Hi all,

I running on a Dell Dimension E310 with Windows XP SP 2. I have been infected with the Win32:TratBHO[TRj] and am trying to remove that and any other malicious stuff that might be on here. I'm following the steps outlined in this forum but when I am booting to safe mode to run the AVG Anti-Spyware, my computer hangs when it is loading drivers. The last file it loads is mup.sys. Should I run AVG in regular mode? What to do at this point? I don't have a clue.

Thanks!

Deanna

Hello deegibbons

Welcome to G2Go.
===================
Do not worry abaout AVG as for now just do the following:

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\Hijack This.
• Click on I agree
• Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Thanks for the help! Here's my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:14 AM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Web Buying\v1.8.6\webbuying.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/redir....ystempopup=true
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\mljgg.exe
O2 - BHO: (no name) - {00DC0058-A87E-4D19-9C26-F1AAC98AD4D7} - C:\WINDOWS\system32\yaywutt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31e33c2c-c349-4948-bfeb-df1ddb7fb817} - C:\WINDOWS\system32\vtnblcj.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {BF6C233E-D802-4220-9D05-4A52F37A3D11} - C:\Program Files\MSN Gaming Zone\hokerC:\WINDOWS\system32\mr9\gyreo83122.exe.dll (file missing)
O2 - BHO: (no name) - {DE270209-AB16-4A52-86E8-864CD0352610} - C:\Program Files\MSN Gaming Zone\hokerC:\WINDOWS\system32\mr9\gyreo83122.exe.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.6\webbuying.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\kwinnmdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eXtreme Fax Call Controller.lnk = C:\Program Files\RingCentral\eXtreme Fax\RCUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm128MKUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Pirateville/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Pirateville/Images/armhelper.ocx
O20 - Winlogon Notify: yaywutt - C:\WINDOWS\SYSTEM32\yaywutt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10701 bytes

You are welcome
=================
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
3. Double click on combofix.exe & follow the prompts.
4. When finished, it will produce a report for you.
5. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Okay, here's my combo log:

ComboFix 08-01-11.3 - Deanna 2008-01-12 12:44:55.2 - NTFSx86
Running from: C:\Documents and Settings\Deanna.GIBBONS\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Deanna.GIBBONS\Application Data\FunWebProducts
C:\Documents and Settings\Deanna.GIBBONS\Application Data\FunWebProducts\Data\Deanna\avatar.dat
C:\Documents and Settings\Deanna.GIBBONS\Application Data\FunWebProducts\Data\Deanna\register.dat
C:\Documents and Settings\Deanna.GIBBONS\Application Data\FunWebProducts\Data\Deanna\zbucks.dat
C:\Documents and Settings\Deanna.GIBBONS\Start Menu\Programs\Startup\think-adz.lnk
C:\Program Files\kernel
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInstall.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.6\wbuninst.exe
C:\Program Files\web buying\v1.8.6\webbuying .exe
C:\Program Files\web buying\v1.8.6\webbuying.exe
C:\temp\tn3
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\ljjkjhg.dll
C:\WINDOWS\system32\mc-110-12-0000140.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\vtnblcj.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\yaywutt.dll
C:\WINDOWS\system32\z1
C:\WINDOWS\system32\z9
C:\WINDOWS\system32\zxdnt3d.cfg
C:\winlogon.exe
C:\x.dat
C:\z.dat
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\core




