[khuggi4]

And this is the only other one. I'm sorry if I've closed it out without saving.

ComboFix 08-02.05.3 - kim 2008-02-05 21:30:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.59 [GMT -6:00]
Running from: C:\Documents and Settings\kim\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\kim\Desktop\CFScript.txt.lnk
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-06 to 2008-02-06 )))))))))))))))))))))))))))))))
.

2008-02-04 23:18 . 2008-02-04 23:18 <DIR> d-------- C:\_OTMoveIt
2008-02-04 21:33 . 2008-02-04 21:33 <DIR> d-------- C:\Deckard
2008-02-04 18:41 . 2008-02-04 18:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 16:54 . 2008-01-28 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-28 16:53 . 2008-02-04 15:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-28 16:53 . 2008-01-28 16:53 <DIR> d-------- C:\Documents and Settings\kim\Application Data\SUPERAntiSpyware.com
2008-01-28 15:52 . 2008-01-28 15:52 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\2E24A38A-CD61-4270-8938-E75280F9090E.cxv
2008-01-28 11:54 . 2008-01-28 11:54 <DIR> d-------- C:\Documents and Settings\kim\Application Data\Grisoft
2008-01-28 11:53 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-01-28 11:52 . 2008-01-28 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 09:59 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-01-28 09:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\doxahacacnep.sys
2008-01-28 09:41 . 2008-01-28 09:41 156,160 --a------ C:\WINDOWS\SYSTEM32\D3.tmp
2008-01-27 00:30 . 2008-01-27 00:30 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\6123D187-1DFE-4405-B813-F17BEF579219.cxv
2008-01-27 00:25 . 2008-02-04 09:08 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-27 00:25 . 2008-01-27 00:25 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-27 00:25 . 2008-02-04 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-25 00:19 . 2008-01-25 00:19 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 02:26 . 2008-01-28 10:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-24 02:19 . 2008-01-24 02:19 <DIR> d-------- C:\Program Files\MSBuild
2008-01-24 02:11 . 2008-01-24 02:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2008-01-24 02:07 . 2008-01-24 02:07 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-24 02:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2008-01-24 02:03 . 2008-01-24 02:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-24 02:03 . 2008-01-24 02:03 <DIR> d-------- C:\74c32015e95a4c429486495272
2008-01-24 02:01 . 2006-10-04 08:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2008-01-24 02:01 . 2006-10-04 08:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2008-01-24 02:01 . 2006-10-04 08:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2008-01-24 01:58 . 2008-01-24 01:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-24 01:43 . 2006-11-13 00:02 288,768 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-01-24 01:43 . 2006-11-13 00:02 116,736 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-01-24 01:43 . 2006-11-13 00:02 36,352 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-01-23 22:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\qnptamuyyngn.sys
2008-01-23 21:58 . 2008-01-28 11:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-01-23 21:58 . 2008-01-28 09:50 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-01-23 21:58 . 2008-01-28 09:50 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-01-23 21:58 . 2008-01-28 09:50 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-01-13 21:07 . 2008-01-17 06:51 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-01-13 21:07 . 2008-01-17 06:51 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-01-13 21:07 . 2008-01-17 06:51 10,740 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-01-13 21:07 . 2008-01-17 06:51 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-01-13 20:37 . 2008-01-13 20:37 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-01-13 20:10 . 2008-01-13 20:10 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-13 20:10 . 2008-01-28 19:30 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-10 18:23 . 2008-01-24 02:26 <DIR> d-------- C:\temp
2008-01-06 09:05 . 2008-01-06 09:05 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 04:14 --------- d-----w C:\Program Files\iTunes
2008-02-04 20:48 --------- d-----w C:\Program Files\Intel
2008-02-04 15:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 15:22 --------- d-----w C:\Program Files\ArcSoft
2008-02-01 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-29 03:52 --------- d-----w C:\Documents and Settings\kim\Application Data\MSN6
2008-01-28 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 22:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 16:50 --------- d-----w C:\Program Files\FinePixViewer
2008-01-28 16:46 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-27 16:19 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-25 05:52 --------- d-----w C:\Program Files\CyberLink
2008-01-20 22:40 --------- d-----w C:\Program Files\QuickTime
2008-01-17 12:51 --------- d-----w C:\Program Files\Symantec
2008-01-15 15:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 11:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 02:09 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2008-01-14 01:45 --------- d-----w C:\Program Files\Yahoo!
2008-01-13 00:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-05 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Authentium
2008-01-05 01:07 --------- d-----w C:\Program Files\Common Files\RuleSpace
2008-01-05 01:06 --------- d-----w C:\Program Files\Common Files\Aluria
2008-01-05 01:04 --------- d-----w C:\Program Files\Common Files\Authentium
2008-01-05 00:57 --------- d-----w C:\Program Files\Cox
2008-01-05 00:39 --------- d-----w C:\Program Files\Windows Defender
2008-01-05 00:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-28 05:22 --------- d-----w C:\Documents and Settings\kim\Application Data\AVG7
2007-12-27 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-27 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-27 03:24 --------- d-----w C:\Documents and Settings\kim\Application Data\Yahoo!
2007-12-27 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-27 03:21 --------- d-----w C:\Documents and Settings\kim\Application Data\Move Networks
2007-12-27 03:20 --------- d-----w C:\Program Files\IrfanView
2007-12-27 00:03 --------- d-----w C:\Program Files\REGSHAVE
2007-12-26 23:24 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray .exe
2007-12-26 23:24 126,976 ----a-w C:\WINDOWS\SYSTEM32\hkcmd .exe
2007-12-26 23:23 169,984 ----a-w C:\WINDOWS\SYSTEM32\LEXPPS .EXE
2007-12-25 17:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-25 15:57 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-19 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Protexis
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-01-10 04:23 4 ----a-w C:\Documents and Settings\kim\controls.dat
2007-01-10 04:20 60,928 ----a-w C:\Documents and Settings\kim\jbfmod.dll
2007-01-10 04:20 161,280 ----a-w C:\Documents and Settings\kim\fmod.dll
2005-07-06 01:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

