[skumpet]

i'm new here and i'm hoping that someone can help me figure out what's going on with my computer. i've been getting lots of mesages popping up saying "there is spyware on your computer" and even have a permanent message regarding this in my screensaver background each time i restart my computer. along with this i have the screens that pop up saying "from internet speed monitor" and i can't seem to access the internet very well though my outlook still is operational. i get messages from windows saying "spyware, click here for help" and when i do i don't get connected though i'll sometimes get a page asking me to purchase something. i've run "spybot" which seems to come up with a lot of issues that i've had it "fix", but it hasn't resolved this issue. is "stopzilla" a better program to use than "spybot"? and my norton anti-virus is completely useless as it says "everything's a-ok" except my default homepage has changed and they will help me out with that. thanks norton. i ran a clamwin report that i've attached if that would be helpful. when looking at that it says something about finding a "worm.gibe.F" but i don't know if that's related to my problem. thanks in advance for any help in this matter!

regards,
bill

Attached Files

•  clamav_report_130408_112351.txt   20.3KB   107 downloads

[Advertisements]

Welcome to GTG.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

[greyknight17]

Welcome to GTG.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.

[skumpet]

i saw on a similar issue that combofix was recommended so i downloaded it and it solved my problem. also getting rid of norton antivirus and only using clamwin helped speed up my computer.

regards,
bill

[greyknight17]

Hi Bill, please post the log from C:\Combofix.txt here. There are many cases where there are other files that it did not remove. It's best to post the log here so we can have a quick look to confirm

[skumpet]

here you go....

Attached Files

•  log.txt   11.48KB   195 downloads

[skumpet]

cut and paste version...

ComboFix 08-04-13.3 - Bill 2008-04-14 20:23:23.1 - NTFSx86
Running from: C:\Documents and Settings\Bill\Desktop\plg\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Bill\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Bill\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Bill\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\CPV
C:\Program Files\CPV\CPV8.dll
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\MyWay
C:\Program Files\NewMediaCodec
C:\Program Files\NewMediaCodec\install.ico
C:\Program Files\NewMediaCodec\Uninstall.exe
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\PC-Cleaner.db
C:\Program Files\PC-Cleaner\pccleaner.pkg
C:\Program Files\PC-Cleaner\program.info
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive15.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dicy.gz
C:\Program Files\QdrModule\kwdy.gz
C:\Program Files\QdrModule\pckr.dat
C:\Program Files\QdrModule\QdrModule15.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\Temporary
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\conf.inf
C:\WINDOWS\dat.txt
C:\WINDOWS\didduid.ini
C:\WINDOWS\ky.sxc
C:\WINDOWS\lfn.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mscon.sio
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\SYSTEM32\000080.exe
C:\WINDOWS\SYSTEM32\000090.exe
C:\WINDOWS\system32\ddcYpmkh.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\SYSTEM32\ELRYJRqr.ini
C:\WINDOWS\SYSTEM32\ELRYJRqr.ini2
C:\WINDOWS\system32\iaqlybcn.dll
C:\WINDOWS\system32\jqdoqsmn.dll
C:\WINDOWS\SYSTEM32\ncbylqai.ini
C:\WINDOWS\system32\nciyaixp.dll
C:\WINDOWS\SYSTEM32\pkbprthi.ini
C:\WINDOWS\system32\rqRJYRLE.dll
C:\WINDOWS\system32\udpgscvq.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll
C:\WINDOWS\winself.exe

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSysInterv1
-------\MSSysInterv1


((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-14 19:49 . 2008-04-14 19:49 <DIR> d--hs---- C:\found.002
2008-04-14 17:20 . 2008-04-14 17:24 <DIR> d-------- C:\Program Files\RcvSystem
2008-04-14 14:39 . 2008-04-14 14:39 38,400 -ra------ C:\WINDOWS\mrofinu72.exe
2008-04-13 14:53 . 2008-04-14 17:19 101,091 --a------ C:\WINDOWS\BMff304efc.xml
2008-04-13 01:04 . 2008-04-14 20:23 1,908 --a------ C:\WINDOWS\SYSTEM32\default.htm
2008-04-13 00:46 . 2008-04-13 00:46 <DIR> d-------- C:\WINDOWS\cuawsppw
2008-04-13 00:46 . 2008-04-13 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pajgpkhw
2008-04-13 00:46 . 2008-04-13 00:46 196,096 --a------ C:\WINDOWS\dkzobqdi.dll
2008-04-13 00:46 . 2008-04-13 00:46 98,304 --a------ C:\WINDOWS\SYSTEM32\tuvodsxg.exe
2008-04-13 00:46 . 2008-04-13 00:46 70,144 --a------ C:\WINDOWS\twdsdcfa.dll
2008-04-13 00:46 . 2008-04-13 00:46 70,144 --a------ C:\Documents and Settings\All Users\Application Data\sjcrgfyj.dll
2008-04-13 00:44 . 2008-04-13 00:44 397 --a------ C:\WINDOWS\SYSTEM32\LC22.tmp
2008-04-13 00:44 . 2008-04-13 00:44 397 --a------ C:\WINDOWS\SYSTEM32\LA3E.tmp
2008-04-13 00:44 . 2008-04-13 00:44 397 --a------ C:\WINDOWS\SYSTEM32\L879.tmp
2008-04-13 00:44 . 2008-04-13 00:44 397 --a------ C:\WINDOWS\SYSTEM32\L675.tmp
2008-04-08 15:33 . 2008-04-08 12:33 68,096 --a------ C:\WINDOWS\b155.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-04 02:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 05:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 05:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 05:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
.

