[redbulldawg]

Hello.

I am using Mozilla Firefox and continue to get a pop every few minutes from pcprivacytool.com to go to their website. I have to continuously kill the two windows and the extra tabs. I have downloaded AVG 7.5 for viruses and now have used AVG for spyware. They have found things and have deleted them but the stupid window keeps popping up. I have also used Spybot and AdAware and can't seem to find the root of the problem. Here is my log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:32 PM, on 11/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alertic.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\system32\service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.catt.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*mi
rosoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*
est-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkass
ciates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;m.2mdn.net;<local>
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {47FD1D75-E4C0-4049-A882-60B57314032A} - C:\WINDOWS\system32\ddcbyaw.dll (file missing)
O2 - BHO: (no name) - {4846AA03-5164-4903-8221-836392B0020F} - C:\WINDOWS\system32\vtstt.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: XSearch - {68738396-37F2-437F-B3B4-5702AF2FD2EB} - C:\WINDOWS\Downloaded Program Files\XSearch.dll
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\ramtmb.dll (file missing)
O2 - BHO: (no name) - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Jason\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [main] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Jason\winmain.exe
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\Jason\winmain.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.c...ploadClient.cab
O20 - Winlogon Notify: ddcbyaw - ddcbyaw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 12031 bytes


Will someone who knows more than me please help??

Thanks

Edited by redbulldawg, 01 November 2007 - 09:22 PM.

[Advertisements]

I have read someone else's help request and downloaded Combofix. Here is the log after it ran:

ComboFix 07-11-01.2 - Jason 2007-11-01 23:30:15.1 - NTFSx86
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\Jason\Application Data\CROSOF~1
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\dobe~1
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\b111.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\alertic.exe
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
.

2007-11-01 23:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-01 23:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-01 19:06 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Grisoft
2007-11-01 18:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-01 18:24 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-11-01 13:05 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\AVG7
2007-10-31 23:28 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-10-31 23:14 <DIR> d-------- C:\Documents and Settings\Jason\.housecall6.6
2007-10-30 23:58 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-10-29 20:50 28,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2007-10-29 15:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-10-29 07:14 81,920 --a------ C:\WINDOWS\SYSTEM32\winaltet.exe
2007-10-26 23:17 <DIR> d-------- C:\Program Files\KeyScrambler
2007-10-26 23:17 113,128 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys
2007-10-24 05:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-24 05:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-24 00:00 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\AVG7
2007-10-23 23:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-23 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-23 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-23 22:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-23 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-23 21:44 92,725 --ahs---- C:\WINDOWS\SYSTEM32\ttstv.bak2
2007-10-23 09:46 4 --a------ C:\WINDOWS\SYSTEM32\stfv.bin
2007-10-23 09:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\acespy
2007-10-23 09:20 1 --a------ C:\WINDOWS\SYSTEM32\boa1.dat
2007-10-23 09:19 1 --a------ C:\WINDOWS\SYSTEM32\rc.dat
2007-10-23 07:52 6,470 --ahs---- C:\WINDOWS\SYSTEM32\ttstv.bak1
2007-10-22 23:20 <DIR> d--hs---- C:\WINDOWS\SmFzb24
2007-10-19 16:36 <DIR> d-------- C:\Program Files\Snood 4 Beta
2007-10-10 01:05 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 16:49 --------- d-----w C:\Program Files\Winamp
2007-10-23 07:11 10 ----a-w C:\Program Files\.autoreg
2007-10-22 03:23 --------- d-----w C:\Program Files\PokerStars.NET
2007-10-22 03:23 --------- d-----w C:\Program Files\PokerStars
2007-10-22 03:18 --------- d-----w C:\Program Files\BitTorrent
2007-10-22 03:16 --------- d-----w C:\Program Files\Risk
2007-10-22 03:14 --------- d-----w C:\Program Files\PartyGaming.Net
2007-10-22 03:12 --------- d-----w C:\Program Files\NetZero
2007-10-22 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 00:45 --------- d-----w C:\Documents and Settings\Jason\Application Data\BitTorrent
2007-09-11 06:15 594,419,785 ----a-w C:\Documents and Settings\Jason\free-mmorpg-games_Hero_Online.exe
2007-01-18 21:28 563,712 ----a-w C:\Documents and Settings\Jason\gotomypc_370.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4846AA03-5164-4903-8221-836392B0020F}]
C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68738396-37F2-437F-B3B4-5702AF2FD2EB}]
2007-10-24 07:02 254976 --a------ C:\WINDOWS\Downloaded Program Files\XSearch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
C:\WINDOWS\system32\ramtmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 03:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 09:36]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [2005-03-09 05:00]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 09:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-28 23:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-12-19 08:38]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 08:34]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-05-28 08:59]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 04:19]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"main"="C:\WINDOWS\system32\drivers\system.exe" []
"default"="C:\Documents and Settings\Jason\winmain.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"sysinit"=C:\WINDOWS\system32\drivers\system.exe
"winmz"=C:\Documents and Settings\Jason\winmain.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2006-01-05 20:45:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyaw]
ddcbyaw.dll

