BrowserModifier:Win32/Fotomoto and TrojanDropper:Win32/conhook.A

pls...i really need help...

Hi, google-ish.

Welcome.

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

well finally...

and here it is...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:20:40, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
D:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\iolo\System Mechanic Professional 7\SMTrayNotify.exe
D:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>;*.local
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vksnppbl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "D:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iolo AntiVirus] "D:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "D:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [144f1a57] rundll32.exe "C:\WINDOWS\system32\opmflwnu.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] "C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" -Hide
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Disabled
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://sg.yahoo.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://sympatico.zon...h2.1.0.0.55.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://lostinspace89...os/uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/ct.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/...sh.1.0.0.94.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab50997.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O18 - Protocol: bw+0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7100E69F-4410-4070-8DE4-99245BF4D571} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jmdbvgfq.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 25221 bytes


*LATEST*
windows defender has shown conhook.D as well...

Hi, Name.

Please remove the Logitech Desktop Messenger from the computer.

Please download VundoFix.exe to your desktop.

Note: In the event you already have Vundofix, this is a new version that I need you to download.

• Double-click VundoFix.exe to run it.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt in your next reply.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" on your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply along with a Hijackthis log.
• Click Close to exit the program.

this is the result log for the vundofix...


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 01:00:39 26/11/2007

Listing files found while scanning....


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 01:03:51 26/11/2007

Listing files found while scanning....

C:\windows\system32\byxuuvu.dll
C:\windows\system32\ihhkj.bak1
C:\windows\system32\ihhkj.bak2
C:\windows\system32\ihhkj.ini
C:\windows\system32\ihhkj.ini2
C:\windows\system32\iubfqchs.dll
C:\windows\system32\jkhhi.dll
C:\windows\system32\nnnkhge.dll
C:\windows\system32\qvvbveaq.exe
C:\windows\system32\ssqpopp.dll
C:\WINDOWS\system32\vksnppbl.dll
C:\windows\system32\vksnppbl.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\byxuuvu.dll
C:\windows\system32\byxuuvu.dll Could not be deleted.

Attempting to delete C:\windows\system32\ihhkj.bak1
C:\windows\system32\ihhkj.bak1 Has been deleted!

Attempting to delete C:\windows\system32\ihhkj.bak2
C:\windows\system32\ihhkj.bak2 Has been deleted!

Attempting to delete C:\windows\system32\ihhkj.ini
C:\windows\system32\ihhkj.ini Has been deleted!

Attempting to delete C:\windows\system32\ihhkj.ini2
C:\windows\system32\ihhkj.ini2 Has been deleted!

Attempting to delete C:\windows\system32\iubfqchs.dll
C:\windows\system32\iubfqchs.dll Has been deleted!

Attempting to delete C:\windows\system32\jkhhi.dll
C:\windows\system32\jkhhi.dll Has been deleted!

Attempting to delete C:\windows\system32\nnnkhge.dll
C:\windows\system32\nnnkhge.dll Has been deleted!

Attempting to delete C:\windows\system32\qvvbveaq.exe
C:\windows\system32\qvvbveaq.exe Has been deleted!

Attempting to delete C:\windows\system32\ssqpopp.dll
C:\windows\system32\ssqpopp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vksnppbl.dll
C:\WINDOWS\system32\vksnppbl.dll Has been deleted!

Attempting to delete C:\windows\system32\vksnppbl.dllbox
C:\windows\system32\vksnppbl.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\byxuuvu.dll
C:\windows\system32\byxuuvu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 01:39:47 26/11/2007

Listing files found while scanning....

________________________________________________________________________________
__________________

I couldn't find any log result for combofix...
________________________________________________________________________________
__________________
This is the result log for SUPERantispyware...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2007 at 08:46 PM

Application Version : 3.9.1008

Core Rules Database Version : 3350
Trace Rules Database Version: 1349

Scan type : Quick Scan
Total Scan Time : 01:08:40

Memory items scanned : 607
Memory threats detected : 3
Registry items scanned : 976
Registry threats detected : 6
File items scanned : 40016
File threats detected : 104

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\BSNYQFCW.DLL
C:\WINDOWS\SYSTEM32\BSNYQFCW.DLL
C:\WINDOWS\SYSTEM32\RCFJUWYA.DLL
C:\WINDOWS\SYSTEM32\NBKEYNCI.DLL
C:\WINDOWS\SYSTEM32\LWQTRJMX.DLL
C:\WINDOWS\SYSTEM32\CXXCNYIL.DLL
C:\WINDOWS\SYSTEM32\SQUUXJAI.DLL
C:\WINDOWS\SYSTEM32\XWMKIMHI.DLL
C:\WINDOWS\SYSTEM32\EWNUQFOT.DLL
C:\WINDOWS\SYSTEM32\AXFSIBLO.DLL
C:\WINDOWS\SYSTEM32\NOPWIVTG.DLL
C:\WINDOWS\SYSTEM32\PRNACMGW.DLL
C:\WINDOWS\SYSTEM32\WGUPXVNM.DLL
C:\WINDOWS\SYSTEM32\AGAPJCUG.DLL
C:\WINDOWS\SYSTEM32\AXHCEFSQ.DLL
C:\WINDOWS\SYSTEM32\QCTSRXBG.DLL
C:\WINDOWS\SYSTEM32\JNGOTEAV.DLL
C:\WINDOWS\SYSTEM32\PHRBFSRV.DLL
C:\WINDOWS\SYSTEM32\UWYHWIOF.DLL
C:\WINDOWS\SYSTEM32\OXCSHWDF.DLL
C:\WINDOWS\SYSTEM32\JJTOQWHP.DLL
C:\WINDOWS\SYSTEM32\BSGIONOJ.DLL
C:\WINDOWS\SYSTEM32\PAHABIMY.DLL
C:\WINDOWS\SYSTEM32\NJPXBDFI.DLL
C:\WINDOWS\SYSTEM32\QDXIAHOL.DLL
C:\WINDOWS\SYSTEM32\LBBNFDAB.DLL
C:\WINDOWS\SYSTEM32\UDXCMSRF.DLL
C:\WINDOWS\SYSTEM32\IJLXCNHF.DLL
C:\WINDOWS\SYSTEM32\DCCSFPTX.DLL
C:\WINDOWS\SYSTEM32\YBQLHTSB.DLL
C:\WINDOWS\SYSTEM32\XEDXXSEX.DLL

Trojan.Downloader-Gen/Svchost-Fake
C:\WINDOWS\FONTS\SVCHOST.EXE
C:\WINDOWS\FONTS\SVCHOST.EXE
[Host Process] C:\WINDOWS\FONTS\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-17B62EB3.pf