------- Sigcheck -------

2005-03-01 16:36 1955840 62c353c0449fd961ef7814973fc2fd30 C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
2004-08-03 21:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
2005-03-01 16:36 1955840 62c353c0449fd961ef7814973fc2fd30 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe

2005-03-01 17:33 2040832 a15a2ee0be2f71fc1752a05660b8ebdc C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
2004-08-03 22:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
2005-03-01 17:33 2040832 a15a2ee0be2f71fc1752a05660b8ebdc C:\WINDOWS\SYSTEM32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db41de82-1dd1-11b2-b7fd-fbaf280c36b9}]
2008-04-13 00:46 70144 --a------ C:\WINDOWS\twdsdcfa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 15:18 1670144]
"RealPlayer"="%APP_PATH::RealPlay.exe%\realplay.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 11:11 68856]
"EPSON Stylus CX7000F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKA.exe" [2006-05-22 05:00 139264]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [ ]
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" [ ]
"ieamxshm"="C:\WINDOWS\system32\tuvodsxg.exe" [2008-04-13 00:46 98304]
"ychzrbse"="C:\WINDOWS\system32\qtqzmtmt.exe" [2008-04-14 20:39 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-06 21:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-06 21:07 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-05 22:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-12 22:01 155648]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 20:05 323584]
"ProDsl.exe"="ProDsl.exe" [2001-10-03 16:59 118784 C:\WINDOWS\PRODSL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-18 17:14 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-06-18 18:47 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 01:50 155648]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 17:37 1544192]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-08-21 13:05 73728]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-27 13:39 1179648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-05-10 05:12:24 24576]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2005-11-14 08:24:04 861872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"B1Z0P48K0b"= C:\Documents and Settings\All Users\Application Data\pajgpkhw\pchupodk.exe

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 PRO2100W;Intel® PRO/DSL 2100 Modem - PPP;C:\WINDOWS\System32\DRIVERS\p21c2kW.sys [2001-10-04 17:12]
S3 SQTECH913D;913D Camera;C:\WINDOWS\System32\Drivers\Capt913D.sys [2006-12-21 10:52]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 20:39:02
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-14 20:50:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 04:50:03

Pre-Run: 18,927,992,832 bytes free
Post-Run: 18,898,391,040 bytes free

[greyknight17]

Not over yet.....as expected

Please try to install the recovery console as soon as possible. Go back to the link I provided you in my first post for instructions on how to do this. It will come in handy if we encounter a problem with Windows...

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

- Download the latest version of Java Runtime Environment (get JDK) from http://java.sun.com/...loads/index.jsp and save it to your desktop.
- Just click on the Download button to the right.
- Read the License Agreement and then check the box that says Accept License Agreement. The page will refresh.
- Click on the link to download Windows Offline Installation and save the file to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start->Settings->Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
- Click (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove all the older Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on Java installer file you downloaded earlier to install the newest version.

- After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
- Applications and Applets
- Trace and Log Files
- Click OK on Delete Temporary Files window
Note: This deletes ALL the Downloaded Java Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\BMff304efc.xml
C:\WINDOWS\SYSTEM32\default.htm
C:\WINDOWS\dkzobqdi.dll
C:\WINDOWS\SYSTEM32\tuvodsxg.exe
C:\WINDOWS\twdsdcfa.dll
C:\Documents and Settings\All Users\Application Data\sjcrgfyj.dll
C:\WINDOWS\SYSTEM32\LC22.tmp
C:\WINDOWS\SYSTEM32\LA3E.tmp
C:\WINDOWS\SYSTEM32\L879.tmp
C:\WINDOWS\SYSTEM32\L675.tmp
C:\WINDOWS\b155.exe
C:\WINDOWS\system32\qtqzmtmt.exe
C:\WINDOWS\system32\tuvodsxg.exe

Folder::
C:\found.002
C:\Program Files\RcvSystem
C:\WINDOWS\cuawsppw
C:\Documents and Settings\All Users\Application Data\pajgpkhw
C:\Program Files\QdrPack\
C:\Program Files\QdrModule\

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db41de82-1dd1-11b2-b7fd-fbaf280c36b9}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QdrModule15"=-
"QdrPack15"=-
"ieamxshm"=-
"ychzrbse"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"B1Z0P48K0b"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Edited by greyknight17, 16 April 2008 - 05:42 PM.

