[resolved]BIG Problem (continued)

Unknown
edited January 2007 in Spyware & Virus Removal
I know this is a new thread, but I didn't know another way around it....after trying to post my newest logs, my BIG Problem thread did not show anything! Where did they go?

Here are my logs (as requested from previous thread):
AVG Anti-Spyware - Scan Report

+ Created at: 1:25:47 AM 1/7/2007

+ Scan result:



HKLM\SOFTWARE\iGlobalMedia -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\Installer -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\upgrades -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\blackjackdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\boardbabe -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\cashcruise -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\coolbananas -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\firedrake -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\flamingo -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\funkychicken -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\games -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldeneagle -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldengopher -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldenoasis -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\highlimitblackjack -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\hotroller -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kangacash -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kenodll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kookakeno -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\letitride -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\magicmanslot -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\megaeuropeanroulette -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\metropolis -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\multiplayerblackjack -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\multiplayerblackjackdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\nextgenvpdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\piggypayback -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\pokerdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\roulettedll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\safecrackerkeno -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\silvercity -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\slotsdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\superfortunewheel -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\superjoker -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\supermystic -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\superstar -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\sweethawaii -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\tod -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vegasclub -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\videopokerdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerdw -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerjob -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerjp -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckitalia -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\starluckitalia\casino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
C:\Program Files\Starware347\bin\Starware347.dll -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{342E607B-09DD-1033-0919-030512200001}\Bar888.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063448.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063650.dll -> Downloader.SFC.os : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063754.dll -> Downloader.SFC.os : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sfc_os.dll -> Downloader.SFC.os : Cleaned with backup (quarantined).
C:\bghtcbd.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065966.exe -> Downloader.Small.edu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063648.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063751.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063773.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0064934.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP326\A0066398.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP327\A0067391.sys -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\eitpgmoi.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msvcrl.dll -> Logger.Goldun.on : Cleaned with backup (quarantined).
C:\bhbn.exe -> Not-A-Virus.Hoax.Win32.Renos.gc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP328\A0067488.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\VundoFix Backups\winrkp32.dll.bad -> Trojan.Mezzia : Cleaned with backup (quarantined).
C:\omepavy.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\ydkdohw.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063559.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063562.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063752.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP321\A0063774.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0064935.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP326\A0066399.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\ihnf.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).


::Report end

Owner - 07-01-07 1:34:04.53 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\{342E607B-09DD-1033-0919-030512200001}


((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))


2007-01-06 23:37 3,968 --a
C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-06 22:53 857,802 ---hs---- C:\WINDOWS\system32\stvwa.bak2
2007-01-05 22:53 852,023 ---hs---- C:\WINDOWS\system32\stvwa.bak1
2007-01-05 22:53 277,044 ---hs---- C:\WINDOWS\system32\awvts.dll
2007-01-05 22:42 <DIR> d
C:\VundoFix Backups
2007-01-04 19:39 <DIR> d
C:\avenger
2007-01-04 19:33 <DIR> d
C:\Rustbfix
2007-01-04 00:11 79,360 --a
C:\WINDOWS\system32\swxcacls.exe
2007-01-04 00:11 53,248 --a
C:\WINDOWS\system32\Process.exe
2007-01-04 00:11 51,200 --a
C:\WINDOWS\system32\dumphive.exe
2007-01-04 00:11 40,960 --a
C:\WINDOWS\system32\swsc.exe
2007-01-04 00:11 3,952 --a
C:\WINDOWS\system32\tmp.reg
2007-01-04 00:11 288,417 --a
C:\WINDOWS\system32\SrchSTS.exe
2007-01-04 00:11 135,168 --a
C:\WINDOWS\system32\swreg.exe
2007-01-04 00:06 2,416 --a
C:\GetPaths.vbs
2007-01-03 23:57 0 --a
C:\klnl.exe
2007-01-03 07:27 118,804 --a
C:\WINDOWS\system32\orxpcvap.dll
2007-01-02 23:37 <DIR> d
C:\Program Files\Common Files\Java
2007-01-02 22:29 81,684 --a
C:\WINDOWS\system32\fqtxuliu.dll
2007-01-02 21:29 81,684 --a
C:\WINDOWS\system32\ecdqkrfs.dll
2007-01-02 21:15 <DIR> d
C:\Program Files\Hijackthis
2007-01-01 21:26 <DIR> d
C:\WINDOWS\BDOSCAN8
2007-01-01 20:56 <DIR> d
C:\WINDOWS\system32\ActiveScan
2007-01-01 20:44 <DIR> d
C:\Program Files\SpywareBlaster
2007-01-01 20:41 81,684 --a
C:\WINDOWS\system32\lcspqnci.dll
2007-01-01 20:07 22,541 ---hs---- C:\WINDOWS\system32\urqonmn.dll
2006-12-31 14:35 81,684 --a
C:\WINDOWS\system32\jcaswhdp.dll
2006-12-31 12:13 81,684 --a
C:\WINDOWS\system32\viiqwhbx.dll
2006-12-31 01:37 68,888 --a
C:\WINDOWS\system32\xinput1_3.dll
2006-12-31 01:37 62,744 --a
C:\WINDOWS\system32\xinput1_2.dll
2006-12-31 01:37 3,426,072 --a
C:\WINDOWS\system32\d3dx9_32.dll
2006-12-31 01:37 251,672 --a
C:\WINDOWS\system32\xactengine2_5.dll
2006-12-31 01:37 237,848 --a
C:\WINDOWS\system32\xactengine2_4.dll
2006-12-31 01:37 236,824 --a
C:\WINDOWS\system32\xactengine2_3.dll
2006-12-31 01:37 2,414,360 --a
C:\WINDOWS\system32\d3dx9_31.dll
2006-12-31 01:37 2,297,552 --a
C:\WINDOWS\system32\d3dx9_26.dll
2006-12-31 01:37 15,128 --a
C:\WINDOWS\system32\x3daudio1_1.dll
2006-12-31 01:35 <DIR> d--h
C:\WINDOWS\msdownld.tmp
2006-12-30 19:22 <DIR> d
C:\Documents and Settings\Owner\Application Data\MSNInstaller
2006-12-30 18:25 81,684 --a
C:\WINDOWS\system32\btrhyhyg.dll
2006-12-30 18:25 44,060 --a
C:\WINDOWS\system32\iiyhdxbr.dll
2006-12-30 18:19 22,541 ---hs---- C:\WINDOWS\system32\rqrpmnm.dll
2006-12-30 02:11 <DIR> d
C:\Program Files\Shockwave.com
2006-12-30 02:09 <DIR> d
C:\Program Files\ReflexiveArcade
2006-12-29 02:56 <DIR> d
C:\Program Files\IObit
2006-12-28 01:05 <DIR> d
C:\Documents and Settings\Owner\Application Data\funkitron
2006-12-23 01:24 <DIR> d
C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
2006-12-19 23:10 24,816 --a
C:\WINDOWS\system32\mdimon.dll
2006-12-19 23:08 <DIR> d
C:\Program Files\Microsoft ActiveSync
2006-12-19 23:07 <DIR> d
C:\Program Files\Microsoft.NET
2006-12-19 23:04 <DIR> dr-h
C:\MSOCache
2006-12-17 23:23 <DIR> d
C:\Program Files\Windows Media Connect 2
2006-12-17 23:22 <DIR> d
C:\WINDOWS\system32\LogFiles
2006-12-17 23:22 <DIR> d
C:\WINDOWS\system32\drivers\UMDF
2006-12-14 00:01 <DIR> d
C:\Documents and Settings\Owner\Application Data\Photodex
2006-12-11 22:20 <DIR> d
C:\Program Files\360Share Pro
2006-12-11 22:20 <DIR> d
C:\Documents and Settings\Owner\Application Data\LimeWire
2006-12-11 22:08 <DIR> d
C:\Documents and Settings\Owner\Application Data\Roxio


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-07 01:35
d
C:\Program Files\Common Files
2007-01-02 23:42
d
C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-01-02 23:37
d
C:\Program Files\Java
2007-01-01 19:18
d
C:\Program Files\Spybot - Search & Destroy
2006-12-31 13:52
d
C:\Documents and Settings\Owner\Application Data\Ahead
2006-12-31 02:26
d
C:\Program Files\Yahoo! Games
2006-12-30 19:22
d
C:\Program Files\MSN
2006-12-30 19:14
d
C:\Program Files\lx_cats
2006-12-30 18:51
d
C:\Program Files\Common Files\Adobe
2006-12-30 18:47
d
C:\Program Files\QuickTime
2006-12-30 18:21
d
C:\Program Files\Internet Explorer
2006-12-30 18:20
d
C:\Program Files\Download Express
2006-12-29 22:54
d
C:\Program Files\Bonjour
2006-12-21 23:15
d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-12-19 23:26
d
C:\Program Files\Common Files\Microsoft Shared
2006-12-19 23:08
d
C:\Program Files\Microsoft Office
2006-12-19 23:07
d
C:\Program Files\Common Files\System
2006-12-17 23:23
d
C:\Program Files\Windows Media Player
2006-12-17 03:01
d
C:\Program Files\Outlook Express
2006-12-11 22:14
d--h
C:\Program Files\InstallShield Installation Information
2006-12-08 18:33
d
C:\Program Files\Common Files\Kodak
2006-11-25 23:49
d
C:\Program Files\Photodex
2006-11-16 19:47 524288 --a
C:\WINDOWS\opuc.dll
2006-11-14 19:28
d
C:\Program Files\Snapshot Viewer
2006-11-14 19:27
d
C:\Program Files\microsoft frontpage
2006-11-14 19:22
d
C:\Program Files\Common Files\Designer
2006-11-07 23:06 679424 --a
C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a
C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280
C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688
C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752
C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a
C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a
C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736
C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a
C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a
C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a
C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a
C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a
C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a
C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a
C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a
C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a
C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a
C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a
C:\WINDOWS\system32\ieakui.dll
2006-10-19 07:56 713216 --a
C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a
C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a
C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a
C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a
C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a
C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a
C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488
C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a
C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a
C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896
C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a
C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a
C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376
C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a
C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a
C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040
C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a
C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a
C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a
C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400
C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a
C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a
C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a
C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a
C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a
C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a
C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440
C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a
C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936
C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160
C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992
C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a
C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008
C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072
C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072
C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a
C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a
C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a
C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a
C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a
C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47 212992
C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a
C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288
C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168
C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a
C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a
C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912
C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440
C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912
C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a
C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a
C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680
C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912
C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632
C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a
C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096
C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048
C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a
C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a
C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888
C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a
C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856
C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408
C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a
C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a
C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336
C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a
C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a
C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a
C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952
C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288
C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a
C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752
C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a
C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a
C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928
C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 06:35 142336 --a
C:\WINDOWS\system32\nwprovau.dll
2006-10-09 08:12 1343488 --a
C:\WINDOWS\system32\FreeImage.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~2\\data\\Xtras\\mssysmgr.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"TaskManager"="C:\\WINDOWS\\TaskMgr.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"tgcmd"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
"SSRunScript"="\"C:\\Program Files\\Support.com\\Charter\\bin\\SSRunScript.exe\" /script \"C:\\Program Files\\Support.com\\Charter\\vbs\\verifyconnection.vbs\" /args //b startupdelay"
"BCMSMMSG"="BCMSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"lxcrmon.exe"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\""
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
"AutoSys"="C:\\WINDOWS\\system32\\autosys.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\orxpcvap.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=&quot;"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,df,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{E672B410-3580-435F-AD90-63D158E2F29C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDriveAutoRun"=dword:ffffffff
"LinkResolveIgnoreLinkInfo"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"system"="C:\\WINDOWS\\csrss.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvts
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonmn

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 07-01-07 1:36:59.51
C:\ComboFix.txt ... 07-01-07 01:36


Logfile of HijackThis v1.99.1
Scan saved at 1:32:33 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.charter.com/welcome/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\orxpcvap.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TaskManager] C:\WINDOWS\TaskMgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167712780578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167552923015
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
«13

Comments

  • TroganTrogan London, UK
    edited January 2007
    Hi Fish,

    Thanks for starting a new thread. For some reason, your other thread won't fully load. Have no idea what would be causing that.

    From a quick look at your HijackThis log, I see new malware.

    Give me some time to look through the current logs. Try and keep this computer off the internet as much as possible please.
  • TroganTrogan London, UK
    edited January 2007
    I think the forum had some problems...seem to be resolved now.

    I need you to rename HijackThis again and post a new log.

