Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Spymaxx Removal Help

Started by chasing_shadows2 , May 25 2008 09:39 AM

Please log in to reply

#1
chasing_shadows2

Posted 25 May 2008 - 09:39 AM

New Member

Member
5 posts

Ok Some how Spymaxx has been downloaded to my computer and it's killing it. This pops ups are making the computer run slow, it has disabled my taskmanager, I cannot do a system restore, and I can't take it anymore. I'm desperate and angry, not a good combination for a woman mind you, so PLEASE HELP ME!!!!!!!!!!!

#2
kahdah

Posted 25 May 2008 - 04:34 PM

GeekU Teacher

Retired Staff
15,822 posts

Hello chasing_shadows2

Welcome to G2Go.

=====================
* Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\Hijack This.
Click on I agree
Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

#3
chasing_shadows2

Posted 26 May 2008 - 05:10 PM

New Member

Topic Starter
Member
5 posts

I did the scan and here's what came up in the notepad, wht do I do next?
p.s. thank you very muc for te help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:04 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Q3ludGhpYSBTYW1wc29u\command.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\winself.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MYWEBS~2\bar\4.bin\m3SrchMn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\jjwnw64s.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\tcntkkdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearsh...ar.html?src=ssb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Gaia Online Toolbar - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - C:\Program Files\Gaia Online Toolbar\Toolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S1A3.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\4.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0C-C8-8E-E1-DW}] C:\windows\system32\jjwnw64s.exe DWram
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Jessica Vaughn\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF
968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntkkdm.exe DWram
O4 - HKLM\..\Run: [{49a18585-08aa-e14e-33cc-0712c8ac1f60}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{980f236c-ee59-e8f2-cc9b-2a076cebdc03}.dll" DllInit
O4 - HKLM\..\Run: [4c10c84e] rundll32.exe "C:\WINDOWS\system32\ueholpkn.dll",b
O4 - HKLM\..\Run: [BM4f23fbd2] Rundll32.exe "C:\WINDOWS\system32\wngjfkry.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~2.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntkkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jjwnw64s.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm088YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Fan4Life\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaon...ns/IDMFlash.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast...ostClientIE.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaste...View22RTEv4.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q3ludGhpYSBTYW1wc29u\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

--
End of file - 9784 bytes

#4
chasing_shadows2

Posted 26 May 2008 - 05:12 PM

New Member

Topic Starter
Member
5 posts

#5
kahdah

Posted 26 May 2008 - 05:19 PM

GeekU Teacher

Retired Staff
15,822 posts

Hi I see you have no antivirus installed.
===========
The first thing I will need you to do is to Download ONE of these anti-virus programs and install it.
These are free.
Avast
or
AVG free 8.0
Note this is free antispyware protection and Antivirus protection.
or
Antivir

as long as you only install one.
=====================

Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.

#6
chasing_shadows2

Posted 03 June 2008 - 05:58 PM

New Member

Topic Starter
Member
5 posts

ComboFix 08-05-24.1 - Fan4Life 2008-06-03 6:55:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.187 [GMT -4:00]
Running from: C:\Documents and Settings\Fan4Life\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Crazed Fan Gurl\Application Data\macromedia\Flash Player\#SharedObjects\8LSG2M3Y\www.broadcaster.com
C:\Documents and Settings\Crazed Fan Gurl\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Crazed Fan Gurl\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Jessica Vaughn\Application Data\FunWebProducts
C:\Documents and Settings\Jessica Vaughn\Application Data\FunWebProducts\Data\Jessica Vaughn\avatar.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\FunWebProducts\Data\Jessica Vaughn\register.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\FunWebProducts\Data\Jessica Vaughn\zbucks.dat
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\NetMon\log.txt
C:\Program Files\Common Files\fnts~1
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\License_Manager
C:\Program Files\License_Manager\license_manager.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\4.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\04A1394C
C:\Program Files\MyWebSearch\bar\Cache\04A165AB.bin
C:\Program Files\MyWebSearch\bar\Cache\04A16D1D.bin
C:\Program Files\MyWebSearch\bar\Cache\04A17BC3.bin
C:\Program Files\MyWebSearch\bar\Cache\059E6D9C.bin
C:\Program Files\MyWebSearch\bar\Cache\059E9E12.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
C:\Program Files\network monitor
C:\Program Files\newdotnet
C:\Program Files\sembly~1
C:\Program Files\SpyMaxx
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST
C:\Program Files\SpyMaxx\uninstall.exe
C:\Program Files\sstem3~1
C:\Program Files\Svconr
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Temporary
C:\Program Files\thesearchaccelerator
C:\WINDOWS\BM4f23fbd2.xml
C:\WINDOWS\default.htm
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adiavfyf.ini
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\HOqsYcdd.ini
C:\WINDOWS\system32\HOqsYcdd.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\ohionyjm.ini
C:\WINDOWS\system32\ploywsuy.ini
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\UpMedia\SearchTool.dll
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\xhehuohp.exe
C:\WINDOWS\system32\yygimtan.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\winself.exe
H:\Autorun.inf
.
---- Previous Run -------
.
C:\Program Files\Common Files\fnts~1
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver(2)\Images(2)\045C96FC.urr
C:\Program Files\FunWebProducts\Shared\00B35443.dat
C:\Program Files\FunWebProducts\Shared\01457D9F.dat
C:\Program Files\FunWebProducts\Shared\020D337A.dat
C:\Program Files\FunWebProducts\Shared\Cache(2)\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache(2)\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache(2)\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache(2)\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache(2)\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\License_Manager
C:\Program Files\License_Manager\license_manager.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\4.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\0002E16D.bin
C:\Program Files\MyWebSearch\bar\Cache\0003352A.bin
C:\Program Files\MyWebSearch\bar\Cache\00033672.bin
C:\Program Files\MyWebSearch\bar\Cache\000336EF.bin
C:\Program Files\MyWebSearch\bar\Cache\00033847.bin
C:\Program Files\MyWebSearch\bar\Cache\0096BB47
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\newdotnet
C:\Program Files\newdotnet\readme.html
C:\Program Files\sembly~1
C:\Program Files\SpyMaxx
C:\Program Files\SpyMaxx\stat.bin
C:\Program Files\SpyMaxx\uninstall.log
C:\Program Files\sstem3~1
C:\Program Files\Svconr
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Temporary
C:\Program Files\thesearchaccelerator
C:\Program Files\thesearchaccelerator\INSTALL.LOG
C:\Program Files\thesearchaccelerator\TBlogin.users.ucmore.com.4.5.40.0
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\UpMedia\SearchTool.dll
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\winself.exe
H:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Service_MsSecurity1.209.4
-------\Service_Network Monitor
-------\Service_TnIDriver