<pre>
----a-w		   185,632 2007-12-26 23:24:43  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			51,048 2008-01-14 02:16:11  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w				 0 2008-01-28 21:57:38  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w		   579,072 2007-12-26 23:24:55  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w			36,975 2007-12-26 23:24:48  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   282,624 2008-01-14 21:34:56  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   282,624 2008-01-14 21:34:52  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-01-14 21:34:54  C:\Program Files\QuickTime\qttask			.exe
----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		.exe
----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   282,624 2008-01-14 21:34:58  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	.exe
----a-w		   282,624 2008-01-14 21:35:05  C:\Program Files\QuickTime\qttask   .exe
----a-w		   282,624 2008-01-14 21:35:04  C:\Program Files\QuickTime\qttask  .exe
----a-w		   282,624 2008-01-14 21:35:00  C:\Program Files\QuickTime\qttask .exe
----a-w			53,248 2007-12-26 23:24:38  C:\Program Files\REGSHAVE\REGSHAVE .EXE
----a-w		 1,310,720 2008-01-29 01:14:38  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w		   777,424 2007-12-26 23:24:33  C:\Program Files\Windows Defender\MSASCui .exe
----a-w		 4,670,704 2007-12-25 16:02:03  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w			15,360 2007-12-25 15:57:21  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w		   126,976 2007-12-26 23:24:21  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w		   155,648 2007-12-26 23:24:16  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w		   169,984 2007-12-26 23:23:04  C:\WINDOWS\SYSTEM32\LEXPPS .EXE
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-30 22:06 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [2002-08-15 04:07 33792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LexStart"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"ESP"="c:\Program Files\Cox\Applications\app\start.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-02-03 15:26:02 294912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 23:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 USBCamera;Bulk USB Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 10:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 00:24:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-01-14 03:36:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - kim.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 21:35:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 21:39:04
ComboFix-quarantined-files.txt 2008-02-06 03:38:57
ComboFix2.txt 2008-02-06 02:42:57
.

[Advertisements]

Okay

• Download RenV.exe by sUBs to your desktop
• Double click on it to run it
• It will search your system drive looking for any modified .exe file and will produce a log for you.
  
  
  Refering to the picture above, drag the log it produced into RenV.exe and post the resulting report to your reply.

[kahdah]

Okay

• Download RenV.exe by sUBs to your desktop
• Double click on it to run it
• It will search your system drive looking for any modified .exe file and will produce a log for you.
  
  
  Refering to the picture above, drag the log it produced into RenV.exe and post the resulting report to your reply.

[khuggi4]

Ran on Wed 02/06/2008 - 11:30:31.17



----a-w		   185,632 2007-12-26 23:24:43  C:\Program Files\Common Files\Real\Update_OB\realsched .exe

----a-w			51,048 2008-01-14 02:16:11  C:\Program Files\Common Files\Symantec Shared\ccApp .exe

----a-w				 0 2008-01-28 21:57:38  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe

----a-w		   579,072 2007-12-26 23:24:55  C:\Program Files\Grisoft\AVG7\avgcc .exe

----a-w			36,975 2007-12-26 23:24:48  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe

----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask			   .exe

----a-w		   282,624 2008-01-14 21:34:56  C:\Program Files\QuickTime\qttask			  .exe

----a-w		   282,624 2008-01-14 21:34:52  C:\Program Files\QuickTime\qttask			 .exe

----a-w		   282,624 2008-01-14 21:34:54  C:\Program Files\QuickTime\qttask			.exe

