Inactive Malware problem

[Inactive] Malware problem

I have a Malware problem.
I have scanned using AVG (done regularly and at safe startup) and Ad-Aware
They both come up with Vundo and Trojan Horse SHEUR2.nzz.
They delete it daily but it is still there.
Symptoms are the warning and eventual shutdown
Generic Host Process for Win32 Services and DCOM server Process Launcher Terminated.
Start up takes several tries to finally complete.
I have WinPatrol saying that a few Win32 dll things are trying to place themselves at start up.
Windows Firewall is shut off upon start up and requires to be turned on manually.
Here is the results of the mirror reports:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Shelley at 14:14:32.35 on Tue 02/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1214 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\PROGRAM FILES\DELL\MEDIA EXPERIENCE\DMXLAUNCHER.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Shelley\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070507
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {0c2d610c-439a-460f-951c-bdc7f372b3ec} - c:\windows\system32\jkkLCtrR.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\pmnNhhFU.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
dRun: [msiexec.exe] msiconf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdback~1.lnk - c:\program files\my book\wd backup\uBBMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &Search - ?p=ZKfox000
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} - hxxps://vmodlms.widerthanam.com/component/VZWDLManager.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_8.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: hgGyvTLE - hgGyvTLE.dll
Notify: pmnNhhFU - pmnNhhFU.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: Patorsel - {9E67368D-FD8E-4F78-A1A5-0EC90FBADACF} - c:\windows\system32\vbatubit.dll
SEH: {827D3881-317C-442A-B4ED-F576CBA700BB} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\pmnNhhFU.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\jkkLCtrR

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shelley\applic~1\mozilla\firefox\profiles\0jez0eec.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\shelley\application data\mozilla\firefox\profiles\0jez0eec.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {A5FEF159-C7DD-4E21-A38F-AC878B103A95} - c:\documents and settings\shelley\local settings\application data\{A5FEF159-C7DD-4E21-A38F-AC878B103A95}
FF - HiddenExtension: XUL Cache: {015CD120-2C78-4532-8D23-FD80F5561588} - c:\windows\system32\config\systemprofile\local settings\application data\{015cd120-2c78-4532-8d23-fd80f5561588}\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-26 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-6-2 27656]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-10-21 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-21 394952]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-26 298264]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-2-1 598856]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-7 29744]

=============== Created Last 30 ================

2009-02-03 14:01 129,024 a------- c:\windows\system32\auythd.dll
2009-02-03 14:01 129,024 a------- c:\windows\system32\awtrOeEV.dll
2009-02-03 12:11 129,024 a------- c:\windows\system32\vtUnlIBu.dll
2009-02-03 11:30 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-03 11:28 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-03 11:28 <DIR> --d----- C:\e44c318f87b1c7da5ae5e6882f
2009-02-03 11:28 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-03 11:28 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-03 11:28 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-03 11:28 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-03 11:28 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-03 11:28 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-03 11:13 <DIR> --d----- c:\docume~1\shelley\applic~1\Windows Desktop Search
2009-02-03 11:12 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-02-03 11:12 192,000 -------- c:\windows\system32\dllcache\offfilt.dll
2009-02-03 11:12 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll
2009-02-03 11:12 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll
2009-02-03 11:10 129,024 a------- c:\windows\system32\ozuffx.dll
2009-02-03 11:10 129,024 a------- c:\windows\system32\geBsspNe.dll
2009-02-03 11:05 35,328 a------- c:\windows\system32\pmnNhhFU.dll
2009-02-03 11:05 45,568 -------- c:\windows\system32\clickfile.exe
2009-02-01 21:37 <DIR> --d----- c:\docume~1\shelley\applic~1\Webroot
2009-02-01 21:37 <DIR> --d----- c:\program files\common files\Webroot Shared
2009-02-01 21:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Webroot
2009-01-29 07:34 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-26 13:54 350,720 a------- c:\windows\system32\ipvofdec.dll
2009-01-26 13:30 <DIR> --d-h--- c:\program files\CCleaner
2009-01-26 11:21 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-26 11:21 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-26 11:21 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-26 11:21 <DIR> --d----- c:\docume~1\shelley\applic~1\AVGTOOLBAR
2009-01-26 11:21 <DIR> --d-h--- c:\program files\AVG
2009-01-26 11:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-21 08:56 20 a--sh--- C:\ArcDeviceInfo
2009-01-21 08:56 <DIR> --d----- c:\program files\My Book
2009-01-21 08:55 <DIR> --d----- c:\program files\Western Digital Technologies
2009-01-21 08:34 364,544 a------- c:\windows\system32\WDBtnMgr.exe
2009-01-07 05:52 1,342,917 ---sh--- c:\windows\system32\nquffnpx.ini
2009-01-06 05:49 1,321,661 ---sh--- c:\windows\system32\gbitxqif.ini
2009-01-05 00:07 1,307,356 ---sh--- c:\windows\system32\ltxqbpid.ini
2009-01-04 21:04 143 a------- c:\windows\system32\mcrh.tmp
2009-01-04 18:45 1,307,356 ---sh--- c:\windows\system32\twwjbnsn.ini