((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-03 07:22 . 2008-06-03 07:22 30,720 --a------ C:\WINDOWS\explore.exe
2008-06-03 07:22 . 2008-06-03 07:22 11,520 --a------ C:\WINDOWS\iexplorer.exe
2008-06-03 07:22 . 2008-06-03 07:22 1,853 --a------ C:\WINDOWS\default.htm
2008-06-03 07:20 . 2008-06-03 07:20 21 --a------ C:\WINDOWS\system32\zxdnt3d.cfg
2008-06-03 07:19 . 2008-06-03 07:19 93 --a------ C:\WINDOWS\system32\msnav32.ax
2008-06-03 06:51 . 2008-06-03 06:51 114,688 --a------ C:\WINDOWS\system32\tfdvxhni.dll
2008-06-03 06:45 . 2008-06-03 06:45 89,088 --a------ C:\WINDOWS\system32\fyfvaida.dll
2008-06-03 06:43 . 2008-06-03 06:43 103,424 --a------ C:\WINDOWS\system32\jvcvsclu.dll
2008-06-02 15:50 . 2008-06-02 15:50 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-06-02 14:36 . 2008-06-02 14:36 41,984 -ra------ C:\WINDOWS\mrofinu1188.exe
2008-05-31 11:36 . 2008-05-31 11:36 108,544 --a------ C:\WINDOWS\system32\spiyxyag.dll
2008-05-31 00:34 . 2008-05-31 00:34 108,544 --a------ C:\WINDOWS\system32\ptipbhpf.dll
2008-05-29 08:41 . 2008-05-29 08:41 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-05-29 08:32 . 2008-05-29 08:32 108,544 --a------ C:\WINDOWS\system32\gdrqhklm.dll
2008-05-28 08:26 . 2008-05-28 08:26 <DIR> d-------- C:\Program Files\Gaia Online Toolbar
2008-05-27 19:05 . 2008-05-28 08:26 <DIR> d-------- C:\Program Files\Win-X-Defender
2008-05-27 19:02 . 2008-05-28 08:26 <DIR> d-------- C:\Program Files\SpyMaxx(2)
2008-05-27 18:49 . 2008-05-27 18:56 <DIR> d-------- C:\$AVG8.VAULT$
2008-05-27 09:44 . 2008-05-27 09:44 370,688 --a------ C:\WINDOWS\system32\{980f236c-ee59-e8f2-cc9b-2a076cebdc03}.dll
2008-05-26 20:08 . 2008-05-26 20:08 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-05-26 20:07 . 2008-05-28 08:26 <DIR> d-------- C:\Program Files\AVG(2)
2008-05-26 20:07 . 2008-05-28 08:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8(2)
2008-05-26 18:32 . 2008-05-26 18:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 12:29 . 2008-06-03 07:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-25 12:29 . 2008-05-25 12:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-25 11:16 . 2008-05-25 11:16 <DIR> d-------- C:\Program Files\Uniblue
2008-05-25 11:16 . 2008-05-25 11:16 <DIR> d-------- C:\Documents and Settings\Fan4Life\Application Data\Uniblue
2008-05-25 10:14 . 2008-05-25 10:14 117,760 --a------ C:\WINDOWS\system32\enwtbnkd.dll
2008-05-25 10:12 . 2008-05-25 10:12 109,056 --a------ C:\WINDOWS\system32\dmvaxxbw.dll
2008-05-25 00:17 . 2008-05-25 00:17 49,180 --a------ C:\WINDOWS\system32\jjwnw64s.exe
2008-05-24 20:39 . 2008-05-28 08:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-24 20:39 . 2008-05-24 20:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-05-24 18:52 . 2008-05-24 18:52 401,972 --a------ C:\WINDOWS\system32\g41.exe
2008-05-24 18:52 . 2008-06-02 16:20 63,918 --a------ C:\WINDOWS\system32\{980f236c-ee59-e8f2-cc9b-2a076cebdc03}.dll-uninst.exe
2008-05-24 18:49 . 2008-05-24 18:49 375,296 --a------ C:\WINDOWS\system32\ddcYsqOH.dll
2008-05-24 18:47 . 2008-05-28 08:27 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Yahoo!
2008-05-24 18:47 . 2008-05-24 18:47 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-24 18:46 . 2008-05-24 18:46 87,513 --a------ C:\WINDOWS\system32\vbpdtvdp.exe
2008-05-24 18:45 . 2008-05-24 18:45 687,592 --a------ C:\WINDOWS\system32\atmtd.dll._
2008-05-24 18:45 . 2008-05-24 18:45 687,592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-05-24 18:45 . 2008-05-24 18:45 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-05-24 18:45 . 2008-05-24 18:45 37,376 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-05-24 18:45 . 2008-05-24 18:45 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-24 18:44 . 2008-05-24 18:44 <DIR> d-------- C:\temp\vtmp2
2008-05-24 18:44 . 2008-05-24 18:44 <DIR> d--hs---- C:\Documents and Settings\Jessica Vaughn\!
2008-05-24 18:44 . 2008-05-24 18:44 516,096 ---hs---- C:\Documents and Settings\Jessica Vaughn\svchost.exe
2008-05-20 17:04 . 2008-05-20 17:04 32,768 --a------ C:\WINDOWS\system32\vntiho05\vntiho051080.exe
2008-05-12 06:19 . 2008-05-12 03:19 73,728 --a------ C:\WINDOWS\b156.exe
2008-05-05 22:50 . 2008-05-05 22:50 <DIR> d-------- C:\Program Files\VideoAccess
2008-05-05 22:50 . 2008-05-05 22:50 <DIR> d-------- C:\Program Files\AntivirusGolden