Trojan.Downloader-Gen/BundleBase
C:\WINDOWS\SYSTEM32\RMA05YY\RMA05YY1080.EXE
C:\WINDOWS\SYSTEM32\RMA05YY\RMA05YY1080.EXE
C:\WINDOWS\SYSTEM32\RMA18YY\RMA18YY2328.EXE

Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A6B3B72-AAFE-4748-AB39-2A494B183ED9}
HKCR\CLSID\{1A6B3B72-AAFE-4748-AB39-2A494B183ED9}
HKCR\CLSID\{1A6B3B72-AAFE-4748-AB39-2A494B183ED9}\InprocServer32
HKCR\CLSID\{1A6B3B72-AAFE-4748-AB39-2A494B183ED9}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JKHHI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{01CD0B31-9154-45F2-9414-F5D64B74EAF6}
C:\WINDOWS\SYSTEM32\BYXYWWT.DLL
C:\WINDOWS\SYSTEM32\OPNLJIG.DLL
C:\WINDOWS\SYSTEM32\WVURONN.DLL
C:\WINDOWS\SYSTEM32\JKKJJHE.DLL
C:\WINDOWS\SYSTEM32\EFCABYY.DLL
C:\WINDOWS\SYSTEM32\AWTQNLL.DLL
C:\VUNDOFIX BACKUPS\BYXUUVU.DLL.BAD
C:\VUNDOFIX BACKUPS\NNNKHGE.DLL.BAD
C:\VUNDOFIX BACKUPS\SSQPOPP.DLL.BAD

Adware.Tracking Cookie
C:\Documents and Settings\Gabriel\Cookies\[email protected][1].txt
C:\Documents and Settings\Gabriel\Cookies\[email protected][1].txt
C:\Documents and Settings\Gabriel\Cookies\gabriel@doubleclick[1].txt
C:\Documents and Settings\Gabriel\Cookies\[email protected][1].txt
C:\Documents and Settings\Gabriel\Cookies\[email protected][2].txt
C:\Documents and Settings\Gabriel\Cookies\gabriel@precisionclick[2].txt
C:\Documents and Settings\Gabriel\Cookies\[email protected][1].txt
C:\Documents and Settings\Gabriel\Cookies\[email protected][1].txt
C:\Documents and Settings\Gabriel\Cookies\gabriel@fastclick[2].txt
C:\Documents and Settings\Gabriel\Cookies\[email protected][1].txt
C:\Documents and Settings\Gabriel\Cookies\[email protected][1].txt
C:\Documents and Settings\Gabriel\Cookies\gabriel@clicksor[1].txt
C:\Documents and Settings\Gabriel\Cookies\gabriel@adbrite[1].txt
C:\Documents and Settings\Gabriel\Cookies\gabriel@adinterax[1].txt
C:\Documents and Settings\Gabriel\Cookies\[email protected][2].txt
C:\Documents and Settings\Gabriel\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@qnsr[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Gracia\Cookies\[email protected][2].txt
C:\Documents and Settings\Gracia\Cookies\gracia@eyewonder[1].txt
C:\Documents and Settings\Gracia\Cookies\[email protected][1].txt
C:\Documents and Settings\Gracia\Cookies\[email protected][2].txt

Trojan.Downloader-Gen/DDC
C:\WINDOWS\SYSTEM32\VCSVQWHT.EXE
C:\WINDOWS\SYSTEM32\OKWKOOCW.EXE
C:\WINDOWS\SYSTEM32\PCUANYYE.EXE
C:\WINDOWS\SYSTEM32\YQOFBPOU.EXE
C:\WINDOWS\SYSTEM32\PYPHGVYN.EXE
C:\WINDOWS\SYSTEM32\OGWUHQWC.EXE
C:\WINDOWS\SYSTEM32\HUMEGOAL.EXE
C:\WINDOWS\SYSTEM32\VUHWWGEI.EXE
C:\WINDOWS\SYSTEM32\GMEREPDT.EXE
C:\WINDOWS\SYSTEM32\WTOJOYUA.EXE
C:\WINDOWS\SYSTEM32\LPNPPJAV.EXE
C:\WINDOWS\SYSTEM32\YTEHRUUW.EXE
C:\WINDOWS\SYSTEM32\PQQKQSLN.EXE
C:\WINDOWS\SYSTEM32\JKSNSROG.EXE
C:\WINDOWS\SYSTEM32\HYBNGBRL.EXE
C:\WINDOWS\SYSTEM32\MXUIRKIS.EXE
C:\WINDOWS\SYSTEM32\PXEXXSXN.EXE
C:\WINDOWS\SYSTEM32\NCCMFQOH.EXE
C:\WINDOWS\SYSTEM32\EIOTBYMD.EXE
C:\WINDOWS\SYSTEM32\SHOTPJKN.EXE
C:\WINDOWS\SYSTEM32\LWURKDPF.EXE
C:\WINDOWS\SYSTEM32\SXMQHOBE.EXE
C:\WINDOWS\SYSTEM32\DHHDFXND.EXE
C:\WINDOWS\SYSTEM32\EVMOJPNF.EXE
C:\WINDOWS\Prefetch\DHHDFXND.EXE-276114BD.pf
C:\WINDOWS\Prefetch\EVMOJPNF.EXE-24A8D0E0.pf

Spyware.RelevantKnowledge
C:\WINDOWS\SYSTEM32\RKUPGINSTALLER.EXE

Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\KDLFFFWH.DLL
C:\WINDOWS\SYSTEM32\COMKPCLX.DLL
C:\WINDOWS\SYSTEM32\GXPIJKPG.DLL

Adware.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\RQRQNKK.DLL
C:\WINDOWS\SYSTEM32\PMNKKJK.DLL
C:\WINDOWS\SYSTEM32\CBXWVTU.DLL
C:\WINDOWS\SYSTEM32\YAYXVSR.DLL
C:\WINDOWS\SYSTEM32\WVUTQON.DLL
C:\WINDOWS\SYSTEM32\IIFGFGD.DLL

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\W1\MPER83122.EXE.VIR

Adware.Vundo/Traff-2
C:\VUNDOFIX BACKUPS\QVVBVEAQ.EXE.BAD

________________________________________________________________________________
__________________
This is the result log after all the scannings are done...looks clean to me...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15, on 2007-11-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
D:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {27D7C51C-280D-4AEB-92DD-1A8B09B3A937} - (no file)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "D:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "D:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [144f1a57] "rundll32.exe" "C:\WINDOWS\system32\bsnyqfcw.dll",b
O4 - HKLM\..\Run: [iolo Personal Firewall] "D:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKLM\..\Run: [SpySweeper] D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] "C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" -Hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Disabled
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://sg.yahoo.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://sympatico.zon...h2.1.0.0.55.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://lostinspace89...os/uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/ct.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/...sh.1.0.0.94.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab50997.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 13631 bytes

Hi, google-ish

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {27D7C51C-280D-4AEB-92DD-1A8B09B3A937} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [144f1a57] "rundll32.exe" "C:\WINDOWS\system32\bsnyqfcw.dll",b


Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\WINDOWS\system32\bsnyqfcw.dll
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
  • If able, copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on a note pad document. Save it on the desktop and post its contents in your next reply.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Download Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
• Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.

