Horrible infection.

[eddmead]

I have a machine that is infected horribly with somthing locks up can barely navigate anything...any help would be greatly appreciated. here are my log reports.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-31 19:46:49
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT F3DE79A8 ZwClose
SSDT F3DE77E4 ZwCreateKey
SSDT F3DE7900 ZwDeleteKey
SSDT F3DE7928 ZwDeleteValueKey
SSDT F3DE79A2 ZwLoadKey
SSDT F3DE7687 ZwOpenKey
SSDT F3DE7886 ZwQueryValueKey
SSDT F3DE7952 ZwReplaceKey
SSDT F3DE797A ZwRestoreKey
SSDT F3DE7834 ZwSetValueKey

Code E1D2D430 ZwEnumerateKey
Code E1D2A0A0 ZwFlushInstructionCache
Code E1D20C7E ZwSaveKey
Code E1D1C6CE ZwSaveKeyEx
Code F3ED3E95 pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP E1D2A0A4
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB52 5 Bytes JMP E1D2D434
PAGE ntkrnlpa.exe!ZwSaveKey 8061BDC6 5 Bytes JMP E1D20C82
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061BEAC 5 Bytes JMP E1D1C6D2
? C:\WINDOWS\System32\drivers\fipss.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1024] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2472] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00EE000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3460] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F0000A
.text C:\WINDOWS\explorer.exe[3580] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D7000A
.text C:\WINDOWS\explorer.exe[3580] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D6000A
.text C:\WINDOWS\explorer.exe[3580] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D8000A

---- Devices - GMER 1.0.14 ----

Device \Driver\fipss \Device\fipss F3DE558A
Device \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort2 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort3 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort5 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-16 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\TDSSxeuu.sys (*** hidden *** ) F3ED2000-F3EE4000 (73728 bytes)

---- Threads - GMER 1.0.14 ----

Thread 4:412 F3ED4E03

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\TDSSxeuu.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@TDSSserv \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@TDSSl \systemroot\system32\TDSSktkl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdsslog \systemroot\system32\TDSSrojf.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssadw \systemroot\system32\TDSSocun.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssinit \systemroot\system32\TDSSqein.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv\modules@tdssserf \systemroot\system32\TDSSehys.dll
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSxeuu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSxeuu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@TDSSserv \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@TDSSl \systemroot\system32\TDSSktkl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdsslog \systemroot\system32\TDSSrojf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssadw \systemroot\system32\TDSSocun.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssinit \systemroot\system32\TDSSqein.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv\modules@tdssserf \systemroot\system32\TDSSehys.dll
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@TDSSserv \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@TDSSl \systemroot\system32\TDSSktkl.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdsslog \systemroot\system32\TDSSrojf.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssadw \systemroot\system32\TDSSocun.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssinit \systemroot\system32\TDSSqein.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv\modules@tdssserf \systemroot\system32\TDSSehys.dll
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Minimal\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Network\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet004\Control\SafeBoot\Network\TDSSxeuu.sys@ driver
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@TDSSserv \systemroot\system32\drivers\TDSSxeuu.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@TDSSl \systemroot\system32\TDSSktkl.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssservers \systemroot\system32\TDSSwupe.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssmain \systemroot\system32\TDSSirxy.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdsslog \systemroot\system32\TDSSrojf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssadw \systemroot\system32\TDSSocun.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssinit \systemroot\system32\TDSSqein.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv\modules@tdssserf \systemroot\system32\TDSSehys.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 42
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid v300
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x09 0x19 0x1F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1

