Completed the steps as indicated. Here are the logs:
ComboFix 08-12-20.05 - Abby 2008-12-21 13:20:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1487 [GMT -5:00]
Running from: c:\documents and settings\Abby\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Abby\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
c:\windows\Tasks\RegClean Scheduled Scan.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\dlldlletebx.dll
c:\windows\Tasks\RegClean Scheduled Scan.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XDVA143
-------\Legacy_XDVA190
-------\Service_hnrli
-------\Service_SCREAMINGBDRIVER
-------\Service_vrwan
-------\Service_XDva143
-------\Service_XDva190
((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.
2008-12-20 13:08 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-20 13:08 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-20 10:31 . 2008-12-20 10:31 <DIR> d-------- c:\program files\ERUNT
2008-12-19 20:07 . 2008-12-19 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-19 17:17 . 2007-07-04 18:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Gtek
2008-12-19 17:17 . 2008-12-19 17:17 <DIR> d-------- c:\documents and settings\Administrator
2008-12-19 16:36 . 2008-12-19 19:25 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2
2008-12-17 20:50 . 2008-12-21 10:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 16:47 . 2008-12-11 16:47 <DIR> d-------- c:\program files\DVDVIDEOSOFT
2008-12-08 18:12 . 2008-12-08 18:12 <DIR> d-------- c:\documents and settings\Abby\Application Data\Twain
2008-12-02 16:54 . 2008-12-02 16:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\SongbirdVLC
2008-12-02 16:54 . 2008-12-02 16:54 <DIR> d-------- c:\documents and settings\Abby\Application Data\Songbird2
2008-12-02 16:41 . 2008-12-02 16:44 <DIR> d-------- c:\program files\Album Cover Art Downloader
2008-12-02 16:41 . 2008-12-02 16:43 <DIR> d-------- c:\documents and settings\Abby\Application Data\albumart
2008-12-02 16:33 . 2008-12-02 16:34 <DIR> d-------- c:\program files\MediaMonkey
2008-12-02 16:15 . 2008-12-02 16:15 <DIR> d-------- c:\program files\iTunes Art Importer
2008-11-27 18:18 . 2008-11-27 18:18 269,824 --a------ c:\windows\system32\tobwev.dll
2008-11-23 20:04 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-23 20:04 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-23 20:03 . 2008-12-02 15:59 <DIR> d-------- c:\program files\iTunes
2008-11-23 20:03 . 2008-11-23 20:03 <DIR> d-------- c:\program files\iPod
2008-11-23 20:03 . 2008-11-23 20:03 <DIR> d-------- c:\program files\Bonjour
2008-11-23 20:03 . 2008-11-23 20:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 20:02 . 2008-11-23 20:02 <DIR> d-------- c:\program files\QuickTime
2008-11-23 20:01 . 2008-11-23 20:01 <DIR> d-------- c:\program files\Apple Software Update
2008-11-23 20:00 . 2008-11-23 20:00 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-23 20:00 . 2008-11-23 20:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-11-23 20:00 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2008-11-22 13:19 . 2008-11-22 13:19 <DIR> d--hs---- c:\documents and settings\Abby\PrivacIE
2008-11-22 13:12 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\ieencode.dll
2008-11-22 13:12 . 2007-08-13 18:45 78,336 --a--c--- c:\windows\system32\dllcache\ieencode.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 17:01 --------- d-----w c:\program files\Common
2008-12-20 15:06 --------- d-----w c:\program files\Trend Micro
2008-12-19 03:47 --------- d-----w c:\documents and settings\Abby\Application Data\BitTorrent
2008-12-19 02:58 11,592 ----a-w c:\documents and settings\Abby\Application Data\wklnhst.dat
2008-12-16 23:33 --------- d-----w c:\program files\Norton PC Checkup
2008-12-16 03:36 --------- d-----w c:\documents and settings\Abby\Application Data\gtk-2.0
2008-12-14 20:18 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-14 01:51 --------- d-----w c:\documents and settings\Abby\Application Data\Orbit
2008-11-30 17:13 --------- d-----w c:\program files\NCH Swift Sound
2008-11-30 17:13 --------- d-----w c:\program files\NCH Software
2008-11-25 03:28 --------- d-----w c:\program files\FrostWire
2008-11-24 01:03 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-22 16:07 --------- d-----w c:\program files\Java
2008-11-09 00:00 --------- d-----w c:\program files\DivX
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\SWiSHMax2WorkFolder
2008-03-04 19:32 94,602,871 ----a-w c:\program files\14601180EN.zip
2008-01-19 17:23 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-21_12.11.16.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 20:38:40 1,138,918 ----a-w c:\windows\system32\aspofop.dll
+ 2008-10-16 20:38:40 1,179,991 ----a-w c:\windows\system32\dllapijeerr.dll
+ 2008-10-16 20:38:40 1,233,925 ----a-w c:\windows\system32\errcrayerr.dll
+ 2008-10-16 20:38:40 1,528,181 ----a-w c:\windows\system32\ppfodo.dll
+ 2008-10-16 20:38:40 1,391,885 ----a-w c:\windows\system32\wiexexjm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Google Update"="c:\documents and settings\Abby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-22 133104]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-10 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-22 823362]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.D263"= xl_x263dec.dll
"VIDC.YV12"= xl_yv12.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
R1 nmconpid;nmconpid;c:\windows\system32\drivers\nmconpid.sys [2007-03-06 11625]
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2005-02-18 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-22 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-04-25 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2005-02-18 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-04-25 262215]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-08-12 24652]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2007-01-24 899884]
.