    Thanks!
  • fish04
    edited January 2007
    Here is the new hijack this log
    Logfile of HijackThis v1.99.1
    Scan saved at 3:46:06 PM, on 1/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\lxcrcoms.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.charter.com/welcome/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\orxpcvap.dll",setvm
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [TaskManager] C:\WINDOWS\TaskMgr.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167712780578
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167552923015
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
    O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    Will you be online for a while (how often should I check in?)
  • TroganTrogan London, UK
    edited January 2007
    Thanks for the new log, but I need you to rename it to something other than HijackThis. You renamed it once before to Scanner, but I don't know how it reverted back to HijackThis.exe.

    I'll be online for the next 2-3 hours. Trying to finish some work and get your computer cleaned.

    Also, with some of the infections present, you are strongly advised to do the following immediately!:
    • Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.
    • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    • From a clean computer, change *all* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
        Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
    • fish04
      edited January 2007
      I have a laptop (using wireless network) and cable modem (which is connected to my desktop computer which is the infected computer). Is it possible for me to hook the laptop directly up to the cable modem and take care of this situation or should I be using another computer away from my home? Right now, the laptop doesn't have any problems or viruses.
    • TroganTrogan London, UK
      edited January 2007
      It should be fine.
    • fish04
      edited January 2007
      here's new log:
      Logfile of HijackThis v1.99.1
      Scan saved at 4:10:14 PM, on 1/7/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\system32\lxcrcoms.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Support.com\bin\tgcmd.exe
      C:\WINDOWS\BCMSMMSG.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Lexmark 2400 Series\ezprint.exe
      C:\Program Files\Java\jre1.6.0\bin\jusched.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\lexpps.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.charter.com/welcome/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
      O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
      O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
      O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
      O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
      O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\orxpcvap.dll",setvm
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [TaskManager] C:\WINDOWS\TaskMgr.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167712780578
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167552923015
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
      O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
      O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
      O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    • TroganTrogan London, UK
      edited January 2007
      Still hasn't been renamed.

      I need you to rename HijackThis.exe here...
      C:\Program Files\Hijackthis\HijackThis.exe
      ...to Scanner.exe. Right-click and select Rename.

      Thanks!
    • fish04
      edited January 2007
      did it work this time? everything is renamed to scanner

      Logfile of HijackThis v1.99.1
      Scan saved at 4:28:23 PM, on 1/7/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Support.com\bin\tgcmd.exe
      C:\WINDOWS\BCMSMMSG.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
      C:\Program Files\Lexmark 2400 Series\ezprint.exe
      C:\Program Files\Java\jre1.6.0\bin\jusched.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\lxcrcoms.exe
      C:\Program Files\scanner\scanner.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.charter.com/welcome/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\iiyhdxbr.dll
      O2 - BHO: (no name) - {9D4701CE-5EB6-495D-BA7D-1854F8066A59} - C:\WINDOWS\system32\awvts.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: (no name) - {AEC3AEB5-57E2-4020-8625-0E273149322A} - C:\WINDOWS\system32\pmnll.dll (file missing)
      O2 - BHO: (no name) - {E672B410-3580-435F-AD90-63D158E2F29C} - C:\WINDOWS\system32\urqonmn.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
      O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
      O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
      O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
      O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
      O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\orxpcvap.dll",setvm
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [TaskManager] C:\WINDOWS\TaskMgr.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167712780578
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167552923015
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
      O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
      O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
      O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: urqonmn - C:\WINDOWS\SYSTEM32\urqonmn.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
      O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    • TroganTrogan London, UK
      edited January 2007
      Yes, you renamed it this time. Your reinfected by Vundo again. :( Please avoid downloading anything, accept for what I ask you to.

      Can you run VundoFix again like you did before please. Post the log it creates back here with a new Scanner log and a new ComboFix log.

      If you want me to post full instructions again, let me know.

      Thanks!
    • fish04
      edited January 2007
      Yes, please do if you don't mind... I disconnect my infected computer from the internet, so now I have my laptop directly connected to the cable modem. Downloading should not be an option now, so that's good.
    • TroganTrogan London, UK
      edited January 2007
      Leave HijackThis named as Scanner. I'll will refer to it as HijackThis but do not want it renamed.

      1. Please download VundoFix.exe to your desktop.
      • Double-click VundoFix.exe to run it.
      • Click the Scan for Vundo button.
      • Once it's done scanning, click the Remove Vundo button.
      • You will receive a prompt asking if you want to remove the files, click YES
      • Once you click yes, your desktop will go blank as it starts removing Vundo.
      • When completed, it will prompt that it will reboot your computer, click OK.
      • Please post the contents of C:\vundofix.txt and a new HiJackThis log in your next reply.
      Note: It is possible that VundoFix encountered a file it could not remove.
      In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

      2. Download this file to your Desktop - combofix.exe
      Double click combofix.exe & follow the prompts.
      When finished, it shall produce a log for you. Post that log in your next reply

      3. Please post the following...

      1) VundoFix log
      2) ComboFix log
      3) New HijackThis log
    • fish04
      edited January 2007
      Okay all completed:
      Vundo log:

      VundoFix V6.2.13

      Checking Java version...

      Java version is 1.5.0.6

      Java version is 1.5.0.7

      Scan started at 10:42:28 PM 1/5/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\winrkp32.dll
      C:\WINDOWS\system32\pmnll.dll
      C:\WINDOWS\system32\pmnll.dll
      C:\WINDOWS\system32\pmnll.dll
      C:\WINDOWS\system32\llnmp.ini
      C:\WINDOWS\system32\llnmp.bak1
      C:\WINDOWS\system32\llnmp.bak2
      C:\WINDOWS\system32\llnmp.ini2
      C:\WINDOWS\system32\llnmp.tmp
      C:\WINDOWS\system32\llnmp.ini
      C:\WINDOWS\system32\llnmp.bak1
      C:\WINDOWS\system32\llnmp.bak2
      C:\WINDOWS\system32\llnmp.ini2
      C:\WINDOWS\system32\llnmp.tmp
      C:\WINDOWS\system32\llnmp.ini
      C:\WINDOWS\system32\llnmp.bak1
      C:\WINDOWS\system32\llnmp.bak2
      C:\WINDOWS\system32\llnmp.ini2
      C:\WINDOWS\system32\llnmp.tmp

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\winrkp32.dll
      C:\WINDOWS\system32\winrkp32.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\pmnll.dll
      C:\WINDOWS\system32\pmnll.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\llnmp.ini
      C:\WINDOWS\system32\llnmp.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\llnmp.bak1
      C:\WINDOWS\system32\llnmp.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\llnmp.bak2
      C:\WINDOWS\system32\llnmp.bak2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\llnmp.ini2
      C:\WINDOWS\system32\llnmp.ini2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\llnmp.tmp
      C:\WINDOWS\system32\llnmp.tmp Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.2.13

      Checking Java version...

      Java version is 1.5.0.6

      Java version is 1.5.0.7

      Scan started at 4:45:39 PM 1/7/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\awvts.dll
      C:\WINDOWS\system32\stvwa.ini
      C:\WINDOWS\system32\stvwa.bak1
      C:\WINDOWS\system32\stvwa.bak2

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\awvts.dll
      C:\WINDOWS\system32\awvts.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\stvwa.ini
      C:\WINDOWS\system32\stvwa.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\stvwa.bak1
      C:\WINDOWS\system32\stvwa.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\stvwa.bak2
      C:\WINDOWS\system32\stvwa.bak2 Has been deleted!

      Performing Repairs to the registry.
      Done!

      ComboFix log:
      Owner - 07-01-07 16:53:51.46 Service Pack 2
      ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"

      ((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))


      2007-01-07 01:50 <DIR> d
      C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
      2007-01-06 23:37 3,968 --a
      C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2007-01-05 22:42 <DIR> d
      C:\VundoFix Backups
      2007-01-04 19:39 <DIR> d
      C:\avenger
      2007-01-04 19:33 <DIR> d
      C:\Rustbfix
      2007-01-04 00:11 79,360 --a
      C:\WINDOWS\system32\swxcacls.exe
      2007-01-04 00:11 53,248 --a
      C:\WINDOWS\system32\Process.exe
      2007-01-04 00:11 51,200 --a
      C:\WINDOWS\system32\dumphive.exe
      2007-01-04 00:11 40,960 --a
      C:\WINDOWS\system32\swsc.exe
      2007-01-04 00:11 3,952 --a
      C:\WINDOWS\system32\tmp.reg
      2007-01-04 00:11 288,417 --a
      C:\WINDOWS\system32\SrchSTS.exe
      2007-01-04 00:11 135,168 --a
      C:\WINDOWS\system32\swreg.exe
      2007-01-04 00:06 2,416 --a
      C:\GetPaths.vbs
      2007-01-03 23:57 0 --a
      C:\klnl.exe
      2007-01-03 07:27 118,804 --a
      C:\WINDOWS\system32\orxpcvap.dll
      2007-01-02 23:37 <DIR> d
      C:\Program Files\Common Files\Java
      2007-01-02 22:29 81,684 --a
      C:\WINDOWS\system32\fqtxuliu.dll
      2007-01-02 21:29 81,684 --a
      C:\WINDOWS\system32\ecdqkrfs.dll
      2007-01-02 21:15 <DIR> d
      C:\Program Files\scanner
      2007-01-01 21:26 <DIR> d
      C:\WINDOWS\BDOSCAN8
      2007-01-01 20:56 <DIR> d
      C:\WINDOWS\system32\ActiveScan
      2007-01-01 20:44 <DIR> d
      C:\Program Files\SpywareBlaster
      2007-01-01 20:41 81,684 --a
      C:\WINDOWS\system32\lcspqnci.dll
      2007-01-01 20:07 22,541 ---hs---- C:\WINDOWS\system32\urqonmn.dll
      2006-12-31 14:35 81,684 --a
      C:\WINDOWS\system32\jcaswhdp.dll
      2006-12-31 12:13 81,684 --a
      C:\WINDOWS\system32\viiqwhbx.dll
      2006-12-31 01:37 68,888 --a
      C:\WINDOWS\system32\xinput1_3.dll
      2006-12-31 01:37 62,744 --a
      C:\WINDOWS\system32\xinput1_2.dll
      2006-12-31 01:37 3,426,072 --a
      C:\WINDOWS\system32\d3dx9_32.dll
      2006-12-31 01:37 251,672 --a
      C:\WINDOWS\system32\xactengine2_5.dll
      2006-12-31 01:37 237,848 --a
      C:\WINDOWS\system32\xactengine2_4.dll
      2006-12-31 01:37 236,824 --a
      C:\WINDOWS\system32\xactengine2_3.dll
      2006-12-31 01:37 2,414,360 --a
      C:\WINDOWS\system32\d3dx9_31.dll
      2006-12-31 01:37 2,297,552 --a
      C:\WINDOWS\system32\d3dx9_26.dll
      2006-12-31 01:37 15,128 --a
      C:\WINDOWS\system32\x3daudio1_1.dll
      2006-12-31 01:35 <DIR> d--h
      C:\WINDOWS\msdownld.tmp
      2006-12-30 19:22 <DIR> d
      C:\Documents and Settings\Owner\Application Data\MSNInstaller
      2006-12-30 18:25 81,684 --a
      C:\WINDOWS\system32\btrhyhyg.dll
      2006-12-30 18:25 44,060 --a
      C:\WINDOWS\system32\iiyhdxbr.dll
      2006-12-30 18:19 22,541 ---hs---- C:\WINDOWS\system32\rqrpmnm.dll
      2006-12-30 02:11 <DIR> d
      C:\Program Files\Shockwave.com
      2006-12-30 02:09 <DIR> d
      C:\Program Files\ReflexiveArcade
      2006-12-29 02:56 <DIR> d
      C:\Program Files\IObit
      2006-12-28 01:05 <DIR> d
      C:\Documents and Settings\Owner\Application Data\funkitron
      2006-12-23 01:24 <DIR> d
      C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
      2006-12-19 23:10 24,816 --a
      C:\WINDOWS\system32\mdimon.dll
      2006-12-19 23:08 <DIR> d
      C:\Program Files\Microsoft ActiveSync
      2006-12-19 23:07 <DIR> d
      C:\Program Files\Microsoft.NET
      2006-12-19 23:04 <DIR> dr-h
      C:\MSOCache
      2006-12-17 23:23 <DIR> d
      C:\Program Files\Windows Media Connect 2
      2006-12-17 23:22 <DIR> d
      C:\WINDOWS\system32\LogFiles
      2006-12-17 23:22 <DIR> d
      C:\WINDOWS\system32\drivers\UMDF
      2006-12-14 00:01 <DIR> d
      C:\Documents and Settings\Owner\Application Data\Photodex
      2006-12-11 22:20 <DIR> d
      C:\Program Files\360Share Pro
      2006-12-11 22:20 <DIR> d
      C:\Documents and Settings\Owner\Application Data\LimeWire
      2006-12-11 22:08 <DIR> d
      C:\Documents and Settings\Owner\Application Data\Roxio