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 20:02 --------- d-----w C:\Program Files\LimeWire
2008-05-31 04:37 --------- d-----w C:\Documents and Settings\Jessica Vaughn\Application Data\LimeWire
2008-05-28 12:32 --------- d-----w C:\Program Files\iTunes
2008-05-28 12:31 --------- d-----w C:\Program Files\iPod
2008-05-27 23:28 --------- d-----w C:\Program Files\Yahoo! Games
2008-05-25 01:10 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-24 22:44 298,311 ----a-w C:\WINDOWS\system32\gside.exe
2008-05-24 22:44 28,160 ----a-w C:\WINDOWS\system32\byXRlJyA.dll
2008-05-24 22:44 200,768 ----a-w C:\WINDOWS\system32\tcntkkdm.exe
2008-05-22 00:38 --------- d-----w C:\Documents and Settings\Fan4Life\Application Data\LimeWire
2008-05-08 04:14 --------- d-----w C:\Program Files\Apple Software Update
2008-05-08 04:07 --------- d-----w C:\Program Files\QuickTime
2008-05-06 02:51 --------- d-----w C:\Documents and Settings\Jessica Vaughn\Application Data\VideoEgg
2008-05-06 02:50 --------- d--h--r C:\Documents and Settings\Fan4Life\Application Data\yahoo!
2008-05-06 02:50 --------- d-----w C:\Program Files\TypingMaster
2008-05-06 02:50 --------- d-----w C:\Program Files\Safari
2008-05-06 02:50 --------- d-----w C:\Documents and Settings\Jessica Vaughn\Application Data\TypingMaster7
2008-05-06 02:49 --------- d--h--r C:\Documents and Settings\Jessica Vaughn\Application Data\yahoo!
2008-05-06 02:49 --------- d-----w C:\Program Files\MyWebSearch(2)
2008-05-06 02:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2008-05-06 02:47 --------- d-----w C:\Program Files\BurgerIsland_at
2008-04-05 19:34 --------- d-----w C:\Program Files\InterActual
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-12 01:21 374 ----a-w C:\Documents and Settings\Fan4Life\Application Data\internaldb6334.dat
2008-01-12 01:16 538 ----a-w C:\Documents and Settings\Fan4Life\Application Data\internaldb8467.dat
2008-01-12 01:16 18,432 ----a-w C:\Documents and Settings\Fan4Life\Application Data\internaldb41.dat
2008-01-11 20:18 555 ----a-w C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb8467.dat
2008-01-11 20:18 374 ----a-w C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb6334.dat
2008-01-11 20:18 18,432 ----a-w C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb41.dat
2007-04-04 02:33 384 ----a-w C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb6334.dat
2007-04-04 00:54 194 ----a-w C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb8467.dat
2007-04-04 00:54 18,432 ----a-w C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb41.dat
2007-03-31 20:40 218,599 ----a-w C:\Program Files\c.zip
2007-03-31 20:40 218,593 ----a-w C:\Program Files\a.zip
2007-03-31 20:40 217,699 ----a-w C:\Program Files\b.zip
2006-05-22 22:55 49,465 ----a-w C:\Program Files\moviepass Terms.html
2006-03-17 21:01 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-07-29 20:24 472 --sha-r C:\WINDOWS\Q3ludGhpYSBTYW1wc29u\ka5Rx31Dsm1nsqYTwZ6R.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21393889-AFE9-4926-A225-32274A0A8538}]
2008-06-03 07:24 277504 --a------ C:\WINDOWS\system32\awtrOeEx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}]
2008-05-24 18:44 28160 --a------ C:\WINDOWS\system32\byXRlJyA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{979f21ce-0f08-4f93-acd0-16a910b7bd7f}]
2008-06-03 07:30 114688 --a------ C:\WINDOWS\system32\rcidtkeo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e299c2b4-ff4c-1b17-aef5-12694a13bd02}]
2008-05-05 12:24 330752 --a------ C:\WINDOWS\system32\{980f236c-ee59-e8f2-cc9b-2a076cebdc03}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64F8F06-F840-409B-9D3E-C14D5585D83D}]
2008-05-24 18:49 375296 --a------ C:\WINDOWS\system32\ddcYsqOH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B3535C18-0E70-4D4B-B36B-BBFE139BB144}"= "C:\Program Files\Gaia Online Toolbar\Toolbar.dll" [2007-12-20 17:09 1404928]