If the files are too long, attach them to a reply:

• Scroll down and click the [Manage Attachments] button
• Browse to the following folder:
  • C:\Deckard\System Scanner
• Click Upload to upload these files one by one
• Submit your reply

Result for OTMoveIt

File/Folder C:\WINDOWS\system32\bsnyqfcw.dll not found.

Created on 11-27-2007 02:15:41

main.txt and extra.txt have been uploaded.

Hi, google-ish

Download the enclose folder and save it to the desktop.



Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a frehs Hijackthis log.

combofix log result...

ComboFix 07-11-19.3 - Gabriel 2007-11-27 13:35:13.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.581 [GMT 8:00]
Running from: C:\Documents and Settings\Gabriel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gabriel\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Gabriel\f.exe
C:\Documents and Settings\Gabriel\x.dat
C:\Documents and Settings\Gabriel\z.dat
C:\Documents and Settings\Gracia\f.exe
C:\Documents and Settings\Gracia\x.dat
C:\Documents and Settings\Gracia\z.dat
C:\n.bat
C:\WINDOWS\system32\butrxppb.dll
C:\WINDOWS\system32\mnvxpugw.ini2
C:\WINDOWS\system32\pioxiwsh.dll
C:\WINDOWS\system32\ukbleecg.dll
C:\WINDOWS\system32\vcuolbpx.dll
C:\WINDOWS\system32\xkqihxbe.dll
C:\x.dat
C:\z.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gabriel\f.exe
C:\Documents and Settings\Gabriel\x.dat
C:\Documents and Settings\Gabriel\z.dat
C:\Documents and Settings\Gracia\f.exe
C:\Documents and Settings\Gracia\x.dat
C:\Documents and Settings\Gracia\z.dat
C:\FOUND.051
C:\FOUND.052
C:\FOUND.053
C:\FOUND.055
C:\FOUND.055\FILE0000.CHK
C:\FOUND.055\FILE0001.CHK
C:\FOUND.055\FILE0002.CHK
C:\FOUND.055\FILE0003.CHK
C:\FOUND.055\FILE0004.CHK
C:\FOUND.055\FILE0005.CHK
C:\FOUND.055\FILE0006.CHK
C:\FOUND.055\FILE0007.CHK
C:\FOUND.055\FILE0008.CHK
C:\FOUND.055\FILE0009.CHK
C:\FOUND.055\FILE0010.CHK
C:\FOUND.055\FILE0011.CHK
C:\FOUND.055\FILE0012.CHK
C:\FOUND.055\FILE0013.CHK
C:\FOUND.055\FILE0014.CHK
C:\FOUND.055\FILE0015.CHK
C:\FOUND.055\FILE0016.CHK
C:\FOUND.055\FILE0017.CHK
C:\FOUND.055\FILE0018.CHK
C:\FOUND.055\FILE0019.CHK
C:\FOUND.055\FILE0020.CHK
C:\FOUND.055\FILE0021.CHK
C:\FOUND.055\FILE0022.CHK
C:\FOUND.055\FILE0023.CHK
C:\FOUND.055\FILE0024.CHK
C:\FOUND.055\FILE0025.CHK
C:\FOUND.055\FILE0026.CHK
C:\FOUND.055\FILE0027.CHK
C:\FOUND.055\FILE0028.CHK
C:\FOUND.056
C:\FOUND.056\FILE0000.CHK
C:\FOUND.056\FILE0001.CHK
C:\n.bat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\butrxppb.dll
C:\WINDOWS\system32\mnvxpugw.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pioxiwsh.dll
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
C:\WINDOWS\system32\ukbleecg.dll
C:\WINDOWS\system32\vcuolbpx.dll
C:\WINDOWS\system32\xkqihxbe.dll
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 13:10 <DIR> d--hs---- C:\FOUND.057
2007-11-27 02:20 <DIR> d-------- C:\Deckard
2007-11-26 02:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-26 02:36 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\SUPERAntiSpyware.com
2007-11-26 01:00 <DIR> d-------- C:\VundoFix Backups
2007-11-26 00:01 776,261 ---hs---- C:\WINDOWS\system32\wcfqynsb.ini
2007-11-25 01:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-25 00:30 776,012 ---hs---- C:\WINDOWS\system32\unwlfmpo.ini
2007-11-23 21:17 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-23 10:10 775,892 ---hs---- C:\WINDOWS\system32\qmwufrlf.ini
2007-11-23 00:59 737,378 ---hs---- C:\WINDOWS\system32\badfnbbl.ini
2007-11-22 22:15 737,318 ---hs---- C:\WINDOWS\system32\oouhthyh.ini
2007-11-22 10:35 714,461 ---hs---- C:\WINDOWS\system32\knlhtuaq.ini
2007-11-21 22:02 714,341 ---hs---- C:\WINDOWS\system32\sdtrefem.ini
2007-11-21 14:49 689,163 ---hs---- C:\WINDOWS\system32\ymibahap.ini
2007-11-21 14:35 <DIR> d-------- C:\Midtown Madness
2007-11-21 14:26 <DIR> d-------- C:\Documents and Settings\Gracia\WINDOWS
2007-11-21 14:23 <DIR> d-------- C:\sonicr
2007-11-21 14:21 689,223 ---hs---- C:\WINDOWS\system32\fdwhscxo.ini
2007-11-21 13:38 689,275 ---hs---- C:\WINDOWS\system32\foiwhywu.ini
2007-11-20 23:47 294 ---hs---- C:\WINDOWS\system32\gbxrstcq.ini2
2007-11-20 23:47 0 --ahs---- C:\WINDOWS\system32\gbxrstcq.ini
2007-11-19 22:45 0 --ahs---- C:\WINDOWS\system32\eaqersvl.ini
2007-11-19 22:35 <DIR> d--hs---- C:\FOUND.054
2007-11-19 20:23 0 --ahs---- C:\WINDOWS\system32\afpulqmm.ini
2007-11-19 15:16 0 --ahs---- C:\WINDOWS\system32\mnvxpugw.ini
2007-11-19 14:40 0 --a------ C:\Documents and Settings\Gracia\4567.bat
2007-11-19 14:40 0 --a------ C:\3030.bat
2007-11-19 12:11 70,655 --a------ C:\WINDOWS\system32\hasqxcwc.dll
2007-11-19 11:34 678,220 ---hs---- C:\WINDOWS\system32\ihmikmwx.ini
2007-11-18 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-18 21:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-18 15:45 0 ---hs---- C:\WINDOWS\system32\gtviwpon.ini
2007-11-17 23:57 678,076 ---hs---- C:\WINDOWS\system32\pohaeenm.ini
2007-11-17 12:58 <DIR> d-------- C:\Documents and Settings\Gracia\Application Data\Webroot
2007-11-17 12:57 <DIR> d-------- C:\Documents and Settings\Gracia\Application Data\iolo
2007-11-17 00:02 653,497 ---hs---- C:\WINDOWS\system32\tgicmxqe.ini
2007-11-17 00:02 85,056 --a------ C:\WINDOWS\system32\eqxmcigt.dll_2007.11.16.16.05.30
2007-11-16 21:53 653,428 ---hs---- C:\WINDOWS\system32\glprjwni.ini
2007-11-15 21:48 693,523 ---hs---- C:\WINDOWS\system32\kyfvsnqs.ini
2007-11-15 20:48 <DIR> d-------- C:\Temp\abW9
2007-11-15 20:48 <DIR> d-------- C:\Temp
2007-11-15 20:48 659,557 ---hs---- C:\WINDOWS\system32\revdcbxh.ini
2007-11-14 01:17 <DIR> d-------- C:\Documents and Settings\Gabriel\JavaApplication1
2007-11-14 01:14 <DIR> d-------- C:\Documents and Settings\Gabriel\.netbeans
2007-11-14 01:10 14,412 --a------ C:\WINDOWS\system32\jupdate-1.4.2_13-b06.log
2007-11-13 13:55 669,201 ---hs---- C:\WINDOWS\system32\qrsqjwxd.ini
2007-11-12 07:55 8,799 --ah----- C:\WINDOWS\system32\kavsvc.exe
2007-11-12 01:45 432 --a------ C:\WINDOWS\system32\iolo.ini
2007-11-12 01:31 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2007-11-12 01:30 <DIR> d-------- C:\Program Files\iolo
2007-11-12 01:30 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-11-12 01:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-11-12 01:30 39,424 --a------ C:\WINDOWS\system32\xpacket.sys
2007-11-12 01:30 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-11-12 01:30 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2007-11-12 01:22 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\iolo
2007-11-12 01:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-11-11 16:04 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-11 15:45 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-11-11 15:41 <DIR> d-------- C:\Program Files\Ace Utilities
2007-11-11 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-10 21:38 <DIR> dr-h----- C:\$VAULT$.AVG
2007-11-10 21:30 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\AVG7
2007-11-10 21:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-10 20:48 0 --a------ C:\WINDOWS\popcreg.dat
2007-11-10 20:45 249,856 --------- C:\WINDOWS\Setup1.exe
2007-11-10 20:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-10 13:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-10 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-10 13:57 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-10 13:57 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-09 13:43 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\Autodesk
2007-11-09 13:30 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-11-09 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-09 13:27 <DIR> d-------- C:\Program Files\Autodesk
2007-11-09 13:27 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-09 13:27 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-08 00:09 <DIR> d-------- C:\Program Files\iPod
2007-11-08 00:08 <DIR> d-------- C:\Program Files\iTunes
2007-11-07 23:51 <DIR> d--hs---- C:\FOUND.008