---- EOF - GMER 1.0.14 ----






Logfile of random's system information tool 1.04 (written by random/random)
Run by Shirly at 2008-10-31 19:47:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 130 GB (90%) free of 144 GB
Total RAM: 446 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47: VIRUS ALERT!, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\All Users\Application Data\pozgnihc\binwvqne.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\pcntttdl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\windows\system32\rkwnw64l.exe
C:\Program Files\GetPack\GetPack23.exe
C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe
C:\Documents and Settings\Shirly\Application Data\Gool\Gool.exe
C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Shirly\Application Data\Microsoft\Windows\pedarox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Shirly\Application Data\U3\00001873CB606297\LaunchPad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
G:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Shirly.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: (no name) - {1B47BD85-903E-4CE8-946B-A99723CA878B} - C:\WINDOWS\system32\rqRHbXNg.dll
O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - C:\Program Files\PC-Antispy\ASpyStBlk.dll
O2 - BHO: (no name) - {758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\wvUkJdCU.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QXK Olive - {81FF9400-31B5-4786-9EA9-DD8425658399} - C:\WINDOWS\grfxbanonlm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d812ee1f-0f33-79da-a904-da7df8533129} - {9213358f-d7ad-409a-ad97-33f0f1ee218d} - C:\WINDOWS\system32\rqbwxq.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [{85-5E-EA-A3-DW}] C:\windows\system32\rkwnw64l.exe DWrvg
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [admdsc] C:\WINDOWS\system32\kfapyjil.exe
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [GetPack23] "C:\Program Files\GetPack\GetPack23.exe"
O4 - HKCU\..\Run: [Facegame] "C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [Gool] "C:\Documents and Settings\Shirly\Application Data\Gool\Gool.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Shirly\Application Data\Microsoft\Windows\pedarox.exe
O4 - HKLM\..\Policies\Explorer\Run: [D5P1Ak1SB2] C:\Documents and Settings\All Users\Application Data\pozgnihc\binwvqne.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\pcntttdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rkwnw64l.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1219351107312
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.co...p/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ,avgrsstx.dll rqbwxq.dll
O20 - Winlogon Notify: wvUkJdCU - C:\WINDOWS\SYSTEM32\wvUkJdCU.dll
O21 - SSODL: qrbgltos - {74747695-FC62-4400-BF3A-2B893CADC3BC} - C:\WINDOWS\qrbgltos.dll
O21 - SSODL: ngwstxfd - {0BD404B3-7DCF-425C-B2F9-226D99A09DCE} - C:\WINDOWS\ngwstxfd.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2hpcmx5\command.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10118 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
BHO Class - C:\Program Files\Webtools\webtools.dll [2008-10-30 90624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B47BD85-903E-4CE8-946B-A99723CA878B}]
C:\WINDOWS\system32\rqRHbXNg.dll [2008-10-20 322432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60B244BE-559D-4269-B96E-CD264D828EC9}]
PC-Antispy Site Blocker Button - C:\Program Files\PC-Antispy\ASpyStBlk.dll [2008-10-20 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{758F6D53-DCC7-4CCF-9080-4B6F9389F641}]
C:\WINDOWS\system32\wvUkJdCU.dll [2008-10-20 34176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81FF9400-31B5-4786-9EA9-DD8425658399}]
QXK Olive - C:\WINDOWS\grfxbanonlm.dll [2008-10-19 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9213358f-d7ad-409a-ad97-33f0f1ee218d}]
C:\WINDOWS\system32\rqbwxq.dll [2008-10-29 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-21 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-10-16 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}]
Mjcore Class - C:\Program Files\Mjcore\Mjcore.dll [2008-10-30 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-10-16 2403392]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-21 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-05-09 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-21 1235736]
"{85-5E-EA-A3-DW}"=C:\windows\system32\rkwnw64l.exe [2008-10-26 262182]
"Host Process"=C:\WINDOWS\Fonts\svchost.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"D5P1Ak1SB2"=C:\Documents and Settings\All Users\Application Data\pozgnihc\binwvqne.exe [2008-10-20 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2006-12-11 503296]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"admdsc"=C:\WINDOWS\system32\kfapyjil.exe []
"VnrPack20"=C:\Program Files\VnrPack\VnrPack20.exe []
"GetPack23"=C:\Program Files\GetPack\GetPack23.exe [2008-10-21 350720]
"Facegame"=C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe [2008-10-26 56832]
"Gool"=C:\Documents and Settings\Shirly\Application Data\Gool\Gool.exe [2008-10-30 61440]
"SpeedRunner"=C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe [2008-10-30 218112]
"SfKg6wIP"=C:\Documents and Settings\Shirly\Application Data\Microsoft\Windows\pedarox.exe [2008-10-30 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Shirly\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\system32\pcntttdl.exe
DW_Start.lnk - C:\WINDOWS\system32\rkwnw64l.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=",avgrsstx.dll rqbwxq.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUkJdCU]
C:\WINDOWS\system32\wvUkJdCU.dll [2008-10-20 34176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
qrbgltos - {74747695-FC62-4400-BF3A-2B893CADC3BC} - C:\WINDOWS\qrbgltos.dll [2008-10-19 323584]
ngwstxfd - {0BD404B3-7DCF-425C-B2F9-226D99A09DCE} - C:\WINDOWS\ngwstxfd.dll [2008-10-19 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{758F6D53-DCC7-4CCF-9080-4B6F9389F641}"=C:\WINDOWS\system32\wvUkJdCU.dll [2008-10-20 34176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\rqRHbXNg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1
"NoDispCPL"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoToolbarCustomize"=1
"StartMenuLogoff"=1
"NoStartMenuMorePrograms"=1
"NoSetFolders"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-10-31 19:47:02 ----D---- C:\rsit
2008-10-31 19:42:58 ----A---- C:\WINDOWS\gmer.ini
2008-10-31 19:42:54 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-10-31 19:42:54 ----A---- C:\WINDOWS\gmer.exe
2008-10-31 19:42:54 ----A---- C:\WINDOWS\gmer.dll
2008-10-30 17:36:49 ----D---- C:\Program Files\iCheck
2008-10-30 17:36:49 ----D---- C:\Program Files\GetPack
2008-10-30 17:31:52 ----D---- C:\Documents and Settings\Shirly\Application Data\SpeedRunner
2008-10-30 17:26:50 ----D---- C:\Documents and Settings\Shirly\Application Data\Gool
2008-10-30 17:21:49 ----D---- C:\Program Files\Webtools
2008-10-30 17:19:29 ----D---- C:\Program Files\Trend Micro
2008-10-30 17:16:50 ----D---- C:\Program Files\Mjcore
2008-10-29 19:44:03 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-29 19:10:06 ----A---- C:\WINDOWS\system32\rqbwxq.dll
2008-10-29 19:10:06 ----A---- C:\WINDOWS\system32\kadeqihh.dll
2008-10-29 19:08:47 ----D---- C:\Program Files\CleanUp!
2008-10-29 19:04:41 ----SH---- C:\WINDOWS\system32\ohwjmdsi.ini
2008-10-29 19:04:40 ----A---- C:\WINDOWS\system32\isdmjwho.dll
2008-10-26 20:26:23 ----SH---- C:\WINDOWS\system32\ypkdooaw.ini
2008-10-26 20:24:58 ----A---- C:\WINDOWS\system32\pcntttdl.exe
2008-10-26 20:24:53 ----A---- C:\WINDOWS\system32\gside.exe
2008-10-26 19:54:09 ----A---- C:\WINDOWS\system32\rkwnw64l.exe
2008-10-26 19:23:14 ----A---- C:\WINDOWS\system32\vbzip10.dll
2008-10-26 19:21:08 ----A---- C:\WINDOWS\system32\atmtd.dll._
2008-10-26 19:21:08 ----A---- C:\WINDOWS\system32\atmtd.dll