[HKEY_CLASSES_ROOT\clsid\{b3535c18-0e70-4d4b-b36b-bbfe139bb144}]
[HKEY_CLASSES_ROOT\FCTB00108.FCTB00108.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00108.FCTB00108]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{B3535C18-0E70-4D4B-B36B-BBFE139BB144}"= C:\Program Files\Gaia Online Toolbar\Toolbar.dll [2007-12-20 17:09 1404928]

[HKEY_CLASSES_ROOT\clsid\{b3535c18-0e70-4d4b-b36b-bbfe139bb144}]
[HKEY_CLASSES_ROOT\FCTB00108.FCTB00108.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00108.FCTB00108]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~2.exe" [2007-08-30 17:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 05:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 05:01 110592]
"SoundMan"="SOUNDMAN.EXE" [2007-04-05 23:48 577536 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~2\bar\4.bin\m3SrchMn.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"{0C-C8-8E-E1-DW}"="c:\windows\system32\rwwnw64d.exe" [ ]
"4c10c84e"="C:\WINDOWS\system32\fyfvaida.dll" [2008-06-03 06:45 89088]
"ExploreUpdSched"="C:\WINDOWS\system32\tcntkkdm.exe" [2008-05-24 18:44 200768]
"BM4f23fbd2"="C:\WINDOWS\system32\dqtngcig.dll" [2008-06-03 07:28 103424]
"{49a18585-08aa-e14e-33cc-0712c8ac1f60}"="C:\WINDOWS\system32\{980f236c-ee59-e8f2-cc9b-2a076cebdc03}.dll" [2008-05-05 12:24 330752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

C:\Documents and Settings\Jessica Vaughn\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\tcntkkdm.exe [2008-05-24 18:44:51 200768]
DW_Start.lnk - C:\WINDOWS\system32\jjwnw64s.exe [2008-05-25 00:17:33 49180]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 15:21:09 147456]

C:\Documents and Settings\Crazed Fan Gurl\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 15:21:09 147456]

C:\Documents and Settings\Fan4Life\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\tcntkkdm.exe [2008-05-24 18:44:51 200768]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"= C:\WINDOWS\system32\byXRlJyA.dll [2008-05-24 18:44 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\vbpdtvdp.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRlJyA]
byXRlJyA.dll 2008-05-24 18:44 28160 C:\WINDOWS\system32\byXRlJyA.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\awtrOeEx

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Blubster\\Blubster.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

S3 azt2320;Aztech 2320 Audio Driver (WDM);C:\WINDOWS\system32\drivers\aztw2320.sys [2001-08-17 16:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 15:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 07:20:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes
C:\WINDOWS\system32\xEeOrtwa.ini 347 bytes
C:\WINDOWS\system32\xEeOrtwa.ini2 347 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXRlJyA.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\fyfvaida.dll
-> C:\WINDOWS\system32\dqtngcig.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Qoobox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir.Mdll
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\WINDOWS\system32\Restore\rstrui.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-03 7:33:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-03 11:33:10

Pre-Run: 117,737,500,672 bytes free
Post-Run: 120,142,454,784 bytes free

482 --- E O F --- 2008-05-16 07:46:23

The one above is the combo fix one.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:01 AM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\tcntkkdm.exe
c:\windows\system32\rwwnw64d.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Gaia Online Toolbar - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - C:\Program Files\Gaia Online Toolbar\Toolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\4.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0C-C8-8E-E1-DW}] c:\windows\system32\rwwnw64d.exe DWram
O4 - HKLM\..\Run: [BM4f23fbd2] Rundll32.exe "C:\WINDOWS\system32\erqodfar.dll",s
O4 - HKLM\..\Run: [4c10c84e] rundll32.exe "C:\WINDOWS\system32\pyqebltg.dll",b
O4 - HKLM\..\Run: [{49a18585-08aa-e14e-33cc-0712c8ac1f60}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{980f236c-ee59-e8f2-cc9b-2a076cebdc03}.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~2.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntkkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm088YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Fan4Life\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaon...ns/IDMFlash.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast...ostClientIE.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaste...View22RTEv4.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8105 bytes

This one is the HJT
Once again I greatly appreciate your help and thank you for your patience.