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 06:34 286,720 ----a-w C:\WINDOWS\iun503.exe
2007-11-11 17:23 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2007-11-10 19:31 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-10 19:31 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-03 03:46 363,368 ----a-w C:\WINDOWS\system32\Incinerator.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-01 04:15 839,696 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-08-02 13:44 282,624 ----a-w C:\Program Files\TTC.dll
2006-06-13 10:11 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-06-04 18:46 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-21 03:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 02:31]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-21 03:55]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-21 03:55]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-21 03:55]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="D:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 05:48]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-06 03:35]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2007-11-03 11:45]
"iolo AntiVirus"="D:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [2007-11-03 11:09]
"iolo Personal Firewall"="D:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [2007-11-03 11:23]
"SpySweeper"="D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-03-21 03:56 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe"
R2 U3SHLPDR200;U3SHLPDR200;\??\C:\WINDOWS\System32\Drivers\U3SHLPDR200.SYS
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S0 AFPAnsi;Alfa File Protector Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys
S3 XDva011;XDva011;\??\C:\WINDOWS\system32\XDva011.sys
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys
S3 XDva030;XDva030;\??\C:\WINDOWS\system32\XDva030.sys
S3 XDva031;XDva031;\??\C:\WINDOWS\system32\XDva031.sys
S3 XDva035;XDva035;\??\C:\WINDOWS\system32\XDva035.sys
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDBRGSYS.SYS
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 10:46:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-27 05:48:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 13:46:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 13:50:50 - machine was rebooted
.
--- E O F ---

Hi, google-ish

Download the enclose folder and save it to the desktop.

Ovrwrite the existing one.



Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a fresh Hijackthis log.

hey im back...so sorry for the extreme delay...

anyway, here's the log...



ComboFix 07-11-19.3 - Gabriel 2007-11-27 13:35:13.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.581 [GMT 8:00]
Running from: C:\Documents and Settings\Gabriel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gabriel\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Gabriel\f.exe
C:\Documents and Settings\Gabriel\x.dat
C:\Documents and Settings\Gabriel\z.dat
C:\Documents and Settings\Gracia\f.exe
C:\Documents and Settings\Gracia\x.dat
C:\Documents and Settings\Gracia\z.dat
C:\n.bat
C:\WINDOWS\system32\butrxppb.dll
C:\WINDOWS\system32\mnvxpugw.ini2
C:\WINDOWS\system32\pioxiwsh.dll
C:\WINDOWS\system32\ukbleecg.dll
C:\WINDOWS\system32\vcuolbpx.dll
C:\WINDOWS\system32\xkqihxbe.dll
C:\x.dat
C:\z.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gabriel\f.exe
C:\Documents and Settings\Gabriel\x.dat
C:\Documents and Settings\Gabriel\z.dat
C:\Documents and Settings\Gracia\f.exe
C:\Documents and Settings\Gracia\x.dat
C:\Documents and Settings\Gracia\z.dat
C:\FOUND.051
C:\FOUND.052
C:\FOUND.053
C:\FOUND.055
C:\FOUND.055\FILE0000.CHK
C:\FOUND.055\FILE0001.CHK
C:\FOUND.055\FILE0002.CHK
C:\FOUND.055\FILE0003.CHK
C:\FOUND.055\FILE0004.CHK
C:\FOUND.055\FILE0005.CHK
C:\FOUND.055\FILE0006.CHK
C:\FOUND.055\FILE0007.CHK
C:\FOUND.055\FILE0008.CHK
C:\FOUND.055\FILE0009.CHK
C:\FOUND.055\FILE0010.CHK
C:\FOUND.055\FILE0011.CHK
C:\FOUND.055\FILE0012.CHK
C:\FOUND.055\FILE0013.CHK
C:\FOUND.055\FILE0014.CHK
C:\FOUND.055\FILE0015.CHK
C:\FOUND.055\FILE0016.CHK
C:\FOUND.055\FILE0017.CHK
C:\FOUND.055\FILE0018.CHK
C:\FOUND.055\FILE0019.CHK
C:\FOUND.055\FILE0020.CHK
C:\FOUND.055\FILE0021.CHK
C:\FOUND.055\FILE0022.CHK
C:\FOUND.055\FILE0023.CHK
C:\FOUND.055\FILE0024.CHK
C:\FOUND.055\FILE0025.CHK
C:\FOUND.055\FILE0026.CHK
C:\FOUND.055\FILE0027.CHK
C:\FOUND.055\FILE0028.CHK
C:\FOUND.056
C:\FOUND.056\FILE0000.CHK
C:\FOUND.056\FILE0001.CHK
C:\n.bat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\butrxppb.dll
C:\WINDOWS\system32\mnvxpugw.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pioxiwsh.dll
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa18yy
C:\WINDOWS\system32\ukbleecg.dll
C:\WINDOWS\system32\vcuolbpx.dll
C:\WINDOWS\system32\xkqihxbe.dll
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
.