((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 11:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 18:13 . 2008-01-08 18:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-08 13:24 . 2008-01-08 13:24 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Grisoft
2008-01-07 18:34 . 2008-01-07 18:34 <DIR> d-------- C:\Documents and Settings\Deanna.GIBBONS\Application Data\Grisoft
2008-01-07 18:34 . 2008-01-07 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-07 18:34 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-07 17:43 . 2008-01-07 17:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 11:34 . 2008-01-06 11:37 <DIR> d-------- C:\Documents and Settings\Deanna.GIBBONS\.housecall6.6
2008-01-06 11:20 . 2008-01-06 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-06 11:19 . 2008-01-06 11:19 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-06 11:10 . 2008-01-06 11:10 <DIR> d-------- C:\WINDOWS\system32\vmm32
2008-01-05 13:33 . 2008-01-05 13:33 39,936 --a------ C:\WINDOWS\17PHolmes1000106.exe
2008-01-05 10:21 . 2008-01-07 18:25 212,992 --a------ C:\Updater .exe
2008-01-05 10:21 . 2008-01-07 18:25 114,688 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-05 10:21 . 2008-01-07 18:25 94,208 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-05 10:21 . 2008-01-07 18:25 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-05 10:20 . 2008-01-05 10:20 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-05 10:09 . 2008-01-05 13:33 134 --a------ C:\n.bat
2008-01-05 10:08 . 2008-01-05 10:08 <DIR> d-------- C:\WINDOWS\system32\mr9
2008-01-05 10:08 . 2008-01-05 10:08 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2008-01-05 10:08 . 2008-01-05 10:08 <DIR> d-------- C:\WINDOWS\system32\aj2
2008-01-05 09:56 . 2008-01-05 09:56 <DIR> d-------- C:\Program Files\Common Files\Viewpoint
2007-12-30 20:32 . 2007-12-30 20:32 <DIR> d-------- C:\Program Files\onOne Software
2007-12-30 20:32 . 2007-12-30 20:32 <DIR> d-------- C:\Program Files\Common Files\onOne Software Shared
2007-12-30 20:32 . 2005-08-21 15:57 227,840 --a------ C:\WINDOWS\system32\Deco_32.dll
2007-12-22 18:06 . 2007-12-22 18:06 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\MySpace
2007-12-19 18:54 . 2007-12-29 20:54 <DIR> d-------- C:\Program Files\Kitty Luv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 18:25 --------- d-----w C:\Program Files\DellSupport
2008-01-06 16:19 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-06 16:14 --------- d--h--w C:\Documents and Settings\Deanna.GIBBONS\Application Data\Gtek
2008-01-06 16:10 --------- d-----w C:\Program Files\Dell
2008-01-06 01:32 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\LimeWire
2008-01-06 01:27 278,547 ----a-w C:\WINDOWS\Fonts\svchost .exe
2008-01-05 15:12 278,548 ----a-w C:\WINDOWS\Fonts\Setup.exe
2008-01-05 14:56 --------- d-----w C:\Program Files\Viewpoint
2008-01-05 14:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-05 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2007-12-31 01:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 01:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 01:53 --------- d-----w C:\Program Files\Dell Games
2007-12-23 22:42 --------- d-----w C:\Program Files\MySpace
2007-12-19 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-24 15:56 --------- d-----w C:\Program Files\Three Rings Design
2007-11-23 01:17 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\PlayFirst
2007-11-21 21:49 --------- d-----w C:\Program Files\GameHouse
2007-11-21 14:34 --------- d-----w C:\Program Files\SallysSalon_at
2007-11-21 01:06 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\Legends of pirates
2007-11-21 00:56 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\SpinTop
2007-11-20 22:51 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\GameHouse
2007-11-20 00:57 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\Mysteryville2
2007-11-20 00:41 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\Eyeblaster
2007-11-20 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-17 02:45 --------- d-----w C:\Program Files\NCH Software
2007-11-17 02:45 --------- d-----w C:\Documents and Settings\Rob\Application Data\NCH Swift Sound
2007-11-16 21:16 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\Jane s Hotel
2007-11-16 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:39 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-06-20 23:32 102,656 -c--a-w C:\Documents and Settings\Deanna.GIBBONS\Application Data\GDIPFONTCACHEV1.DAT
2007-02-12 02:27 102,656 -c--a-w C:\Documents and Settings\Rob\Application Data\GDIPFONTCACHEV1.DAT
2004-09-20 03:29 1,247 -c--a-w C:\Program Files\info.txt
2006-03-30 02:10 104 --sh--r C:\WINDOWS\system32\0FF98E1948.sys
2006-03-30 02:10 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF6C233E-D802-4220-9D05-4A52F37A3D11}]
C:\Program Files\MSN Gaming Zone\hokerC:\WINDOWS\system32\mr9\gyreo83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE270209-AB16-4A52-86E8-864CD0352610}]
C:\Program Files\MSN Gaming Zone\hokerC:\WINDOWS\system32\mr9\gyreo83122.exe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"kernel"="C:\Program Files\kernel\kernel.exe" [ ]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"Microsoft Works Update Detection"="???\WkDetect.exe" [ ]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [ ]
"AIM"="C:\Program Files\AIM\aim.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [2008-01-06 11:01 249856]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10 49263]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"LyraHD2TrayApp"="C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-04-18 15:35 290816]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