2008-10-26 19:20:58 ----D---- C:\Documents and Settings\Shirly\Application Data\Facegame
2008-10-26 19:20:48 ----SHD---- C:\WINDOWS\U2hpcmx5
2008-10-26 19:20:48 ----D---- C:\Program Files\Network Monitor
2008-10-26 19:20:48 ----A---- C:\WINDOWS\uninstall_nmon.vbs
2008-10-26 19:20:27 ----D---- C:\WINDOWS\system32\wi
2008-10-26 19:20:27 ----D---- C:\WINDOWS\system32\PX
2008-10-26 19:20:27 ----D---- C:\WINDOWS\system32\m3v
2008-10-26 19:20:27 ----D---- C:\WINDOWS\system32\fs3
2008-10-26 19:20:27 ----D---- C:\WINDOWS\system32\ec2
2008-10-26 19:20:05 ----A---- C:\WINDOWS\ndxq3074.exe
2008-10-26 19:20:02 ----A---- C:\WINDOWS\j414.exe
2008-10-26 19:20:00 ----D---- C:\WINDOWS\system32\EV02
2008-10-26 19:19:59 ----A---- C:\WINDOWS\lik02.exe
2008-10-26 19:19:57 ----A---- C:\WINDOWS\cor704836.exe
2008-10-26 19:19:56 ----A---- C:\WINDOWS\tj85.exe
2008-10-26 19:19:55 ----A---- C:\WINDOWS\eo4.exe
2008-10-26 19:19:53 ----A---- C:\WINDOWS\ee3362.exe
2008-10-26 19:19:47 ----A---- C:\WINDOWS\h288.exe
2008-10-26 19:19:46 ----A---- C:\WINDOWS\mondrv411.exe
2008-10-26 19:19:25 ----A---- C:\WINDOWS\system32\oPICTJAr.dll
2008-10-26 19:19:25 ----A---- C:\WINDOWS\system32\iIBUlKAp.dll
2008-10-26 19:19:24 ----A---- C:\WINDOWS\system32\g79.exe
2008-10-26 19:19:21 ----A---- C:\WINDOWS\system32\dwwnw64r.exe
2008-10-26 19:19:19 ----A---- C:\WINDOWS\nc605007.exe
2008-10-26 19:19:15 ----A---- C:\WINDOWS\qggu58826.exe
2008-10-26 19:19:13 ----A---- C:\WINDOWS\tjyvb346054.exe
2008-10-26 19:19:04 ----A---- C:\WINDOWS\nohh06760.exe
2008-10-26 19:18:29 ----A---- C:\WINDOWS\system32\imvkir.dll
2008-10-26 19:18:26 ----A---- C:\WINDOWS\system32\tllxdcdr.dll
2008-10-22 23:27:06 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2008-10-22 23:27:06 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2008-10-22 23:27:06 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2008-10-22 23:27:05 ----A---- C:\WINDOWS\system32\unrar3.dll
2008-10-22 23:27:05 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-10-22 23:27:03 ----D---- C:\Documents and Settings\Shirly\Application Data\Simply Super Software
2008-10-22 23:27:03 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-10-22 16:59:18 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-10-21 19:18:06 ----HD---- C:\$AVG8.VAULT$
2008-10-21 18:15:55 ----SH---- C:\WINDOWS\system32\dwylalxk.ini
2008-10-21 18:15:51 ----A---- C:\WINDOWS\system32\qqxxzc.dll
2008-10-21 18:15:49 ----A---- C:\WINDOWS\system32\fecmcmrp.dll
2008-10-21 17:14:19 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-21 17:14:06 ----D---- C:\Documents and Settings\Shirly\Application Data\AVGTOOLBAR
2008-10-21 17:13:53 ----D---- C:\Program Files\AVG
2008-10-21 17:13:52 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-21 16:22:06 ----SH---- C:\WINDOWS\system32\ybmpxvyi.ini
2008-10-21 16:20:07 ----A---- C:\WINDOWS\system32\aomkpr.dll
2008-10-21 16:20:06 ----A---- C:\WINDOWS\system32\xlfgptge.dll
2008-10-20 17:51:28 ----D---- C:\Program Files\PC-Antispy
2008-10-20 15:19:49 ----SH---- C:\WINDOWS\system32\emkrsdbk.ini
2008-10-20 15:19:44 ----A---- C:\WINDOWS\system32\htaxgo.dll
2008-10-20 15:19:42 ----A---- C:\WINDOWS\system32\wmldcaub.dll
2008-10-20 15:19:14 ----A---- C:\WINDOWS\system32\430b9a72-.txt
2008-10-20 15:18:49 ----ASH---- C:\WINDOWS\system32\gNXbHRqr.ini2
2008-10-20 15:18:49 ----ASH---- C:\WINDOWS\system32\gNXbHRqr.ini
2008-10-20 15:18:38 ----A---- C:\WINDOWS\system32\rqRHbXNg.dll
2008-10-20 01:41:44 ----A---- C:\WINDOWS\system32\ssqrSLFW.dll
2008-10-20 01:41:44 ----A---- C:\WINDOWS\system32\rqRHbbyV.dll
2008-10-20 01:39:14 ----A---- C:\WINDOWS\system32\nnnmlMDw.dll
2008-10-20 01:39:13 ----A---- C:\WINDOWS\system32\iifdCvwu.dll
2008-10-20 01:38:31 ----A---- C:\WINDOWS\system32\tuvTmNfG.dll
2008-10-20 01:38:30 ----A---- C:\WINDOWS\system32\pmnmmJcd.dll
2008-10-20 01:38:17 ----D---- C:\Documents and Settings\All Users\Application Data\pozgnihc
2008-10-20 01:37:45 ----A---- C:\WINDOWS\system32\wvUkJdCU.dll
2008-10-20 01:37:45 ----A---- C:\WINDOWS\system32\ddcDvwvs.dll
2008-10-20 01:37:10 ----D---- C:\Documents and Settings\Shirly\Application Data\TmpRecentIcons
2008-10-20 01:37:01 ----A---- C:\WINDOWS\rosqxvmn.dll
2008-10-20 01:37:01 ----A---- C:\WINDOWS\qrbgltos.dll
2008-10-20 01:37:01 ----A---- C:\WINDOWS\ngwstxfd.dll
2008-10-20 01:37:01 ----A---- C:\WINDOWS\grfxbanonlm.dll
2008-10-20 01:37:01 ----A---- C:\WINDOWS\epgb.exe
2008-10-20 01:37:00 ----A---- C:\WINDOWS\lomxeqsn.exe
2008-10-18 1436 ----D---- C:\Program Files\Fun Web Products
2008-10-18 12:30:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-18 12:30:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 12:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-18 12:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-18 12:29:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-18 12:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-18 12:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-17 16:41:40 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-10-17 16:41:39 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-10-17 15:08:18 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-10-17 15:05:51 ----D---- C:\WINDOWS\PixArt
2008-10-17 15:05:50 ----D---- C:\Program Files\Micro Innovations
2008-10-17 15:05:50 ----D---- C:\Program Files\Common Files\PCCamera
2008-10-17 15:03:00 ----A---- C:\WINDOWS\EZMediaBox2.ini
2008-10-17 15:02:40 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-17 15:02:40 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-17 15:02:40 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-17 15:02:26 ----D---- C:\Program Files\BestOn
2008-10-16 21:52:59 ----D---- C:\Program Files\MySpace
2008-10-16 20:50:15 ----D---- C:\Program Files\Windows Live Favorites
2008-10-16 20:49:37 ----D---- C:\Program Files\Real
2008-10-16 20:49:18 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-16 20:47:52 ----D---- C:\Program Files\Windows Live Toolbar
2008-10-16 20:47:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-16 20:47:06 ----D---- C:\Program Files\MSN Messenger
2008-10-16 20:01:57 ----D---- C:\Documents and Settings\Shirly\Application Data\Google
2008-10-16 19:04:54 ----D---- C:\Documents and Settings\Shirly\Application Data\LimeWire
2008-10-16 19:01:32 ----D---- C:\WINDOWS\Sun
2008-10-16 19:01:32 ----D---- C:\Documents and Settings\Shirly\Application Data\Sun
2008-10-16 19:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-16 19:01:15 ----D---- C:\Program Files\Google
2008-10-16 19:00:37 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-16 19:00:37 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-16 19:00:37 ----A---- C:\WINDOWS\system32\java.exe
2008-10-16 19:00:03 ----D---- C:\Program Files\Java
2008-10-16 18:57:21 ----D---- C:\Program Files\Common Files\Java
2008-10-16 18:08:23 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-10-16 18:08:23 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-10-16 18:08:23 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-10-16 18:08:23 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-10-16 18:08:20 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-10-16 18:08:20 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-10-16 13:01:04 ----D---- C:\Program Files\MyWebSearch
2008-10-16 13:00:30 ----D---- C:\Program Files\FunWebProducts
2008-10-14 14:54:28 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-11 23:44:11 ----D---- C:\Program Files\Yahoo!
2008-10-11 22:26:08 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-11 21:57:18 ----D---- C:\Program Files\Common Files\Adobe
2008-10-11 21:57:14 ----A---- C:\WINDOWS\IsUninst.exe
2008-10-11 19:04:47 ----A---- C:\WINDOWS\ModemLog_Data Fax SoftModem with SmartCP.txt
2008-10-10 19:50:17 ----D---- C:\CloneDVDTemp
2008-10-10 15:41:51 ----D---- C:\Program Files\Elaborate Bytes
2008-10-10 15:41:31 ----D---- C:\Program Files\SlySoft
2008-10-10 15:40:32 ----D---- C:\Documents and Settings\Shirly\Application Data\U3