      (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


      2007-01-07 02:09
      d
      C:\Program Files\Common Files\Microsoft Shared
      2007-01-07 02:03
      d
      C:\Program Files\Snapshot Viewer
      2007-01-07 01:35
      d
      C:\Program Files\Common Files
      2007-01-02 23:42
      d
      C:\Documents and Settings\Owner\Application Data\AdobeUM
      2007-01-02 23:37
      d
      C:\Program Files\Java
      2007-01-01 19:18
      d
      C:\Program Files\Spybot - Search & Destroy
      2006-12-31 13:52
      d
      C:\Documents and Settings\Owner\Application Data\Ahead
      2006-12-31 02:26
      d
      C:\Program Files\Yahoo! Games
      2006-12-30 19:22
      d
      C:\Program Files\MSN
      2006-12-30 19:14
      d
      C:\Program Files\lx_cats
      2006-12-30 18:51
      d
      C:\Program Files\Common Files\Adobe
      2006-12-30 18:47
      d
      C:\Program Files\QuickTime
      2006-12-30 18:21
      d
      C:\Program Files\Internet Explorer
      2006-12-30 18:20
      d
      C:\Program Files\Download Express
      2006-12-29 22:54
      d
      C:\Program Files\Bonjour
      2006-12-21 23:15
      d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
      2006-12-19 23:08
      d
      C:\Program Files\Microsoft Office
      2006-12-19 23:07
      d
      C:\Program Files\Common Files\System
      2006-12-17 23:23
      d
      C:\Program Files\Windows Media Player
      2006-12-17 03:01
      d
      C:\Program Files\Outlook Express
      2006-12-11 22:14
      d--h
      C:\Program Files\InstallShield Installation Information
      2006-12-08 18:33
      d
      C:\Program Files\Common Files\Kodak
      2006-11-25 23:49
      d
      C:\Program Files\Photodex
      2006-11-16 19:47 524288 --a
      C:\WINDOWS\opuc.dll
      2006-11-14 19:27
      d
      C:\Program Files\microsoft frontpage
      2006-11-14 19:22
      d
      C:\Program Files\Common Files\Designer
      2006-11-07 23:06 679424 --a
      C:\WINDOWS\system32\inetcomm.dll
      2006-11-04 14:14 1245696 --a
      C:\WINDOWS\system32\msxml4.dll
      2006-10-27 15:09 6049280
      C:\WINDOWS\system32\ieframe.dll
      2006-10-27 15:09 50688
      C:\WINDOWS\system32\msfeedsbs.dll
      2006-10-27 15:09 458752
      C:\WINDOWS\system32\msfeeds.dll
      2006-10-27 15:09 413696 --a
      C:\WINDOWS\system32\vbscript.dll
      2006-10-27 15:09 231424 --a
      C:\WINDOWS\system32\webcheck.dll
      2006-10-27 15:09 180736
      C:\WINDOWS\system32\ieui.dll
      2006-10-27 15:09 156160 --a
      C:\WINDOWS\system32\msls31.dll
      2006-10-27 02:44 71680 --a
      C:\WINDOWS\system32\admparse.dll
      2006-10-27 02:44 55296 --a
      C:\WINDOWS\system32\iesetup.dll
      2006-10-27 02:44 54784 --a
      C:\WINDOWS\system32\ie4uinit.exe
      2006-10-27 02:44 43008 --a
      C:\WINDOWS\system32\iernonce.dll
      2006-10-27 02:44 382976 --a
      C:\WINDOWS\system32\iedkcs32.dll
      2006-10-27 02:44 229376 --a
      C:\WINDOWS\system32\ieaksie.dll
      2006-10-27 02:44 152064 --a
      C:\WINDOWS\system32\ieakeng.dll
      2006-10-27 02:44 13312 --a
      C:\WINDOWS\system32\ieudinit.exe
      2006-10-27 02:44 123904 --a
      C:\WINDOWS\system32\advpack.dll
      2006-10-27 02:42 161792 --a
      C:\WINDOWS\system32\ieakui.dll
      2006-10-19 07:56 713216 --a
      C:\WINDOWS\system32\sxs.dll
      2006-10-18 21:58 8704 --a
      C:\WINDOWS\system32\wdfmgr.exe
      2006-10-18 21:58 8704 --a
      C:\WINDOWS\system32\uwdf.exe
      2006-10-18 21:47 99840 --a
      C:\WINDOWS\system32\wmpshell.dll
      2006-10-18 21:47 991744 --a
      C:\WINDOWS\system32\drmv2clt.dll
      2006-10-18 21:47 937984 --a
      C:\WINDOWS\system32\WMNetMgr.dll
      2006-10-18 21:47 8231936 --a
      C:\WINDOWS\system32\wmploc.dll
      2006-10-18 21:47 767488
      C:\WINDOWS\system32\WMVSENCD.dll
      2006-10-18 21:47 757248 --a
      C:\WINDOWS\system32\WMADMOD.dll
      2006-10-18 21:47 7168 --a
      C:\WINDOWS\system32\asferror.dll
      2006-10-18 21:47 656896
      C:\WINDOWS\system32\WMVXENCD.dll
      2006-10-18 21:47 63488 --a
      C:\WINDOWS\system32\wpdmtpus.dll
      2006-10-18 21:47 629760 --a
      C:\WINDOWS\system32\wpd_ci.dll
      2006-10-18 21:47 613376
      C:\WINDOWS\system32\wmpmde.dll
      2006-10-18 21:47 603648 --a
      C:\WINDOWS\system32\WMSPDMOD.dll
      2006-10-18 21:47 542720 --a
      C:\WINDOWS\system32\blackbox.dll
      2006-10-18 21:47 535040
      C:\WINDOWS\system32\wmdrmsdk.dll
      2006-10-18 21:47 429056 --a
      C:\WINDOWS\system32\wmdrmdev.dll
      2006-10-18 21:47 414208 --a
      C:\WINDOWS\system32\msscp.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmvdmoe2.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmvdmod.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\WMVADVE.DLL
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\WMVADVD.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmsdmoe2.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmsdmod.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wdfapi.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\MPG4DMOD.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\MP4SDMOD.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\MP43DMOD.dll
      2006-10-18 21:47 38400
      C:\WINDOWS\system32\wpdshextres.dll
      2006-10-18 21:47 37376 --a
      C:\WINDOWS\system32\wmdmps.dll
      2006-10-18 21:47 35840 --a
      C:\WINDOWS\system32\wpdconns.dll
      2006-10-18 21:47 356352 --a
      C:\WINDOWS\system32\wpdsp.dll
      2006-10-18 21:47 348672 --a
      C:\WINDOWS\system32\wmdrmnet.dll
      2006-10-18 21:47 33792 --a
      C:\WINDOWS\system32\wmdmlog.dll
      2006-10-18 21:47 321536 --a
      C:\WINDOWS\system32\mswmdm.dll
      2006-10-18 21:47 317440
      C:\WINDOWS\system32\MP4SDECD.dll
      2006-10-18 21:47 314880 --a
      C:\WINDOWS\system32\wmpdxm.dll
      2006-10-18 21:47 295936
      C:\WINDOWS\system32\wmpeffects.dll
      2006-10-18 21:47 284160
      C:\WINDOWS\system32\PortableDeviceApi.dll
      2006-10-18 21:47 276992
      C:\WINDOWS\system32\audiodev.dll
      2006-10-18 21:47 27136 --a
      C:\WINDOWS\system32\mspmsnsv.dll
      2006-10-18 21:47 2603008
      C:\WINDOWS\system32\WpdShext.dll
      2006-10-18 21:47 259072
      C:\WINDOWS\system32\MPG4DECD.dll
      2006-10-18 21:47 259072
      C:\WINDOWS\system32\MP43DECD.dll
      2006-10-18 21:47 2450944 --a
      C:\WINDOWS\system32\wmvcore.dll
      2006-10-18 21:47 242688 --a
      C:\WINDOWS\system32\wmpasf.dll
      2006-10-18 21:47 229376 --a
      C:\WINDOWS\system32\cewmdm.dll
      2006-10-18 21:47 227328 --a
      C:\WINDOWS\system32\wmerror.dll
      2006-10-18 21:47 222208 --a
      C:\WINDOWS\system32\WMASF.dll
      2006-10-18 21:47 212992
      C:\WINDOWS\system32\MFPLAT.dll
      2006-10-18 21:47 211456 --a
      C:\WINDOWS\system32\qasf.dll
      2006-10-18 21:47 204288
      C:\WINDOWS\system32\wmpsrcwp.dll
      2006-10-18 21:47 199168
      C:\WINDOWS\system32\PortableDeviceWMDRM.dll
      2006-10-18 21:47 179712 --a
      C:\WINDOWS\system32\msnetobj.dll
      2006-10-18 21:47 175616 --a
      C:\WINDOWS\system32\mspmsp.dll
      2006-10-18 21:47 166912
      C:\WINDOWS\system32\PortableDeviceTypes.dll
      2006-10-18 21:47 1661440
      C:\WINDOWS\system32\wmpencen.dll
      2006-10-18 21:47 1574912
      C:\WINDOWS\system32\WMVENCOD.dll
      2006-10-18 21:47 157184 --a
      C:\WINDOWS\system32\wmidx.dll
      2006-10-18 21:47 154624 --a
      C:\WINDOWS\system32\wpdmtp.dll
      2006-10-18 21:47 1543680
      C:\WINDOWS\system32\WMVDECOD.dll
      2006-10-18 21:47 1382912
      C:\WINDOWS\system32\WMVSDECD.dll
      2006-10-18 21:47 133632
      C:\WINDOWS\system32\WPDShServiceObj.dll
      2006-10-18 21:47 1329152 --a
      C:\WINDOWS\system32\WMSPDMOE.dll
      2006-10-18 21:47 132096
      C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
      2006-10-18 21:47 130048
      C:\WINDOWS\system32\wmpps.dll
      2006-10-18 21:47 11264 --a
      C:\WINDOWS\system32\LAPRXY.dll
      2006-10-18 21:47 1117696 --a
      C:\WINDOWS\system32\WMADMOE.dll
      2006-10-18 21:47 101888
      C:\WINDOWS\system32\PortableDeviceClassExtension.dll
      2006-10-18 20:03 100864 --a
      C:\WINDOWS\system32\logagent.exe
      2006-10-18 20:00 249856
      C:\WINDOWS\system32\drmupgds.exe
      2006-10-18 20:00 17408
      C:\WINDOWS\system32\wpdshextautoplay.exe
      2006-10-17 13:06 78336 --a
      C:\WINDOWS\system32\ieencode.dll
      2006-10-17 13:05 40960 --a
      C:\WINDOWS\system32\licmgr10.dll
      2006-10-17 13:05 206336
      C:\WINDOWS\system32\WinFXDocObj.exe
      2006-10-17 13:05 105984 --a
      C:\WINDOWS\system32\url.dll
      2006-10-17 13:04 101376 --a
      C:\WINDOWS\system32\occache.dll
      2006-10-17 13:03 17408 --a
      C:\WINDOWS\system32\corpol.dll
      2006-10-17 12:58 61952
      C:\WINDOWS\system32\icardie.dll
      2006-10-17 12:58 12288
      C:\WINDOWS\system32\msfeedssync.exe
      2006-10-17 12:57 36352 --a
      C:\WINDOWS\system32\imgutil.dll
      2006-10-17 12:57 266752
      C:\WINDOWS\system32\iertutil.dll
      2006-10-17 12:56 45568 --a
      C:\WINDOWS\system32\mshta.exe
      2006-10-17 12:28 48128 --a
      C:\WINDOWS\system32\mshtmler.dll
      2006-10-17 12:27 380928
      C:\WINDOWS\system32\ieapfltr.dll
      2006-10-13 06:35 142336 --a
      C:\WINDOWS\system32\nwprovau.dll
      2006-10-09 08:12 1343488 --a
      C:\WINDOWS\system32\FreeImage.dll