#7
kahdah

Posted 03 June 2008 - 07:32 PM

GeekU Teacher

Retired Staff
15,822 posts

You are welcome.

Were you able to install the Antivirus program?
================================
1. Please open Notepad

Click Start , then Run
type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::
Rootkit::
C:\WINDOWS\system32\zxdnt3d.cfg 
C:\WINDOWS\system32\xEeOrtwa.ini 
C:\WINDOWS\system32\xEeOrtwa.ini2
File::
C:\WINDOWS\system32\vbpdtvdp.exe 
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\default.htm
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\tfdvxhni.dll
C:\WINDOWS\system32\fyfvaida.dll
C:\WINDOWS\system32\jvcvsclu.dll
C:\WINDOWS\system32\pinkip.ico
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\spiyxyag.dll
C:\WINDOWS\system32\ptipbhpf.dll
C:\WINDOWS\system32\gdrqhklm.dll
C:\WINDOWS\system32\{980f236c-ee59-e8f2-cc9b-2a076cebdc03}.dll
C:\WINDOWS\system32\enwtbnkd.dll
C:\WINDOWS\system32\dmvaxxbw.dll
C:\WINDOWS\system32\jjwnw64s.exe
C:\WINDOWS\system32\g41.exe
C:\WINDOWS\system32\{980f236c-ee59-e8f2-cc9b-2a076cebdc03}.dll-uninst.exe
C:\WINDOWS\system32\ddcYsqOH.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\byXRlJyA.dll
C:\Documents and Settings\Jessica Vaughn\svchost.exe
C:\WINDOWS\system32\vntiho05\vntiho051080.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\system32\tcntkkdm.exe
C:\Documents and Settings\Fan4Life\Application Data\internaldb6334.dat
C:\Documents and Settings\Fan4Life\Application Data\internaldb8467.dat
C:\Documents and Settings\Fan4Life\Application Data\internaldb41.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb8467.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb6334.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb41.dat
C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb6334.dat
C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb8467.dat
C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb41.dat
C:\Program Files\moviepass Terms.html
C:\WINDOWS\system32\dqtngcig.dll
C:\WINDOWS\system32\tcntkkdm.exe
C:\WINDOWS\system32\fyfvaida.dll
C:\Documents and Settings\Jessica Vaughn\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Jessica Vaughn\Start Menu\Programs\Startup\DW_Start.lnk
Folder::
C:\WINDOWS\Q3ludGhpYSBTYW1wc29u
C:\Program Files\MyWebSearch(2)
C:\temp\vtmp2
C:\Program Files\VideoAccess
C:\Program Files\AntivirusGolden
C:\Program Files\c.zip
C:\Program Files\a.zip
C:\Program Files\b.zip
C:\Program Files\Win-X-Defender
C:\Program Files\SpyMaxx(2)
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21393889-AFE9-4926-A225-32274A0A8538}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{979f21ce-0f08-4f93-acd0-16a910b7bd7f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e299c2b4-ff4c-1b17-aef5-12694a13bd02}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E64F8F06-F840-409B-9D3E-C14D5585D83D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0C-C8-8E-E1-DW}"=-
"4c10c84e"=-
"ExploreUpdSched"=- 
"BM4f23fbd2"=-
"{49a18585-08aa-e14e-33cc-0712c8ac1f60}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRlJyA]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#8
chasing_shadows2

Posted 04 June 2008 - 03:19 PM

New Member

Topic Starter
Member
5 posts

OMG!!!!! This is the first time that I've logged on to my computer and not had a single pop up in almost three weeks!!!!! Here's the combo fix one