2007-11-27 13:10 <DIR> d--hs---- C:\FOUND.057
2007-11-27 02:20 <DIR> d-------- C:\Deckard
2007-11-26 02:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-26 02:36 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\SUPERAntiSpyware.com
2007-11-26 01:00 <DIR> d-------- C:\VundoFix Backups
2007-11-26 00:01 776,261 ---hs---- C:\WINDOWS\system32\wcfqynsb.ini
2007-11-25 01:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-25 00:30 776,012 ---hs---- C:\WINDOWS\system32\unwlfmpo.ini
2007-11-23 21:17 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-23 10:10 775,892 ---hs---- C:\WINDOWS\system32\qmwufrlf.ini
2007-11-23 00:59 737,378 ---hs---- C:\WINDOWS\system32\badfnbbl.ini
2007-11-22 22:15 737,318 ---hs---- C:\WINDOWS\system32\oouhthyh.ini
2007-11-22 10:35 714,461 ---hs---- C:\WINDOWS\system32\knlhtuaq.ini
2007-11-21 22:02 714,341 ---hs---- C:\WINDOWS\system32\sdtrefem.ini
2007-11-21 14:49 689,163 ---hs---- C:\WINDOWS\system32\ymibahap.ini
2007-11-21 14:35 <DIR> d-------- C:\Midtown Madness
2007-11-21 14:26 <DIR> d-------- C:\Documents and Settings\Gracia\WINDOWS
2007-11-21 14:23 <DIR> d-------- C:\sonicr
2007-11-21 14:21 689,223 ---hs---- C:\WINDOWS\system32\fdwhscxo.ini
2007-11-21 13:38 689,275 ---hs---- C:\WINDOWS\system32\foiwhywu.ini
2007-11-20 23:47 294 ---hs---- C:\WINDOWS\system32\gbxrstcq.ini2
2007-11-20 23:47 0 --ahs---- C:\WINDOWS\system32\gbxrstcq.ini
2007-11-19 22:45 0 --ahs---- C:\WINDOWS\system32\eaqersvl.ini
2007-11-19 22:35 <DIR> d--hs---- C:\FOUND.054
2007-11-19 20:23 0 --ahs---- C:\WINDOWS\system32\afpulqmm.ini
2007-11-19 15:16 0 --ahs---- C:\WINDOWS\system32\mnvxpugw.ini
2007-11-19 14:40 0 --a------ C:\Documents and Settings\Gracia\4567.bat
2007-11-19 14:40 0 --a------ C:\3030.bat
2007-11-19 12:11 70,655 --a------ C:\WINDOWS\system32\hasqxcwc.dll
2007-11-19 11:34 678,220 ---hs---- C:\WINDOWS\system32\ihmikmwx.ini
2007-11-18 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-18 21:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-18 15:45 0 ---hs---- C:\WINDOWS\system32\gtviwpon.ini
2007-11-17 23:57 678,076 ---hs---- C:\WINDOWS\system32\pohaeenm.ini
2007-11-17 12:58 <DIR> d-------- C:\Documents and Settings\Gracia\Application Data\Webroot
2007-11-17 12:57 <DIR> d-------- C:\Documents and Settings\Gracia\Application Data\iolo
2007-11-17 00:02 653,497 ---hs---- C:\WINDOWS\system32\tgicmxqe.ini
2007-11-17 00:02 85,056 --a------ C:\WINDOWS\system32\eqxmcigt.dll_2007.11.16.16.05.30
2007-11-16 21:53 653,428 ---hs---- C:\WINDOWS\system32\glprjwni.ini
2007-11-15 21:48 693,523 ---hs---- C:\WINDOWS\system32\kyfvsnqs.ini
2007-11-15 20:48 <DIR> d-------- C:\Temp\abW9
2007-11-15 20:48 <DIR> d-------- C:\Temp
2007-11-15 20:48 659,557 ---hs---- C:\WINDOWS\system32\revdcbxh.ini
2007-11-14 01:17 <DIR> d-------- C:\Documents and Settings\Gabriel\JavaApplication1
2007-11-14 01:14 <DIR> d-------- C:\Documents and Settings\Gabriel\.netbeans
2007-11-14 01:10 14,412 --a------ C:\WINDOWS\system32\jupdate-1.4.2_13-b06.log
2007-11-13 13:55 669,201 ---hs---- C:\WINDOWS\system32\qrsqjwxd.ini
2007-11-12 07:55 8,799 --ah----- C:\WINDOWS\system32\kavsvc.exe
2007-11-12 01:45 432 --a------ C:\WINDOWS\system32\iolo.ini
2007-11-12 01:31 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2007-11-12 01:30 <DIR> d-------- C:\Program Files\iolo
2007-11-12 01:30 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-11-12 01:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-11-12 01:30 39,424 --a------ C:\WINDOWS\system32\xpacket.sys
2007-11-12 01:30 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-11-12 01:30 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2007-11-12 01:22 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\iolo
2007-11-12 01:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-11-11 16:04 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-11 15:45 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-11-11 15:41 <DIR> d-------- C:\Program Files\Ace Utilities
2007-11-11 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-10 21:38 <DIR> dr-h----- C:\$VAULT$.AVG
2007-11-10 21:30 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\AVG7
2007-11-10 21:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-10 20:48 0 --a------ C:\WINDOWS\popcreg.dat
2007-11-10 20:45 249,856 --------- C:\WINDOWS\Setup1.exe
2007-11-10 20:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-10 13:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-10 13:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-10 13:57 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-10 13:57 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-09 13:43 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\Autodesk
2007-11-09 13:30 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-11-09 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-09 13:27 <DIR> d-------- C:\Program Files\Autodesk
2007-11-09 13:27 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-11-09 13:27 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-11-08 00:09 <DIR> d-------- C:\Program Files\iPod
2007-11-08 00:08 <DIR> d-------- C:\Program Files\iTunes
2007-11-07 23:51 <DIR> d--hs---- C:\FOUND.008