----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask		   .exe

----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask		  .exe

----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		 .exe

----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		.exe

----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask	   .exe

----a-w		   282,624 2008-01-14 21:34:58  C:\Program Files\QuickTime\qttask	  .exe

----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	 .exe

----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	.exe

----a-w		   282,624 2008-01-14 21:35:05  C:\Program Files\QuickTime\qttask   .exe

----a-w		   282,624 2008-01-14 21:35:04  C:\Program Files\QuickTime\qttask  .exe

----a-w		   282,624 2008-01-14 21:35:00  C:\Program Files\QuickTime\qttask .exe

----a-w			53,248 2007-12-26 23:24:38  C:\Program Files\REGSHAVE\REGSHAVE .EXE

----a-w		 1,310,720 2008-01-29 01:14:38  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe

----a-w		   777,424 2007-12-26 23:24:33  C:\Program Files\Windows Defender\MSASCui .exe

----a-w		 4,670,704 2007-12-25 16:02:03  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE

----a-w			15,360 2007-12-25 15:57:21  C:\WINDOWS\SYSTEM32\ctfmon .exe

----a-w		   126,976 2007-12-26 23:24:21  C:\WINDOWS\SYSTEM32\hkcmd .exe

----a-w		   155,648 2007-12-26 23:24:16  C:\WINDOWS\SYSTEM32\igfxtray .exe

----a-w		   169,984 2007-12-26 23:23:04  C:\WINDOWS\SYSTEM32\LEXPPS .EXE



 Entries:			   28  (28)

 Directories:			0  Files:			28

 Bytes:		 12,372,151  Blocks:	   24,167

[kahdah]

• Copy the entire contents of the Code Box below to Notepad.
• Name the file as Log.txt (Overwrite the existing one)
• Change the Save as Type to All Files
• and Save it on the desktop

C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG7\avgcc .exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
C:\Program Files\QuickTime\qttask			   .exe
C:\Program Files\QuickTime\qttask			.exe
C:\Program Files\QuickTime\qttask		   .exe
C:\Program Files\QuickTime\qttask		  .exe
C:\Program Files\QuickTime\qttask		 .exe
C:\Program Files\QuickTime\qttask		.exe
C:\Program Files\QuickTime\qttask	   .exe
C:\Program Files\QuickTime\qttask	  .exe
C:\Program Files\QuickTime\qttask	 .exe
C:\Program Files\QuickTime\qttask	.exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\REGSHAVE\REGSHAVE .EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
C:\WINDOWS\SYSTEM32\LEXPPS .EXE

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

=====================



Refering to the picture above, drag Log.txt into RenV.exe and post the resulting report to your reply after rebooting into normal mode.

[khuggi4]

[code=auto:0]
Ran on Wed 02/06/2008 - 19:41:03.93

----a-w 185,632 2007-12-26 23:24:43 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 51,048 2008-01-14 02:16:11 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 0 2008-01-28 21:57:38 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w 579,072 2007-12-26 23:24:55 C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w 36,975 2007-12-26 23:24:48 C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w 282,624 2008-01-14 21:34:55 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:34:56 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:34:52 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:34:54 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:34:55 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:35:02 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:35:01 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:35:01 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:35:02 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:34:58 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:35:03 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:35:03 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:35:05 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:35:04 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-14 21:35:00 C:\Program Files\QuickTime\qttask .exe
----a-w 53,248 2007-12-26 23:24:38 C:\Program Files\REGSHAVE\REGSHAVE .EXE
----a-w 1,310,720 2008-01-29 01:14:38 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w 777,424 2007-12-26 23:24:33 C:\Program Files\Windows Defender\MSASCui .exe
----a-w 4,670,704 2007-12-25 16:02:03 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w 15,360 2007-12-25 15:57:21 C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w 126,976 2007-12-26 23:24:21 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 155,648 2007-12-26 23:24:16 C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w 169,984 2007-12-26 23:23:04 C:\WINDOWS\SYSTEM32\LEXPPS .EXE

[kahdah]

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post that log in your next reply.

[khuggi4]