C:\Documents and Settings\Deanna.GIBBONS\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-08 09:40:29]
ePrompter.lnk - C:\Program Files\ePrompter\ePrompter.exe [2006-04-26 19:27:07]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-03-14 01:00:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^Deanna.GIBBONS^Start Menu^Programs^Startup^FontHit Font Tools.lnk]
path=C:\Documents and Settings\Deanna.GIBBONS\Start Menu\Programs\Startup\FontHit Font Tools.lnk
backup=C:\WINDOWS\pss\FontHit Font Tools.lnkStartup

R0 IFP300;iriver Internet Audio Player IFP-300;C:\WINDOWS\system32\DRIVERS\ifp300.sys [2004-03-29 16:28]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
S2 Ca536av;DV 5900(Video);C:\WINDOWS\system32\Drivers\Ca536av.sys []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe" [2007-11-09 17:59]
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2003-09-07 21:14]
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2003-09-07 21:14]
S3 USBCamera;DV 5900(Still);C:\WINDOWS\system32\Drivers\Bulk536.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a49218b4-bdb1-11da-b1d4-00e06f44315b}]
\Shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 05:37:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-30 07:00:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-01-05 00:50:47 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (GIBBONS-Rob).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 13:03:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 13:04:45
ComboFix-quarantined-files.txt 2008-01-12 18:04:27
.
2008-01-10 18:34:12 --- E O F ---


AND HERE IS MY HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:36 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/redir....ystempopup=true
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {BF6C233E-D802-4220-9D05-4A52F37A3D11} - C:\Program Files\MSN Gaming Zone\hokerC:\WINDOWS\system32\mr9\gyreo83122.exe.dll (file missing)
O2 - BHO: (no name) - {DE270209-AB16-4A52-86E8-864CD0352610} - C:\Program Files\MSN Gaming Zone\hokerC:\WINDOWS\system32\mr9\gyreo83122.exe.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eXtreme Fax Call Controller.lnk = C:\Program Files\RingCentral\eXtreme Fax\RCUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm128MKUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Pirateville/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Pirateville/Images/armhelper.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9718 bytes

• Download RenV.exe by sUBs to your desktop
• Copy the entire contents of the Code Box below to Notepad.
• Name the file as Log.txt
• Change the Save as Type to All Files
• and Save it on the desktop

Refering to the picture above, drag Log.txt into RenV.exe.
=========================================
1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:




3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

This post has been edited by kahdah: Jan 13 2008, 08:10 AM

ComboFix 08-01-11.3 - Deanna 2008-01-13 16:14:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.169 [GMT -5:00]
Running from: C:\Documents and Settings\Deanna.GIBBONS\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Deanna.GIBBONS\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\n.bat
C:\Updater .exe
C:\WINDOWS\17PHolmes1000106.exe
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost .exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9\profile.ini
C:\n.bat
C:\Program Files\Common Files\Viewpoint
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Updater .exe
C:\WINDOWS\system32\aj2
C:\WINDOWS\system32\aj2\bumebrpl5.exe
C:\WINDOWS\system32\ardCo18
C:\WINDOWS\system32\ardCo18\ardCo182328.exe
C:\WINDOWS\system32\mr9