      (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

      *Note* empty entries are not shown

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
      "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
      "PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~2\\data\\Xtras\\mssysmgr.exe"
      "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
      "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
      "TaskManager"="C:\\WINDOWS\\TaskMgr.exe"
      "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
      "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
      "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
      "tgcmd"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
      "SSRunScript"="\"C:\\Program Files\\Support.com\\Charter\\bin\\SSRunScript.exe\" /script \"C:\\Program Files\\Support.com\\Charter\\vbs\\verifyconnection.vbs\" /args //b startupdelay"
      "BCMSMMSG"="BCMSMMSG.exe"
      "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
      "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
      "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
      "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
      "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
      "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
      "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
      "lxcrmon.exe"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\""
      "EzPrint"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\""
      "FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
      "NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
      "AutoSys"="C:\\WINDOWS\\system32\\autosys.exe"
      "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
      "DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\orxpcvap.dll\",setvm"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
      "NoChange"="1"
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
      @=&quot;"

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
      "DeskHtmlVersion"=dword:00000110
      "DeskHtmlMinorVersion"=dword:00000005
      "Settings"=dword:00000001
      "GeneralFlags"=dword:00000005

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="My Current Home Page"
      "Flags"=dword:00000002
      "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,df,02,00,00,00,\
      00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
      "CurrentState"=hex:04,00,00,40
      "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
      ff,ff,04,00,00,00
      "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
      00,00,01,00,00,00

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
      "RunNarrator"="Narrator.exe"

      [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
      "RunNarrator"="Narrator.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
      "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
      "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
      "{E672B410-3580-435F-AD90-63D158E2F29C}"=""
      "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091
      "NoDriveAutoRun"=dword:ffffffff
      "LinkResolveIgnoreLinkInfo"=dword:00000000

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "dontdisplaylastusername"=dword:00000000
      "legalnoticecaption"=""
      "legalnoticetext"=""
      "shutdownwithoutlogon"=dword:00000001
      "undockwithoutlogon"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "LinkResolveIgnoreLinkInfo"=dword:00000000
      "NoResolveSearch"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
      "system"="C:\\WINDOWS\\csrss.exe"

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091

      [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
      "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
      "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
      "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
      "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
      "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
      "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

      HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonmn

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


      Contents of the 'Scheduled Tasks' folder
      C:\WINDOWS\tasks\XoftSpySE.job

      Completion time: 07-01-07 16:56:42.17
      C:\ComboFix.txt ... 07-01-07 16:56
      C:\ComboFix2.txt ... 07-01-07 01:37

      New scanner log (hijack renamed):
      Logfile of HijackThis v1.99.1
      Scan saved at 5:02:41 PM, on 1/7/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Support.com\bin\tgcmd.exe
      C:\WINDOWS\BCMSMMSG.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
      C:\Program Files\Lexmark 2400 Series\ezprint.exe
      C:\Program Files\Java\jre1.6.0\bin\jusched.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\lxcrcoms.exe
      C:\Program Files\scanner\scanner.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.charter.com/welcome/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\iiyhdxbr.dll
      O2 - BHO: (no name) - {9D4701CE-5EB6-495D-BA7D-1854F8066A59} - C:\WINDOWS\system32\awvts.dll (file missing)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: (no name) - {AEC3AEB5-57E2-4020-8625-0E273149322A} - C:\WINDOWS\system32\pmnll.dll (file missing)
      O2 - BHO: (no name) - {E672B410-3580-435F-AD90-63D158E2F29C} - C:\WINDOWS\system32\urqonmn.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
      O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
      O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
      O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
      O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
      O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\orxpcvap.dll",setvm
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [TaskManager] C:\WINDOWS\TaskMgr.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167712780578
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167552923015
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
      O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
      O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: urqonmn - C:\WINDOWS\SYSTEM32\urqonmn.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
      O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    • TroganTrogan London, UK
      edited January 2007
      Please do the following...

      1. Download Killbox and save it to your desktop. Don't do anything with it yet.

      2. We need to run VundoFix again, but slightly different than before.
      • Double-click VundoFix.exe to run it.
      • Right Click inside the listbox (white box) and click Add more file?
      • Copy & Paste the 2 entries below into the top 2 boxes

        • C:\WINDOWS\system32\urqonmn.dll
        • C:\WINDOWS\system32\nmnoqru.*

      • Click Add Files and click Close Window
      • Click the Remove Vundo button.
      • You will receive a prompt asking if you want to remove the files, click YES
      • Once you click yes, your desktop will go blank as it starts removing Vundo.
      • When completed, it will prompt that it will shutdown your computer, click OK.
      • Turn your computer back on.
      • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
      3. Open HijackThis
      - Click the Do a system scan only button
      - Check the following entries (below)

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

      O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\iiyhdxbr.dll
      O2 - BHO: (no name) - {9D4701CE-5EB6-495D-BA7D-1854F8066A59} - C:\WINDOWS\system32\awvts.dll (file missing)
      O2 - BHO: (no name) - {AEC3AEB5-57E2-4020-8625-0E273149322A} - C:\WINDOWS\system32\pmnll.dll (file missing)
      O2 - BHO: (no name) - {E672B410-3580-435F-AD90-63D158E2F29C} - C:\WINDOWS\system32\urqonmn.dll

      O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
      O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\orxpcvap.dll",setvm

      O20 - Winlogon Notify: urqonmn - C:\WINDOWS\SYSTEM32\urqonmn.dll

      - Close ALL open windows (especially Internet Explorer!)
      - Click Fix Checked
      Close HiajckThis

      4. Copy everything in the Quote box below by pressing Ctrl+C
      C:\WINDOWS\system32\iiyhdxbr.dll
      C:\WINDOWS\system32\autosys.exe
      C:\WINDOWS\system32\orxpcvap.dll
      Next, open Killbox
      Go to File tab and select Paste from Clipboard
      Select the Delete on Reboot option
      Select All Files
      Now click on the Red Circle with the White X
      Press Yes to reboot your computer.

      5. Post the VundoFix.txt and a new HijackThis log.
    • fish04
      edited January 2007
      okay, here they are:
      Vundo log:

      VundoFix V6.2.13

      Checking Java version...

      Java version is 1.5.0.6

      Java version is 1.5.0.7

      Scan started at 10:42:28 PM 1/5/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\winrkp32.dll
      C:\WINDOWS\system32\pmnll.dll
      C:\WINDOWS\system32\pmnll.dll
      C:\WINDOWS\system32\pmnll.dll
      C:\WINDOWS\system32\llnmp.ini
      C:\WINDOWS\system32\llnmp.bak1
      C:\WINDOWS\system32\llnmp.bak2
      C:\WINDOWS\system32\llnmp.ini2
      C:\WINDOWS\system32\llnmp.tmp
      C:\WINDOWS\system32\llnmp.ini
      C:\WINDOWS\system32\llnmp.bak1
      C:\WINDOWS\system32\llnmp.bak2
      C:\WINDOWS\system32\llnmp.ini2
      C:\WINDOWS\system32\llnmp.tmp
      C:\WINDOWS\system32\llnmp.ini
      C:\WINDOWS\system32\llnmp.bak1
      C:\WINDOWS\system32\llnmp.bak2
      C:\WINDOWS\system32\llnmp.ini2
      C:\WINDOWS\system32\llnmp.tmp

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\winrkp32.dll
      C:\WINDOWS\system32\winrkp32.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\pmnll.dll
      C:\WINDOWS\system32\pmnll.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\llnmp.ini
      C:\WINDOWS\system32\llnmp.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\llnmp.bak1
      C:\WINDOWS\system32\llnmp.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\llnmp.bak2
      C:\WINDOWS\system32\llnmp.bak2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\llnmp.ini2
      C:\WINDOWS\system32\llnmp.ini2 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\llnmp.tmp
      C:\WINDOWS\system32\llnmp.tmp Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V6.2.13

      Checking Java version...

      Java version is 1.5.0.6

      Java version is 1.5.0.7

      Scan started at 4:45:39 PM 1/7/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\awvts.dll
      C:\WINDOWS\system32\stvwa.ini
      C:\WINDOWS\system32\stvwa.bak1
      C:\WINDOWS\system32\stvwa.bak2

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\awvts.dll
      C:\WINDOWS\system32\awvts.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\stvwa.ini
      C:\WINDOWS\system32\stvwa.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\stvwa.bak1
      C:\WINDOWS\system32\stvwa.bak1 Has been deleted!

      Attempting to delete C:\WINDOWS\system32\stvwa.bak2
      C:\WINDOWS\system32\stvwa.bak2 Has been deleted!

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\urqonmn.dll
      C:\WINDOWS\system32\urqonmn.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      Scanner Log (HijackThis):
      Logfile of HijackThis v1.99.1
      Scan saved at 6:12:18 PM, on 1/7/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Support.com\bin\tgcmd.exe
      C:\WINDOWS\BCMSMMSG.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
      C:\Program Files\Lexmark 2400 Series\ezprint.exe
      C:\Program Files\Java\jre1.6.0\bin\jusched.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\scanner\scanner.exe
      C:\Program Files\Alwil Software\Avast4\setup\avast.setup

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.charter.com/welcome/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
      O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
      O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
      O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [TaskManager] C:\WINDOWS\TaskMgr.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167712780578
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167552923015
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
      O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
      O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
      O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    • TroganTrogan London, UK
      edited January 2007
      Please do the following...

      1. Backup Your Registry with ERUNT
      • Please use the following link and scroll down to ERUNT and download it.
        http://aumha.org/freeware/freeware.php
      • For version with the Installer:
        Use the setup program to install ERUNT on your computer
      • For the zipped version:
        Unzip all the files into a folder of your choice.
      Click Erunt.exe to backup your registry to the folder of your choice.

      Note: to restore your registry, go to the folder and start ERDNT.exe

      2. Open Notepad!
      Copy and Paste everything from the Quote box into Notepad:
      REGEDIT4

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
      "system"=-
      Note: I've made currentversion BOLD because the Forum software puts a space in the word. That will cause the fix to fail.

      Go to File > Save As
      Save File name as Fix.reg
      Change Save as Type to All Files and save the file to your desktop.

      Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK

      3. Copy everything in the Quote box below by pressing Ctrl+C
      C:\WINDOWS\system32\orxpcvap.dll
      C:\WINDOWS\system32\fqtxuliu.dll
      C:\WINDOWS\system32\ecdqkrfs.dll
      C:\WINDOWS\system32\lcspqnci.dll
      C:\WINDOWS\system32\viiqwhbx.dll
      C:\WINDOWS\system32\jcaswhdp.dll
      C:\WINDOWS\system32\btrhyhyg.dll
      C:\WINDOWS\system32\iiyhdxbr.dll
      C:\WINDOWS\system32\rqrpmnm.dll
      C:\WINDOWS\csrss.exe
      Next, open Killbox
      Go to File tab and select Paste from Clipboard
      Select the Delete on Reboot option
      Select All Files
      Now click on the Red Circle with the White X
      Press Yes to reboot your computer.

      5. Please do an online scan with Panda ActiveScan

      - Once you are on the Panda site, click the Scan your PC button
      - A new window will open...click the Check Now button
      - Enter your Country
      - Enter your State/Province
      - Enter your e-mail address and click send
      - Select either Home User or Company
      - Click the big Scan Now button
      - If it wants to install an ActiveX component allow it
      - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
      - When download is complete, click on Local Disks to start the scan
      - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

      6. Run ComboFix to produce a new log.

      7. Please post the following...

      1) Panda report
      2) ComboFix log
      3) New HijackThis log.
    • jmoney3457jmoney3457 Maine
      edited January 2007
      hey trog, his old thread is here but I moved/locked it to avoid confusion between the 2:smiles:
    • fish04
      edited January 2007
      I have done everything except the online scan...I still can't get on IE. When I click on IE it says: "iexplore.exe - Unable to locate component...This application has failed to start because msvcrl.dll was not found. Re-installing the application may fix this problem" ....I do not have the Office 2003 software with me. Do you still want me post the logs or wait till later tonight when I can pick up the software and try to reinstall? I can pick it up in about 3 hours.
    • TroganTrogan London, UK
      edited January 2007
      Damn! Lets do this...

      Open AVG anti-spyware
      Click on Infection
      Under the Quarantine tab, look for C:\WINDOWS\system32\msvcrl.dll and select it.
      Now click on Restore.