ComboFix 08-05-24.1 - Fan4Life 2008-06-04 4:36:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.225 [GMT -4:00]
Running from: C:\Documents and Settings\Fan4Life\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fan4Life\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb41.dat
C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb6334.dat
C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb8467.dat
C:\Documents and Settings\Fan4Life\Application Data\internaldb41.dat
C:\Documents and Settings\Fan4Life\Application Data\internaldb6334.dat
C:\Documents and Settings\Fan4Life\Application Data\internaldb8467.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb41.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb6334.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb8467.dat
C:\Documents and Settings\Jessica Vaughn\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Jessica Vaughn\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\Jessica Vaughn\svchost.exe
C:\Program Files\moviepass Terms.html
C:\WINDOWS\b156.exe
C:\WINDOWS\default.htm
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\{980f236c-ee59-e8f2-cc9b-2a076cebdc03}.dll
C:\WINDOWS\system32\{980f236c-ee59-e8f2-cc9b-2a076cebdc03}.dll-uninst.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\byXRlJyA.dll
C:\WINDOWS\system32\ddcYsqOH.dll
C:\WINDOWS\system32\dmvaxxbw.dll
C:\WINDOWS\system32\dqtngcig.dll
C:\WINDOWS\system32\enwtbnkd.dll
C:\WINDOWS\system32\fyfvaida.dll
C:\WINDOWS\system32\g41.exe
C:\WINDOWS\system32\gdrqhklm.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\jjwnw64s.exe
C:\WINDOWS\system32\jvcvsclu.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\pinkip.ico
C:\WINDOWS\system32\ptipbhpf.dll
C:\WINDOWS\system32\spiyxyag.dll
C:\WINDOWS\system32\tcntkkdm.exe
C:\WINDOWS\system32\tfdvxhni.dll
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\system32\vntiho05\vntiho051080.exe
C:\WINDOWS\system32\winpfz33.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb41.dat
C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb6334.dat
C:\Documents and Settings\Crazed Fan Gurl\Application Data\internaldb8467.dat
C:\Documents and Settings\Fan4Life\Application Data\internaldb41.dat
C:\Documents and Settings\Fan4Life\Application Data\internaldb6334.dat
C:\Documents and Settings\Fan4Life\Application Data\internaldb8467.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb41.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb6334.dat
C:\Documents and Settings\Jessica Vaughn\Application Data\internaldb8467.dat
C:\Documents and Settings\Jessica Vaughn\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Jessica Vaughn\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\Jessica Vaughn\svchost.exe
C:\Program Files\a.zip\
C:\Program Files\AntivirusGolden
C:\Program Files\b.zip\
C:\Program Files\c.zip\
C:\Program Files\moviepass Terms.html
C:\Program Files\MyWebSearch(2)
C:\Program Files\MyWebSearch(2)\bar(2)\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch(2)\bar(2)\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch(2)\bar(2)\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch(2)\bar(2)\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch(2)\bar(2)\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch(2)\bar(2)\Avatar(2)\COMMON.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\000EB429
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\0041B356.bin
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\0041B51B.bin
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\0041B672.bin
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\0041B75D.bin
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\0041B847.bin
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\045C47C2
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\045C48CC.bin
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\045C4939.bin
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\045C4AC0.bin
C:\Program Files\MyWebSearch(2)\bar(2)\Cache(2)\045C4B9B.bin
C:\Program Files\MyWebSearch(2)\bar(2)\Game(2)\CHECKERS.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Game(2)\CHESS.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Game(2)\REVERSI.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\History(2)\search2
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\ask_logo.gif
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\autoup.gif
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\autoup.htm
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\center.htm
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\index.htm
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\mid_dots.gif
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\mws_logo.gif
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\protect.htm
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\shocked.gif
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\stop.gif
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\systray.htm
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\systrayp.htm
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\tp_grad.gif
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON(2)\warn.gif
C:\Program Files\MyWebSearch(2)\bar(2)\Message(2)\COMMON.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\COMMON.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\DOG.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\FISH.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\KUNGFU.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\LIFEGARD.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\MAID.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\MAILBOX.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\OPERA.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\ROBOT.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\SEDUCT.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Notifier(2)\SURFER.F3S
C:\Program Files\MyWebSearch(2)\bar(2)\Settings(2)\prevcfg2.htm
C:\Program Files\MyWebSearch(2)\bar(2)\Settings(2)\s_pid.dat
C:\Program Files\SpyMaxx(2)
C:\Program Files\SpyMaxx(2)\config.dat
C:\Program Files\SpyMaxx(2)\filesbase.bin
C:\Program Files\SpyMaxx(2)\global_virus_table.bin
C:\Program Files\SpyMaxx(2)\ignoredomainsbase.bin
C:\Program Files\SpyMaxx(2)\ignorefilesbase.bin
C:\Program Files\SpyMaxx(2)\ignoreregsbase.bin
C:\Program Files\SpyMaxx(2)\regbase.bin
C:\Program Files\SpyMaxx(2)\stat.bin