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 16:10 . 2008-01-07 18:25 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2008-01-13 16:10 . 2008-01-07 18:25 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-13 16:10 . 2008-01-07 18:25 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2008-01-13 16:10 . 2008-01-13 16:10 27,136 --a------ C:\Documents and Settings\Deanna.GIBBONS\nircmd.exe
2008-01-13 08:57 . 2008-01-13 08:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 08:57 . 2008-01-13 08:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 08:49 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-12 20:30 . 2008-01-12 20:30 <DIR> d-------- C:\WINDOWS\Intuit
2008-01-12 19:19 . 2008-01-12 19:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-12 19:19 . 2008-01-12 19:21 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-12 19:19 . 2008-01-12 19:21 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-12 19:19 . 2008-01-12 19:21 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-12 16:43 . 2008-01-12 16:44 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-12 16:43 . 2008-01-12 16:43 <DIR> d-------- C:\Documents and Settings\Deanna.GIBBONS\Application Data\SUPERAntiSpyware.com
2008-01-12 16:43 . 2008-01-12 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 16:42 . 2008-01-12 16:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-12 11:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 18:13 . 2008-01-08 18:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-08 13:24 . 2008-01-08 13:24 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Grisoft
2008-01-07 18:34 . 2008-01-07 18:34 <DIR> d-------- C:\Documents and Settings\Deanna.GIBBONS\Application Data\Grisoft
2008-01-07 18:34 . 2008-01-07 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-07 18:34 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-07 17:43 . 2008-01-07 17:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 11:34 . 2008-01-06 11:37 <DIR> d-------- C:\Documents and Settings\Deanna.GIBBONS\.housecall6.6
2008-01-06 11:20 . 2008-01-06 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-06 11:19 . 2008-01-06 11:19 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-06 11:10 . 2008-01-06 11:10 <DIR> d-------- C:\WINDOWS\system32\vmm32
2007-12-22 18:06 . 2007-12-22 18:06 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\MySpace
2007-12-19 18:54 . 2007-12-29 20:54 <DIR> d-------- C:\Program Files\Kitty Luv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 21:10 --------- d-----w C:\Program Files\DellSupport
2008-01-13 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-01-13 13:49 --------- d-----w C:\Program Files\Java
2008-01-13 02:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-13 01:30 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-13 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-13 01:20 --------- d-----w C:\Program Files\Time Stamp
2008-01-13 01:19 --------- d-----w C:\Program Files\GameHouse
2008-01-13 01:18 --------- d-----w C:\Program Files\Intuit
2008-01-13 01:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 01:15 --------- d-----w C:\Program Files\CoreFTP
2008-01-06 16:19 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-06 16:14 --------- d--h--w C:\Documents and Settings\Deanna.GIBBONS\Application Data\Gtek
2008-01-06 16:10 --------- d-----w C:\Program Files\Dell
2008-01-06 01:32 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\LimeWire
2008-01-06 01:26 59,392 ----a-w C:\WINDOWS\system32\dllcache\ehtray.exe
2008-01-05 15:20 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-05 15:20 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2007-12-30 01:53 --------- d-----w C:\Program Files\Dell Games
2007-12-23 22:42 --------- d-----w C:\Program Files\MySpace
2007-12-19 23:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-24 15:56 --------- d-----w C:\Program Files\Three Rings Design
2007-11-23 01:17 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\PlayFirst
2007-11-21 14:34 --------- d-----w C:\Program Files\SallysSalon_at
2007-11-21 01:06 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\Legends of pirates
2007-11-21 00:56 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\SpinTop
2007-11-20 22:51 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\GameHouse
2007-11-20 00:57 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\Mysteryville2
2007-11-20 00:41 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\Eyeblaster
2007-11-20 00:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-11-17 02:45 --------- d-----w C:\Program Files\NCH Software
2007-11-17 02:45 --------- d-----w C:\Documents and Settings\Rob\Application Data\NCH Swift Sound
2007-11-16 21:16 --------- d-----w C:\Documents and Settings\Deanna.GIBBONS\Application Data\Jane s Hotel
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:39 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-06-20 23:32 102,656 -c--a-w C:\Documents and Settings\Deanna.GIBBONS\Application Data\GDIPFONTCACHEV1.DAT
2007-02-12 02:27 102,656 -c--a-w C:\Documents and Settings\Rob\Application Data\GDIPFONTCACHEV1.DAT
2004-09-20 03:29 1,247 -c--a-w C:\Program Files\info.txt
2006-03-30 02:10 104 --sh--r C:\WINDOWS\system32\0FF98E1948.sys
2006-03-30 02:10 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.



((((((((((((((((((((((((((((( snapshot@2008-01-12_13.04.00.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-24 13:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
- 2004-08-10 09:04:42 59,392 ----a-w C:\WINDOWS\ehome\ehtray.exe
+ 2008-01-06 01:26:47 59,392 ----a-w C:\WINDOWS\ehome\ehtray.exe
- 2008-01-12 16:48:31 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 21:13:55 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-12 16:48:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 21:13:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-12 16:48:31 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 21:13:55 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-12 16:48:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 21:13:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-12 16:48:32 8,105,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 21:13:55 8,122,368 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-12 16:48:32 1,429,504 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 21:13:56 1,429,504 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-12 21:43:33 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-01-12 21:43:33 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-01-12 21:43:33 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-03-29 14:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 21:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 19:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 16:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 18:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2007-11-12 14:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
+ 2006-02-16 23:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 23:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 16:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 20:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 18:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 15:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 18:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-16 23:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 21:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2007-06-04 16:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 19:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 19:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2007-10-30 15:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
+ 2006-08-01 18:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2007-11-21 15:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 18:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 16:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 16:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 13:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 19:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 15:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 15:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 21:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 14:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 15:58:12 33,280 ---