======List of files/folders modified in the last 1 months======

2008-10-31 19:42:58 ----D---- C:\WINDOWS
2008-10-31 19:42:56 ----D---- C:\WINDOWS\Temp
2008-10-31 19:42:54 ----D---- C:\WINDOWS\system32\drivers
2008-10-30 17:45:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-30 17:39:04 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-30 17:36:49 ----RD---- C:\Program Files
2008-10-30 04:49:37 ----D---- C:\WINDOWS\system32
2008-10-29 19:54:49 ----D---- C:\Documents and Settings
2008-10-29 19:23:56 ----D---- C:\temp
2008-10-29 19:03:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-26 19:58:59 ----RSD---- C:\WINDOWS\Fonts
2008-10-26 19:39:47 ----D---- C:\WINDOWS\Prefetch
2008-10-21 17:13:52 ----SHD---- C:\WINDOWS\Installer
2008-10-21 17:13:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-21 17:13:40 ----D---- C:\WINDOWS\WinSxS
2008-10-21 17:13:04 ----SD---- C:\Documents and Settings\Shirly\Application Data\Microsoft
2008-10-21 15:16:42 ----HD---- C:\WINDOWS\inf
2008-10-20 01:37:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-19 16:20:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-18 16:26:32 ----D---- C:\Program Files\Internet Explorer
2008-10-18 13:36:08 ----D---- C:\WINDOWS\network diagnostic
2008-10-18 12:30:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-18 12:30:28 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-18 12:30:26 ----A---- C:\WINDOWS\imsins.BAK
2008-10-18 12:29:48 ----D---- C:\WINDOWS\ie7updates
2008-10-17 20:28:32 ----A---- C:\WINDOWS\ODBC.INI
2008-10-17 15:05:56 ----A---- C:\WINDOWS\win.ini
2008-10-17 15:05:51 ----D---- C:\WINDOWS\twain_32
2008-10-17 15:05:50 ----D---- C:\Program Files\Common Files
2008-10-17 15:04:39 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-17 15:04:17 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-17 15:02:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-16 20:49:13 ----SD---- C:\WINDOWS\Tasks
2008-10-16 18:08:30 ----D---- C:\WINDOWS\Help
2008-10-15 15:21:34 ----D---- C:\Documents and Settings\Shirly\Application Data\Adobe
2008-10-11 23:50:57 ----D---- C:\Program Files\MSN
2008-10-11 22:26:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-11 22:26:03 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-11 19:05:05 ----A---- C:\WINDOWS\setuplog.txt
2008-10-11 1126 ----SHD---- C:\RECYCLER
2008-10-11 10:28:26 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 13:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-21 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-21 26824]
R1 fipss;fipss; C:\WINDOWS\System32\drivers\fipss.sys [2008-10-26 86144]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-21 76040]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-13 15440]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-12-10 29768]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2006-12-13 11984]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\E:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-31 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PAC207;Basic Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-05-27 162304]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-21 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-21 231704]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 cmdService;Command Service; C:\WINDOWS\U2hpcmx5\command.exe []
S2 Network Monitor;Network Monitor; C:\Program Files\Network Monitor\netmon.exe service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-16 138168]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

[sUBs]

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that,

[eddmead]

Thank you so much for the help!..Here is the log you requested.



ComboFix 08-11-01.05 - Shirly 2008-11-02 7:59:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.177 [GMT -5:00]

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\iertutil.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Shirly\Application Data\Facegame
C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe
C:\Documents and Settings\Shirly\Application Data\SpeedRunner
C:\Documents and Settings\Shirly\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\Shirly\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Shirly\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Shirly\Local Settings\Temporary Internet Files\fbk.sts
C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\DW_Start.lnk
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\006A4041.urr
C:\Program Files\GetPack
C:\Program Files\GetPack\GetPack23.exe
C:\Program Files\iCheck
C:\Program Files\iCheck\iCheck.exe
C:\Program Files\iCheck\Uninstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\network monitor
C:\temp\tn3
C:\WINDOWS\epgb.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\grfxbanonlm.dll
C:\WINDOWS\ngwstxfd.dll
C:\WINDOWS\qrbgltos.dll
C:\WINDOWS\rosqxvmn.dll
C:\WINDOWS\system32\aomkpr.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\ddcDvwvs.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\fipss.sys
C:\WINDOWS\system32\Drivers\TDSSxeuu.sys
C:\WINDOWS\system32\dwylalxk.ini
C:\WINDOWS\system32\emkrsdbk.ini
C:\WINDOWS\system32\fecmcmrp.dll
C:\WINDOWS\system32\gNXbHRqr.ini
C:\WINDOWS\system32\gNXbHRqr.ini2
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\htaxgo.dll
C:\WINDOWS\system32\iIBUlKAp.dll
C:\WINDOWS\system32\iifdCvwu.dll
C:\WINDOWS\system32\imvkir.dll
C:\WINDOWS\system32\isdmjwho.dll
C:\WINDOWS\system32\kadeqihh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nnnmlMDw.dll
C:\WINDOWS\system32\ohwjmdsi.ini
C:\WINDOWS\system32\oPICTJAr.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnmmJcd.dll
C:\WINDOWS\system32\qqxxzc.dll
C:\WINDOWS\system32\rqbwxq.dll
C:\WINDOWS\system32\rqRHbbyV.dll
C:\WINDOWS\system32\rqRHbXNg.dll
C:\WINDOWS\system32\ssqrSLFW.dll
C:\WINDOWS\system32\TDSSehys.dll
C:\WINDOWS\system32\TDSSirxy.dll
C:\WINDOWS\system32\TDSSktkl.dll
C:\WINDOWS\system32\TDSSocun.dll
C:\WINDOWS\system32\TDSSrojf.dll
C:\WINDOWS\system32\TDSSwupe.dat
C:\WINDOWS\system32\tllxdcdr.dll
C:\WINDOWS\system32\tuvTmNfG.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wmldcaub.dll
C:\WINDOWS\system32\wvUkJdCU.dll
C:\WINDOWS\system32\xlfgptge.dll
C:\WINDOWS\system32\ybmpxvyi.ini
C:\WINDOWS\system32\ypkdooaw.ini
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\U2hpcmx5\
C:\WINDOWS\U2hpcmx5\\oZ1DwAUc.vbs
C:\WINDOWS\uninstall_nmon.vbs
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv
-------\Legacy_TDSSserv
-------\Legacy_CMDSERVICE
-------\Legacy_FIPSS
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_fipss
-------\Service_Network Monitor


((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.