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 06:34 286,720 ----a-w C:\WINDOWS\iun503.exe
2007-11-11 17:23 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2007-11-10 19:31 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-10 19:31 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-03 03:46 363,368 ----a-w C:\WINDOWS\system32\Incinerator.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-01 04:15 839,696 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-08-02 13:44 282,624 ----a-w C:\Program Files\TTC.dll
2006-06-13 10:11 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-06-04 18:46 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-21 03:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 02:31]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-21 03:55]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-21 03:55]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-21 03:55]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="D:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 05:48]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-06 03:35]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2007-11-03 11:45]
"iolo AntiVirus"="D:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [2007-11-03 11:09]
"iolo Personal Firewall"="D:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [2007-11-03 11:23]
"SpySweeper"="D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-03-21 03:56 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe"
R2 U3SHLPDR200;U3SHLPDR200;\??\C:\WINDOWS\System32\Drivers\U3SHLPDR200.SYS
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S0 AFPAnsi;Alfa File Protector Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys
S3 XDva011;XDva011;\??\C:\WINDOWS\system32\XDva011.sys
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys
S3 XDva030;XDva030;\??\C:\WINDOWS\system32\XDva030.sys
S3 XDva031;XDva031;\??\C:\WINDOWS\system32\XDva031.sys
S3 XDva035;XDva035;\??\C:\WINDOWS\system32\XDva035.sys
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDBRGSYS.SYS
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 10:46:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-27 05:48:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 13:46:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-27 13:50:50 - machine was rebooted
.
--- E O F ---

Hi, google-ish

Here we go again. Remove the previous CFScript created.

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop

File::
C:\WINDOWS\system32\wcfqynsb.ini
C:\WINDOWS\system32\unwlfmpo.ini
C:\WINDOWS\system32\qmwufrlf.ini
C:\WINDOWS\system32\badfnbbl.ini
C:\WINDOWS\system32\oouhthyh.ini
C:\WINDOWS\system32\knlhtuaq.ini
C:\WINDOWS\system32\sdtrefem.ini
C:\WINDOWS\system32\ymibahap.ini
C:\WINDOWS\system32\fdwhscxo.ini
C:\WINDOWS\system32\foiwhywu.ini
C:\WINDOWS\system32\gbxrstcq.ini2
C:\WINDOWS\system32\gbxrstcq.ini
C:\WINDOWS\system32\eaqersvl.ini
C:\WINDOWS\system32\afpulqmm.ini
C:\WINDOWS\system32\mnvxpugw.ini
C:\Documents and Settings\Gracia\4567.bat
C:\3030.bat
C:\WINDOWS\system32\hasqxcwc.dll
C:\WINDOWS\system32\ihmikmwx.ini
C:\WINDOWS\system32\gtviwpon.ini
C:\WINDOWS\system32\pohaeenm.ini
C:\WINDOWS\system32\tgicmxqe.ini
C:\WINDOWS\system32\eqxmcigt.dll_2007.11.16.16.05.30
C:\WINDOWS\system32\glprjwni.ini
C:\WINDOWS\system32\kyfvsnqs.ini
C:\WINDOWS\system32\revdcbxh.ini
C:\WINDOWS\system32\qrsqjwxd.ini

Folder::
C:\FOUND.008
C:\FOUND.057
C:\FOUND.054
C:\Temp\abW9

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.

ok...im done with it...here it is...btw, i adjusted my system time to use comboFix.exe because it says it expires on 3rd dec which happens to be today...i guess it shouldnt be a prob right?

