[botbry]

My computer has become a breeding ground for viruses and im tired of the random IE window opening and taking me to a website to purchase a product to remove their virus. and im also tired of any time that i open say "my Documents" that my AVG prompts me to remove 2 or 3 trojans. i have been clicking remove, but it still keeps on happening. i am sure that my system has more viruses than what i can see nested in it. So i decided to be more proactive and come here for assistance. Im not sure what all you guys need for starters to help me out but i will post my Hijack This results.

Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:25 AM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\AOL\1131383480\ee\aolsoftware.exe
c:\program files\common files\aol\1131383480\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1131383480\ee\aolsoftware.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8ED64A7D-8A76-47F0-81D1-7810D35D3CE4} - C:\WINDOWS\system32\dpvoic.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {B0AF8D8E-9485-4EBE-B7D9-E5F291EE5C92} - C:\WINDOWS\system32\yabyx.dll (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pumpeng.music...gmusicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193974951981
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: yabyx - C:\WINDOWS\system32\yabyx.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8872 bytes

[Advertisements]

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

[Rorschach112]

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

[botbry]

Ok I downloaded ComboFix and in their instructions it says "To install the Windows Recovery Console when you do not have the Windows XP CD, please follow these instructions:" So went to do that and it says that I need 6 Floppy disks, i do not have a floppy drive and my disc drive is broken. Should i download "WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe" is that what i need for the recovery console?

Edit:
Nevermind i was looking at the wrong thing!

Edit:
So from the ComboFix page i clicked on "How to install and use the Windows XP Recovery Console" but the 1st step for installing Windows Recovery Console is: "Insert the Windows XP CD into your CD-ROM drive" i dont have that disk...?

Edited by botbry, 07 May 2008 - 11:59 AM.

[Rorschach112]

Go ahead and run ComboFix then

Leave the Recovery Console

[botbry]

Ok i ran ComboFix. and here is the log:

ComboFix 08-05-01.3 - Owner 2008-05-07 14:35:51.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\hosts
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\Config.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Configurator\Configurator.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Free_Music\Free_MusicOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Manager\ManagerOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Ringtones\RingtonesOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Weather\AlertArchive.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Weather\WeatherOptions.xml
C:\WINDOWS\system32\config\systemprofile\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\WINDOWS\system32\dunybokh.ini
C:\WINDOWS\system32\enyvdvpl.ini
C:\WINDOWS\system32\iowktyuf.ini
C:\WINDOWS\system32\kbobsyoa.ini
C:\WINDOWS\system32\kebiktwe.ini
C:\WINDOWS\system32\lmgjvtcn.ini
C:\WINDOWS\system32\lxooaxwq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxeqqtcd.ini
C:\WINDOWS\system32\nttmqpfo.ini
C:\WINDOWS\system32\ojttohrf.ini
C:\WINDOWS\system32\otbsodue.ini
C:\WINDOWS\system32\pwhrstmf.ini
C:\WINDOWS\system32\srpupbeg.ini
C:\WINDOWS\system32\sxallijq.ini
C:\WINDOWS\system32\tpydbsro.ini
C:\WINDOWS\system32\tsknweit.ini
C:\WINDOWS\system32\uvwvumqh.ini
C:\WINDOWS\system32\vofhkgde.ini
C:\WINDOWS\system32\wadknbpd.ini
C:\WINDOWS\system32\xommsbxy.ini
C:\WINDOWS\system32\xybay.bak2
C:\WINDOWS\system32\xybay.ini
C:\WINDOWS\system32\xybay.ini2
C:\WINDOWS\system32\xybay.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-05 11:29 . 2008-05-05 11:30 <DIR> d-------- C:\Program Files\Panda Security
2008-05-04 14:17 . 2008-05-06 08:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-04 14:15 . 2008-05-04 14:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 13:50 . 2008-05-04 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-04 13:49 . 2008-05-04 13:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 13:49 . 2008-05-04 13:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-04 13:49 . 2008-05-04 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 02:18 . 2008-05-04 02:18 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-04 02:18 . 2008-05-04 02:18 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-04 02:16 . 2008-05-04 02:16 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-04 02:16 . 2008-05-04 02:16 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-03 19:40 . 2008-05-07 11:17 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-03 19:36 . 2008-05-07 11:20 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-03 19:36 . 2008-05-03 19:36 <DIR> d-------- C:\Program Files\AVG
2008-05-03 19:36 . 2008-05-03 19:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-05-03 19:36 . 2008-05-04 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-03 19:36 . 2008-05-03 19:36 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-03 19:36 . 2008-05-03 19:36 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-03 03:28 . 2008-05-03 03:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Samsung
2008-05-03 03:26 . 2008-05-03 03:26 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-05-03 03:26 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-05-03 03:26 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-05-03 03:26 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-05-03 03:26 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-05-03 03:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-05-03 03:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-05-03 03:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-05-03 03:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-05-03 03:25 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-03 03:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-03 03:24 . 2008-05-03 03:24 <DIR> d-------- C:\Program Files\Samsung
2008-04-27 01:22 . 2008-04-27 01:22 <DIR> d-------- C:\Program Files\Red Kawa
2008-04-16 11:38 . 2008-04-16 11:39 <DIR> d-------- C:\Program Files\iTunes
2008-04-16 11:35 . 2008-04-16 11:36 <DIR> d-------- C:\Program Files\QuickTime
2008-04-09 10:00 . 2008-04-09 10:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-09 09:40 . 2007-10-16 12:33 244,232 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-04-09 09:40 . 2007-10-16 12:33 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-04-09 09:34 . 2007-10-17 12:20 1,066,176 -ra------ C:\WINDOWS\system32\mscoe363.rra
2008-04-09 09:34 . 2007-10-17 12:20 24,576 -ra------ C:\WINDOWS\system32\BAZLib.dll
2008-04-09 09:28 . 2007-10-17 12:20 20,480 -ra------ C:\WINDOWS\system32\SysRestore.dll
2008-04-09 09:05 . 2008-04-10 07:22 <DIR> d-------- C:\Program Files\Ascentive
2008-04-09 09:05 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx
2008-04-09 09:05 . 2008-03-12 14:13 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-04-09 09:05 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 18:48 --------- d-----w C:\Program Files\SmartDraw 7
2008-05-04 18:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-04 06:39 --------- d-----w C:\Program Files\McAfee.com
2008-05-04 06:37 --------- d-----w C:\Program Files\McAfee