2008-11-02 08:12 . 2008-11-02 08:12 32 --a------ C:\WINDOWS\system32\msnav32.ax
2008-10-31 18:47 . 2008-10-31 18:47 <DIR> d-------- C:\rsit
2008-10-31 18:42 . 2008-10-31 18:42 250 --a------ C:\WINDOWS\gmer.ini
2008-10-30 16:26 . 2008-10-30 16:26 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\Gool
2008-10-30 16:21 . 2008-10-30 16:21 <DIR> d-------- C:\Program Files\Webtools
2008-10-30 16:19 . 2008-10-30 16:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-30 16:16 . 2008-10-30 16:16 <DIR> d-------- C:\Program Files\Mjcore
2008-10-29 18:54 . 2008-10-29 18:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-29 18:08 . 2008-10-29 18:08 <DIR> d-------- C:\Program Files\CleanUp!
2008-10-26 19:24 . 2008-10-26 19:25 548,924 --a------ C:\WINDOWS\system32\pcntttdl.exe
2008-10-26 18:54 . 2008-10-26 18:54 262,182 --a------ C:\WINDOWS\system32\rkwnw64l.exe
2008-10-26 18:23 . 2008-10-26 18:23 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\wi
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\PX
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\m3v
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\fs3
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\EV02
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\ec2
2008-10-26 18:20 . 2008-10-26 18:35 288,734 --a------ C:\WINDOWS\ndxq3074.exe
2008-10-26 18:20 . 2008-10-26 18:35 16,384 --a------ C:\WINDOWS\j414.exe
2008-10-22 22:27 . 2008-10-22 22:27 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\Simply Super Software
2008-10-22 22:27 . 2008-10-22 22:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2008-10-22 22:27 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-10-22 22:27 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-10-22 22:27 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-10-22 22:27 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-10-22 22:27 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-10-21 18:18 . 2008-10-31 18:21 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-21 16:14 . 2008-10-21 16:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-21 16:14 . 2008-10-22 21:22 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\AVGTOOLBAR
2008-10-21 16:14 . 2008-10-21 16:14 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-21 16:14 . 2008-10-21 16:14 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-21 16:14 . 2008-10-21 16:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-21 16:13 . 2008-10-21 16:13 <DIR> d-------- C:\Program Files\AVG
2008-10-21 16:13 . 2008-10-21 18:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
2008-10-20 17:25 . 2008-10-21 15:19 <DIR> d-------- C:\Documents and Settings\Shirly\Contacts
2008-10-20 16:54 . 2008-10-21 16:26 0 --ah----- C:\WINDOWS\.security
2008-10-20 16:54 . 2008-10-21 16:26 0 --ah----- C:\.security
2008-10-20 16:51 . 2008-10-21 16:29 <DIR> d-------- C:\Program Files\PC-Antispy
2008-10-20 00:38 . 2008-10-20 00:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\pozgnihc
2008-10-20 00:37 . 2008-10-19 02:01 102,400 --a------ C:\WINDOWS\lomxeqsn.exe
2008-10-20 00:37 . 2008-10-30 16:14 3,530 --a------ C:\WINDOWS\system32\TDSSqein.dll
2008-10-18 21:51 . 2008-10-18 21:51 268 --ah----- C:\sqmdata02.sqm
2008-10-18 21:51 . 2008-10-18 21:51 244 --ah----- C:\sqmnoopt02.sqm
2008-10-18 13:06 . 2008-10-18 13:06 <DIR> d-------- C:\Program Files\Fun Web Products
2008-10-17 19:02 . 2008-10-17 19:02 208 --ah----- C:\sqmdata01.sqm
2008-10-17 19:02 . 2008-10-17 19:02 172 --ah----- C:\sqmnoopt01.sqm
2008-10-17 17:17 . 2008-10-17 17:17 244 --ah----- C:\sqmnoopt00.sqm
2008-10-17 17:17 . 2008-10-17 17:17 232 --ah----- C:\sqmdata00.sqm
2008-10-17 15:41 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-10-17 15:41 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-17 15:41 . 2008-04-13 13:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-17 15:41 . 2001-08-17 21:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\WINDOWS\PixArt
2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\Program Files\Micro Innovations
2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2008-10-17 14:03 . 2008-10-19 20:37 12,548 --a------ C:\WINDOWS\EZMediaBox2.ini
2008-10-17 14:02 . 2008-10-17 14:02 <DIR> d-------- C:\Program Files\BestOn
2008-10-17 14:02 . 2008-07-18 21:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-17 14:02 . 2008-07-18 21:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-17 14:02 . 2008-07-18 21:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 20:52 . 2008-10-16 21:01 <DIR> d-------- C:\Program Files\MySpace
2008-10-16 19:50 . 2008-10-16 19:50 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-10-16 19:50 . 2008-10-16 19:50 <DIR> d-------- C:\Documents and Settings\zach\Contacts
2008-10-16 19:49 . 2008-10-16 19:49 <DIR> d-------- C:\Program Files\Real
2008-10-16 19:49 . 2008-10-16 19:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2008-10-16 19:47 . 2008-10-16 19:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-16 19:47 . 2008-10-16 19:50 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-10-16 19:47 . 2008-10-16 19:51 <DIR> d-------- C:\Program Files\MSN Messenger
2008-10-16 18:04 . 2008-10-26 18:59 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\LimeWire
2008-10-16 18:01 . 2008-10-16 18:01 <DIR> d-------- C:\WINDOWS\Sun
2008-10-16 18:01 . 2008-10-17 10:46 <DIR> d-------- C:\Program Files\Google
2008-10-16 18:00 . 2008-10-16 18:00 <DIR> d-------- C:\Program Files\Java
2008-10-16 18:00 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-16 17:57 . 2008-10-16 17:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-16 17:08 . 2001-08-17 21:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-10-16 17:08 . 2001-08-17 21:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-10-16 17:08 . 2001-08-17 21:36 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2008-10-16 17:08 . 2001-08-17 21:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-10-16 17:08 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2008-10-16 17:08 . 2008-04-13 19:09 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-10-16 17:08 . 2001-08-17 13:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2008-10-16 17:08 . 2001-08-17 13:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2008-10-16 16:43 . 2008-09-15 07:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 16:43 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 16:42 . 2008-08-14 05:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 16:42 . 2008-08-14 05:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 16:42 . 2008-08-14 04:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 16:42 . 2008-08-14 04:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 13:54 . 2008-10-14 13:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2008-10-11 22:44 . 2008-10-11 22:44 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-11 20:57 . 2008-10-15 14:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-11 20:57 . 1998-10-29 13:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-10-11 20:56 . 2005-04-01 10:43 66,048 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2008-10-11 09:28 . 2008-10-21 16:14 <DIR> d-------- C:\Documents and Settings\zach
2008-10-10 18:50 . 2008-10-10 18:50 <DIR> d-------- C:\CloneDVDTemp
2008-10-10 18:19 . 2001-08-17 12:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-10 18:19 . 2001-08-17 12:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-10 18:19 . 2008-04-13 13:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-10 18:19 . 2008-04-13 13:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-10-10 14:41 . 2008-10-10 14:41 <DIR> d-------- C:\Program Files\SlySoft
2008-10-10 14:41 . 2008-10-10 14:41 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-10-10 14:40 . 2008-10-31 18:41 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\U3
2008-10-10 14:40 . 2008-04-13 13:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 23:35 184,320 ----a-w C:\WINDOWS\h288.exe
2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\tj85.exe
2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\lik02.exe
2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\eo4.exe
2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\ee3362.exe
2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\cor704836.exe
2008-10-26 23:34 70,599 ----a-w C:\WINDOWS\tjyvb346054.exe
2008-10-26 23:34 262,153 ----a-w C:\WINDOWS\qggu58826.exe
2008-10-26 23:34 191,017 ----a-w C:\WINDOWS\nohh06760.exe
2008-10-26 23:34 1,724,416 ----a-w C:\WINDOWS\nc605007.exe
2008-10-26 23:19 262,172 ----a-w C:\WINDOWS\system32\dwwnw64r.exe
2008-10-26 23:19 153,434 ----a-w C:\WINDOWS\system32\g79.exe
2008-10-26 23:19 1,601,536 ----a-w C:\WINDOWS\mondrv411.exe
2008-10-17 19:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-17 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-12-11 503296]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Gool"="C:\Documents and Settings\Shirly\Application Data\Gool\Gool.exe" [2008-10-30 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-21 1235736]
"{85-5E-EA-A3-DW}"="c:\windows\system32\dwwnw64r.exe" [2008-10-26 262172]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 C:\WINDOWS\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"D5P1Ak1SB2"="C:\Documents and Settings\All Users\Application Data\pozgnihc\binwvqne.exe" [2008-10-20 57344]

C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe [2008-10-26 262172]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=,avgrsstx.dll rqbwxq.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-21 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-21 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-21 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-21 76040]
S3 PAC207;Basic Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-05-27 162304]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

BHO-{1D97D4A1-3FC0-4F0F-8B63-5338354BE375} - C:\WINDOWS\system32\rqRHbXNg.dll
BHO-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\wvUkJdCU.dll
BHO-{9213358f-d7ad-409a-ad97-33f0f1ee218d} - C:\WINDOWS\system32\rqbwxq.dll
HKCU-Run-admdsc - C:\WINDOWS\system32\kfapyjil.exe
HKCU-Run-VnrPack20 - C:\Program Files\VnrPack\VnrPack20.exe
HKCU-Run-GetPack23 - C:\Program Files\GetPack\GetPack23.exe
HKCU-Run-Facegame - C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe
ShellExecuteHooks-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\wvUkJdCU.dll
SSODL-qrbgltos-{74747695-FC62-4400-BF3A-2B893CADC3BC} - C:\WINDOWS\qrbgltos.dll
SSODL-ngwstxfd-{0BD404B3-7DCF-425C-B2F9-226D99A09DCE} - C:\WINDOWS\ngwstxfd.dll
SafeBoot-TDSSxeuu.sys


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 08:12:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-02 8:14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-02 13:14:22

Pre-Run: 136,021,463,040 bytes free
Post-Run: 138,657,894,400 bytes free

337 --- E O F --- 2008-10-18 16:30:34

[sUBs]

Quote:

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software

By your reckoning, is this software any good? If it's good, post back to let me know.

