Thank you - here are the requested logs -
Combofix log:
ComboFix 08-04-18.3 - Joanne 2008-04-20 7:56:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.157 [GMT -4:00]
Running from: C:\Documents and Settings\Joanne\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\Joanne\Favorites\Online Security Test.url
C:\Documents and Settings\Joanne\lsass.exe
C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\DW_Start.lnk
C:\Program Files\Common Files\{38F00~1
C:\Program Files\Common Files\{38F00~1\Uninst.exe
C:\Program Files\Common Files\{B8F00~1
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\PlayMP3.exe
C:\Program Files\PlayMP3z\uninstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\mrofinu1188.exe.tmp
C:\WINDOWS\SYSTEM32\baddgfhk.ini
C:\WINDOWS\SYSTEM32\baddgfhk.ini2
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\efcDTMEu.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\ttvybcdd.ini
C:\WINDOWS\SYSTEM32\ttvybcdd.ini2
C:\WINDOWS\Fonts\'
.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.
2008-04-20 08:11 . 2008-04-20 08:11 49,163 --a------ C:\WINDOWS\SYSTEM32\rwwnw64d.exe
2008-04-20 08:10 . 2008-04-20 08:11 32 --a------ C:\WINDOWS\SYSTEM32\msnav32.ax
2008-04-19 14:25 . 2008-04-19 14:25 <DIR> d-------- C:\Program Files\Panda Security
2008-04-19 13:43 . 2008-04-19 13:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\xcsDd18
2008-04-19 13:43 . 2008-04-19 13:44 <DIR> d-------- C:\Temp\berDrv11
2008-04-15 18:06 . 2008-04-15 18:09 80,347,138 --a------ C:\limewire registry.reg
2008-04-15 16:42 . 2005-03-09 20:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-15 16:42 . 2005-03-09 20:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-15 16:42 . 2008-04-15 16:42 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-15 16:42 . 2008-04-20 07:55 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-15 16:08 . 2008-04-15 16:08 370,688 --a------ C:\WINDOWS\SYSTEM32\khfgddab.dll
2008-04-15 16:07 . 2008-04-15 16:07 30,720 --a------ C:\WINDOWS\SYSTEM32\wvuturst.dll
2008-04-15 15:59 . 2008-04-15 15:59 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-04-15 15:30 . 2008-04-15 15:30 <DIR> d-------- C:\Program Files\Ascentive
2008-04-14 17:42 . 2008-04-14 17:42 372,224 --a------ C:\WINDOWS\SYSTEM32\ddcbyvtt.dll
2008-04-14 17:40 . 2008-04-14 17:40 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-04-14 17:39 . 2008-04-15 17:50 63,839 --a------ C:\WINDOWS\SYSTEM32\{9fe30bba-f77d-6bdd-c535-7f2148a2dbd1}.dll-uninst.exe
2008-04-14 17:38 . 2008-04-14 17:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\vFi
2008-04-14 17:38 . 2008-04-14 17:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\pinz1
2008-04-14 17:38 . 2008-04-14 17:38 <DIR> d-------- C:\WINDOWS\SYSTEM32\IDE2
2008-04-14 17:38 . 2008-04-14 17:46 <DIR> d-------- C:\WINDOWS\SYSTEM32\ExTmp
2008-04-14 17:37 . 2008-04-14 17:37 <DIR> d-------- C:\WINDOWS\SYSTEM32\bharebio18
2008-04-14 17:37 . 2008-04-14 17:39 <DIR> d-------- C:\Temp\wdlw14
2008-04-14 17:37 . 2008-04-14 17:37 30,720 --a------ C:\WINDOWS\SYSTEM32\efccddeb.dll
2008-04-14 17:33 . 2008-04-19 18:35 <DIR> d-------- C:\Program Files\NavigationTool
2008-04-14 17:33 . 2008-04-19 14:10 <DIR> d-------- C:\Program Files\FBrowsingAdvisor
2008-04-14 17:33 . 2008-04-14 17:34 <DIR> d-------- C:\Program Files\FBrowserAdvisor
2008-04-10 11:17 . 2008-04-10 11:17 329,216 --a------ C:\WINDOWS\SYSTEM32\{9fe30bba-f77d-6bdd-c535-7f2148a2dbd1}.dll
2008-04-06 13:37 . 2008-04-08 18:58 870,128 --a------ C:\WINDOWS\SYSTEM32\mcs.rma
2008-04-06 13:37 . 2008-04-08 18:58 4 --a------ C:\WINDOWS\SYSTEM32\D38158
2008-04-06 13:36 . 2008-04-06 13:36 8,413 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys
2008-04-06 13:34 . 2008-04-06 14:17 <DIR> d-------- C:\Program Files\Rhapsody
2008-03-31 16:03 . 2008-03-31 16:03 <DIR> d-------- C:\Documents and Settings\Joanne\Application Data\gtk-2.0
2008-03-31 15:59 . 2008-04-02 21:11 <DIR> d-------- C:\Documents and Settings\Joanne\Application Data\.purple
2008-03-31 15:57 . 2008-03-31 15:58 <DIR> d-------- C:\Program Files\Pidgin
2008-03-31 15:57 . 2008-03-31 15:57 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-03-24 16:10 . 2007-12-10 14:24 159,458 --a------ C:\WINDOWS\SYSTEM32\nvapps.nvb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 12:11 --------- d-----w C:\Program Files\Steam
2008-04-19 17:57 --------- d-----w C:\Documents and Settings\Joanne\Application Data\LimeWire
2008-04-19 17:49 --------- d-----w C:\Program Files\TurboTax
2008-04-19 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-15 21:53 --------- d-----w C:\Program Files\LimeWire
2008-04-15 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-06 20:59 --------- d-----w C:\Program Files\Apple Software Update
2008-03-04 23:17 --------- d-----w C:\Program Files\vixy.net
2008-03-04 22:43 --------- d-----w C:\Program Files\DVDVideoSoft
2008-03-04 22:43 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-03-03 21:54 --------- d-----w C:\Documents and Settings\Luke\Application Data\AdobeUM
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2005-09-17 22:17 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2000-06-05 21:47 32,768 ----a-w C:\Program Files\mozilla firefox\plugins\AppSub32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C62A40F-D3CD-45E2-9198-A5105F2D03C1}]
2008-04-14 17:42 372224 --a------ C:\WINDOWS\system32\ddcbyvtt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B8AE75C-A139-558A-AB5B-5F07BC2FD566}]
2007-12-30 16:48 1019904 --a------ C:\Program Files\NavigationTool\NavigationTool-3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{548E00B2-EDFC-4377-B6B1-C3E60A2DA52F}]
2008-04-20 08:15 274432 --a------ C:\WINDOWS\system32\yayywtsr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DC2D282-D414-435E-8A26-FF3C23AC36EF}]