[skumpet]

i am very confused now...i was able to install the recovery but the java program is not very clear to me. you said to download the JDK but there are several options with that name. each time i've attempted to download and then install i get a "not supported by your operating system". i have windows xp, but what is my platform? is it "windows" or "windows x64"? after i downloaded the first one i went to my contral panel and deleted all previously existing java programs, now i don't have any on my computer. is it still safe to use?? i have windows xp, home edition version 2002, service pack 1. any help navigating the java download site would be much appreciated.

bill

Edited by skumpet, 16 April 2008 - 11:17 PM.

[greyknight17]

Hi Bill, sorry if this caused any confusion. We just want all the users to be sure they have an updated Java version on their computer. You may get the JRE (Java 6). It's just Windows unless you have a 64 bit Windows on your computer (you should know this if you have it....otherwise, it's the 32 bit which is just plain Windows). See if you can download it here (hope it works).

[skumpet]

i'm going to go ahead and download it, but it's giving me the same message as when i attempted before. it's saying this:

Warning:This is not a supported operating system.
You may continue with this installation but for best results we recommend running on one of the following operating systems: Windows XP Professional (SP2), Windows XP Home (SP2), Windows Server 2003, Windows 2000 Professional (SP4+), and Windows Vista.

My computer says it's Windows XP, Home Edition, Version 2002, Service Pack 1.

Will this download you're recommending be problematic? please let me know...

thanks for your help.

bill

[skumpet]

here's the log.....

ComboFix 08-04-16.5 - Bill 2008-04-17 19:36:52.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.110 [GMT -8:00]
Running from: C:\Documents and Settings\Bill\Desktop\plg\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bill\Desktop\plg\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\All Users\Application Data\sjcrgfyj.dll
C:\WINDOWS\b155.exe
C:\WINDOWS\BMff304efc.xml
C:\WINDOWS\dkzobqdi.dll
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\SYSTEM32\default.htm
C:\WINDOWS\SYSTEM32\L675.tmp
C:\WINDOWS\SYSTEM32\L879.tmp
C:\WINDOWS\SYSTEM32\LA3E.tmp
C:\WINDOWS\SYSTEM32\LC22.tmp
C:\WINDOWS\system32\qtqzmtmt.exe
C:\WINDOWS\system32\tuvodsxg.exe
C:\WINDOWS\SYSTEM32\tuvodsxg.exe
C:\WINDOWS\twdsdcfa.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\pajgpkhw
C:\Documents and Settings\All Users\Application Data\sjcrgfyj.dll
C:\found.002
C:\found.002\dir0000.chk\Redirectors.xml.bin
C:\found.002\dir0000.chk\SafeList.xml.bin
C:\found.002\file0000.chk
C:\found.002\file0001.chk
C:\Program Files\RcvSystem
C:\WINDOWS\b155.exe
C:\WINDOWS\BMff304efc.xml
C:\WINDOWS\cuawsppw
C:\WINDOWS\cuawsppw\1.png
C:\WINDOWS\cuawsppw\2.png
C:\WINDOWS\cuawsppw\3.png
C:\WINDOWS\cuawsppw\4.png
C:\WINDOWS\cuawsppw\5.png
C:\WINDOWS\cuawsppw\6.png
C:\WINDOWS\cuawsppw\7.png
C:\WINDOWS\cuawsppw\8.png
C:\WINDOWS\cuawsppw\9.png
C:\WINDOWS\cuawsppw\bottom-rc.gif
C:\WINDOWS\cuawsppw\config.png
C:\WINDOWS\cuawsppw\content.png
C:\WINDOWS\cuawsppw\download.gif
C:\WINDOWS\cuawsppw\frame-bg.gif
C:\WINDOWS\cuawsppw\frame-bottom-left.gif
C:\WINDOWS\cuawsppw\frame-h1bg.gif
C:\WINDOWS\cuawsppw\head.png
C:\WINDOWS\cuawsppw\icon.png
C:\WINDOWS\cuawsppw\indexwp.html
C:\WINDOWS\cuawsppw\main.css
C:\WINDOWS\cuawsppw\memory-prots.png
C:\WINDOWS\cuawsppw\net.png
C:\WINDOWS\cuawsppw\pc-mag.gif
C:\WINDOWS\cuawsppw\pc.gif
C:\WINDOWS\cuawsppw\poloska1.png
C:\WINDOWS\cuawsppw\poloska2.png
C:\WINDOWS\cuawsppw\poloska3.png
C:\WINDOWS\cuawsppw\promowp1.html
C:\WINDOWS\cuawsppw\promowp2.html
C:\WINDOWS\cuawsppw\promowp3.html
C:\WINDOWS\cuawsppw\promowp4.html
C:\WINDOWS\cuawsppw\promowp5.html
C:\WINDOWS\cuawsppw\reg.png
C:\WINDOWS\cuawsppw\repair.png
C:\WINDOWS\cuawsppw\scr-1.png
C:\WINDOWS\cuawsppw\scr-2.png
C:\WINDOWS\cuawsppw\start.png
C:\WINDOWS\cuawsppw\styles.css
C:\WINDOWS\cuawsppw\Thumbs.db
C:\WINDOWS\cuawsppw\top-rc.gif
C:\WINDOWS\cuawsppw\vline.gif
C:\WINDOWS\cuawsppw\wp.png
C:\WINDOWS\dkzobqdi.dll
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\SYSTEM32\default.htm
C:\WINDOWS\SYSTEM32\L675.tmp
C:\WINDOWS\SYSTEM32\L879.tmp
C:\WINDOWS\SYSTEM32\LA3E.tmp
C:\WINDOWS\SYSTEM32\LC22.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-17 19:23 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-04-15 05:52 . 2008-04-15 05:52 276 --a------ C:\WINDOWS\SYSTEM32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 03:23 --------- d-----w C:\Program Files\Java
2008-04-15 05:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-15 05:15 --------- d-----w C:\Program Files\Norton 360
2008-04-15 05:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-15 05:05 --------- d-----w C:\Program Files\Symantec
.