If it's bad, uninstall it & post back to let me know.

[sUBs]

Open notepad and copy/paste the text in the quotebox below into it:

Code:

http://www.techsupportforum.com/security-center/hijackthis-log-help/308288-horrible-infection.html#post1783978
Collect::
C:\WINDOWS\system32\TDSSqein.dll
File::
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pcntttdl.exe
C:\WINDOWS\system32\rkwnw64l.exe
C:\WINDOWS\ndxq3074.exe
C:\WINDOWS\j414.exe
C:\WINDOWS\.security
C:\.security
C:\WINDOWS\lomxeqsn.exe
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
C:\WINDOWS\h288.exe
C:\WINDOWS\tj85.exe
C:\WINDOWS\lik02.exe
C:\WINDOWS\eo4.exe
C:\WINDOWS\ee3362.exe
C:\WINDOWS\cor704836.exe
C:\WINDOWS\tjyvb346054.exe
C:\WINDOWS\qggu58826.exe
C:\WINDOWS\nohh06760.exe
C:\WINDOWS\nc605007.exe
C:\WINDOWS\system32\dwwnw64r.exe
C:\WINDOWS\system32\g79.exe
C:\WINDOWS\mondrv411.exe
C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\DW_Start.lnk
Folder::
C:\Program Files\PC-Antispy
C:\DOCUME~1\ALLUSE~1\Applic~1\pozgnihc
C:\Documents and Settings\Shirly\Application Data\Gool
C:\Program Files\Webtools
C:\Program Files\Mjcore
C:\WINDOWS\system32\wi
C:\WINDOWS\system32\PX
C:\WINDOWS\system32\m3v
C:\WINDOWS\system32\fs3
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\ec2
REGISTRY::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gool"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{85-5E-EA-A3-DW}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"D5P1Ak1SB2"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="avgrsstx.dll"

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------


In your next post, please include fresh logs from:

1. Online scan
2. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[eddmead]

File was no good deleted it.

Computer is acting 110% better......no noticable problems

Logs requested:

ComboFix 08-11-01.06 - Shirly 2008-11-02 10:31:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.137 [GMT -5:00]
Running from: C:\Documents and Settings\Shirly\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shirly\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\.security
C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\DW_Start.lnk
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\WINDOWS\.security
C:\WINDOWS\cor704836.exe
C:\WINDOWS\ee3362.exe
C:\WINDOWS\eo4.exe
C:\WINDOWS\h288.exe
C:\WINDOWS\j414.exe
C:\WINDOWS\lik02.exe
C:\WINDOWS\lomxeqsn.exe
C:\WINDOWS\mondrv411.exe
C:\WINDOWS\nc605007.exe
C:\WINDOWS\ndxq3074.exe
C:\WINDOWS\nohh06760.exe
C:\WINDOWS\qggu58826.exe
C:\WINDOWS\system32\dwwnw64r.exe
C:\WINDOWS\system32\g79.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pcntttdl.exe
C:\WINDOWS\system32\rkwnw64l.exe
C:\WINDOWS\tj85.exe
C:\WINDOWS\tjyvb346054.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.security
C:\DOCUME~1\ALLUSE~1\Applic~1\pozgnihc
C:\DOCUME~1\ALLUSE~1\Applic~1\pozgnihc\binwvqne.exe
C:\Documents and Settings\Shirly\Application Data\Gool
C:\Program Files\Mjcore
C:\Program Files\Mjcore\Mjcore.dll
C:\Program Files\Webtools
C:\Program Files\Webtools\webtools.dll
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\WINDOWS\.security
C:\WINDOWS\cor704836.exe
C:\WINDOWS\ee3362.exe
C:\WINDOWS\eo4.exe
C:\WINDOWS\h288.exe
C:\WINDOWS\j414.exe
C:\WINDOWS\lik02.exe
C:\WINDOWS\mondrv411.exe
C:\WINDOWS\nc605007.exe
C:\WINDOWS\ndxq3074.exe
C:\WINDOWS\nohh06760.exe
C:\WINDOWS\system32\ec2
C:\WINDOWS\system32\ec2\PDI5MDi2.exe
C:\WINDOWS\system32\EV02
C:\WINDOWS\system32\EV02\EV022328.exe
C:\WINDOWS\system32\fs3
C:\WINDOWS\system32\fs3\CL65CON2.exe
C:\WINDOWS\system32\g79.exe
C:\WINDOWS\system32\m3v
C:\WINDOWS\system32\PX
C:\WINDOWS\system32\PX\TP6567IV.exe
C:\WINDOWS\system32\TDSSqein.dll
C:\WINDOWS\system32\wi
C:\WINDOWS\system32\wi\UNTix526.exe
C:\WINDOWS\tj85.exe
C:\WINDOWS\tjyvb346054.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.