      Try running Panda now.
    • fish04
      edited January 2007
      Okay, I restored the file back and was able to connect to the internet. (I also have obtained the Office 2003 disc in case I need to reinstall it.) I tried to do the PandaScan, but it wouldn't scan, so I did the scan from BitDefender.

      Here is the BitDefender log:
      BitDefender Online Scanner - Real Time Virus Report
      Generated at: Mon, Jan 08, 2007 - 01:07:39

      Scan Info

      Scanned Files
      344814

      Infected Files
      40

      Virus Detected

      Win32.Bagle.GW@mm
      3

      Trojan.Virtumod.DG
      3

      Trojan.Agent.ACL
      1

      MemScan:Trojan.Downloader.ConHook.J
      5

      Backdoor.Rustock.P
      1

      Trojan.Dropper.Small.AUC
      1

      Trojan.Spy.VBStat.B
      18

      Trojan.Juan.D
      3

      Trojan.Spy.Sheriff.C
      2

      Trojan.Spy.Goldun.CK
      2

      BehavesLike:Trojan.Downloader
      1


      BitDefender Online Scanner



      Scan report generated at: Mon, Jan 08, 2007 - 01:06:37





      Scan path: C:\;D:\;E:\;F:\;G:\;







      Statistics

      Time
      01:02:42

      Files
      344527

      Folders
      5631

      Boot Sectors
      5

      Archives
      6090

      Packed Files
      40655




      Results

      Identified Viruses
      10

      Infected Files
      39

      Suspect Files
      1

      Warnings
      0

      Disinfected
      0

      Deleted Files
      39




      Engines Info

      Virus Definitions
      368404

      Engine build
      AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

      Scan plugins
      14

      Archive plugins
      38

      Unpack plugins
      6

      E-mail plugins
      6

      System plugins
      1




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes


      Scanned File
      Status

      C:\!KillBox\btrhyhyg.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\!KillBox\btrhyhyg.dll
      Disinfection failed

      C:\!KillBox\btrhyhyg.dll
      Deleted

      C:\!KillBox\ecdqkrfs.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\!KillBox\ecdqkrfs.dll
      Disinfection failed

      C:\!KillBox\ecdqkrfs.dll
      Deleted

      C:\!KillBox\fqtxuliu.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\!KillBox\fqtxuliu.dll
      Disinfection failed

      C:\!KillBox\fqtxuliu.dll
      Deleted

      C:\!KillBox\jcaswhdp.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\!KillBox\jcaswhdp.dll
      Disinfection failed

      C:\!KillBox\jcaswhdp.dll
      Deleted

      C:\!KillBox\lcspqnci.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\!KillBox\lcspqnci.dll
      Disinfection failed

      C:\!KillBox\lcspqnci.dll
      Deleted

      C:\!KillBox\orxpcvap.dll
      Infected with: Trojan.Virtumod.DG

      C:\!KillBox\orxpcvap.dll
      Disinfection failed

      C:\!KillBox\orxpcvap.dll
      Deleted

      C:\!KillBox\rqrpmnm.dll
      Infected with: MemScan:Trojan.Downloader.ConHook.J

      C:\!KillBox\rqrpmnm.dll
      Disinfection failed

      C:\!KillBox\rqrpmnm.dll
      Deleted

      C:\!KillBox\viiqwhbx.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\!KillBox\viiqwhbx.dll
      Disinfection failed

      C:\!KillBox\viiqwhbx.dll
      Deleted

      C:\Program Files\scanner\backups\backup-20070107-180403-273.dll
      Infected with: Trojan.Juan.D

      C:\Program Files\scanner\backups\backup-20070107-180403-273.dll
      Disinfection failed

      C:\Program Files\scanner\backups\backup-20070107-180403-273.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP320\A0062879.exe=>(NSIS o)=>zlib_nsis0001
      Suspected of: BehavesLike:Trojan.Downloader

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP320\A0062879.exe=>(NSIS o)=>zlib_nsis0001
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP320\A0062879.exe=>(NSIS o)=>zlib_nsis0001
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP320\A0062879.exe=>(NSIS o)
      Update failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065967.exe
      Infected with: Trojan.Agent.ACL

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065967.exe
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065967.exe
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065968.exe
      Infected with: Win32.Bagle.GW@mm

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065968.exe
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065968.exe
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065969.exe
      Infected with: Win32.Bagle.GW@mm

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065969.exe
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP322\A0065969.exe
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067544.exe
      Infected with: Trojan.Dropper.Small.AUC

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067544.exe
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067544.exe
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067545.exe
      Infected with: Backdoor.Rustock.P

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067545.exe
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067545.exe
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067547.exe
      Infected with: Trojan.Spy.Sheriff.C

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067547.exe
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067547.exe
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067548.exe
      Infected with: Trojan.Spy.Sheriff.C

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067548.exe
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067548.exe
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067550.dll
      Infected with: Trojan.Spy.Goldun.CK

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067550.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP329\A0067550.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067953.dll
      Infected with: MemScan:Trojan.Downloader.ConHook.J

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067953.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067953.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067971.dll
      Infected with: Trojan.Juan.D

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067971.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067971.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067974.dll
      Infected with: Trojan.Virtumod.DG

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067974.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067974.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067991.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067991.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067991.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067992.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067992.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067992.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067993.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067993.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067993.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067994.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067994.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067994.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067995.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067995.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067995.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067996.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067996.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067996.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067997.dll
      Infected with: MemScan:Trojan.Downloader.ConHook.J

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067997.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0067997.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068016.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068016.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068016.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068017.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068017.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068017.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068018.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068018.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068018.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068019.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068019.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068019.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068020.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068020.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068020.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068021.dll
      Infected with: Trojan.Virtumod.DG

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068021.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068021.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068022.dll
      Infected with: MemScan:Trojan.Downloader.ConHook.J

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068022.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068022.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068023.dll
      Infected with: Trojan.Spy.VBStat.B

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068023.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068023.dll
      Deleted

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068024.dll
      Infected with: Trojan.Juan.D

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068024.dll
      Disinfection failed

      C:\System Volume Information\_restore{41FF47E7-33B7-41F9-99DA-B5768F79EE8C}\RP330\A0068024.dll
      Deleted

      C:\VundoFix Backups\urqonmn.dll.bad
      Infected with: MemScan:Trojan.Downloader.ConHook.J

      C:\VundoFix Backups\urqonmn.dll.bad
      Disinfection failed

      C:\VundoFix Backups\urqonmn.dll.bad
      Deleted

      C:\WINDOWS\system32\4426
      Infected with: Win32.Bagle.GW@mm

      C:\WINDOWS\system32\4426
      Disinfection failed

      C:\WINDOWS\system32\4426
      Deleted

      C:\WINDOWS\system32\msvcrl.dll
      Infected with: Trojan.Spy.Goldun.CK

      C:\WINDOWS\system32\msvcrl.dll
      Disinfection failed

      C:\WINDOWS\system32\msvcrl.dll
      Delete failed


      ComboFix Log:
      Owner - 07-01-07 16:53:51.46 Service Pack 2
      ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"

      ((((((((((((((((((((((((((((((( Files Created from 2006-12-07 to 2007-01-07 ))))))))))))))))))))))))))))))))))


      2007-01-07 01:50 <DIR> d
      C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
      2007-01-06 23:37 3,968 --a
      C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2007-01-05 22:42 <DIR> d
      C:\VundoFix Backups
      2007-01-04 19:39 <DIR> d
      C:\avenger
      2007-01-04 19:33 <DIR> d
      C:\Rustbfix
      2007-01-04 00:11 79,360 --a
      C:\WINDOWS\system32\swxcacls.exe
      2007-01-04 00:11 53,248 --a
      C:\WINDOWS\system32\Process.exe
      2007-01-04 00:11 51,200 --a
      C:\WINDOWS\system32\dumphive.exe
      2007-01-04 00:11 40,960 --a
      C:\WINDOWS\system32\swsc.exe
      2007-01-04 00:11 3,952 --a
      C:\WINDOWS\system32\tmp.reg
      2007-01-04 00:11 288,417 --a
      C:\WINDOWS\system32\SrchSTS.exe
      2007-01-04 00:11 135,168 --a
      C:\WINDOWS\system32\swreg.exe
      2007-01-04 00:06 2,416 --a
      C:\GetPaths.vbs
      2007-01-03 23:57 0 --a
      C:\klnl.exe
      2007-01-03 07:27 118,804 --a
      C:\WINDOWS\system32\orxpcvap.dll
      2007-01-02 23:37 <DIR> d
      C:\Program Files\Common Files\Java
      2007-01-02 22:29 81,684 --a
      C:\WINDOWS\system32\fqtxuliu.dll
      2007-01-02 21:29 81,684 --a
      C:\WINDOWS\system32\ecdqkrfs.dll
      2007-01-02 21:15 <DIR> d
      C:\Program Files\scanner
      2007-01-01 21:26 <DIR> d
      C:\WINDOWS\BDOSCAN8
      2007-01-01 20:56 <DIR> d
      C:\WINDOWS\system32\ActiveScan
      2007-01-01 20:44 <DIR> d
      C:\Program Files\SpywareBlaster
      2007-01-01 20:41 81,684 --a
      C:\WINDOWS\system32\lcspqnci.dll
      2007-01-01 20:07 22,541 ---hs---- C:\WINDOWS\system32\urqonmn.dll
      2006-12-31 14:35 81,684 --a
      C:\WINDOWS\system32\jcaswhdp.dll
      2006-12-31 12:13 81,684 --a
      C:\WINDOWS\system32\viiqwhbx.dll
      2006-12-31 01:37 68,888 --a
      C:\WINDOWS\system32\xinput1_3.dll
      2006-12-31 01:37 62,744 --a
      C:\WINDOWS\system32\xinput1_2.dll
      2006-12-31 01:37 3,426,072 --a
      C:\WINDOWS\system32\d3dx9_32.dll
      2006-12-31 01:37 251,672 --a
      C:\WINDOWS\system32\xactengine2_5.dll
      2006-12-31 01:37 237,848 --a
      C:\WINDOWS\system32\xactengine2_4.dll
      2006-12-31 01:37 236,824 --a
      C:\WINDOWS\system32\xactengine2_3.dll
      2006-12-31 01:37 2,414,360 --a
      C:\WINDOWS\system32\d3dx9_31.dll
      2006-12-31 01:37 2,297,552 --a
      C:\WINDOWS\system32\d3dx9_26.dll
      2006-12-31 01:37 15,128 --a
      C:\WINDOWS\system32\x3daudio1_1.dll
      2006-12-31 01:35 <DIR> d--h
      C:\WINDOWS\msdownld.tmp
      2006-12-30 19:22 <DIR> d
      C:\Documents and Settings\Owner\Application Data\MSNInstaller
      2006-12-30 18:25 81,684 --a
      C:\WINDOWS\system32\btrhyhyg.dll
      2006-12-30 18:25 44,060 --a
      C:\WINDOWS\system32\iiyhdxbr.dll
      2006-12-30 18:19 22,541 ---hs---- C:\WINDOWS\system32\rqrpmnm.dll
      2006-12-30 02:11 <DIR> d
      C:\Program Files\Shockwave.com
      2006-12-30 02:09 <DIR> d
      C:\Program Files\ReflexiveArcade
      2006-12-29 02:56 <DIR> d
      C:\Program Files\IObit
      2006-12-28 01:05 <DIR> d
      C:\Documents and Settings\Owner\Application Data\funkitron
      2006-12-23 01:24 <DIR> d
      C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
      2006-12-19 23:10 24,816 --a
      C:\WINDOWS\system32\mdimon.dll
      2006-12-19 23:08 <DIR> d
      C:\Program Files\Microsoft ActiveSync
      2006-12-19 23:07 <DIR> d
      C:\Program Files\Microsoft.NET
      2006-12-19 23:04 <DIR> dr-h
      C:\MSOCache
      2006-12-17 23:23 <DIR> d
      C:\Program Files\Windows Media Connect 2
      2006-12-17 23:22 <DIR> d
      C:\WINDOWS\system32\LogFiles
      2006-12-17 23:22 <DIR> d
      C:\WINDOWS\system32\drivers\UMDF
      2006-12-14 00:01 <DIR> d
      C:\Documents and Settings\Owner\Application Data\Photodex
      2006-12-11 22:20 <DIR> d
      C:\Program Files\360Share Pro
      2006-12-11 22:20 <DIR> d
      C:\Documents and Settings\Owner\Application Data\LimeWire
      2006-12-11 22:08 <DIR> d
      C:\Documents and Settings\Owner\Application Data\Roxio