ComboFix 07-12-02.6 - Gabriel 2007-12-02 23:08:13.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.623 [GMT 8:00]
Running from: C:\Documents and Settings\Gabriel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gabriel\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.008
C:\FOUND.008\FILE0000.CHK
C:\FOUND.008\FILE0001.CHK
C:\FOUND.008\FILE0002.CHK
C:\FOUND.008\FILE0003.CHK
C:\FOUND.008\FILE0004.CHK
C:\FOUND.008\FILE0005.CHK
C:\FOUND.008\FILE0006.CHK
C:\FOUND.008\FILE0007.CHK
C:\FOUND.008\FILE0008.CHK
C:\FOUND.008\FILE0009.CHK
C:\FOUND.008\FILE0010.CHK
C:\FOUND.008\FILE0011.CHK
C:\FOUND.008\FILE0012.CHK
C:\FOUND.008\FILE0013.CHK
C:\FOUND.008\FILE0014.CHK
C:\FOUND.008\FILE0015.CHK
C:\FOUND.008\FILE0016.CHK
C:\FOUND.008\FILE0017.CHK
C:\FOUND.008\FILE0018.CHK
C:\FOUND.008\FILE0019.CHK
C:\FOUND.008\FILE0020.CHK
C:\FOUND.008\FILE0021.CHK
C:\FOUND.008\FILE0022.CHK
C:\FOUND.008\FILE0023.CHK
C:\FOUND.008\FILE0024.CHK
C:\FOUND.008\FILE0025.CHK
C:\FOUND.008\FILE0026.CHK
C:\FOUND.008\FILE0027.CHK
C:\FOUND.008\FILE0028.CHK
C:\FOUND.008\FILE0029.CHK
C:\FOUND.008\FILE0030.CHK
C:\FOUND.008\FILE0031.CHK
C:\FOUND.008\FILE0032.CHK
C:\FOUND.008\FILE0033.CHK
C:\FOUND.008\FILE0034.CHK
C:\FOUND.008\FILE0035.CHK
C:\FOUND.008\FILE0036.CHK
C:\FOUND.008\FILE0037.CHK
C:\FOUND.008\FILE0038.CHK
C:\FOUND.008\FILE0039.CHK
C:\FOUND.008\FILE0040.CHK
C:\FOUND.008\FILE0041.CHK
C:\FOUND.008\FILE0042.CHK
C:\FOUND.008\FILE0043.CHK
C:\FOUND.008\FILE0044.CHK
C:\FOUND.008\FILE0045.CHK
C:\FOUND.008\FILE0046.CHK
C:\FOUND.008\FILE0047.CHK
C:\FOUND.054
C:\FOUND.054\FILE0000.CHK
C:\FOUND.054\FILE0001.CHK
C:\FOUND.057
C:\FOUND.057\FILE0000.CHK
C:\FOUND.057\FILE0001.CHK
C:\FOUND.057\FILE0002.CHK
C:\FOUND.057\FILE0003.CHK
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 21:49 . 2007-12-02 21:49 <DIR> d--hs---- C:\FOUND.063
2007-12-02 21:01 . 2007-12-02 21:01 <DIR> d--hs---- C:\FOUND.062
2007-12-02 19:36 . 2007-12-02 19:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-02 19:36 . 2007-12-02 19:36 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\Webroot
2007-12-02 19:36 . 2007-12-02 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-02 19:01 . 2007-12-02 19:01 <DIR> d-------- C:\Program Files\Security Task Manager
2007-12-02 19:01 . 2007-12-02 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-02 18:46 . 2007-12-02 18:46 <DIR> d--hs---- C:\FOUND.061
2007-12-02 13:11 . 2007-12-02 13:11 <DIR> d--hs---- C:\FOUND.060
2007-12-01 01:25 . 2007-12-02 18:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-01 01:25 . 2007-12-01 01:25 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-01 01:23 . 2007-12-01 01:23 <DIR> d-------- C:\Program Files\iPod
2007-12-01 01:22 . 2007-12-01 01:22 <DIR> d-------- C:\Program Files\iTunes
2007-11-29 21:02 . 2007-11-29 21:02 <DIR> d-------- C:\Program Files\MagicDisc
2007-11-29 21:02 . 2007-09-05 01:46 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-11-29 17:20 . 2007-11-29 17:20 <DIR> d--hs---- C:\FOUND.059
2007-11-29 08:21 . 2007-11-29 08:21 <DIR> d--hs---- C:\FOUND.058
2007-11-29 02:37 . 2007-11-29 02:37 <DIR> d--hs---- C:\FOUND.056
2007-11-29 01:07 . 2007-11-29 01:07 <DIR> d--hs---- C:\FOUND.055
2007-11-29 00:21 . 2007-11-29 00:21 <DIR> d-------- C:\Program Files\MagicISO
2007-11-28 22:13 . 2007-11-28 22:13 <DIR> d--hs---- C:\FOUND.053
2007-11-28 21:37 . 2007-11-28 21:37 <DIR> d--hs---- C:\FOUND.052
2007-11-28 20:35 . 2007-11-28 20:51 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-28 00:57 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2007-11-28 00:57 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2007-11-28 00:52 . 2007-11-28 00:52 <DIR> d-------- C:\Program Files\Bonjour
2007-11-27 22:51 . 2007-11-27 22:51 <DIR> d--hs---- C:\FOUND.051
2007-11-27 21:55 . 2007-11-27 21:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-27 21:16 . 2007-11-27 21:16 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2007-11-27 21:16 . 2007-11-27 21:16 <DIR> d-------- C:\Program Files\MSECACHE
2007-11-27 02:20 . 2007-11-27 02:21 <DIR> d-------- C:\Deckard
2007-11-26 02:37 . 2007-11-26 02:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-26 02:36 . 2007-11-26 02:36 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\SUPERAntiSpyware.com
2007-11-26 00:01 . 2007-11-26 19:14 776,261 ---hs---- C:\WINDOWS\system32\wcfqynsb.ini
2007-11-25 01:16 . 2007-11-25 01:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-25 00:30 . 2007-11-26 00:01 776,012 ---hs---- C:\WINDOWS\system32\unwlfmpo.ini
2007-11-23 10:10 . 2007-11-25 00:23 775,892 ---hs---- C:\WINDOWS\system32\qmwufrlf.ini
2007-11-23 00:59 . 2007-11-23 01:00 737,378 ---hs---- C:\WINDOWS\system32\badfnbbl.ini
2007-11-22 22:15 . 2007-11-23 00:58 737,318 ---hs---- C:\WINDOWS\system32\oouhthyh.ini
2007-11-22 10:35 . 2007-11-22 22:11 714,461 ---hs---- C:\WINDOWS\system32\knlhtuaq.ini
2007-11-21 22:02 . 2007-11-22 10:33 714,341 ---hs---- C:\WINDOWS\system32\sdtrefem.ini
2007-11-21 14:49 . 2007-11-21 14:49 689,163 ---hs---- C:\WINDOWS\system32\ymibahap.ini
2007-11-21 14:21 . 2007-11-21 14:49 689,223 ---hs---- C:\WINDOWS\system32\fdwhscxo.ini
2007-11-21 13:38 . 2007-11-21 14:20 689,275 ---hs---- C:\WINDOWS\system32\foiwhywu.ini
2007-11-20 23:47 . 2007-11-19 12:37 0 --ahs---- C:\WINDOWS\system32\gbxrstcq.ini
2007-11-19 22:45 . 2007-11-19 12:37 0 --ahs---- C:\WINDOWS\system32\eaqersvl.ini
2007-11-19 20:23 . 2007-11-19 12:37 0 --ahs---- C:\WINDOWS\system32\afpulqmm.ini
2007-11-19 15:16 . 2007-11-19 12:37 0 --ahs---- C:\WINDOWS\system32\mnvxpugw.ini
2007-11-19 14:40 . 2007-11-19 14:40 0 --a------ C:\3030.bat
2007-11-19 12:11 . 2007-11-19 12:11 70,655 --a------ C:\WINDOWS\system32\HASQXCWC.DLL
2007-11-19 11:34 . 2007-11-19 11:34 678,220 ---hs---- C:\WINDOWS\system32\ihmikmwx.ini
2007-11-18 21:52 . 2007-11-18 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-18 21:46 . 2007-11-18 21:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-18 15:45 . 2007-11-19 12:37 0 ---hs---- C:\WINDOWS\system32\gtviwpon.ini
2007-11-17 23:57 . 2007-11-18 15:41 678,076 ---hs---- C:\WINDOWS\system32\pohaeenm.ini
2007-11-17 00:02 . 2007-11-17 02:26 653,497 ---hs---- C:\WINDOWS\system32\tgicmxqe.ini
2007-11-16 21:53 . 2007-11-16 21:53 653,428 ---hs---- C:\WINDOWS\system32\glprjwni.ini
2007-11-15 21:48 . 2007-11-16 21:49 693,523 ---hs---- C:\WINDOWS\system32\kyfvsnqs.ini
2007-11-15 20:48 . 2007-11-15 20:48 <DIR> d-------- C:\Temp
2007-11-15 20:48 . 2007-11-15 20:48 659,557 ---hs---- C:\WINDOWS\system32\revdcbxh.ini
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-14 14:22 . 2007-11-15 20:48 661,580 ---hs---- C:\WINDOWS\system32\wcffldpv.ini
2007-11-14 01:17 . 2007-11-14 01:17 <DIR> d-------- C:\Documents and Settings\Gabriel\JavaApplication1
2007-11-14 01:14 . 2007-11-14 01:14 <DIR> d-------- C:\Documents and Settings\Gabriel\.netbeans
2007-11-13 13:55 . 2007-11-14 14:22 669,201 ---hs---- C:\WINDOWS\system32\qrsqjwxd.ini
2007-11-13 00:19 . 2007-11-13 13:47 590,476 ---hs---- C:\WINDOWS\system32\pwneaboa.ini
2007-11-12 07:55 . 2006-10-27 22:53 8,799 --ah----- C:\WINDOWS\system32\kavsvc.exe
2007-11-12 01:57 . 2007-11-12 01:57 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-11-12 01:45 . 2007-11-12 01:45 432 --a------ C:\WINDOWS\system32\iolo.ini
2007-11-12 01:31 . 2007-07-25 09:42 126,976 --a------ C:\WINDOWS\system32\iavlsp.dll
2007-11-12 01:30 . 2007-11-12 01:30 <DIR> d-------- C:\Program Files\iolo
2007-11-12 01:30 . 2007-11-12 01:30 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-11-12 01:30 . 2007-11-12 01:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2007-11-12 01:30 . 2007-11-03 11:46 363,368 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-11-12 01:30 . 2006-11-25 17:39 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-11-12 01:30 . 2007-10-02 12:41 39,424 --a------ C:\WINDOWS\system32\xpacket.sys
2007-11-12 01:30 . 2006-11-25 17:39 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-11-12 01:30 . 2006-07-24 18:51 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2007-11-12 01:23 . 2007-11-12 01:23 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-11-12 01:22 . 2007-11-12 01:22 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\iolo
2007-11-12 01:22 . 2007-11-12 01:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-11-11 16:44 . 2007-11-12 01:14 121 --a------ C:\WINDOWS\bdagent.INI
2007-11-11 16:04 . 2007-11-12 00:36 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-11-11 15:45 . 2007-11-11 15:45 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-11-11 15:41 . 2007-11-11 15:41 <DIR> d-------- C:\Program Files\Ace Utilities
2007-11-11 03:01 . 2007-11-11 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-10 22:10 . 2007-11-30 01:43 102,400 --a------ C:\WINDOWS\DUMP6958.tmp
2007-11-10 21:38 . 2007-11-10 21:38 <DIR> dr-h----- C:\$VAULT$.AVG
2007-11-10 21:30 . 2007-11-10 21:30 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\AVG7
2007-11-10 21:29 . 2007-11-10 21:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-10 20:48 . 2007-11-10 20:48 0 --a------ C:\WINDOWS\popcreg.dat
2007-11-10 20:45 . 2007-11-10 20:45 249,856 --------- C:\WINDOWS\Setup1.exe
2007-11-10 20:45 . 2007-11-10 20:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-10 13:57 . 2007-03-01 19:54 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-11-10 13:57 . 2007-03-01 19:54 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-10 13:57 . 2007-03-01 19:54 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-10 13:57 . 2007-03-01 19:54 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-11-09 13:43 . 2007-11-09 13:43 <DIR> d-------- C:\Documents and Settings\Gabriel\Application Data\Autodesk
2007-11-09 13:31 . 2007-11-09 13:31 231 --a------ C:\WINDOWS\system32\3dsmax.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 06:34 286,720 ----a-w C:\WINDOWS\iun503.exe
2007-11-10 19:31 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-10 19:31 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-08-02 13:44 282,624 ----a-w C:\Program Files\TTC.dll
2006-06-13 10:11 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-06-04 18:46 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-21 03:56]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-25 02:31]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="D:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 05:48]
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-06 03:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2007-11-03 11:45]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-21 03:55]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-21 03:55]
"PCSuiteTrayApplication"="D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"iolo AntiVirus"="D:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [2007-11-03 11:09]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-21 03:55]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"SpySweeper"="D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]
"iolo Personal Firewall"="D:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [2007-11-03 11:23]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-03-21 03:56 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Gabriel\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-11-29 21:02:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