R2 Winaltet;Windows Notification Service;C:\WINDOWS\System32\winaltet.exe -srv
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys
S2 Winalert;Windows Alert Service;C:\WINDOWS\System32\alertic.exe -srv
S3 XDva030;XDva030;\??\C:\WINDOWS\system32\XDva030.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-24 02:50:12 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 23:38:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
sysinit = C:\WINDOWS\system32\drivers\system.exe??????????????3538????h???h???????44434760????????????????c:\444347609????:???????*???http://hq-pharma.org/_id_1731782122_l_3538???e???e??(3??C:\Documents and Settings\Jason\winmain.exe??e???e???2???e???2??????????????3525??wn4 ??4 ??????397466810???????????????c:\397466812L???;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?? ??? ??0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525,???????????????http@???????????????3525??34p???p???????40107085l???????????????c:\401070859????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214( ??C???????0???http://videowebsoft.com/download/502/214/0/|3525h ??????????????http| ??????????????3525????????????????40467476? ??????????????c:\404674765? ??;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782,???;???????+???http://videowebsoft.com/download/502/214d???C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525??82????????????40827925????????????????c:\408279250????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?T???T???0???http://hq-pharma.org/_id_1731782h???;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525??s\$???$???????41188900????????????????c:\411889000????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525?????e???e???,??8718????C???????2???http://megcodec.com/download/megcodec1315.exe|3410??????????8???http://hq-pharma.org/_id_1731782122_v_p1????C???????2???http://megcodec.com/download/megcodec1315.exe|34???
winmz = C:\Documents and Settings\Jason\winmain.exe??e???e???2???e???2??????????????3525??wn4 ??4 ??????397466810???????????????c:\397466812L???;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?? ??? ??0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525,???????????????http@???????????????3525??34p???p???????40107085l???????????????c:\401070859????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214( ??C???????0???http://videowebsoft.com/download/502/214/0/|3525h ??????????????http| ??????????????3525????????????????40467476? ??????????????c:\404674765? ??;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782,???;???????+???http://videowebsoft.com/download/502/214d???C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525??82????????????40827925????????????????c:\408279250????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?T???T???0???http://hq-pharma.org/_id_1731782h???;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525??s\$???$???????41188900????????????????c:\411889000????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525?????e???e???,??8718????C???????2???http://megcodec.com/download/megcodec1315.exe|3410??????????8???http://hq-pharma.org/_id_1731782122_v_p1????C???????2???http://megcodec.com/download/megcodec1315.exe|34????????????????c:\332599687????H???H???h???http://hq-pharma.org/_id_1731782122?x???x???8???http://hq-pharma.org/_id_1731782122_v_p1????C???????2???http://megcodec.com/download/megcode

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 0:05:00 - machine was rebooted
.
--- E O F ---


Can someone please tell me what do I do now? is anything fixed?

Thanks for all the help in advance.

[redbulldawg]

I have read someone else's help request and downloaded Combofix. Here is the log after it ran:

ComboFix 07-11-01.2 - Jason 2007-11-01 23:30:15.1 - NTFSx86
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\Jason\Application Data\CROSOF~1
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\dobe~1
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\b111.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\alertic.exe
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
.