      (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


      2007-01-07 02:09
      d
      C:\Program Files\Common Files\Microsoft Shared
      2007-01-07 02:03
      d
      C:\Program Files\Snapshot Viewer
      2007-01-07 01:35
      d
      C:\Program Files\Common Files
      2007-01-02 23:42
      d
      C:\Documents and Settings\Owner\Application Data\AdobeUM
      2007-01-02 23:37
      d
      C:\Program Files\Java
      2007-01-01 19:18
      d
      C:\Program Files\Spybot - Search & Destroy
      2006-12-31 13:52
      d
      C:\Documents and Settings\Owner\Application Data\Ahead
      2006-12-31 02:26
      d
      C:\Program Files\Yahoo! Games
      2006-12-30 19:22
      d
      C:\Program Files\MSN
      2006-12-30 19:14
      d
      C:\Program Files\lx_cats
      2006-12-30 18:51
      d
      C:\Program Files\Common Files\Adobe
      2006-12-30 18:47
      d
      C:\Program Files\QuickTime
      2006-12-30 18:21
      d
      C:\Program Files\Internet Explorer
      2006-12-30 18:20
      d
      C:\Program Files\Download Express
      2006-12-29 22:54
      d
      C:\Program Files\Bonjour
      2006-12-21 23:15
      d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
      2006-12-19 23:08
      d
      C:\Program Files\Microsoft Office
      2006-12-19 23:07
      d
      C:\Program Files\Common Files\System
      2006-12-17 23:23
      d
      C:\Program Files\Windows Media Player
      2006-12-17 03:01
      d
      C:\Program Files\Outlook Express
      2006-12-11 22:14
      d--h
      C:\Program Files\InstallShield Installation Information
      2006-12-08 18:33
      d
      C:\Program Files\Common Files\Kodak
      2006-11-25 23:49
      d
      C:\Program Files\Photodex
      2006-11-16 19:47 524288 --a
      C:\WINDOWS\opuc.dll
      2006-11-14 19:27
      d
      C:\Program Files\microsoft frontpage
      2006-11-14 19:22
      d
      C:\Program Files\Common Files\Designer
      2006-11-07 23:06 679424 --a
      C:\WINDOWS\system32\inetcomm.dll
      2006-11-04 14:14 1245696 --a
      C:\WINDOWS\system32\msxml4.dll
      2006-10-27 15:09 6049280
      C:\WINDOWS\system32\ieframe.dll
      2006-10-27 15:09 50688
      C:\WINDOWS\system32\msfeedsbs.dll
      2006-10-27 15:09 458752
      C:\WINDOWS\system32\msfeeds.dll
      2006-10-27 15:09 413696 --a
      C:\WINDOWS\system32\vbscript.dll
      2006-10-27 15:09 231424 --a
      C:\WINDOWS\system32\webcheck.dll
      2006-10-27 15:09 180736
      C:\WINDOWS\system32\ieui.dll
      2006-10-27 15:09 156160 --a
      C:\WINDOWS\system32\msls31.dll
      2006-10-27 02:44 71680 --a
      C:\WINDOWS\system32\admparse.dll
      2006-10-27 02:44 55296 --a
      C:\WINDOWS\system32\iesetup.dll
      2006-10-27 02:44 54784 --a
      C:\WINDOWS\system32\ie4uinit.exe
      2006-10-27 02:44 43008 --a
      C:\WINDOWS\system32\iernonce.dll
      2006-10-27 02:44 382976 --a
      C:\WINDOWS\system32\iedkcs32.dll
      2006-10-27 02:44 229376 --a
      C:\WINDOWS\system32\ieaksie.dll
      2006-10-27 02:44 152064 --a
      C:\WINDOWS\system32\ieakeng.dll
      2006-10-27 02:44 13312 --a
      C:\WINDOWS\system32\ieudinit.exe
      2006-10-27 02:44 123904 --a
      C:\WINDOWS\system32\advpack.dll
      2006-10-27 02:42 161792 --a
      C:\WINDOWS\system32\ieakui.dll
      2006-10-19 07:56 713216 --a
      C:\WINDOWS\system32\sxs.dll
      2006-10-18 21:58 8704 --a
      C:\WINDOWS\system32\wdfmgr.exe
      2006-10-18 21:58 8704 --a
      C:\WINDOWS\system32\uwdf.exe
      2006-10-18 21:47 99840 --a
      C:\WINDOWS\system32\wmpshell.dll
      2006-10-18 21:47 991744 --a
      C:\WINDOWS\system32\drmv2clt.dll
      2006-10-18 21:47 937984 --a
      C:\WINDOWS\system32\WMNetMgr.dll
      2006-10-18 21:47 8231936 --a
      C:\WINDOWS\system32\wmploc.dll
      2006-10-18 21:47 767488
      C:\WINDOWS\system32\WMVSENCD.dll
      2006-10-18 21:47 757248 --a
      C:\WINDOWS\system32\WMADMOD.dll
      2006-10-18 21:47 7168 --a
      C:\WINDOWS\system32\asferror.dll
      2006-10-18 21:47 656896
      C:\WINDOWS\system32\WMVXENCD.dll
      2006-10-18 21:47 63488 --a
      C:\WINDOWS\system32\wpdmtpus.dll
      2006-10-18 21:47 629760 --a
      C:\WINDOWS\system32\wpd_ci.dll
      2006-10-18 21:47 613376
      C:\WINDOWS\system32\wmpmde.dll
      2006-10-18 21:47 603648 --a
      C:\WINDOWS\system32\WMSPDMOD.dll
      2006-10-18 21:47 542720 --a
      C:\WINDOWS\system32\blackbox.dll
      2006-10-18 21:47 535040
      C:\WINDOWS\system32\wmdrmsdk.dll
      2006-10-18 21:47 429056 --a
      C:\WINDOWS\system32\wmdrmdev.dll
      2006-10-18 21:47 414208 --a
      C:\WINDOWS\system32\msscp.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmvdmoe2.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmvdmod.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\WMVADVE.DLL
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\WMVADVD.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmsdmoe2.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmsdmod.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wdfapi.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\MPG4DMOD.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\MP4SDMOD.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\MP43DMOD.dll
      2006-10-18 21:47 38400
      C:\WINDOWS\system32\wpdshextres.dll
      2006-10-18 21:47 37376 --a
      C:\WINDOWS\system32\wmdmps.dll
      2006-10-18 21:47 35840 --a
      C:\WINDOWS\system32\wpdconns.dll
      2006-10-18 21:47 356352 --a
      C:\WINDOWS\system32\wpdsp.dll
      2006-10-18 21:47 348672 --a
      C:\WINDOWS\system32\wmdrmnet.dll
      2006-10-18 21:47 33792 --a
      C:\WINDOWS\system32\wmdmlog.dll
      2006-10-18 21:47 321536 --a
      C:\WINDOWS\system32\mswmdm.dll
      2006-10-18 21:47 317440
      C:\WINDOWS\system32\MP4SDECD.dll
      2006-10-18 21:47 314880 --a
      C:\WINDOWS\system32\wmpdxm.dll
      2006-10-18 21:47 295936
      C:\WINDOWS\system32\wmpeffects.dll
      2006-10-18 21:47 284160
      C:\WINDOWS\system32\PortableDeviceApi.dll
      2006-10-18 21:47 276992
      C:\WINDOWS\system32\audiodev.dll
      2006-10-18 21:47 27136 --a
      C:\WINDOWS\system32\mspmsnsv.dll
      2006-10-18 21:47 2603008
      C:\WINDOWS\system32\WpdShext.dll
      2006-10-18 21:47 259072
      C:\WINDOWS\system32\MPG4DECD.dll
      2006-10-18 21:47 259072
      C:\WINDOWS\system32\MP43DECD.dll
      2006-10-18 21:47 2450944 --a
      C:\WINDOWS\system32\wmvcore.dll
      2006-10-18 21:47 242688 --a
      C:\WINDOWS\system32\wmpasf.dll
      2006-10-18 21:47 229376 --a
      C:\WINDOWS\system32\cewmdm.dll
      2006-10-18 21:47 227328 --a
      C:\WINDOWS\system32\wmerror.dll
      2006-10-18 21:47 222208 --a
      C:\WINDOWS\system32\WMASF.dll
      2006-10-18 21:47 212992
      C:\WINDOWS\system32\MFPLAT.dll
      2006-10-18 21:47 211456 --a
      C:\WINDOWS\system32\qasf.dll
      2006-10-18 21:47 204288
      C:\WINDOWS\system32\wmpsrcwp.dll
      2006-10-18 21:47 199168
      C:\WINDOWS\system32\PortableDeviceWMDRM.dll
      2006-10-18 21:47 179712 --a
      C:\WINDOWS\system32\msnetobj.dll
      2006-10-18 21:47 175616 --a
      C:\WINDOWS\system32\mspmsp.dll
      2006-10-18 21:47 166912
      C:\WINDOWS\system32\PortableDeviceTypes.dll
      2006-10-18 21:47 1661440
      C:\WINDOWS\system32\wmpencen.dll
      2006-10-18 21:47 1574912
      C:\WINDOWS\system32\WMVENCOD.dll
      2006-10-18 21:47 157184 --a
      C:\WINDOWS\system32\wmidx.dll
      2006-10-18 21:47 154624 --a
      C:\WINDOWS\system32\wpdmtp.dll
      2006-10-18 21:47 1543680
      C:\WINDOWS\system32\WMVDECOD.dll
      2006-10-18 21:47 1382912
      C:\WINDOWS\system32\WMVSDECD.dll
      2006-10-18 21:47 133632
      C:\WINDOWS\system32\WPDShServiceObj.dll
      2006-10-18 21:47 1329152 --a
      C:\WINDOWS\system32\WMSPDMOE.dll
      2006-10-18 21:47 132096
      C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
      2006-10-18 21:47 130048
      C:\WINDOWS\system32\wmpps.dll
      2006-10-18 21:47 11264 --a
      C:\WINDOWS\system32\LAPRXY.dll
      2006-10-18 21:47 1117696 --a
      C:\WINDOWS\system32\WMADMOE.dll
      2006-10-18 21:47 101888
      C:\WINDOWS\system32\PortableDeviceClassExtension.dll
      2006-10-18 20:03 100864 --a
      C:\WINDOWS\system32\logagent.exe
      2006-10-18 20:00 249856
      C:\WINDOWS\system32\drmupgds.exe
      2006-10-18 20:00 17408
      C:\WINDOWS\system32\wpdshextautoplay.exe
      2006-10-17 13:06 78336 --a
      C:\WINDOWS\system32\ieencode.dll
      2006-10-17 13:05 40960 --a
      C:\WINDOWS\system32\licmgr10.dll
      2006-10-17 13:05 206336
      C:\WINDOWS\system32\WinFXDocObj.exe
      2006-10-17 13:05 105984 --a
      C:\WINDOWS\system32\url.dll
      2006-10-17 13:04 101376 --a
      C:\WINDOWS\system32\occache.dll
      2006-10-17 13:03 17408 --a
      C:\WINDOWS\system32\corpol.dll
      2006-10-17 12:58 61952
      C:\WINDOWS\system32\icardie.dll
      2006-10-17 12:58 12288
      C:\WINDOWS\system32\msfeedssync.exe
      2006-10-17 12:57 36352 --a
      C:\WINDOWS\system32\imgutil.dll
      2006-10-17 12:57 266752
      C:\WINDOWS\system32\iertutil.dll
      2006-10-17 12:56 45568 --a
      C:\WINDOWS\system32\mshta.exe
      2006-10-17 12:28 48128 --a
      C:\WINDOWS\system32\mshtmler.dll
      2006-10-17 12:27 380928
      C:\WINDOWS\system32\ieapfltr.dll
      2006-10-13 06:35 142336 --a
      C:\WINDOWS\system32\nwprovau.dll
      2006-10-09 08:12 1343488 --a
      C:\WINDOWS\system32\FreeImage.dll


      (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

      *Note* empty entries are not shown

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
      "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
      "PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~2\\data\\Xtras\\mssysmgr.exe"
      "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
      "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
      "TaskManager"="C:\\WINDOWS\\TaskMgr.exe"
      "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
      "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
      "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
      "tgcmd"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
      "SSRunScript"="\"C:\\Program Files\\Support.com\\Charter\\bin\\SSRunScript.exe\" /script \"C:\\Program Files\\Support.com\\Charter\\vbs\\verifyconnection.vbs\" /args //b startupdelay"
      "BCMSMMSG"="BCMSMMSG.exe"
      "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
      "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
      "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
      "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
      "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
      "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
      "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
      "lxcrmon.exe"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\""
      "EzPrint"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\""
      "FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
      "NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
      "AutoSys"="C:\\WINDOWS\\system32\\autosys.exe"
      "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
      "DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\orxpcvap.dll\",setvm"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
      "NoChange"="1"
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
      @=&quot;"