nsa949.tmp;C:\Deckard\System Scanner\backup\DOCUME~1\kim\LOCALS~1\Temp;Tool.Prockill;Incurable.Moved.;
nsj918.tmp;C:\Deckard\System Scanner\backup\DOCUME~1\kim\LOCALS~1\Temp;Tool.Prockill;Incurable.Moved.;
nsp936.tmp;C:\Deckard\System Scanner\backup\DOCUME~1\kim\LOCALS~1\Temp;Tool.Prockill;Incurable.Moved.;
nst91D.tmp;C:\Deckard\System Scanner\backup\DOCUME~1\kim\LOCALS~1\Temp;Tool.Prockill;Incurable.Moved.;
RCX334.tmp;C:\Deckard\System Scanner\backup\DOCUME~1\kim\LOCALS~1\Temp;Adware.ISM;Incurable.Moved.;
A0257021.bat;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Probably BATCH.Virus;Incurable.Moved.;
A0258028.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.269;Deleted.;
A0258029.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.269;Deleted.;
A0258030.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Click.16975;Deleted.;
A0258031.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Juan.35;Deleted.;
A0258032.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.269;Deleted.;
A0258033.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.267;Deleted.;
A0258034.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Juan.35;Deleted.;
A0258035.exe;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.MulDrop.9328;Deleted.;
A0258036.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Click.16975;Deleted.;
A0258037.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.269;Deleted.;
A0258038.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Click.16975;Deleted.;
A0258039.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.269;Deleted.;
A0258040.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.269;Deleted.;
A0258041.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.269;Deleted.;
A0258042.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.272;Deleted.;
A0258043.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.272;Deleted.;
A0258044.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Click.16975;Deleted.;
A0258045.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.269;Deleted.;
A0258046.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.269;Deleted.;
A0258047.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Click.16975;Deleted.;
A0258048.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Virtumod.269;Deleted.;
A0258049.dll;C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1545;Trojan.Click.16975;Deleted.;

[kahdah]

Save the log that is produced after running Combofix, it will popup when it is done I only need to see the one that pops up when it is finished.


1. Please open Notepad

• Click Start , then Run
• type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RenV::
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG7\avgcc .exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
C:\Program Files\QuickTime\qttask			   .exe
C:\Program Files\QuickTime\qttask			.exe
C:\Program Files\QuickTime\qttask		   .exe
C:\Program Files\QuickTime\qttask		  .exe
C:\Program Files\QuickTime\qttask		 .exe
C:\Program Files\QuickTime\qttask		.exe
C:\Program Files\QuickTime\qttask	   .exe
C:\Program Files\QuickTime\qttask	  .exe
C:\Program Files\QuickTime\qttask	 .exe
C:\Program Files\QuickTime\qttask	.exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\REGSHAVE\REGSHAVE .EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
C:\WINDOWS\SYSTEM32\LEXPPS .EXE

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Edited by kahdah, 07 February 2008 - 03:31 AM.

[khuggi4]