2008-05-04 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-04 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-04 05:27 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-04 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-03 07:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 15:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-27 05:22 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-16 15:38 --------- d-----w C:\Program Files\iPod
2008-04-16 15:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-03 05:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-02 17:56 --------- d-----w C:\Program Files\PopCap Games
2008-04-02 17:05 --------- d-----w C:\Program Files\Azureus
2008-03-31 22:40 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 18:02 --------- d-----w C:\Program Files\FT8D91
2008-03-16 01:51 --------- d-----w C:\Program Files\RCA
2008-03-14 06:33 --------- d-----w C:\Program Files\Project64 1.6
2008-03-07 13:24 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-05 06:16 98,048 ----a-w C:\WINDOWS\system32\dpvoic.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 17:40 691,545 ----a-w C:\WINDOWS\unins000.exe
2007-12-31 22:25 284 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-01-23 19:07 1,847,296 -c--a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ED64A7D-8A76-47F0-81D1-7810D35D3CE4}]
2008-03-05 02:16 98048 --a------ C:\WINDOWS\system32\dpvoic.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-04 02:18 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0AF8D8E-9485-4EBE-B7D9-E5F291EE5C92}]
C:\WINDOWS\system32\yabyx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-04 02:18 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-04 02:18 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"MSI Configuration"="msiconf.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-06 08:51 1481968]
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.exe" [2005-07-12 07:17 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 16:20 2061816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 02:17 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2007-01-14 23:33:37 1757]
HP Digital Imaging Monitor.lnk.disabled [2007-02-10 20:24:52 1808]
Kodak EasyShare software.lnk.disabled [2007-06-06 20:02:19 1837]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-06 08:51 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yabyx]
C:\WINDOWS\system32\yabyx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
--a------ 2007-01-25 17:34 8784 C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 15:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
--a--c--- 2006-07-28 11:43 460336 C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
C:\WINDOWS\system32\orsbdypt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-04-12 17:44 1187899 C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2006-07-28 11:43 116272 C:\Program Files\mcafee.com\antivirus\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
--a--c--- 2006-07-28 11:43 460336 C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
--a------ 2007-01-25 17:34 153168 C:\Program Files\Common Files\AOL\1131383480\ee\SSCRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"6338ca3e.exe"=C:\Documents and Settings\Owner\Local Settings\Application Data\6338ca3e.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"MSI Configuration"=msiconf.exe
"Performance Center"=C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EmailScan"=C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
"AOLSPScheduler"=C:\Program Files\Common Files\AOL\1131383480\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE
"OASClnt"=C:\Program Files\mcafee.com\antivirus\oasclnt.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
"hcsystray"=C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
"SearchIndexer"=rundll32.exe "C:\WINDOWS\system32\hqmuvwvu.dll",sitypnow
"NWEReboot"=
"ImgTask"=C:\WINDOWS\Imgtask.exe
"LyraUpdates"="C:\Program Files\RCA\Auto Updater\Auto Updater.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-04 02:18]
R0 ulvcsslx;ulvcsslx;C:\WINDOWS\system32\drivers\qxnudjns.dat []
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-03 19:36]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-04 02:17]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-04 02:17]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-04 02:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-04 02:18]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-04 02:16]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-04 02:16]
S3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-06-25 02:35]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-06-15 11:49]
S3 XBox;XBox Filter;C:\WINDOWS\system32\DRIVERS\XBox.sys [2007-06-25 02:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 20:19:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-04 10:04:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-05-02 13:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 14:51:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ulvcsslx]
"ImagePath"="system32\drivers\qxnudjns.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1131383480\EE\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\1131383480\EE\anotify.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-05-07 15:16:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 19:15:46

Pre-Run: 25,961,144,320 bytes free
Post-Run: 25,949,483,008 bytes free

332 --- E O F --- 2008-04-10 04:32:03

[Rorschach112]

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\system32\dpvoic.dll
C:\WINDOWS\system32\orsbdypt.dll
C:\Documents and Settings\Owner\Local Settings\Application Data\6338ca3e.exe
C:\WINDOWS\system32\hqmuvwvu.dll

Folder::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"6338ca3e.exe"=-
"MSI Configuration"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SearchIndexer"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03084d1-6658-11d9-8f0e-806d6172696f}]

Driver::
ulvcsslx

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[botbry]

ComboFix 08-05-01.3 - Owner 2008-05-07 15:35:06.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Owner\Local Settings\Application Data\6338ca3e.exe
C:\WINDOWS\system32\dpvoic.dll
C:\WINDOWS\system32\hqmuvwvu.dll
C:\WINDOWS\system32\orsbdypt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dpvoic.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ULVCSSLX
-------\Service_ulvcsslx


((((((((((((((((((((((((( Files Created from 2008-04-07 to 2008-05-07 )))))))))))))))))))))))))))))))
.

2008-05-07 15:50 . 2008-05-07 15:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-07 15:50 . 2008-05-07 15:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-07 15:33 . 2008-05-07 15:33 <DIR> d-------- C:\327882R2FWJFW
2008-05-05 11:29 . 2008-05-05 11:30 <DIR> d-------- C:\Program Files\Panda Security
2008-05-04 14:17 . 2008-05-06 08:51 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-04 14:15 . 2008-05-04 14:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-04 13:50 . 2008-05-04 13:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-05-04 13:49 . 2008-05-04 13:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-04 13:49 . 2008-05-04 13:49 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-04 13:49 . 2008-05-04 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 02:18 . 2008-05-04 02:18 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-04 02:18 . 2008-05-04 02:18 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-04 02:16 . 2008-05-04 02:16 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-04 02:16 . 2008-05-04 02:16 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-03 19:40 . 2008-05-07 11:17 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-03 19:36 . 2008-05-07 11:20 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-03 19:36 . 2008-05-03 19:36 <DIR> d-------- C:\Program Files\AVG
2008-05-03 19:36 . 2008-05-03 19:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-05-03 19:36 . 2008-05-04 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-03 19:36 . 2008-05-03 19:36 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-03 19:36 . 2008-05-03 19:36 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-03 03:28 . 2008-05-03 03:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Samsung
2008-05-03 03:26 . 2008-05-03 03:26 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-05-03 03:26 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-05-03 03:26 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-05-03 03:26 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-05-03 03:26 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-05-03 03:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-05-03 03:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-05-03 03:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-05-03 03:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-05-03 03:25 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-03 03:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-05-03 03:24 . 2008-05-03 03:24 <DIR> d-------- C:\Program Files\Samsung
2008-04-27 01:22 . 2008-04-27 01:22 <DIR> d-------- C:\Program Files\Red Kawa
2008-04-16 11:38 . 2008-04-16 11:39 <DIR> d-------- C:\Program Files\iTunes
2008-04-16 11:35 . 2008-04-16 11:36 <DIR> d-------- C:\Program Files\QuickTime
2008-04-09 10:00 . 2008-04-09 10:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-04-09 09:40 . 2007-10-16 12:33 244,232 --a------ C:\WINDOWS\system32\Msflxgrd.ocx
2008-04-09 09:40 . 2007-10-16 12:33 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-04-09 09:34 . 2007-10-17 12:20 1,066,176 -ra------ C:\WINDOWS\system32\mscoe363.rra
2008-04-09 09:34 . 2007-10-17 12:20 24,576 -ra------ C:\WINDOWS\system32\BAZLib.dll
2008-04-09 09:28 . 2007-10-17 12:20 20,480 -ra------ C:\WINDOWS\system32\SysRestore.dll
2008-04-09 09:05 . 2008-04-10 07:22 <DIR> d-------- C:\Program Files\Ascentive
2008-04-09 09:05 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx
2008-04-09 09:05 . 2008-03-12 14:13 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-04-09 09:05 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 18:48 --------- d-----w C:\Program Files\SmartDraw 7
2008-05-04 18:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-04 06:39 --------- d-----w C:\Program Files\McAfee.com
2008-05-04 06:37 --------- d-----w C:\Program Files\McAfee
2008-05-04 05:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-04 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-04 05:27 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-04 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-03 07:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 15:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-27 05:22 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-16 15:38 --------- d-----w C:\Program Files\iPod
2008-04-16 15:16 --------- d-----w C:\Program Files\Apple Software Update
2008-04-03 05:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-02 17:56 --------- d-----w C:\Program Files\PopCap Games
2008-04-02 17:05 --------- d-----w C:\Program Files\Azureus
2008-03-31 22:40 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 18:02 --------- d-----w C:\Program Files\FT8D91
2008-03-16 01:51 --------- d-----w C:\Program Files\RCA
2008-03-14 06:33 --------- d-----w C:\Program Files\Project64 1.6
2008-03-07 13:24 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-05 06:16 98,048 ----a-w C:\WINDOWS\system32\dpvoic.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 17:40 691,545 ----a-w C:\WINDOWS\unins000.exe
2007-12-31 22:25 284 -c--a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-01-23 19:07 1,847,296 -c--a-w C:\Program Files\mozilla firefox\plugins\Seadragon.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-07_15.14.45.30 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 18:48:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 19:45:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ED64A7D-8A76-47F0-81D1-7810D35D3CE4}]
2008-03-05 02:16 98048 --a------ C:\WINDOWS\system32\dpvoic.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-04 02:18 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0AF8D8E-9485-4EBE-B7D9-E5F291EE5C92}]
C:\WINDOWS\system32\yabyx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-04 02:18 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-04 02:18 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
"MSI Configuration"="msiconf.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-06 08:51 1481968]
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.exe" [2005-07-12 07:17 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 16:20 2061816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-04 02:17 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2007-01-14 23:33:37 1757]
HP Digital Imaging Monitor.lnk.disabled [2007-02-10 20:24:52 1808]
Kodak EasyShare software.lnk.disabled [2007-06-06 20:02:19 1837]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-06 08:51 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yabyx]
C:\WINDOWS\system32\yabyx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra--c--- 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
--a------ 2007-01-25 17:34 8784 C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 15:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
--a--c--- 2006-07-28 11:43 460336 C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-04-12 17:44 1187899 C:\Program Files\mcafee.com\personal firewall\MPfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2006-07-28 11:43 116272 C:\Program Files\mcafee.com\antivirus\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
--a--c--- 2006-07-28 11:43 460336 C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
--a------ 2007-01-25 17:34 153168 C:\Program Files\Common Files\AOL\1131383480\ee\SSCRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"Performance Center"=C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EmailScan"=C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
"AOLSPScheduler"=C:\Program Files\Common Files\AOL\1131383480\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE
"OASClnt"=C:\Program Files\mcafee.com\antivirus\oasclnt.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
"hcsystray"=C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
"NWEReboot"=
"ImgTask"=C:\WINDOWS\Imgtask.exe
"LyraUpdates"="C:\Program Files\RCA\Auto Updater\Auto Updater.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-04 02:18]
R0 ulvcsslx;ulvcsslx;C:\WINDOWS\system32\drivers\qxnudjns.dat []
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-03 19:36]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-04 02:17]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-04 02:17]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-04 02:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-04 02:18]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-04 02:16]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-04 02:16]
S3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-06-25 02:35]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-06-15 11:49]
S3 XBox;XBox Filter;C:\WINDOWS\system32\DRIVERS\XBox.sys [2007-06-25 02:36]

*Newly Created Service* - ULVCSSLX
.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 20:19:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-04 10:04:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-05-02 13:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 15:47:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ulvcsslx]
"ImagePath"="system32\drivers\qxnudjns.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1131383480\EE\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1131383480\EE\anotify.exe
C:\Program Files\America Online 9.0a\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-05-07 16:11:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 20:11:02
ComboFix2.txt 2008-05-07 19:16:24

Pre-Run: 25,923,493,888 bytes free
Post-Run: 25,908,752,384 bytes free

274 --- E O F --- 2008-04-10 04:32:03

[Rorschach112]

Hello

1. Please download The Avenger by Swandog46 to your Desktop.

• Click on Avenger.zip to open the file
• Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\dpvoic.dll

Drivers to delete:
ulvcsslx

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Script file to execute" choose "Input Script Manually".
• Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
• Paste the text copied to clipboard into this window by pressing (Ctrl+V).
• Click Done
• Now click on the Green Light to begin execution of the script
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply



Then run ComboFix again and post the log

[botbry]

Here is the avenger log:

oh and after the computer rebooted it gave me message that read"Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c"
then it gave me option to "cancel" "rety" or "continue" i pressed continue a couple time but it just poped up again and again. so i pressed cancel.

here is the log. i will post the HJT log once i run it quick.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\dpvoic.dll" deleted successfully.
Driver "ulvcsslx" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[botbry]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:58 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\AOL\1131383480\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\program files\common files\aol\1131383480\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1131383480\ee\aolsoftware.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8ED64A7D-8A76-47F0-81D1-7810D35D3CE4} - C:\WINDOWS\system32\dpvoic.dll (file missing)
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {B0AF8D8E-9485-4EBE-B7D9-E5F291EE5C92} - C:\WINDOWS\system32\yabyx.dll (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pumpeng.music...gmusicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193974951981
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: yabyx - C:\WINDOWS\system32\yabyx.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8904 bytes

[Rorschach112]

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {8ED64A7D-8A76-47F0-81D1-7810D35D3CE4} - C:\WINDOWS\system32\dpvoic.dll (file missing)
O2 - BHO: (no name) - {B0AF8D8E-9485-4EBE-B7D9-E5F291EE5C92} - C:\WINDOWS\system32\yabyx.dll (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O20 - Winlogon Notify: yabyx - C:\WINDOWS\system32\yabyx.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Reboot and do this


Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[botbry]

I went to run DSS and right after i finished "Backing-up Registry Hives" Window would give me the standard Error window. i have tried this multiple time and got the same result. I have disabled my Internet security and have rebooted the machine, nothing but the same demise. i am going to continue onto Kaspersky Online Scanner.

EDIT:
I have gone to the Kaspersky Online Scanner page, i click accept and wait and wait and wait but nothing happens?

EDIT:
I fixed it. i had to be using IE

Edited by botbry, 07 May 2008 - 11:49 PM.

[Rorschach112]

Ok post a new HijackThis log with the Kaspersky log

[botbry]

I apoligize for the delay, I was busy with work. here are the logs.

KOS Log:

Thursday, May 08, 2008 4:42:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/05/2008
Kaspersky Anti-Virus database records: 745909


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 115530
Number of viruses found 8
Number of infected objects 17
Number of suspicious objects 4
Duration of the scan process 02:27:05

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\idb\SNMaster.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\idb\tay968\MyDB.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\idb\tay968\toolbar.lst Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\organize\CACHE\tay900 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\organize\tay968 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\organize\tay968.abi Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\organize\tay968.aby Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\BFTS\BFTSDatabase.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Antispam\scoffset.bin.incr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.1 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgfw8u.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\avg8\Log\commonpub.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu2000382.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject3.zip/imsmain.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject3.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0a\IDB\Apps.Lst Object is locked skipped

C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0a\IDB\art.idx Object is locked skipped

C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0a\IDB\sap.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0a\IDB\spool.lst Object is locked skipped

C:\Documents and Settings\Owner\Application Data\AOL\C_America Online 9.0a\IDB\sysnews.lst Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\cert8.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\cookies.txt Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\fastdial\fastdial.sqlite Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\history.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\key3.db Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\parent.lock Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-7-2008( 23-5-17 ).LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Verizon\VSP\client_gateway.log Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt Object is locked skipped

C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt Object is locked skipped

C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt Object is locked skipped

C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt Object is locked skipped

C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt Object is locked skipped

C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt Object is locked skipped

C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\52cvjk7q.default\XUL.mfl Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\tbeooixi.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\My Documents\Bryant's\Misc\Setups\Download_mbam-setup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped

C:\Documents and Settings\Owner\My Documents\Bryant's\Misc\Setups\vtp4.zip/Vista Transformation Pack 4.0.exe/WISE0034.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\Documents and Settings\Owner\My Documents\Bryant's\Misc\Setups\vtp4.zip/Vista Transformation Pack 4.0.exe/WISE0159.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\Documents and Settings\Owner\My Documents\Bryant's\Misc\Setups\vtp4.zip/Vista Transformation Pack 4.0.exe/WISE0159.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\Documents and Settings\Owner\My Documents\Bryant's\Misc\Setups\vtp4.zip/Vista Transformation Pack 4.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

C:\Documents and Settings\Owner\My Documents\Bryant's\Misc\Setups\vtp4.zip ZIP: infected - 4 skipped

C:\Documents and Settings\Owner\My Documents\limewire downloads\give it up kevin aviance.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\Downloads\ApacheAirAssault_Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\Downloads\LuftwaffeSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\Program Files\CA\PPRT\logs\2008-05-07.csv Object is locked skipped

C:\QooBox\Quarantine\catchme2008-05-07_154214.10.zip/dpvoic.dll Infected: Rootkit.Win32.Podnuha.by skipped

C:\QooBox\Quarantine\catchme2008-05-07_154214.10.zip ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP716\A0129384.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP803\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\S8A7177C2.tmp Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\dpvoic.6 Infected: Trojan.Win32.Pakes.cdw skipped

C:\WINDOWS\system32\dpvoic.7 Infected: Trojan.Win32.Pakes.cdw skipped

C:\WINDOWS\system32\dpvoic.8 Infected: Trojan.Win32.Pakes.cdw skipped

C:\WINDOWS\system32\dpvoic.9 Infected: Trojan.Win32.Pakes.cdw skipped

C:\WINDOWS\system32\drivers\qxnudjns.dat Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\tbeooixi.dat Object is locked skipped

C:\WINDOWS\system32\drivers\tbeooixi.sys Infected: Trojan.Win32.BHO.gy skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:52 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1131383480\ee\aolsoftware.exe
c:\program files\common files\aol\1131383480\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1131383480\ee\aolsoftware.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131383480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pumpeng.music...gmusicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193974951981
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1131383480\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8432 bytes

[Rorschach112]

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\Documents and Settings\Owner\My Documents\limewire downloads\give it up kevin aviance.mp3
C:\Downloads\ApacheAirAssault_Setup-dm[1].exe
C:\Downloads\LuftwaffeSetup-dm[1].exe
C:\WINDOWS\system32\dpvoic.6
C:\WINDOWS\system32\dpvoic.7
C:\WINDOWS\system32\dpvoic.8
C:\WINDOWS\system32\dpvoic.9
C:\WINDOWS\system32\drivers\qxnudjns.dat
C:\WINDOWS\system32\drivers\tbeooixi.sys

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Also tell me how your PC is running