:37 80412 --a------ C:\WINDOWS\grep.exe
2008-06-09 08:10:37 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-08 07:29:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-06 07:15:58 0 d-------- C:\Program Files\Trend Micro
2008-06-05 07:09:15 0 d-------- C:\Program Files\Panda Security
2008-06-03 05:56:17 0 d-------- C:\Documents and Settings\Rich\Application Data\HouseCall 6.6
2008-06-02 20:14:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-06-02 20:13:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-02 20:11:44 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-02 20:11:44 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-02 20:11:44 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-02 20:11:44 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-02 20:11:44 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-02 20:11:44 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-02 20:11:44 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-02 20:11:44 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-02 20:11:44 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-02 20:11:44 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-02 20:11:43 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-01 12:37:09 0 d-------- C:\Documents and Settings\Rich\Application Data\Move Networks
2008-05-31 12:35:55 0 d-------- C:\Documents and Settings\Rich\Application Data\ACD Systems
2008-05-31 12:34:32 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-05-31 12:34:32 0 d-------- C:\Program Files\ACD Systems
2008-05-31 12:34:32 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-05-31 12:34:13 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-27 21:23:51 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 19:10:01 0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-21 18:03:05 0 d-------- C:\Age of Conan
2008-05-21 17:18:05 0 d-------- C:\Pictures
2008-05-10 10:20:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 05:13:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom


-- Find3M Report ---------------------------------------------------------------

2008-06-09 20:17:22 0 d-------- C:\Program Files\mIRC
2008-06-09 19:11:52 0 d-------- C:\Program Files\DivX
2008-06-09 18:09:34 0 d-------- C:\Program Files\Java
2008-06-09 18:09:14 0 d-------- C:\Program Files\Common Files
2008-06-09 18:08:24 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-01 17:18:34 0 d-------- C:\Documents and Settings\Rich\Application Data\uTorrent
2008-05-31 12:35:36 0 d-------- C:\Program Files\Thumbs6
2008-05-31 09:08:04 0 d-------- C:\Program Files\Safari
2008-05-30 07:46:12 0 d-------- C:\Program Files\AnyDVD
2008-05-25 21:57:20 0 d-------- C:\Program Files\Trillian
2008-05-19 07:31:26 0 d-------- C:\Program Files\uTorrent
2008-05-14 20:45:16 0 d-------- C:\Documents and Settings\Rich\Application Data\Apple Computer
2008-05-07 21:38:12 0 d-------- C:\Program Files\Ad-Aware 2007
2008-05-07 07:46:52 0 d-------- C:\Program Files\EPSON Print CD
2008-05-05 20:13:31 0 d-------- C:\Program Files\coverXP
2008-05-05 19:26:18 0 d-------- C:\Program Files\EPSON
2008-05-05 19:26:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-03 22:17:53 17144 --a------ C:\Documents and Settings\Rich\Application Data\GDIPFONTCACHEV1.DAT
2008-05-03 22:05:11 0 d-------- C:\Program Files\VobBlanker
2008-04-16 10:50:57 0 d-------- C:\Program Files\iTunes
2008-04-16 10:50:50 0 d-------- C:\Program Files\iPod
2008-04-16 10:50:01 0 d-------- C:\Program Files\QuickTime
2008-04-16 10:41:15 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/14/2006 05:21 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 06:04 AM C:\WINDOWS\SkyTel.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 08:44 AM]
"JMB36X Configure"="C:\WINDOWS\System32\JMRaidSetup.exe" [10/30/2006 08:44 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/28/2007 05:52 PM]
"nwiz"="nwiz.exe" [10/28/2007 05:52 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/28/2007 05:52 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 06:38 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 08:49 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 04:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [09/20/2007 10:51 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\AnyDVD\AnyDVDtray.exe" [05/28/2008 07:10 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"\\ALLYS\EPSON Stylus Photo R260 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNA.exe" [05/19/2006 04:00 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 04:35 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

C:\Documents and Settings\Rich\Start Menu\Programs\Startup\
mIRC.lnk - C:\Program Files\mIRC\mirc.exe [11/1/2007 3:57:24 PM]
Tardis.lnk - C:\Program Files\Tardis2000\Tardis.exe [12/21/2007 11:46:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VME 1.2.lnk - C:\Program Files\VME 1.2\VME Manager.exe [8/27/2007 2:30:16 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-09 20:53:50 ------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 09, 2008 19:26:50
Records in database: 844518
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 70976
Threat name: 7
Infected objects: 23
Suspicious objects: 0
Duration of the scan: 00:47:57


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe/C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Backup\vnc-4_1_2-x86_win32-server.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
C:\Deckard\System Scanner\backup\DOCUME~1\Rich\LOCALS~1\Temp\ACDSee 8.0.39.rar Infected: Trojan-Downloader.Win32.Injecter.tz 1
C:\Deckard\System Scanner\backup\DOCUME~1\Rich\LOCALS~1\Temp\ACDSee 8.0.39.rar Infected: Trojan-Dropper.Win32.Small.bob 1
C:\Deckard\System Scanner\backup\DOCUME~1\Rich\LOCALS~1\Temp\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00840000\48CEF136.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00840001\48CEF160.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00840002\48CEF168.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00840003\48CEF182.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08840000\48CEE269.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09BC0000\49FF1484.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09BC0001\49FF177F.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09BC0002\49FF258F.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09BC0003\49FF393F.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\QooBox\Quarantine\C\WINDOWS\system32\awtqrsqq.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\iifFWOGV.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRKEWPf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wwr 1
C:\QooBox\Quarantine\C\WINDOWS\system32\urqQGyaB.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUOHXPG.dll.vir Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.

----------------------------------------------------------------

Any ideas why my Symantec AntiVirus Corporate fully updated doesn't catch this stuff?

[tetonbob]

mIRC and the VNC are items which get flagged based on potential. If you've intentionally installed these apps, you can ignore those finds.

If you don't use VNC, delete this file:

C:\Backup\vnc-4_1_2-x86_win32-server.exe

Symantec usually deletes it's quarantine items on a schedule. The items are safe there, as they've been renamed and neutralized, but you may choose to finally remove the contents of Symantec Quarantine from within the application.

As to why it did not take care of everything....malware is updated constantly. Some AVs update once a week, or once a day. It's a constant battle of adding new definitions. Some AVs do a better job against Vundo than others. Avira seems to target it quite well.

The other items found by Kaspersky are in quarantine or backup locations. We will address those by uninstalling ComboFix as instructed below.

=====================

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• FIREWALL
  Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here
  
  Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[WTFman]

Sounds good. I really appreciate your help. Thanks for your patience and assistance. Feel free to close the thread as I've (obviously) marked it for future reference.

Have a great night.

[tetonbob]

You're welcome for the help.

Take care, and surf safely! The internet is a jungle.



Since this issue is resolved, this topic will be archived.