2007-11-01 23:28 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-01 23:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-01 19:06 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Grisoft
2007-11-01 18:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-01 18:24 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-11-01 13:05 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\AVG7
2007-10-31 23:28 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-10-31 23:14 <DIR> d-------- C:\Documents and Settings\Jason\.housecall6.6
2007-10-30 23:58 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
2007-10-29 20:50 28,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys
2007-10-29 15:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-10-29 07:14 81,920 --a------ C:\WINDOWS\SYSTEM32\winaltet.exe
2007-10-26 23:17 <DIR> d-------- C:\Program Files\KeyScrambler
2007-10-26 23:17 113,128 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys
2007-10-24 05:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-24 05:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-24 00:00 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\AVG7
2007-10-23 23:59 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-23 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-23 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-23 22:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-23 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-23 21:44 92,725 --ahs---- C:\WINDOWS\SYSTEM32\ttstv.bak2
2007-10-23 09:46 4 --a------ C:\WINDOWS\SYSTEM32\stfv.bin
2007-10-23 09:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\acespy
2007-10-23 09:20 1 --a------ C:\WINDOWS\SYSTEM32\boa1.dat
2007-10-23 09:19 1 --a------ C:\WINDOWS\SYSTEM32\rc.dat
2007-10-23 07:52 6,470 --ahs---- C:\WINDOWS\SYSTEM32\ttstv.bak1
2007-10-22 23:20 <DIR> d--hs---- C:\WINDOWS\SmFzb24
2007-10-19 16:36 <DIR> d-------- C:\Program Files\Snood 4 Beta
2007-10-10 01:05 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 16:49 --------- d-----w C:\Program Files\Winamp
2007-10-23 07:11 10 ----a-w C:\Program Files\.autoreg
2007-10-22 03:23 --------- d-----w C:\Program Files\PokerStars.NET
2007-10-22 03:23 --------- d-----w C:\Program Files\PokerStars
2007-10-22 03:18 --------- d-----w C:\Program Files\BitTorrent
2007-10-22 03:16 --------- d-----w C:\Program Files\Risk
2007-10-22 03:14 --------- d-----w C:\Program Files\PartyGaming.Net
2007-10-22 03:12 --------- d-----w C:\Program Files\NetZero
2007-10-22 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 00:45 --------- d-----w C:\Documents and Settings\Jason\Application Data\BitTorrent
2007-09-11 06:15 594,419,785 ----a-w C:\Documents and Settings\Jason\free-mmorpg-games_Hero_Online.exe
2007-01-18 21:28 563,712 ----a-w C:\Documents and Settings\Jason\gotomypc_370.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4846AA03-5164-4903-8221-836392B0020F}]
C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68738396-37F2-437F-B3B4-5702AF2FD2EB}]
2007-10-24 07:02 254976 --a------ C:\WINDOWS\Downloaded Program Files\XSearch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
C:\WINDOWS\system32\ramtmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 03:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 03:01]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 21:47]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 09:36]
"EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [2005-03-09 05:00]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 09:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-28 23:07]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-12-19 08:38]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 08:34]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-05-28 08:59]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 04:19]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"main"="C:\WINDOWS\system32\drivers\system.exe" []
"default"="C:\Documents and Settings\Jason\winmain.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"sysinit"=C:\WINDOWS\system32\drivers\system.exe
"winmz"=C:\Documents and Settings\Jason\winmain.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2006-01-05 20:45:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyaw]
ddcbyaw.dll

R2 Winaltet;Windows Notification Service;C:\WINDOWS\System32\winaltet.exe -srv
R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys
S2 Winalert;Windows Alert Service;C:\WINDOWS\System32\alertic.exe -srv
S3 XDva030;XDva030;\??\C:\WINDOWS\system32\XDva030.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-24 02:50:12 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 23:38:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
sysinit = C:\WINDOWS\system32\drivers\system.exe??????????????3538????h???h???????44434760????????????????c:\444347609????:???????*???http://hq-pharma.org/_id_1731782122_l_3538???e???e??(3??C:\Documents and Settings\Jason\winmain.exe??e???e???2???e???2??????????????3525??wn4 ??4 ??????397466810???????????????c:\397466812L???;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?? ??? ??0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525,???????????????http@???????????????3525??34p???p???????40107085l???????????????c:\401070859????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214( ??C???????0???http://videowebsoft.com/download/502/214/0/|3525h ??????????????http| ??????????????3525????????????????40467476? ??????????????c:\404674765? ??;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782,???;???????+???http://videowebsoft.com/download/502/214d???C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525??82????????????40827925????????????????c:\408279250????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?T???T???0???http://hq-pharma.org/_id_1731782h???;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525??s\$???$???????41188900????????????????c:\411889000????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525?????e???e???,??8718????C???????2???http://megcodec.com/download/megcodec1315.exe|3410??????????8???http://hq-pharma.org/_id_1731782122_v_p1????C???????2???http://megcodec.com/download/megcodec1315.exe|34???
winmz = C:\Documents and Settings\Jason\winmain.exe??e???e???2???e???2??????????????3525??wn4 ??4 ??????397466810???????????????c:\397466812L???;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?? ??? ??0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525,???????????????http@???????????????3525??34p???p???????40107085l???????????????c:\401070859????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214( ??C???????0???http://videowebsoft.com/download/502/214/0/|3525h ??????????????http| ??????????????3525????????????????40467476? ??????????????c:\404674765? ??;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782,???;???????+???http://videowebsoft.com/download/502/214d???C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525??82????????????40827925????????????????c:\408279250????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?T???T???0???http://hq-pharma.org/_id_1731782h???;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525??s\$???$???????41188900????????????????c:\411889000????;???????)???C:\WINDOWS\system32\drivers\system.exe %1?e?????????0???http://hq-pharma.org/_id_1731782????;???????+???http://videowebsoft.com/download/502/214????C???????0???http://videowebsoft.com/download/502/214/0/|3525????????????????http????????????????3525?????e???e???,??8718????C???????2???http://megcodec.com/download/megcodec1315.exe|3410??????????8???http://hq-pharma.org/_id_1731782122_v_p1????C???????2???http://megcodec.com/download/megcodec1315.exe|34????????????????c:\332599687????H???H???h???http://hq-pharma.org/_id_1731782122?x???x???8???http://hq-pharma.org/_id_1731782122_v_p1????C???????2???http://megcodec.com/download/megcode

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 0:05:00 - machine was rebooted
.
--- E O F ---


Can someone please tell me what do I do now? is anything fixed?

Thanks for all the help in advance.