C:\Program Files\SpyMaxx(2)\uninstall.log
C:\Program Files\SpyMaxx(2)\urlbase.bin
C:\Program Files\VideoAccess
C:\Program Files\VideoAccess\Uninstall.exe
C:\Program Files\Win-X-Defender
C:\Program Files\Win-X-Defender\Buy.url
C:\Program Files\Win-X-Defender\Help.url
C:\temp\vtmp2
C:\temp\vtmp2\ktnv33.log
C:\WINDOWS\b156.exe
C:\WINDOWS\BM4f23fbd2.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\Q3ludGhpYSBTYW1wc29u
C:\WINDOWS\Q3ludGhpYSBTYW1wc29u\ka5Rx31Dsm1nsqYTwZ6R.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\byXRlJyA.dll
C:\WINDOWS\system32\ddcYsqOH.dll
C:\WINDOWS\system32\dmvaxxbw.dll
C:\WINDOWS\system32\dqtngcig.dll
C:\WINDOWS\system32\enwtbnkd.dll
C:\WINDOWS\system32\fmjqeajq.exe
C:\WINDOWS\system32\g41.exe
C:\WINDOWS\system32\gdrqhklm.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\gtlbeqyp.ini
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\HOqsYcdd.ini
C:\WINDOWS\system32\HOqsYcdd.ini2
C:\WINDOWS\system32\ilonxdso.ini
C:\WINDOWS\system32\jjwnw64s.exe
C:\WINDOWS\system32\jvcvsclu.dll
C:\WINDOWS\system32\lnghhbrt.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\pinkip.ico
C:\WINDOWS\system32\ptipbhpf.dll
C:\WINDOWS\system32\spiyxyag.dll
C:\WINDOWS\system32\tcntkkdm.exe
C:\WINDOWS\system32\tfdvxhni.dll
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\system32\vntiho05\vntiho051080.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xEeOrtwa.ini
C:\WINDOWS\system32\xEeOrtwa.ini2
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 04:31 . 2008-06-04 04:33 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-04 04:31 . 2008-06-04 04:31 <DIR> d-------- C:\Program Files\AVG
2008-06-04 04:31 . 2008-06-04 04:31 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-06-04 04:31 . 2008-06-04 04:31 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-04 04:31 . 2008-06-04 04:31 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-04 04:31 . 2008-06-04 04:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-03 07:45 . 2008-06-03 07:45 114,688 --a------ C:\WINDOWS\system32\ksmvfhvy.dll
2008-06-03 07:44 . 2008-06-03 07:44 89,088 --a------ C:\WINDOWS\system32\pyqebltg.dll
2008-06-03 07:43 . 2008-06-03 07:43 103,424 --a------ C:\WINDOWS\system32\erqodfar.dll
2008-06-03 07:33 . 2008-06-03 07:33 294 --ahs---- C:\WINDOWS\system32\adiavfyf.ini
2008-06-03 07:30 . 2008-06-03 07:30 114,688 --a------ C:\WINDOWS\system32\rcidtkeo.dll
2008-05-29 08:41 . 2008-05-29 08:41 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-05-28 08:26 . 2008-05-28 08:26 <DIR> d-------- C:\Program Files\Gaia Online Toolbar
2008-05-27 18:49 . 2008-05-27 18:56 <DIR> d-------- C:\$AVG8.VAULT$
2008-05-26 20:08 . 2008-05-26 20:08 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-05-26 20:07 . 2008-05-28 08:26 <DIR> d-------- C:\Program Files\AVG(2)
2008-05-26 20:07 . 2008-05-28 08:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8(2)
2008-05-26 18:32 . 2008-05-26 18:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 12:29 . 2008-06-04 03:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-25 12:29 . 2008-05-25 12:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-25 11:16 . 2008-05-25 11:16 <DIR> d-------- C:\Program Files\Uniblue
2008-05-25 11:16 . 2008-05-25 11:16 <DIR> d-------- C:\Documents and Settings\Fan4Life\Application Data\Uniblue
2008-05-24 20:39 . 2008-05-28 08:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-24 20:39 . 2008-05-24 20:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-05-24 18:47 . 2008-05-28 08:27 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Yahoo!
2008-05-24 18:44 . 2008-06-04 04:41 <DIR> d-------- C:\WINDOWS\system32\vntiho05
2008-05-24 18:44 . 2008-05-24 18:44 <DIR> d-------- C:\WINDOWS\system32\igv
2008-05-24 18:44 . 2008-05-24 18:44 <DIR> d-------- C:\WINDOWS\system32\hI2
2008-05-24 18:44 . 2008-05-24 18:44 <DIR> d-------- C:\WINDOWS\system32\dvd2
2008-05-24 18:44 . 2008-05-24 18:44 <DIR> d-------- C:\WINDOWS\system32\at1
2008-05-24 18:44 . 2008-05-24 18:44 <DIR> d-------- C:\WINDOWS\system32\1064a
2008-05-24 18:44 . 2008-05-24 18:44 <DIR> d--hs---- C:\Documents and Settings\Jessica Vaughn\!
2008-05-24 18:44 . 2006-01-03 17:45 1,989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-05-24 18:44 . 2008-05-24 18:44 0 --a------ C:\WINDOWS\system32\taskkill.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 20:02 --------- d-----w C:\Program Files\LimeWire
2008-05-31 04:37 --------- d-----w C:\Documents and Settings\Jessica Vaughn\Application Data\LimeWire
2008-05-28 12:32 --------- d-----w C:\Program Files\iTunes
2008-05-28 12:31 --------- d-----w C:\Program Files\iPod
2008-05-27 23:28 --------- d-----w C:\Program Files\Yahoo! Games
2008-05-25 01:10 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-22 00:38 --------- d-----w C:\Documents and Settings\Fan4Life\Application Data\LimeWire
2008-05-08 04:14 --------- d-----w C:\Program Files\Apple Software Update
2008-05-08 04:07 --------- d-----w C:\Program Files\QuickTime
2008-05-06 02:51 --------- d-----w C:\Documents and Settings\Jessica Vaughn\Application Data\VideoEgg
2008-05-06 02:50 --------- d--h--r C:\Documents and Settings\Fan4Life\Application Data\yahoo!
2008-05-06 02:50 --------- d-----w C:\Program Files\TypingMaster
2008-05-06 02:50 --------- d-----w C:\Program Files\Safari
2008-05-06 02:50 --------- d-----w C:\Documents and Settings\Jessica Vaughn\Application Data\TypingMaster7
2008-05-06 02:49 --------- d--h--r C:\Documents and Settings\Jessica Vaughn\Application Data\yahoo!
2008-05-06 02:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2008-05-06 02:47 --------- d-----w C:\Program Files\BurgerIsland_at
2008-04-05 19:34 --------- d-----w C:\Program Files\InterActual
2007-03-31 20:40 218,599 ----a-w C:\Program Files\c.zip
2007-03-31 20:40 218,593 ----a-w C:\Program Files\a.zip
2007-03-31 20:40 217,699 ----a-w C:\Program Files\b.zip
2006-03-17 21:01 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-03_ 7.32.14.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 11:14:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 09:00:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 08:31:48 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5e73a2e-1401-46c8-91cd-c357baf84602}]
2008-06-03 07:45 114688 --a------ C:\WINDOWS\system32\ksmvfhvy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B3535C18-0E70-4D4B-B36B-BBFE139BB144}"= "C:\Program Files\Gaia Online Toolbar\Toolbar.dll" [2007-12-20 17:09 1404928]