ComboFix 08-02.05.3 - kim 2008-02-07 6:38:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.43 [GMT -6:00]Running from: C:\Documents and Settings\kim\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-06 20:50 . 2008-02-07 00:24 <DIR> d-------- C:\Documents and Settings\kim\DoctorWeb
2008-02-05 21:28 . 2004-08-04 01:56 388,608 --a------ C:\kmd.exe
2008-02-04 23:18 . 2008-02-04 23:18 <DIR> d-------- C:\_OTMoveIt
2008-02-04 21:33 . 2008-02-04 21:33 <DIR> d-------- C:\Deckard
2008-02-04 18:41 . 2008-02-04 18:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 16:54 . 2008-01-28 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-28 16:53 . 2008-02-06 10:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-28 16:53 . 2008-01-28 16:53 <DIR> d-------- C:\Documents and Settings\kim\Application Data\SUPERAntiSpyware.com
2008-01-28 15:52 . 2008-01-28 15:52 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\2E24A38A-CD61-4270-8938-E75280F9090E.cxv
2008-01-28 11:54 . 2008-01-28 11:54 <DIR> d-------- C:\Documents and Settings\kim\Application Data\Grisoft
2008-01-28 11:53 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-01-28 11:52 . 2008-01-28 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 09:59 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-01-28 09:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\doxahacacnep.sys
2008-01-28 09:41 . 2008-01-28 09:41 156,160 --a------ C:\WINDOWS\SYSTEM32\D3.tmp
2008-01-27 00:30 . 2008-01-27 00:30 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\6123D187-1DFE-4405-B813-F17BEF579219.cxv
2008-01-27 00:25 . 2008-02-04 09:08 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-27 00:25 . 2008-01-27 00:25 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-27 00:25 . 2008-02-04 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-25 00:19 . 2008-01-25 00:19 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 02:26 . 2008-01-28 10:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-24 02:19 . 2008-01-24 02:19 <DIR> d-------- C:\Program Files\MSBuild
2008-01-24 02:11 . 2008-01-24 02:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2008-01-24 02:07 . 2008-01-24 02:07 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-24 02:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2008-01-24 02:03 . 2008-01-24 02:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-24 02:03 . 2008-01-24 02:03 <DIR> d-------- C:\74c32015e95a4c429486495272
2008-01-24 02:01 . 2006-10-04 08:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2008-01-24 02:01 . 2006-10-04 08:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2008-01-24 02:01 . 2006-10-04 08:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2008-01-24 01:58 . 2008-01-24 01:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-24 01:43 . 2006-11-13 00:02 288,768 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-01-24 01:43 . 2006-11-13 00:02 116,736 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-01-24 01:43 . 2006-11-13 00:02 36,352 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-01-23 22:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\qnptamuyyngn.sys
2008-01-23 21:58 . 2008-01-28 11:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-01-23 21:58 . 2008-01-28 09:50 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-01-23 21:58 . 2008-01-28 09:50 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-01-23 21:58 . 2008-01-28 09:50 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-01-13 21:07 . 2008-01-17 06:51 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-01-13 21:07 . 2008-01-17 06:51 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-01-13 21:07 . 2008-01-17 06:51 10,740 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-01-13 21:07 . 2008-01-17 06:51 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-01-13 20:37 . 2008-01-13 20:37 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-01-13 20:10 . 2008-01-13 20:10 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-13 20:10 . 2008-01-28 19:30 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-10 18:23 . 2008-01-24 02:26 <DIR> d-------- C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 04:14 --------- d-----w C:\Program Files\iTunes
2008-02-04 20:48 --------- d-----w C:\Program Files\Intel
2008-02-04 15:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 15:22 --------- d-----w C:\Program Files\ArcSoft
2008-02-01 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-29 03:52 --------- d-----w C:\Documents and Settings\kim\Application Data\MSN6
2008-01-28 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 22:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 16:50 --------- d-----w C:\Program Files\FinePixViewer
2008-01-28 16:46 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-27 16:19 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-25 05:52 --------- d-----w C:\Program Files\CyberLink
2008-01-20 22:40 --------- d-----w C:\Program Files\QuickTime
2008-01-17 12:51 --------- d-----w C:\Program Files\Symantec
2008-01-15 15:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 11:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 02:09 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2008-01-14 01:45 --------- d-----w C:\Program Files\Yahoo!
2008-01-13 00:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-06 15:05 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-05 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Authentium
2008-01-05 01:07 --------- d-----w C:\Program Files\Common Files\RuleSpace
2008-01-05 01:06 --------- d-----w C:\Program Files\Common Files\Aluria
2008-01-05 01:04 --------- d-----w C:\Program Files\Common Files\Authentium
2008-01-05 00:57 --------- d-----w C:\Program Files\Cox
2008-01-05 00:39 --------- d-----w C:\Program Files\Windows Defender
2008-01-05 00:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-28 05:22 --------- d-----w C:\Documents and Settings\kim\Application Data\AVG7
2007-12-27 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-27 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-27 03:24 --------- d-----w C:\Documents and Settings\kim\Application Data\Yahoo!
2007-12-27 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-27 03:21 --------- d-----w C:\Documents and Settings\kim\Application Data\Move Networks
2007-12-27 03:20 --------- d-----w C:\Program Files\IrfanView
2007-12-27 00:03 --------- d-----w C:\Program Files\REGSHAVE
2007-12-26 23:24 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray .exe
2007-12-26 23:24 126,976 ----a-w C:\WINDOWS\SYSTEM32\hkcmd .exe
2007-12-26 23:23 169,984 ----a-w C:\WINDOWS\SYSTEM32\LEXPPS .EXE
2007-12-25 17:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-25 15:57 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon .exe
2007-12-19 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Protexis
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-01-10 04:23 4 ----a-w C:\Documents and Settings\kim\controls.dat
2007-01-10 04:20 60,928 ----a-w C:\Documents and Settings\kim\jbfmod.dll
2007-01-10 04:20 161,280 ----a-w C:\Documents and Settings\kim\fmod.dll
2005-07-06 01:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

<pre>
----a-w		   185,632 2007-12-26 23:24:43  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			51,048 2008-01-14 02:16:11  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w				 0 2008-01-28 21:57:38  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w		   579,072 2007-12-26 23:24:55  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w			36,975 2007-12-26 23:24:48  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   282,624 2008-01-14 21:34:56  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   282,624 2008-01-14 21:34:52  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-01-14 21:34:54  C:\Program Files\QuickTime\qttask			.exe
----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		.exe
----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   282,624 2008-01-14 21:34:58  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	.exe
----a-w		   282,624 2008-01-14 21:35:05  C:\Program Files\QuickTime\qttask   .exe
----a-w		   282,624 2008-01-14 21:35:04  C:\Program Files\QuickTime\qttask  .exe
----a-w		   282,624 2008-01-14 21:35:00  C:\Program Files\QuickTime\qttask .exe
----a-w			53,248 2007-12-26 23:24:38  C:\Program Files\REGSHAVE\REGSHAVE .EXE
----a-w		 1,310,720 2008-01-29 01:14:38  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w		   777,424 2007-12-26 23:24:33  C:\Program Files\Windows Defender\MSASCui .exe
----a-w		 4,670,704 2007-12-25 16:02:03  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w			15,360 2007-12-25 15:57:21  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w		   126,976 2007-12-26 23:24:21  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w		   155,648 2007-12-26 23:24:16  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w		   169,984 2007-12-26 23:23:04  C:\WINDOWS\SYSTEM32\LEXPPS .EXE
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-30 22:06 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [2002-08-15 04:07 33792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LexStart"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"ESP"="c:\Program Files\Cox\Applications\app\start.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-02-03 15:26:02 294912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 23:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 USBCamera;Bulk USB Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 10:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 04:24:02 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-01-14 03:36:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - kim.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 06:44:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 6:48:00
ComboFix-quarantined-files.txt 2008-02-07 12:47:52
ComboFix2.txt 2008-02-06 03:39:05
ComboFix3.txt 2008-02-06 02:42:57
.
2008-01-25 12:35:51 --- E O F ---