------- Sigcheck -------

2005-03-01 16:36 1955840 62c353c0449fd961ef7814973fc2fd30 C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
2004-08-03 21:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
2005-03-01 16:36 1955840 62c353c0449fd961ef7814973fc2fd30 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe

2005-03-01 17:33 2040832 a15a2ee0be2f71fc1752a05660b8ebdc C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
2004-08-03 22:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
2005-03-01 17:33 2040832 a15a2ee0be2f71fc1752a05660b8ebdc C:\WINDOWS\SYSTEM32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-14_20.49.30.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-15 04:36:02 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-04-18 02:57:17 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
- 2005-11-10 18:27:06 49,248 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2008-03-25 09:28:39 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2005-11-10 18:27:16 49,250 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-03-25 09:28:43 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
- 2005-11-10 20:03:54 127,078 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-03-25 10:37:01 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
- 2006-11-16 05:20:40 10,474,920 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-04-06 06:56:22 19,836,024 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 0 2003-10-28 21:31:13 C:\Program Files\321Studios\Platinum\bak\makedir

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 15:18 1670144]
"RealPlayer"="%APP_PATH::RealPlay.exe%\realplay.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 11:11 68856]
"EPSON Stylus CX7000F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKA.exe" [2006-05-22 05:00 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-06 21:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-06 21:07 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-05 22:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-12 22:01 155648]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 20:05 323584]
"ProDsl.exe"="ProDsl.exe" [2001-10-03 16:59 118784 C:\WINDOWS\PRODSL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-18 17:14 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-06-18 18:47 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 01:50 155648]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 17:37 1544192]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-01-20 13:08 77824]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-27 13:39 1179648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-05-10 05:12:24 24576]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2005-11-14 08:24:04 861872]

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 PRO2100W;Intel® PRO/DSL 2100 Modem - PPP;C:\WINDOWS\System32\DRIVERS\p21c2kW.sys [2001-10-04 17:12]
S3 SQTECH913D;913D Camera;C:\WINDOWS\System32\Drivers\Capt913D.sys [2006-12-21 10:52]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 19:40:06
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-17 19:43:16
ComboFix-quarantined-files.txt 2008-04-18 03:42:21
ComboFix2.txt 2008-04-15 04:50:32

Pre-Run: 20,233,306,112 bytes free
Post-Run: 20,241,162,240 bytes free
.
2008-04-15 13:52:49 --- E O F ---

[greyknight17]

If you want, you may hold off on installing Java. Once we are done here, get XP SP2 here and install it. Install any other updates available for Windows. Then install Java...

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

AWF::
C:\Program Files\321Studios\Platinum\bak\makedir

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is it running so far?

Edited by greyknight17, 17 April 2008 - 09:13 PM.

[skumpet]

i've already downloaded java..can i still download Windows XP SP2 or should i not?

[greyknight17]

Did you install it also? We usually recommend installing SP2 after we are done, but yes, you may install it now if you wish.

Let me know how it's running after you do all that and if any problems still remain.

[skumpet]

i haven't installed it yet, but i did install java. can you tell me why it's recommended that i upgrade SP2? and how did the latest log i posted look?

thanks,
bill