2008-04-14 17:37 30720 --a------ C:\WINDOWS\system32\efccddeb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc6393f3-1761-cebe-0b75-720da7a11241}]
2008-04-10 11:17 329216 --a------ C:\WINDOWS\system32\{9fe30bba-f77d-6bdd-c535-7f2148a2dbd1}.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-29 07:30 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\SYSTEM32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"MSKAGENTEXE"="C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe" [2005-09-26 10:26 110592]
"{00-0A-A5-5E-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-04-20 08:11 49163]
C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\
DW_Start.lnk - C:\WINDOWS\SYSTEM32\rwwnw64d.exe [2008-04-20 08:11:12 49163]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wallpaper Changer.lnk - C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe [2006-07-23 18:54:32 49664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8373a2e0-bdd0-42bd-b4ec-ba5451eb6607}"= C:\WINDOWS\system32\moywh.dll [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6DC2D282-D414-435E-8A26-FF3C23AC36EF}"= C:\WINDOWS\system32\efccddeb.dll [2008-04-14 17:37 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccddeb]
efccddeb.dll 2008-04-14 17:37 30720 C:\WINDOWS\SYSTEM32\efccddeb.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\yayywtsr
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register.lnk
backup=C:\WINDOWS\pss\Register.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Joanne^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Joanne^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Joanne^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Joanne\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
--a--c--- 2005-05-23 14:20 50744 C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 02:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpywareShield]
--a--c--- 2007-11-15 07:31 441344 C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-11-16 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2004-09-15 03:01 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2004-10-12 18:54 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2004-05-06 17:48 118784 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-05-06 17:52 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-07-13 16:14 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2005-03-12 07:25 11776 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a--c--- 2005-03-12 07:25 110592 C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a--c--- 2005-04-13 20:51 385024 C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
--a------ 2005-09-26 10:26 110592 C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a--c--- 2005-08-12 17:16 1121792 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a--c--- 2007-03-30 11:42 36904 C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-10-14 17:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a--c--- 2007-08-31 17:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-06-02 07:27 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2004-01-07 03:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-15 16:32 3092480 C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a--c--- 2003-12-09 13:03 57344 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
--a--c--- 2005-08-16 16:50 40960 C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"= C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\Yserver.exe"= C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
S3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;C:\WINDOWS\system32\DRIVERS\m4301A.sys [2003-08-05 03:07]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 16:22]
S3 RIOUNIV;Rio universal USB driver;C:\WINDOWS\system32\Drivers\RIOUNIV.sys [2005-11-11 20:43]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 17:29:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-04 22:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (1) (KITCHEN-Joanne).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-03-15 05:12:30 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-07-02 12:10:28 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-20 08:10:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\msnav32.ax 93 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\efccddeb.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\RioMSC.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-20 8:18:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 12:17:58
Pre-Run: 9,089,937,408 bytes free
Post-Run: 11,809,202,176 bytes free
295 --- E O F --- 2008-04-11 16:15:22
Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:07 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\rwwnw64d.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joanne\Desktop\HiJackThis.exe
C:\WINDOWS\system32\kcntmkdn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKLM\..\Run: [{00-0A-A5-5E-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\rwwnw64d.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O8 - Extra context menu item: &Search - ?p=ZU
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig -
http://www2.verizon....vzTCPConfig.CABO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
https://activatemyds...oad/tgctlcm.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.kodakgall..._1/axofupld.cabO22 - SharedTaskScheduler: doglike - {3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea} - (no file)
O22 - SharedTaskScheduler: haeckel - {8373a2e0-bdd0-42bd-b4ec-ba5451eb6607} - C:\WINDOWS\system32\moywh.dll (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
--
End of file - 9042 bytes
Sign In
Create Account