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
      "DeskHtmlVersion"=dword:00000110
      "DeskHtmlMinorVersion"=dword:00000005
      "Settings"=dword:00000001
      "GeneralFlags"=dword:00000005

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="My Current Home Page"
      "Flags"=dword:00000002
      "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,df,02,00,00,00,\
      00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
      "CurrentState"=hex:04,00,00,40
      "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
      ff,ff,04,00,00,00
      "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
      00,00,01,00,00,00

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
      "RunNarrator"="Narrator.exe"

      [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
      "RunNarrator"="Narrator.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
      "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
      "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
      "{E672B410-3580-435F-AD90-63D158E2F29C}"=""
      "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091
      "NoDriveAutoRun"=dword:ffffffff
      "LinkResolveIgnoreLinkInfo"=dword:00000000

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "dontdisplaylastusername"=dword:00000000
      "legalnoticecaption"=""
      "legalnoticetext"=""
      "shutdownwithoutlogon"=dword:00000001
      "undockwithoutlogon"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "LinkResolveIgnoreLinkInfo"=dword:00000000
      "NoResolveSearch"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
      "system"="C:\\WINDOWS\\csrss.exe"

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091

      [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
      "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
      "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
      "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
      "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
      "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
      "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

      HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonmn

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


      Contents of the 'Scheduled Tasks' folder
      C:\WINDOWS\tasks\XoftSpySE.job

      Completion time: 07-01-07 16:56:42.17
      C:\ComboFix.txt ... 07-01-07 16:56
      C:\ComboFix2.txt ... 07-01-07 01:37


      HijackThis Log      [/B
      Logfile of HijackThis v1.99.1
      Scan saved at 1:18:08 AM, on 1/8/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Support.com\bin\tgcmd.exe
      C:\WINDOWS\BCMSMMSG.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Lexmark 2400 Series\ezprint.exe
      C:\Program Files\Java\jre1.6.0\bin\jusched.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\lxcrcoms.exe
      C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\scanner\scanner.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.charter.com/welcome/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
      O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
      O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
      O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [TaskManager] C:\WINDOWS\TaskMgr.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167712780578
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167552923015
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
      O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
      O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.7sultans.com/7sultans/FlashAX.cab
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Owner\Desktop\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
      O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


      I know our time differences are a bit hard to work around...I will be home after 6pm Central Time Zone, but will stay up as late as possible every night to get this fixed. Are there certain hours for you that I should be more alert to see a response? I certainly do not expect to monopolize your time or keep you sleep depraved, but I absolutely appreciate your help and the time you have given. (((Thank you)))
    • TroganTrogan London, UK
      edited January 2007
      The ComboFix you posted has not changed from the last one you posted. Please run a new scan and post the log.

      Also, locate this file:
      C:\WINDOWS\system32\msvcrl.dll
      Right-Click and select Rename. At the end of the name, add .old. The file should now read msvcrl.dll.old.

      Let me know if Internet Explorer works after renaming the file. Please post the new ComboFix log.
    • fish04
      edited January 2007
      Here is combofix log:
      Owner - 07-01-08 19:33:09.35 Service Pack 2
      ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"

      ((((((((((((((((((((((((((((((( Files Created from 2006-12-08 to 2007-01-08 ))))))))))))))))))))))))))))))))))


      2007-01-07 22:51 43,008 --a
      C:\WINDOWS\system32\msvcrl.dll
      2007-01-07 18:40 <DIR> d
      C:\WINDOWS\ERDNT
      2007-01-07 18:38 <DIR> d
      C:\Program Files\ERUNT
      2007-01-07 18:04 <DIR> d
      C:\!KillBox
      2007-01-07 01:50 <DIR> d
      C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
      2007-01-06 23:37 3,968 --a
      C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2007-01-05 22:42 <DIR> d
      C:\VundoFix Backups
      2007-01-04 19:39 <DIR> d
      C:\avenger
      2007-01-04 19:33 <DIR> d
      C:\Rustbfix
      2007-01-04 00:11 79,360 --a
      C:\WINDOWS\system32\swxcacls.exe
      2007-01-04 00:11 53,248 --a
      C:\WINDOWS\system32\Process.exe
      2007-01-04 00:11 51,200 --a
      C:\WINDOWS\system32\dumphive.exe
      2007-01-04 00:11 40,960 --a
      C:\WINDOWS\system32\swsc.exe
      2007-01-04 00:11 3,952 --a
      C:\WINDOWS\system32\tmp.reg
      2007-01-04 00:11 288,417 --a
      C:\WINDOWS\system32\SrchSTS.exe
      2007-01-04 00:11 135,168 --a
      C:\WINDOWS\system32\swreg.exe
      2007-01-04 00:06 2,416 --a
      C:\GetPaths.vbs
      2007-01-03 23:57 0 --a
      C:\klnl.exe
      2007-01-02 23:37 <DIR> d
      C:\Program Files\Common Files\Java
      2007-01-02 21:15 <DIR> d
      C:\Program Files\scanner
      2007-01-01 21:26 <DIR> d
      C:\WINDOWS\BDOSCAN8
      2007-01-01 20:56 <DIR> d
      C:\WINDOWS\system32\ActiveScan
      2007-01-01 20:44 <DIR> d
      C:\Program Files\SpywareBlaster
      2006-12-31 01:37 68,888 --a
      C:\WINDOWS\system32\xinput1_3.dll
      2006-12-31 01:37 62,744 --a
      C:\WINDOWS\system32\xinput1_2.dll
      2006-12-31 01:37 3,426,072 --a
      C:\WINDOWS\system32\d3dx9_32.dll
      2006-12-31 01:37 251,672 --a
      C:\WINDOWS\system32\xactengine2_5.dll
      2006-12-31 01:37 237,848 --a
      C:\WINDOWS\system32\xactengine2_4.dll
      2006-12-31 01:37 236,824 --a
      C:\WINDOWS\system32\xactengine2_3.dll
      2006-12-31 01:37 2,414,360 --a
      C:\WINDOWS\system32\d3dx9_31.dll
      2006-12-31 01:37 2,297,552 --a
      C:\WINDOWS\system32\d3dx9_26.dll
      2006-12-31 01:37 15,128 --a
      C:\WINDOWS\system32\x3daudio1_1.dll
      2006-12-31 01:35 <DIR> d--h
      C:\WINDOWS\msdownld.tmp
      2006-12-30 19:22 <DIR> d
      C:\Documents and Settings\Owner\Application Data\MSNInstaller
      2006-12-30 02:11 <DIR> d
      C:\Program Files\Shockwave.com
      2006-12-30 02:09 <DIR> d
      C:\Program Files\ReflexiveArcade
      2006-12-29 02:56 <DIR> d
      C:\Program Files\IObit
      2006-12-28 01:05 <DIR> d
      C:\Documents and Settings\Owner\Application Data\funkitron
      2006-12-23 01:24 <DIR> d
      C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
      2006-12-19 23:10 24,816 --a
      C:\WINDOWS\system32\mdimon.dll
      2006-12-19 23:08 <DIR> d
      C:\Program Files\Microsoft ActiveSync
      2006-12-19 23:07 <DIR> d
      C:\Program Files\Microsoft.NET
      2006-12-19 23:04 <DIR> dr-h
      C:\MSOCache
      2006-12-17 23:23 <DIR> d
      C:\Program Files\Windows Media Connect 2
      2006-12-17 23:22 <DIR> d
      C:\WINDOWS\system32\LogFiles
      2006-12-17 23:22 <DIR> d
      C:\WINDOWS\system32\drivers\UMDF
      2006-12-14 00:01 <DIR> d
      C:\Documents and Settings\Owner\Application Data\Photodex
      2006-12-11 22:20 <DIR> d
      C:\Program Files\360Share Pro
      2006-12-11 22:20 <DIR> d
      C:\Documents and Settings\Owner\Application Data\LimeWire
      2006-12-11 22:08 <DIR> d
      C:\Documents and Settings\Owner\Application Data\Roxio