Contents of the 'Scheduled Tasks' folder
2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-12-21 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Abby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-22 13:32]
2008-12-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2008-12-16 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-16 18:33]
2008-12-20 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-16 18:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Abby\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Abby\Start Menu\Programs\IMVU\Run IMVU.lnk -
c:\windows\Downloaded Program Files\kxhcm10.ocx - O16 -: {2E28242B-A689-11D4-80F2-0040266CBB8D}
hxxp://blueroof.servehttp.com:83/kxhcm10.ocx
c:\windows\Downloaded Program Files\pcpzip.dll - c:\windows\Downloaded Program Files\sasres.dll
c:\windows\Downloaded Program Files\sasatl.dll
O16 -: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1}
hxxp://www.programchecker.com/dll/nixon.cab
c:\windows\Downloaded Program Files\nixoncab.inf
c:\windows\Downloaded Program Files\ipv6cam.ocx - c:\windows\Downloaded Program Files\AudioClient.ocx
O16 -: {B9940246-4344-4D1B-BD82-DBAF7E657FF9}
hxxp://blueroof.servehttp.com:85/SysCamInst.cab
c:\windows\Downloaded Program Files\install.inf
O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://85.235.16.148/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
c:\windows\Downloaded Program Files\pmjpegcam.ocx - c:\windows\Downloaded Program Files\pmjpegaudio.ocx
O16 -: {F3D4C08D-3616-43F0-9E29-44C749B0664B}
hxxp://193.138.213.169/JpegInst.cab
c:\windows\Downloaded Program Files\install.inf
FF - ProfilePath - c:\documents and settings\Abby\Application Data\Mozilla\Firefox\Profiles\9fphqd7y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-21 13:27:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Abby\LOCALS~1\Temp\BIT7.tmp 0 bytes
c:\windows\TEMP\TMP0000002A399CEF96B5B65D94 524288 bytes executable
c:\windows\system32\dllapijeerr.dll
c:\windows\system32\ppfodo.dll 1528181 bytes executable
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-12-21 13:36:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-21 18:34:49
ComboFix2.txt 2008-12-21 17:13:14
Pre-Run: 29,673,992,192 bytes free
Post-Run: 29,732,548,608 bytes free
242 --- E O F --- 2008-12-20 19:49:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:56 PM, on 12/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Abby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Abby\Desktop\Mmm\SB\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Abby\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Abby\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Abby\Desktop\Mmm\SB\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Abby\Desktop\Mmm\SB\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell....iler/SysPro.CABO16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) -
http://blueroof.serv...:83/kxhcm10.ocxO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx...owserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1169054080953O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (BL_Camera) -
http://druidphilip.v...m/bl_camera.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://203.81.32.125...sCamControl.ocxO16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) -
http://www.programch...m/dll/nixon.cabO16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) -
http://blueroof.serv.../SysCamInst.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) -
http://85.235.16.148/activex/AMC.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
http://www.driverage...driveragent.cabO16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) -
http://193.138.213.169/JpegInst.cabO16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) -
http://dlm.tools.aka...vex-2.2.3.4.cabO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10807 bytes
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 21, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 21, 2008 17:05:14
Records in database: 1496526
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 106607
Threat name: 6
Infected objects: 8
Suspicious objects: 1
Duration of the scan: 02:47:16
File name / Threat name / Threats count
C:\Program Files\Norton PC Checkup\executables\productScanner\downloader.vbs Suspicious: Trojan-Downloader.JS.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\10.tmp Infected: Backdoor.Win32.TDSS.blh 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\11.tmp Infected: Backdoor.Win32.TDSS.asz 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\12.tmp Infected: Backdoor.Win32.TDSS.atb 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\13.tmp Infected: Backdoor.Win32.TDSS.bkw 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp Infected: Backdoor.Win32.TDSS.asz 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp Infected: Backdoor.Win32.TDSS.atb 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\E.tmp Infected: Trojan.Win32.Agent.arvz 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\F.tmp Infected: Backdoor.Win32.TDSS.bkw 1
The selected area was scanned.