[khuggi4]

ComboFix 08-02.05.3 - kim 2008-02-07 6:59:17.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.65 [GMT -6:00]Running from: C:\Documents and Settings\kim\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\kim\Desktop\CFScript.txt.lnk
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-07 06:36 . 2004-08-04 01:56 388,608 --a------ C:\kmd.exe
2008-02-06 20:50 . 2008-02-07 00:24 <DIR> d-------- C:\Documents and Settings\kim\DoctorWeb
2008-02-04 23:18 . 2008-02-04 23:18 <DIR> d-------- C:\_OTMoveIt
2008-02-04 21:33 . 2008-02-04 21:33 <DIR> d-------- C:\Deckard
2008-02-04 18:41 . 2008-02-04 18:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 16:54 . 2008-01-28 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-28 16:53 . 2008-02-06 10:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-28 16:53 . 2008-01-28 16:53 <DIR> d-------- C:\Documents and Settings\kim\Application Data\SUPERAntiSpyware.com
2008-01-28 15:52 . 2008-01-28 15:52 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\2E24A38A-CD61-4270-8938-E75280F9090E.cxv
2008-01-28 11:54 . 2008-01-28 11:54 <DIR> d-------- C:\Documents and Settings\kim\Application Data\Grisoft
2008-01-28 11:53 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-01-28 11:52 . 2008-01-28 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 09:59 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-01-28 09:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\doxahacacnep.sys
2008-01-28 09:41 . 2008-01-28 09:41 156,160 --a------ C:\WINDOWS\SYSTEM32\D3.tmp
2008-01-27 00:30 . 2008-01-27 00:30 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\6123D187-1DFE-4405-B813-F17BEF579219.cxv
2008-01-27 00:25 . 2008-02-04 09:08 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-27 00:25 . 2008-01-27 00:25 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-27 00:25 . 2008-02-04 09:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-25 00:19 . 2008-01-25 00:19 <DIR> d-------- C:\Program Files\CCleaner
2008-01-24 02:26 . 2008-01-28 10:56 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-24 02:19 . 2008-01-24 02:19 <DIR> d-------- C:\Program Files\MSBuild
2008-01-24 02:11 . 2008-01-24 02:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2008-01-24 02:07 . 2008-01-24 02:07 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-24 02:05 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2008-01-24 02:03 . 2008-01-24 02:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-24 02:03 . 2008-01-24 02:03 <DIR> d-------- C:\74c32015e95a4c429486495272
2008-01-24 02:01 . 2006-10-04 08:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2008-01-24 02:01 . 2006-10-04 08:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2008-01-24 02:01 . 2006-10-04 08:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2008-01-24 01:58 . 2008-01-24 01:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-24 01:43 . 2006-11-13 00:02 288,768 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-01-24 01:43 . 2006-11-13 00:02 116,736 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-01-24 01:43 . 2006-11-13 00:02 36,352 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-01-23 22:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\qnptamuyyngn.sys
2008-01-23 21:58 . 2008-01-28 11:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-01-23 21:58 . 2008-01-28 09:50 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-01-23 21:58 . 2008-01-28 09:50 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-01-23 21:58 . 2008-01-28 09:50 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-01-13 21:07 . 2008-01-17 06:51 123,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-01-13 21:07 . 2008-01-17 06:51 60,800 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-01-13 21:07 . 2008-01-17 06:51 10,740 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-01-13 21:07 . 2008-01-17 06:51 805 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-01-13 20:37 . 2008-01-13 20:37 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-01-13 20:10 . 2008-01-13 20:10 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-13 20:10 . 2008-01-28 19:30 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-10 18:23 . 2008-01-24 02:26 <DIR> d-------- C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 04:14 --------- d-----w C:\Program Files\iTunes
2008-02-04 20:48 --------- d-----w C:\Program Files\Intel
2008-02-04 15:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 15:22 --------- d-----w C:\Program Files\ArcSoft
2008-02-01 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-29 03:52 --------- d-----w C:\Documents and Settings\kim\Application Data\MSN6
2008-01-28 22:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 22:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 16:50 --------- d-----w C:\Program Files\FinePixViewer
2008-01-28 16:46 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-27 16:19 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-25 05:52 --------- d-----w C:\Program Files\CyberLink
2008-01-20 22:40 --------- d-----w C:\Program Files\QuickTime
2008-01-17 12:51 --------- d-----w C:\Program Files\Symantec
2008-01-15 15:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 11:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 02:09 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2008-01-14 01:45 --------- d-----w C:\Program Files\Yahoo!
2008-01-13 00:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-06 15:05 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-05 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Authentium
2008-01-05 01:07 --------- d-----w C:\Program Files\Common Files\RuleSpace
2008-01-05 01:06 --------- d-----w C:\Program Files\Common Files\Aluria
2008-01-05 01:04 --------- d-----w C:\Program Files\Common Files\Authentium
2008-01-05 00:57 --------- d-----w C:\Program Files\Cox
2008-01-05 00:39 --------- d-----w C:\Program Files\Windows Defender
2008-01-05 00:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-05 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-28 05:22 --------- d-----w C:\Documents and Settings\kim\Application Data\AVG7
2007-12-27 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-27 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-27 03:24 --------- d-----w C:\Documents and Settings\kim\Application Data\Yahoo!
2007-12-27 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-27 03:21 --------- d-----w C:\Documents and Settings\kim\Application Data\Move Networks
2007-12-27 03:20 --------- d-----w C:\Program Files\IrfanView
2007-12-27 00:03 --------- d-----w C:\Program Files\REGSHAVE
2007-12-25 17:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-19 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Protexis
2007-01-10 04:23 4 ----a-w C:\Documents and Settings\kim\controls.dat
2007-01-10 04:20 60,928 ----a-w C:\Documents and Settings\kim\jbfmod.dll
2007-01-10 04:20 161,280 ----a-w C:\Documents and Settings\kim\fmod.dll
2005-07-06 01:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

<pre>
----a-w		   185,632 2007-12-26 23:24:43  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			51,048 2008-01-14 02:16:11  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w				 0 2008-01-28 21:57:38  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
----a-w		   579,072 2007-12-26 23:24:55  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w			36,975 2007-12-26 23:24:48  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   282,624 2008-01-14 21:34:56  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   282,624 2008-01-14 21:34:52  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-01-14 21:34:54  C:\Program Files\QuickTime\qttask			.exe
----a-w		   282,624 2008-01-14 21:34:55  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   282,624 2008-01-14 21:35:01  C:\Program Files\QuickTime\qttask		.exe
----a-w		   282,624 2008-01-14 21:35:02  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   282,624 2008-01-14 21:34:58  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   282,624 2008-01-14 21:35:03  C:\Program Files\QuickTime\qttask	.exe
----a-w		   282,624 2008-01-14 21:35:05  C:\Program Files\QuickTime\qttask   .exe
----a-w		   282,624 2008-01-14 21:35:04  C:\Program Files\QuickTime\qttask  .exe
----a-w		   282,624 2008-01-14 21:35:00  C:\Program Files\QuickTime\qttask .exe
----a-w			53,248 2007-12-26 23:24:38  C:\Program Files\REGSHAVE\REGSHAVE .EXE
----a-w		 1,310,720 2008-01-29 01:14:38  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w		   777,424 2007-12-26 23:24:33  C:\Program Files\Windows Defender\MSASCui .exe
----a-w		 4,670,704 2007-12-25 16:02:03  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w			15,360 2007-12-25 15:57:21  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w		   126,976 2007-12-26 23:24:21  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w		   155,648 2007-12-26 23:24:16  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w		   169,984 2007-12-26 23:23:04  C:\WINDOWS\SYSTEM32\LEXPPS .EXE
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-30 22:06 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [2002-08-15 04:07 33792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LexStart"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"ESP"="c:\Program Files\Cox\Applications\app\start.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-02-03 15:26:02 294912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 23:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
S3 USBCamera;Bulk USB Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 10:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 04:24:02 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe
"2008-01-14 03:36:56 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - kim.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 07:04:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07 7:08:16
ComboFix-quarantined-files.txt 2008-02-07 13:08:09
ComboFix2.txt 2008-02-07 12:48:02
ComboFix3.txt 2008-02-06 03:39:05
ComboFix4.txt 2008-02-06 02:42:57
.
2008-01-25 12:35:51 --- E O F ---

[khuggi4]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:01 AM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authenti.../bin/wizard.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122w.bay122...es/MsnPUpld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119759937815
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152062713078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - http://www.quest3d.c..._WebInstall.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.co.../AttachMail.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9807 bytes

[kahdah]

Please first uninstall SUPERantispyware as it is infected.

Then::
Please download SUPERAntiSpyware Home Edition (free version).
–Install it and double-click the icon on your desktop to run it.