      (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


      2007-01-07 02:09
      d
      C:\Program Files\Common Files\Microsoft Shared
      2007-01-07 02:03
      d
      C:\Program Files\Snapshot Viewer
      2007-01-07 01:35
      d
      C:\Program Files\Common Files
      2007-01-02 23:42
      d
      C:\Documents and Settings\Owner\Application Data\AdobeUM
      2007-01-02 23:37
      d
      C:\Program Files\Java
      2007-01-01 19:18
      d
      C:\Program Files\Spybot - Search & Destroy
      2006-12-31 13:52
      d
      C:\Documents and Settings\Owner\Application Data\Ahead
      2006-12-31 02:26
      d
      C:\Program Files\Yahoo! Games
      2006-12-30 19:22
      d
      C:\Program Files\MSN
      2006-12-30 19:14
      d
      C:\Program Files\lx_cats
      2006-12-30 18:51
      d
      C:\Program Files\Common Files\Adobe
      2006-12-30 18:47
      d
      C:\Program Files\QuickTime
      2006-12-30 18:21
      d
      C:\Program Files\Internet Explorer
      2006-12-30 18:20
      d
      C:\Program Files\Download Express
      2006-12-29 22:54
      d
      C:\Program Files\Bonjour
      2006-12-21 23:15
      d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
      2006-12-19 23:08
      d
      C:\Program Files\Microsoft Office
      2006-12-19 23:07
      d
      C:\Program Files\Common Files\System
      2006-12-17 23:23
      d
      C:\Program Files\Windows Media Player
      2006-12-17 03:01
      d
      C:\Program Files\Outlook Express
      2006-12-11 22:14
      d--h
      C:\Program Files\InstallShield Installation Information
      2006-12-08 18:33
      d
      C:\Program Files\Common Files\Kodak
      2006-11-25 23:49
      d
      C:\Program Files\Photodex
      2006-11-16 19:47 524288 --a
      C:\WINDOWS\opuc.dll
      2006-11-14 19:27
      d
      C:\Program Files\microsoft frontpage
      2006-11-14 19:22
      d
      C:\Program Files\Common Files\Designer
      2006-11-07 23:06 679424 --a
      C:\WINDOWS\system32\inetcomm.dll
      2006-11-04 14:14 1245696 --a
      C:\WINDOWS\system32\msxml4.dll
      2006-10-27 15:09 6049280
      C:\WINDOWS\system32\ieframe.dll
      2006-10-27 15:09 50688
      C:\WINDOWS\system32\msfeedsbs.dll
      2006-10-27 15:09 458752
      C:\WINDOWS\system32\msfeeds.dll
      2006-10-27 15:09 413696 --a
      C:\WINDOWS\system32\vbscript.dll
      2006-10-27 15:09 231424 --a
      C:\WINDOWS\system32\webcheck.dll
      2006-10-27 15:09 180736
      C:\WINDOWS\system32\ieui.dll
      2006-10-27 15:09 156160 --a
      C:\WINDOWS\system32\msls31.dll
      2006-10-27 02:44 71680 --a
      C:\WINDOWS\system32\admparse.dll
      2006-10-27 02:44 55296 --a
      C:\WINDOWS\system32\iesetup.dll
      2006-10-27 02:44 54784 --a
      C:\WINDOWS\system32\ie4uinit.exe
      2006-10-27 02:44 43008 --a
      C:\WINDOWS\system32\iernonce.dll
      2006-10-27 02:44 382976 --a
      C:\WINDOWS\system32\iedkcs32.dll
      2006-10-27 02:44 229376 --a
      C:\WINDOWS\system32\ieaksie.dll
      2006-10-27 02:44 152064 --a
      C:\WINDOWS\system32\ieakeng.dll
      2006-10-27 02:44 13312 --a
      C:\WINDOWS\system32\ieudinit.exe
      2006-10-27 02:44 123904 --a
      C:\WINDOWS\system32\advpack.dll
      2006-10-27 02:42 161792 --a
      C:\WINDOWS\system32\ieakui.dll
      2006-10-19 07:56 713216 --a
      C:\WINDOWS\system32\sxs.dll
      2006-10-18 21:58 8704 --a
      C:\WINDOWS\system32\wdfmgr.exe
      2006-10-18 21:58 8704 --a
      C:\WINDOWS\system32\uwdf.exe
      2006-10-18 21:47 99840 --a
      C:\WINDOWS\system32\wmpshell.dll
      2006-10-18 21:47 991744 --a
      C:\WINDOWS\system32\drmv2clt.dll
      2006-10-18 21:47 937984 --a
      C:\WINDOWS\system32\WMNetMgr.dll
      2006-10-18 21:47 8231936 --a
      C:\WINDOWS\system32\wmploc.dll
      2006-10-18 21:47 767488
      C:\WINDOWS\system32\WMVSENCD.dll
      2006-10-18 21:47 757248 --a
      C:\WINDOWS\system32\WMADMOD.dll
      2006-10-18 21:47 7168 --a
      C:\WINDOWS\system32\asferror.dll
      2006-10-18 21:47 656896
      C:\WINDOWS\system32\WMVXENCD.dll
      2006-10-18 21:47 63488 --a
      C:\WINDOWS\system32\wpdmtpus.dll
      2006-10-18 21:47 629760 --a
      C:\WINDOWS\system32\wpd_ci.dll
      2006-10-18 21:47 613376
      C:\WINDOWS\system32\wmpmde.dll
      2006-10-18 21:47 603648 --a
      C:\WINDOWS\system32\WMSPDMOD.dll
      2006-10-18 21:47 542720 --a
      C:\WINDOWS\system32\blackbox.dll
      2006-10-18 21:47 535040
      C:\WINDOWS\system32\wmdrmsdk.dll
      2006-10-18 21:47 429056 --a
      C:\WINDOWS\system32\wmdrmdev.dll
      2006-10-18 21:47 414208 --a
      C:\WINDOWS\system32\msscp.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmvdmoe2.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmvdmod.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\WMVADVE.DLL
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\WMVADVD.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmsdmoe2.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wmsdmod.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\wdfapi.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\MPG4DMOD.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\MP4SDMOD.dll
      2006-10-18 21:47 4096 --a
      C:\WINDOWS\system32\MP43DMOD.dll
      2006-10-18 21:47 38400
      C:\WINDOWS\system32\wpdshextres.dll
      2006-10-18 21:47 37376 --a
      C:\WINDOWS\system32\wmdmps.dll
      2006-10-18 21:47 35840 --a
      C:\WINDOWS\system32\wpdconns.dll
      2006-10-18 21:47 356352 --a
      C:\WINDOWS\system32\wpdsp.dll
      2006-10-18 21:47 348672 --a
      C:\WINDOWS\system32\wmdrmnet.dll
      2006-10-18 21:47 33792 --a
      C:\WINDOWS\system32\wmdmlog.dll
      2006-10-18 21:47 321536 --a
      C:\WINDOWS\system32\mswmdm.dll
      2006-10-18 21:47 317440
      C:\WINDOWS\system32\MP4SDECD.dll
      2006-10-18 21:47 314880 --a
      C:\WINDOWS\system32\wmpdxm.dll
      2006-10-18 21:47 295936
      C:\WINDOWS\system32\wmpeffects.dll
      2006-10-18 21:47 284160
      C:\WINDOWS\system32\PortableDeviceApi.dll
      2006-10-18 21:47 276992
      C:\WINDOWS\system32\audiodev.dll
      2006-10-18 21:47 27136 --a
      C:\WINDOWS\system32\mspmsnsv.dll
      2006-10-18 21:47 2603008
      C:\WINDOWS\system32\WpdShext.dll
      2006-10-18 21:47 259072
      C:\WINDOWS\system32\MPG4DECD.dll
      2006-10-18 21:47 259072
      C:\WINDOWS\system32\MP43DECD.dll
      2006-10-18 21:47 2450944 --a
      C:\WINDOWS\system32\wmvcore.dll
      2006-10-18 21:47 242688 --a
      C:\WINDOWS\system32\wmpasf.dll
      2006-10-18 21:47 229376 --a
      C:\WINDOWS\system32\cewmdm.dll
      2006-10-18 21:47 227328 --a
      C:\WINDOWS\system32\wmerror.dll
      2006-10-18 21:47 222208 --a
      C:\WINDOWS\system32\WMASF.dll
      2006-10-18 21:47 212992
      C:\WINDOWS\system32\MFPLAT.dll
      2006-10-18 21:47 211456 --a
      C:\WINDOWS\system32\qasf.dll
      2006-10-18 21:47 204288
      C:\WINDOWS\system32\wmpsrcwp.dll
      2006-10-18 21:47 199168
      C:\WINDOWS\system32\PortableDeviceWMDRM.dll
      2006-10-18 21:47 179712 --a
      C:\WINDOWS\system32\msnetobj.dll
      2006-10-18 21:47 175616 --a
      C:\WINDOWS\system32\mspmsp.dll
      2006-10-18 21:47 166912
      C:\WINDOWS\system32\PortableDeviceTypes.dll
      2006-10-18 21:47 1661440
      C:\WINDOWS\system32\wmpencen.dll
      2006-10-18 21:47 1574912
      C:\WINDOWS\system32\WMVENCOD.dll
      2006-10-18 21:47 157184 --a
      C:\WINDOWS\system32\wmidx.dll
      2006-10-18 21:47 154624 --a
      C:\WINDOWS\system32\wpdmtp.dll
      2006-10-18 21:47 1543680
      C:\WINDOWS\system32\WMVDECOD.dll
      2006-10-18 21:47 1382912
      C:\WINDOWS\system32\WMVSDECD.dll
      2006-10-18 21:47 133632
      C:\WINDOWS\system32\WPDShServiceObj.dll
      2006-10-18 21:47 1329152 --a
      C:\WINDOWS\system32\WMSPDMOE.dll
      2006-10-18 21:47 132096
      C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
      2006-10-18 21:47 130048
      C:\WINDOWS\system32\wmpps.dll
      2006-10-18 21:47 11264 --a
      C:\WINDOWS\system32\LAPRXY.dll
      2006-10-18 21:47 1117696 --a
      C:\WINDOWS\system32\WMADMOE.dll
      2006-10-18 21:47 101888
      C:\WINDOWS\system32\PortableDeviceClassExtension.dll
      2006-10-18 20:03 100864 --a
      C:\WINDOWS\system32\logagent.exe
      2006-10-18 20:00 249856
      C:\WINDOWS\system32\drmupgds.exe
      2006-10-18 20:00 17408
      C:\WINDOWS\system32\wpdshextautoplay.exe
      2006-10-17 13:06 78336 --a
      C:\WINDOWS\system32\ieencode.dll
      2006-10-17 13:05 40960 --a
      C:\WINDOWS\system32\licmgr10.dll
      2006-10-17 13:05 206336
      C:\WINDOWS\system32\WinFXDocObj.exe
      2006-10-17 13:05 105984 --a
      C:\WINDOWS\system32\url.dll
      2006-10-17 13:04 101376 --a
      C:\WINDOWS\system32\occache.dll
      2006-10-17 13:03 17408 --a
      C:\WINDOWS\system32\corpol.dll
      2006-10-17 12:58 61952
      C:\WINDOWS\system32\icardie.dll
      2006-10-17 12:58 12288
      C:\WINDOWS\system32\msfeedssync.exe
      2006-10-17 12:57 36352 --a
      C:\WINDOWS\system32\imgutil.dll
      2006-10-17 12:57 266752
      C:\WINDOWS\system32\iertutil.dll
      2006-10-17 12:56 45568 --a
      C:\WINDOWS\system32\mshta.exe
      2006-10-17 12:28 48128 --a
      C:\WINDOWS\system32\mshtmler.dll
      2006-10-17 12:27 380928
      C:\WINDOWS\system32\ieapfltr.dll
      2006-10-13 06:35 142336 --a
      C:\WINDOWS\system32\nwprovau.dll
      2006-10-09 08:12 1343488 --a
      C:\WINDOWS\system32\FreeImage.dll


      (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

      *Note* empty entries are not shown

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
      "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
      "PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\NEROPH~2\\data\\Xtras\\mssysmgr.exe"
      "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
      "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
      "TaskManager"="C:\\WINDOWS\\TaskMgr.exe"
      "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
      "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
      "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
      "tgcmd"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server /startmonitor /deaf"
      "SSRunScript"="\"C:\\Program Files\\Support.com\\Charter\\bin\\SSRunScript.exe\" /script \"C:\\Program Files\\Support.com\\Charter\\vbs\\verifyconnection.vbs\" /args //b startupdelay"
      "BCMSMMSG"="BCMSMMSG.exe"
      "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
      "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
      "InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
      "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
      "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
      "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
      "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
      "lxcrmon.exe"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\""
      "EzPrint"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\""
      "FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
      "NapsterShell"="C:\\Program Files\\Napster\\napster.exe /systray"
      "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
      "NoChange"="1"
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
      @=&quot;"

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
      "DeskHtmlVersion"=dword:00000110
      "DeskHtmlMinorVersion"=dword:00000005
      "Settings"=dword:00000001
      "GeneralFlags"=dword:00000005

      [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="My Current Home Page"
      "Flags"=dword:00000002
      "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,df,02,00,00,00,\
      00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
      "CurrentState"=hex:04,00,00,40
      "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
      ff,ff,04,00,00,00
      "RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
      00,00,01,00,00,00

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
      "RunNarrator"="Narrator.exe"

      [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
      "RunNarrator"="Narrator.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
      "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
      "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
      "{E672B410-3580-435F-AD90-63D158E2F29C}"=""
      "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091
      "NoDriveAutoRun"=dword:ffffffff
      "LinkResolveIgnoreLinkInfo"=dword:00000000

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "dontdisplaylastusername"=dword:00000000
      "legalnoticecaption"=""
      "legalnoticetext"=""
      "shutdownwithoutlogon"=dword:00000001
      "undockwithoutlogon"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "LinkResolveIgnoreLinkInfo"=dword:00000000
      "NoResolveSearch"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091

      [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
      "NoDriveTypeAutoRun"=dword:00000091

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
      "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
      "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
      "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
      "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
      "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
      "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


      Contents of the 'Scheduled Tasks' folder
      C:\WINDOWS\tasks\XoftSpySE.job

      Completion time: 07-01-08 19:34:15.39
      C:\ComboFix.txt ... 07-01-08 19:34
      C:\ComboFix2.txt ... 07-01-07 16:56
      C:\ComboFix3.txt ... 07-01-07 01:37

      Going to try to change the file now, but wanted to get this on in case I lost IE access.
    • fish04
      edited January 2007
      OKay file is changed, and it seems IE is still working.
    • fish04
      edited January 2007
      well now IE is not working...giving same message about that file not being found
    • fish04
      edited January 2007
      Would it just be easier to do a full restore on the computer since it's having multiple problems? And would a full restore get rid of the virus, spyware, and all the other risky stuff on it?
    • TroganTrogan London, UK
      edited January 2007
      Hi, sorry for the delay.

      If you could do a restore and post a new HijackThis log, if we take it from there. The file preventing IE from working is bad and I'm not sure why its stopping IE from working.

      Let me know what you want to do.
    • fish04
      edited January 2007
      What would be the best course of action? I think there are a couple of options:

      1. I have the Office 2003 disc. I could remove all Office components and reload it from the disc. Then try to finish the cleanup.

      or

      2. Do a full system restore (which I guess would wipe out everything I have, including files and programs.) But would that remove all threats and viruses too?

      I don't know which one to do. What are your thoughts on it?
    • TroganTrogan London, UK
      edited January 2007
      The C:\WINDOWS\system32\msvcrl.dll is a malicious file, just so you know. It is preventing IE from working when it is deleted or disabled.

      I don't think Office 2003 has anything to do with the problems, so reloading it won't change anything.

      What you are talking about is a Reformat not System Restore. A Reformat will wipe your hard drive clean and eliminate any spyware and viruses present, but it does mean you will have to back up any important data. A system restore just reverts the computer back to a previous state in the past - that is what I thought you meant

      Its really your choice. I'll be glad to continue to help you until we can fully solve this or you can Reformat.
    • fish04
      edited January 2007
      My thought with Office 2003, was I thought that it installed IE and that it would clean up that connection. (I really don't know where that thought came from though)....Maybe we can try some more when I get off work...should be leaving here in about 1 hour. I can be available all evening if you are. I really would hate to do a system restore, as there is alot of stuff I don't want to lose on there.
    • fish04
      edited January 2007
      Damn, said it again...I meant to say I would hate to do a system reformat.
    This discussion has been closed.