R0 XPacket;iolo Personal Firewall Driver;C:\WINDOWS\system32\xpacket.sys
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe"
R2 U3SHLPDR200;U3SHLPDR200;\??\C:\WINDOWS\System32\Drivers\U3SHLPDR200.SYS
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S0 AFPAnsi;Alfa File Protector Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys
S3 dump_wmimmc;dump_wmimmc;\??\D:\WIZET\MapleStory\GameGuard\dump_wmimmc.sys
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys
S3 XDva011;XDva011;\??\C:\WINDOWS\system32\XDva011.sys
S3 XDva020;XDva020;\??\C:\WINDOWS\system32\XDva020.sys
S3 XDva030;XDva030;\??\C:\WINDOWS\system32\XDva030.sys
S3 XDva031;XDva031;\??\C:\WINDOWS\system32\XDva031.sys
S3 XDva035;XDva035;\??\C:\WINDOWS\system32\XDva035.sys
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDBRGSYS.SYS
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\ZDPNDIS5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 10:46:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-02 15:17:34 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 23:16:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 23:19:21 - machine was rebooted
C:\ComboFix3.txt ... 2007-11-27 13:50
C:\ComboFix2.txt ... 2007-12-02 01:48
.
--- E O F ---

Edited by google-ish, 03 December 2007 - 09:22 AM.

Hi, google-ish

Remove the previous CFScript created.

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop

File::
C:\WINDOWS\system32\wcfqynsb.ini
C:\WINDOWS\system32\unwlfmpo.ini
C:\WINDOWS\system32\qmwufrlf.ini
C:\WINDOWS\system32\badfnbbl.ini
C:\WINDOWS\system32\oouhthyh.ini
C:\WINDOWS\system32\knlhtuaq.ini
C:\WINDOWS\system32\sdtrefem.ini
C:\WINDOWS\system32\ymibahap.in
C:\WINDOWS\system32\fdwhscxo.ini
C:\WINDOWS\system32\foiwhywu.ini
C:\WINDOWS\system32\gbxrstcq.ini
C:\WINDOWS\system32\eaqersvl.ini
C:\WINDOWS\system32\afpulqmm.ini
C:\WINDOWS\system32\mnvxpugw.ini
C:\WINDOWS\system32\HASQXCWC.DLL
C:\WINDOWS\system32\ihmikmwx.ini
C:\WINDOWS\system32\gtviwpon.ini
C:\WINDOWS\system32\pohaeenm.ini
C:\WINDOWS\system32\tgicmxqe.ini
C:\WINDOWS\system32\glprjwni.ini
C:\WINDOWS\system32\kyfvsnqs.ini
C:\WINDOWS\system32\revdcbxh.ini
C:\WINDOWS\system32\wcffldpv.ini
C:\WINDOWS\system32\qrsqjwxd.ini
C:\WINDOWS\system32\pwneaboa.ini
C:\WINDOWS\Setup1.exe
C:\WINDOWS\system32\smrgdf.exe

Folder::
C:\FOUND.063
C:\FOUND.062
C:\FOUND.061
C:\FOUND.060
C:\FOUND.059
C:\FOUND.058
C:\FOUND.056
C:\FOUND.055
C:\FOUND.053
C:\FOUND.052
C:\FOUND.051

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.