2008-11-02 10:21 . 2008-11-02 10:31 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-11-02 10:13 . 2008-11-02 10:12 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-11-02 10:13 . 2008-11-02 10:12 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-11-02 10:11 . 2008-11-02 10:11 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-11-02 10:11 . 2007-08-20 13:37 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2008-11-02 10:11 . 2007-08-20 13:26 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-11-02 10:11 . 2007-08-20 13:37 75,016 --a------ C:\WINDOWS\system32\isafprod.dll
2008-11-02 10:11 . 2007-08-20 13:38 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-11-02 10:11 . 2007-08-20 13:38 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-11-02 10:11 . 2007-08-20 13:38 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-11-02 10:11 . 2007-08-20 13:38 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-11-02 10:10 . 2008-11-02 10:11 <DIR> d-------- C:\Program Files\CA
2008-11-02 10:10 . 2008-11-02 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-11-02 09:26 . 2008-11-02 09:26 <DIR> d-------- C:\Program Files\BillP Studios
2008-11-02 09:26 . 2008-11-02 09:26 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\WinPatrol
2008-11-02 09:22 . 2008-11-02 09:22 91 --a------ C:\WINDOWS\wininit.ini
2008-11-02 08:58 . 2008-11-02 09:07 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-11-02 08:58 . 2008-11-02 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-02 08:55 . 1999-12-21 07:58 21,312 --a------ C:\WINDOWS\choice.exe
2008-11-02 08:54 . 2008-11-02 08:58 <DIR> d-------- C:\Program Files\SpywareGuard
2008-11-02 08:54 . 2008-11-02 08:54 <DIR> d-------- C:\ie-spyad
2008-11-02 08:53 . 2008-11-02 08:53 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-11-02 08:53 . 2008-11-02 08:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-02 08:32 . 2008-10-15 11:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-31 18:47 . 2008-10-31 18:47 <DIR> d-------- C:\rsit
2008-10-31 18:42 . 2008-10-31 18:42 250 --a------ C:\WINDOWS\gmer.ini
2008-10-30 16:19 . 2008-10-30 16:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-29 18:54 . 2008-10-29 18:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-29 18:08 . 2008-10-29 18:08 <DIR> d-------- C:\Program Files\CleanUp!
2008-10-26 18:23 . 2008-10-26 18:23 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-22 22:27 . 2008-10-22 22:27 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\Simply Super Software
2008-10-22 22:27 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-10-22 22:27 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-10-22 22:27 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-10-22 22:27 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-10-22 22:27 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-10-21 18:18 . 2008-11-02 09:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-21 16:13 . 2008-10-21 16:13 <DIR> d-------- C:\Program Files\AVG
2008-10-21 16:13 . 2008-11-02 10:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-20 17:25 . 2008-10-21 15:19 <DIR> d-------- C:\Documents and Settings\Shirly\Contacts
2008-10-18 13:06 . 2008-10-18 13:06 <DIR> d-------- C:\Program Files\Fun Web Products
2008-10-17 15:41 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-10-17 15:41 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-17 15:41 . 2008-04-13 13:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-17 15:41 . 2001-08-17 21:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\WINDOWS\PixArt
2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\Program Files\Micro Innovations
2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2008-10-17 14:03 . 2008-10-19 20:37 12,548 --a------ C:\WINDOWS\EZMediaBox2.ini
2008-10-17 14:02 . 2008-10-17 14:02 <DIR> d-------- C:\Program Files\BestOn
2008-10-17 14:02 . 2008-07-18 21:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-17 14:02 . 2008-07-18 21:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-17 14:02 . 2008-07-18 21:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 20:52 . 2008-10-16 21:01 <DIR> d-------- C:\Program Files\MySpace
2008-10-16 19:50 . 2008-10-16 19:50 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-10-16 19:50 . 2008-10-16 19:50 <DIR> d-------- C:\Documents and Settings\zach\Contacts
2008-10-16 19:49 . 2008-10-16 19:49 <DIR> d-------- C:\Program Files\Real
2008-10-16 19:49 . 2008-10-16 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-16 19:47 . 2008-10-16 19:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-16 19:47 . 2008-10-16 19:50 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-10-16 19:47 . 2008-10-16 19:51 <DIR> d-------- C:\Program Files\MSN Messenger
2008-10-16 18:04 . 2008-10-26 18:59 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\LimeWire
2008-10-16 18:01 . 2008-10-16 18:01 <DIR> d-------- C:\WINDOWS\Sun
2008-10-16 18:01 . 2008-10-17 10:46 <DIR> d-------- C:\Program Files\Google
2008-10-16 18:00 . 2008-10-16 18:00 <DIR> d-------- C:\Program Files\Java
2008-10-16 18:00 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-16 17:57 . 2008-10-16 17:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-16 17:08 . 2001-08-17 21:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-10-16 17:08 . 2001-08-17 21:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-10-16 17:08 . 2001-08-17 21:36 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2008-10-16 17:08 . 2001-08-17 21:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-10-16 17:08 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2008-10-16 17:08 . 2008-04-13 19:09 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-10-16 17:08 . 2001-08-17 13:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2008-10-16 17:08 . 2001-08-17 13:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2008-10-16 16:43 . 2008-09-15 07:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 16:43 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 16:42 . 2008-08-14 05:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 16:42 . 2008-08-14 05:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 16:42 . 2008-08-14 04:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 16:42 . 2008-08-14 04:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 13:54 . 2008-10-14 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-10-11 22:44 . 2008-10-11 22:44 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-11 20:57 . 2008-10-15 14:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-11 20:57 . 1998-10-29 13:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-10-11 20:56 . 2005-04-01 10:43 66,048 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2008-10-11 09:28 . 2008-10-21 16:14 <DIR> d-------- C:\Documents and Settings\zach
2008-10-10 18:50 . 2008-10-10 18:50 <DIR> d-------- C:\CloneDVDTemp
2008-10-10 18:19 . 2001-08-17 12:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-10 18:19 . 2001-08-17 12:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-10 18:19 . 2008-04-13 13:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-10 18:19 . 2008-04-13 13:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-10-10 14:41 . 2008-10-10 14:41 <DIR> d-------- C:\Program Files\SlySoft
2008-10-10 14:41 . 2008-10-10 14:41 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-10-10 14:40 . 2008-10-31 18:41 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\U3
2008-10-10 14:40 . 2008-04-13 13:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-17 19:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-17 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-02_ 8.13.45.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-02 15:11:17 10,134 ----a-r C:\WINDOWS\Installer\{609B0E8F-0E98-46BF-85F9-7123D1022D84}\ARPPRODUCTICON.exe
+ 2008-11-02 15:11:55 10,134 ----a-r C:\WINDOWS\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe
+ 2008-09-06 04:30:42 241,704 -c----w C:\WINDOWS\system32\dllcache\wgaLogon.dll
+ 2008-09-06 04:29:58 917,032 -c----w C:\WINDOWS\system32\dllcache\WgaTray.exe
+ 2008-06-25 00:08:36 63,504 ----a-w C:\WINDOWS\system32\drivers\KmxAgent.sys
+ 2008-06-25 00:08:42 134,648 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys
+ 2008-06-25 00:08:42 88,816 ----a-w C:\WINDOWS\system32\drivers\KmxCfg.sys
+ 2008-06-25 00:08:46 45,584 ----a-w C:\WINDOWS\system32\drivers\KmxFile.sys
+ 2008-06-25 00:08:52 115,216 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys
+ 2008-06-25 00:08:56 66,576 ----a-w C:\WINDOWS\system32\drivers\KmxSbx.sys
+ 2008-06-25 00:08:58 93,712 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys
- 2008-03-20 2236 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-09-06 04:30:06 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2003-04-18 21:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2003-04-18 21:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
- 2008-04-14 00:12:01 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-06-25 00:10:44 117,264 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll
+ 2008-06-25 00:10:46 256,528 ----a-w C:\WINDOWS\system32\UmxSbxw.dll
+ 2007-05-18 18:30:00 79,368 ----a-w C:\WINDOWS\system32\UmxWNP.dll
+ 2008-09-06 04:30:42 241,704 ------w C:\WINDOWS\system32\WgaLogon.dll
+ 2008-09-06 04:29:58 917,032 ------w C:\WINDOWS\system32\WgaTray.exe
+ 2008-11-02 15:11:49 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-11-02 15:11:50 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-12-11 503296]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-11-02 14088]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-11-02 1193200]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-11-02 173296]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-11-02 259312]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 13:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rqbwxq.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2008-06-24 93712]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 UmxAgent;HIPS Event Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 PPCtlPriv;PPCtlPriv;C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
S3 PAC207;Basic Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-05-27 162304]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CAISAFE
*Newly Created Service* - KMXAGENT
*Newly Created Service* - KMXCF
*Newly Created Service* - KMXCFG
*Newly Created Service* - KMXFILE
*Newly Created Service* - KMXFW
*Newly Created Service* - KMXSBX
*Newly Created Service* - KMXSTART
*Newly Created Service* - PPCTLPRIV
*Newly Created Service* - UMXAGENT
*Newly Created Service* - UMXFWHLP
*Newly Created Service* - UMXPOL
*Newly Created Service* - VET-FILT
*Newly Created Service* - VET-REC
*Newly Created Service* - VETEBOOT
*Newly Created Service* - VETEFILE
*Newly Created Service* - VETMONNT
*Newly Created Service* - VETMSGNT
.
Contents of the 'Scheduled Tasks' folder

2008-11-02 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Shirly at 10 11.job
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-16 21:10]

2008-11-02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 10:41:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-02 10:44:22
ComboFix-quarantined-files.txt 2008-11-02 15:44:04
ComboFix2.txt 2008-11-02 13:14:46

Pre-Run: 138,263,834,624 bytes free
Post-Run: 138,312,536,064 bytes free

322 --- E O F --- 2008-11-02 13:36:24




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 2, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 02, 2008 07:40:08
Records in database: 1367023
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 49789
Threat name: 14
Infected objects: 29
Suspicious objects: 0
Duration of the scan: 01:30:32


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\ALLUSE~1\APPLIC~1\pozgnihc\binwvqne.exe.vir Infected: Trojan-Downloader.Win32.Obfuscated.edh 1
C:\Qoobox\Quarantine\C\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe.vir Infected: Trojan-Downloader.Win32.Agent.alda 1
C:\Qoobox\Quarantine\C\Documents and Settings\Shirly\Application Data\SpeedRunner\SRUninstall.exe.vir Infected: Trojan-Downloader.Win32.Agent.aldb 1
C:\Qoobox\Quarantine\C\WINDOWS\ngwstxfd.dll.vir Infected: Trojan.Win32.Vapsup.mmd 1
C:\Qoobox\Quarantine\C\WINDOWS\qrbgltos.dll.vir Infected: Trojan.Win32.Vapsup.mma 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\aomkpr.dll.vir Infected: Packed.Win32.PolyCrypt.d 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcDvwvs.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\fecmcmrp.dll.vir Infected: Packed.Win32.PolyCrypt.d 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\fs3\CL65CON2.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\fs3\CL65CON2.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\g79.exe.vir Infected: Trojan-Clicker.Win32.Agent.btl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\iIBUlKAp.dll.vir Infected: Trojan.Win32.Monderb.vut 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\iifdCvwu.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\imvkir.dll.vir Infected: Trojan.Win32.Monder.xjo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kadeqihh.dll.vir Infected: Trojan.Win32.Monder.xjo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnmlMDw.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oPICTJAr.dll.vir Infected: Trojan.Win32.Monderb.vut 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnmmJcd.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\PX\TP6567IV.exe.vir Infected: Trojan-Downloader.Win32.Agent.afzg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qqxxzc.dll.vir Infected: Packed.Win32.PolyCrypt.d 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqbwxq.dll.vir Infected: Trojan.Win32.Monder.xjo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tllxdcdr.dll.vir Infected: Trojan.Win32.Monder.xjo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvTmNfG.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUkJdCU.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xlfgptge.dll.vir Infected: Packed.Win32.PolyCrypt.d 1
D:\I386\APPS\APP17286\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP17286\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

The selected area was scanned.

[eddmead]

Oh yeah file was submitted to the website also..

[sUBs]

Quote:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rqbwxq.dll

Hmm .... this entry persisted even after I tried to fix it. Has to be interference from one of your security programs. Likely to be ether SpyBot's Tea Timer OR WinPatrol. Both are known to interfere. Please disable them both before attempting next action ...


-------


Open NOTEPAD.exe and copy/paste the text in the codebox below:
(don't forget to copy and paste REGEDIT4)

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="avgrsstx.dll"

Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry

Post back to let me know how that went

[sUBs]

Did you doctor your Kaspersky log? It reported 29 infected objects but the entries you posted did not tally.

[eddmead]

regfix was successful.....no I just copied and pasted log from kasperski.

[sUBs]

Kaspersky mentioned 29 infected objects but if you count the list you posted, there's only 27. Could I trouble you to rescan again? Wouldn't be good if we left untreated files on the machine.

[eddmead]

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 2, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 02, 2008 07:40:08
Records in database: 1367023
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 49390
Threat name: 14
Infected objects: 29
Suspicious objects: 0
Duration of the scan: 01:24:01


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\ALLUSE~1\APPLIC~1\pozgnihc\binwvqne.exe.vir Infected: Trojan-Downloader.Win32.Obfuscated.edh 1
C:\Qoobox\Quarantine\C\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe.vir Infected: Trojan-Downloader.Win32.Agent.alda 1
C:\Qoobox\Quarantine\C\Documents and Settings\Shirly\Application Data\SpeedRunner\SRUninstall.exe.vir Infected: Trojan-Downloader.Win32.Agent.aldb 1
C:\Qoobox\Quarantine\C\WINDOWS\ngwstxfd.dll.vir Infected: Trojan.Win32.Vapsup.mmd 1
C:\Qoobox\Quarantine\C\WINDOWS\qrbgltos.dll.vir Infected: Trojan.Win32.Vapsup.mma 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\aomkpr.dll.vir Infected: Packed.Win32.PolyCrypt.d 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcDvwvs.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\fecmcmrp.dll.vir Infected: Packed.Win32.PolyCrypt.d 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\fs3\CL65CON2.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\fs3\CL65CON2.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\g79.exe.vir Infected: Trojan-Clicker.Win32.Agent.btl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\iIBUlKAp.dll.vir Infected: Trojan.Win32.Monderb.vut 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\iifdCvwu.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\imvkir.dll.vir Infected: Trojan.Win32.Monder.xjo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kadeqihh.dll.vir Infected: Trojan.Win32.Monder.xjo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nnnmlMDw.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oPICTJAr.dll.vir Infected: Trojan.Win32.Monderb.vut 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnmmJcd.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\PX\TP6567IV.exe.vir Infected: Trojan-Downloader.Win32.Agent.afzg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qqxxzc.dll.vir Infected: Packed.Win32.PolyCrypt.d 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqbwxq.dll.vir Infected: Trojan.Win32.Monder.xjo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tllxdcdr.dll.vir Infected: Trojan.Win32.Monder.xjo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvTmNfG.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUkJdCU.dll.vir Infected: Trojan.Win32.Monderb.voe 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xlfgptge.dll.vir Infected: Packed.Win32.PolyCrypt.d 1
D:\I386\APPS\APP17286\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP17286\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

The selected area was scanned.

[eddmead]

looks the same ...I made sure I didnt change anything

[sUBs]

LOL .... possibly a glitch in the software's counting then. Doesn't hurt to double check.
With regards to Kasperksy's 27 lines, 25 of them are of files from C:\QooBox. That's ComboFix's quarantine cache. Nothing to worry about. The remainder 2 are about bundled software that comes with your machine. It's part of HP's recovery partition. It's adware but it's not really malicious. We shouldn't be fixing that.


------------------


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

1. Uninstall ComboFix ... do not skip this step
   This process will perform some post cleanup measures.
   Do this by going to to Start > Run & typing in ComboFix /u
   
   
2. ANTIVIRUS SOFTWARE
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
3. Microsoft Windows Update ? http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
4. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here ? http://www.bleepingcomputer.com/forums/tutorial49.html

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

Kindly respond to this thread once more so we can mark this thread as resolved.

[eddmead]

Thank you for all the help....everything looks good now.