• It will ask if you want to update the program definitions, click Yes.
• Under Configuration and Preferences, click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked:
• Close browsers before scanning
• Scan for tracking cookies
• Scan for Alternate Data streams
• Terminate memory threats before quarantining.
• Please leave the others unchecked.
• Click the Close button to leave the control center screen.

*Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Then run Superantispyware.

• Double click on the icon to start Superantispyware.
• On the main screen, under Scan for Harmful Software click Scan your computer.
• On the left check C:\Fixed Drive.
• On the right, under Complete Scan, choose Perform Complete Scan.
• Click Next to start the scan. Please be patient while it scans your computer.
• After the scan is complete a summary box will appear. Click OK.
• Make sure everything in the white box has a check next to it, then click Next.
• It will quarantine what it found and if it asks if you want to reboot, click Yes.

1. To retrieve the removal information for me please do the following:
2. After reboot, double-click the SUPERAntispyware icon on your desktop.
3. Click Preferences. Click the Statistics/Logs tab.
4. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
5. It will open in your default text editor (such as Notepad/Wordpad).
6. Please highlight everything in the notepad, then right-click and choose copy.
7. Click close and close again to exit the program.
Save the log information. If needed (still infected) paste this info along with your HijackThis log.

[khuggi4]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/10/2008 at 08:36 AM

Application Version : 3.9.1008

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 10:25:15

Memory items scanned : 356
Memory threats detected : 0
Registry items scanned : 6341
Registry threats detected : 0
File items scanned : 45058
File threats detected : 19

Adware.Tracking Cookie
c:\docume~1\kim\cookies\[email protected][1].txt
c:\docume~1\kim\cookies\kim@revsci[2].txt
c:\docume~1\kim\cookies\kim@trafficmp[1].txt
c:\docume~1\kim\cookies\kim@doubleclick[1].txt
c:\docume~1\kim\cookies\kim@advertising[2].txt
c:\docume~1\kim\cookies\kim@atdmt[2].txt
c:\docume~1\kim\cookies\[email protected][2].txt
c:\docume~1\kim\cookies\kim@mediaplex[2].txt
C:\Documents and Settings\kim\Cookies\[email protected][2].txt
C:\Documents and Settings\kim\Cookies\[email protected][1].txt
C:\Documents and Settings\kim\Cookies\kim@advertising[2].txt
C:\Documents and Settings\kim\Cookies\kim@atdmt[2].txt
C:\Documents and Settings\kim\Cookies\kim@doubleclick[1].txt
C:\Documents and Settings\kim\Cookies\kim@mediaplex[2].txt
C:\Documents and Settings\kim\Cookies\kim@revsci[2].txt
C:\Documents and Settings\kim\Cookies\kim@trafficmp[1].txt

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1527\A0244328.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1531\A0245378.EXE

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1532\A0253409.DLL



------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:49 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authenti.../bin/wizard.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122w.bay122...es/MsnPUpld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119759937815
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152062713078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} - http://www.quest3d.c..._WebInstall.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.co.../AttachMail.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9958 bytes

[kahdah]

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[khuggi4]

C:\2c86a234e3fe28f7440e8362f1\blackbox.dll Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\drmv2clt.dll Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\empty.cat Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\spmsg.dll Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\spuninst.exe Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\update\custdll.dll Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\update\eula.txt Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\update\kb910998.cat Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\update\prereq.inf Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\update\update.exe Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\update\update.inf Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\update\update.ver Object is locked skipped

C:\2c86a234e3fe28f7440e8362f1\update\updspapi.dll Object is locked skipped

C:\Deckard\System Scanner\backup\DOCUME~1\kim\LOCALS~1\Temp\SAB7F0.ZIP/anixafkm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Deckard\System Scanner\backup\DOCUME~1\kim\LOCALS~1\Temp\SAB7F0.ZIP ZIP: infected - 1 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{FB92F088-0F79-44A0-A6EA-B85C35A8101F}.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-10_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{C9125567-030C-4240-A9A9-1BFDBADFC97A}.ldb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{C9125567-030C-4240-A9A9-1BFDBADFC97A}.sds Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\36EB34A1.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\kim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\kim\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\kim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\kim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\kim\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\kim\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\kim\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\kim\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\kim\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\SWF Studio\GetURL.dll Object is locked skipped

C:\Program Files\Common Files\SWF Studio\Registry.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yibofdvu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1544\A0254961.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1550\A0258164.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1550\A0258165.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1550\A0258166.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1550\A0258167.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1550\A0258168.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1550\A0258169.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1550\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\ODiag.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\OSession.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JETA0AF.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\_OTMoveIt\MovedFiles\02042008_231829\WINDOWS\system32\fjibiuov.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped

C:\_OTMoveIt\MovedFiles\02042008_231829\WINDOWS\system32\ytaygyht.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.kp skipped

Scan process completed.