[HKEY_CLASSES_ROOT\clsid\{b3535c18-0e70-4d4b-b36b-bbfe139bb144}]
[HKEY_CLASSES_ROOT\FCTB00108.FCTB00108.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00108.FCTB00108]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{B3535C18-0E70-4D4B-B36B-BBFE139BB144}"= C:\Program Files\Gaia Online Toolbar\Toolbar.dll [2007-12-20 17:09 1404928]

[HKEY_CLASSES_ROOT\clsid\{b3535c18-0e70-4d4b-b36b-bbfe139bb144}]
[HKEY_CLASSES_ROOT\FCTB00108.FCTB00108.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00108.FCTB00108]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~2.exe" [2007-08-30 17:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 05:05 122939]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 05:01 110592]
"SoundMan"="SOUNDMAN.EXE" [2007-04-05 23:48 577536 C:\WINDOWS\soundman.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~2\bar\4.bin\m3SrchMn.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-04 04:31 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

C:\Documents and Settings\Jessica Vaughn\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 15:21:09 147456]

C:\Documents and Settings\Crazed Fan Gurl\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 15:21:09 147456]

C:\Documents and Settings\Fan4Life\Start Menu\Programs\Startup\
Deewoo.lnk - C:\QooBox\Quarantine\C\WINDOWS\system32\tcntkkdm.exe.vir [2008-05-24 18:44:51 200768]
DW_Start.lnk - C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir [2008-06-03 07:19:27 49189]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Blubster\\Blubster.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-04 04:31]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-04 04:31]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-04 04:31]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-04 04:31]
S3 azt2320;Aztech 2320 Audio Driver (WDM);C:\WINDOWS\system32\drivers\aztw2320.sys [2001-08-17 16:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 15:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 05:03:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-06-04 5:14:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-04 09:14:20
ComboFix2.txt 2008-06-03 11:33:21

Pre-Run: 124,463,308,800 bytes free
Post-Run: 124,527,525,888 bytes free

362 --- E O F --- 2008-05-16 07:46:23

Here's the HJT one

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:04 AM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {20648fab-753c-dc19-8c64-1041e2a37e5e} - {e5e73a2e-1401-46c8-91cd-c357baf84602} - C:\WINDOWS\system32\ksmvfhvy.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Gaia Online Toolbar - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - C:\Program Files\Gaia Online Toolbar\Toolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\4.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~2.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\tcntkkdm.exe.vir
O4 - Startup: DW_Start.lnk = C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm088YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Fan4Life\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaon...ns/IDMFlash.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://vhost.oddcast...ostClientIE.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaste...View22RTEv4.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8667 bytes

#9
kahdah

Posted 04 June 2008 - 07:10 PM

GeekU Teacher

Retired Staff
15,822 posts

1. Please open Notepad

Click Start , then Run
type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

File::
C:\WINDOWS\system32\ksmvfhvy.dll
C:\WINDOWS\system32\pyqebltg.dll
C:\WINDOWS\system32\erqodfar.dll
C:\WINDOWS\system32\adiavfyf.ini
C:\WINDOWS\system32\rcidtkeo.dll
C:\WINDOWS\uninstall_nmon.vbs
C:\Documents and Settings\Fan4Life\Start Menu\Programs\Startup\Deewoo.lnk 
C:\Documents and Settings\Fan4Life\Start Menu\Programs\Startup\DW_Start.lnk
Folder::
C:\WINDOWS\system32\vntiho05
C:\WINDOWS\system32\igv
C:\WINDOWS\system32\hI2
C:\WINDOWS\system32\at1
C:\WINDOWS\system32\1064a
C:\Program Files\c.zip
C:\Program Files\a.zip
C:\Program Files\b.zip
Dirlook::
C:\WINDOWS\system32\dvd2
C:\Documents and Settings\Jessica Vaughn\!
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5e73a2e-1401-46c8-91cd-c357baf84602}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: