Here is my Combofix Log. I have run numerous Anti-spyware on this desktop. AVG, Spybot, Symantec, Kasp, Ad-Aware.This machine is running Windows 2000 fully updated. I have 3 pop ups still. I even ran them in safe mode. Any help would be thankful.
ComboFix 08-03-25.1 - LFD 2008-03-25 3:17:12.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.179 [GMT -5:00]
Running from: C:\Documents and Settings\LFD\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\LFD\Desktop\cfscript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\fkwggshm.exe
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 )))))))))))))))))))))))))))))))
.
2008-03-25 14:01 . 08-03-25 03:07 <DIR> d-------- C:\Program Files\XoftSpySE
2008-03-25 13:45 . 08-03-25 13:45 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4d0.dat
2008-03-25 13:28 . 07-03-21 20:39 1,060,864 --a------ C:\WINNT\system32\MFC71.DL1
2008-03-25 13:28 . 07-03-21 20:33 503,808 --a------ C:\WINNT\system32\MSVCP71.DL1
2008-03-25 13:28 . 07-03-21 20:33 348,160 --a------ C:\WINNT\system32\MSVCR71.DL1
2008-03-25 08:55 . 08-03-25 09:33 377,820 ---h----- C:\WINNT\ShellIconCache
2008-03-25 08:55 . 08-02-22 02:33 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2008-03-24 16:44 . 08-03-24 16:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-24 16:35 . 08-03-24 16:35 <DIR> d-------- C:\Documents and Settings\LFD\Application Data\Grisoft
2008-03-24 16:34 . 08-03-24 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-24 16:34 . 07-05-30 07:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-03-24 16:08 . 08-03-24 16:08 <DIR> d-------- C:\WINNT\Sun
2008-03-24 16:08 . 08-03-24 16:08 <DIR> d-------- C:\Documents and Settings\LFD\.housecall6.6
2008-03-24 16:06 . 08-03-25 08:55 <DIR> d-------- C:\Program Files\Java
2008-03-24 16:05 . 08-03-24 16:05 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-24 16:01 . 08-03-24 16:01 94,208 --a------ C:\WINNT\system32\zfllokpz.exe
2008-03-24 15:56 . 08-03-24 15:56 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-24 15:56 . 08-03-24 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 15:56 . 05-08-25 18:18 118,784 --a------ C:\WINNT\system32\MSSTDFMT.DLL
2008-03-24 15:56 . 05-08-25 18:19 115,920 --a------ C:\WINNT\system32\MSINET.OCX
2008-03-24 15:21 . 08-03-24 15:21 <DIR> d-------- C:\WINNT\system32\ActiveScan
2008-03-24 15:21 . 08-03-24 15:26 30,590 --a------ C:\WINNT\system32\pavas.ico
2008-03-24 13:06 . 08-03-24 13:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-24 13:06 . 08-03-24 13:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-24 13:06 . 08-03-24 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-24 12:14 . 08-03-24 12:14 114,688 --a------ C:\WINNT\system32\uacbbaay.exe
2008-03-24 12:07 . 08-03-24 12:07 1,248 --a------ C:\WINNT\system32\tmp.reg
2008-03-24 12:03 . 08-03-24 12:03 83 --a------ C:\WINNT\wininit.ini
2008-03-24 09:14 . 08-03-24 09:14 0 --a------ C:\WINNT\vpc32.INI
2008-03-24 09:04 . 08-03-25 09:39 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-03-24 09:04 . 06-09-18 17:55 109,744 --a------ C:\WINNT\system32\drivers\SYMEVENT.SYS
2008-03-24 09:04 . 06-09-18 17:55 48,816 --a------ C:\WINNT\system32\S32EVNT1.DLL
2008-03-24 08:20 . 08-03-24 08:20 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2008-03-24 08:15 . 07-06-07 01:50 1,119,232 --a------ C:\WINNT\system32\msxml3.dll
2008-03-24 08:05 . 08-03-24 08:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-24 08:05 . 08-03-24 08:13 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 09:44 . 08-03-20 05:07 212,992 --a------ C:\WINNT\drnpfdxlgp.dll
2008-03-20 09:44 . 08-03-20 09:44 98,304 --a------ C:\WINNT\system32\jivirfvu.exe
2008-03-20 09:44 . 08-03-20 09:44 38,912 --a------ C:\WINNT\vgfadsfg.exe
2008-03-17 11:04 . 07-12-03 13:15 311 --------- C:\WINNT\win.nea
2008-03-17 11:04 . 07-11-12 09:08 231 --------- C:\WINNT\system.nea
2008-03-17 11:04 . 07-11-12 14:23 0 --------- C:\config.nea
2008-03-17 11:04 . 07-11-12 14:23 0 --------- C:\autoexec.nea
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 14:05 --------- d-----w C:\Program Files\Symantec
2008-03-24 14:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-24 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-17 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 15:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-12 19:22 271 ---h--w C:\Program Files\desktop.ini
2007-11-12 19:22 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2F63DD45-30A0-422E-AF1E-01DD88BA9A5C}"= "C:\DOCUME~1\LFD\LOCALS~1\Temp\ac8zt2\etlrlws.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{2f63dd45-30a0-422e-af1e-01dd88ba9a5c}]
[HKEY_CLASSES_ROOT\etlrlws.1]
[HKEY_CLASSES_ROOT\TypeLib\{40455917-0E1A-4B66-B62E-AD42FD2A2D84}]
[HKEY_CLASSES_ROOT\etlrlws]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe]
"PROMon.exe"="PROMon.exe" [02-10-30 17:09 73728 C:\WINNT\system32\PROMon.exe]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [03-05-05 08:57 143360]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [03-05-08 11:34 69632]
"ESInetConnect"="C:\Program Files\EagleSoft\Shared Files\esinetconnect.exe" [07-04-04 15:04 204800]
"jivirfvu"="C:\WINNT\system32\jivirfvu.exe" [08-03-20 09:44 98304]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06-09-27 20:33 125168]
"uacbbaay"="C:\WINNT\system32\uacbbaay.exe" [08-03-24 12:14 114688]
"zfllokpz"="C:\WINNT\system32\zfllokpz.exe" [08-03-24 16:01 94208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [08-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 04:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
NEAReminder.lnk - C:\Neaprovider\neareminder.exe [2008-03-17 11:03:52 24576]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-12 21:41:42 972064]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"gNcXCycQUG"= C:\WINNT\vgfadsfg.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {8d91a580-1bad-4c5f-8af2-5573f7c000d2} - C:\WINNT\Installer\{8d91a580-1bad-4c5f-8af2-5573f7c000d2}\zip.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
R2 NMSSvc;Intel® NMS;C:\WINNT\System32\NMSSvc.exe [02-05-03 12:36 ]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINNT\system32\drivers\NMSCFG.SYS [02-05-03 12:36 ]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 14:46:29 C:\WINNT\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 03:21:57
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-25 3:23:23
ComboFix-quarantined-files.txt 2008-03-25 08:23:04
ComboFix2.txt 2008-03-25 18:51:56
Edited by abbonner, 25 March 2008 - 02:00 PM.