==================== Find3M ====================

2009-01-07 08:40 715,922 a--sh--- c:\windows\system32\RrtCLkkj.ini2
2008-12-26 17:05 112,869,408 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-16 16:05 1,115,588 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-12 22:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 02:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-08-05 21:28 666 a------- c:\docume~1\shelley\applic~1\wklnhst.dat
2007-06-21 08:10 56,912 a------- c:\documents and settings\shelley\g2mdlhlpx.exe
2008-10-16 06:17 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101620081017\index.dat

============= FINISH: 14:15:43.60 ===============

Here is the "attach" report:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/21/2007 9:03:36 PM
System Uptime: 2/3/2009 1:55:26 PM (1 hours ago)

Motherboard: Dell Inc | |
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket M2 | 2104/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 230 GiB total, 194.987 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP460: 1/6/2009 2:10:31 PM - Software Distribution Service 3.0
RP461: 1/6/2009 2:10:32 PM - Installed Wizard101
RP462: 1/6/2009 2:10:32 PM - System Checkpoint
RP463: 1/6/2009 2:10:33 PM - Software Distribution Service 3.0
RP464: 1/6/2009 2:10:33 PM - System Checkpoint
RP465: 1/6/2009 2:10:33 PM - System Checkpoint
RP466: 1/6/2009 2:10:33 PM - Software Distribution Service 3.0
RP467: 1/6/2009 2:10:34 PM - Installed Wizard101
RP468: 1/6/2009 2:10:34 PM - Software Distribution Service 3.0
RP469: 1/6/2009 2:10:34 PM - System Checkpoint
RP470: 1/6/2009 2:10:34 PM - System Checkpoint
RP471: 1/6/2009 2:10:34 PM - System Checkpoint
RP472: 1/6/2009 2:10:35 PM - Software Distribution Service 3.0
RP473: 1/6/2009 2:10:39 PM - Software Distribution Service 3.0
RP474: 1/6/2009 2:10:39 PM - Software Distribution Service 3.0
RP475: 1/6/2009 2:10:39 PM - System Checkpoint
RP476: 1/6/2009 2:10:39 PM - Software Distribution Service 3.0
RP477: 1/6/2009 2:10:39 PM - System Checkpoint
RP478: 1/6/2009 2:10:39 PM - System Checkpoint
RP479: 1/6/2009 2:10:40 PM - System Checkpoint
RP480: 1/6/2009 2:10:40 PM - System Checkpoint
RP481: 1/6/2009 2:10:40 PM - Software Distribution Service 3.0
RP482: 1/6/2009 2:10:40 PM - Software Distribution Service 3.0
RP483: 1/6/2009 2:10:40 PM - System Checkpoint
RP484: 1/6/2009 2:10:40 PM - System Checkpoint
RP485: 1/6/2009 2:10:41 PM - System Checkpoint
RP486: 1/6/2009 2:10:41 PM - Software Distribution Service 3.0
RP487: 1/6/2009 2:10:41 PM - Software Distribution Service 3.0
RP488: 1/6/2009 2:10:41 PM - System Checkpoint
RP489: 1/6/2009 2:10:41 PM - System Checkpoint
RP490: 1/6/2009 2:10:41 PM - System Checkpoint
RP491: 1/6/2009 2:10:42 PM - System Checkpoint
RP492: 1/6/2009 2:10:42 PM - Software Distribution Service 3.0
RP493: 1/6/2009 2:10:42 PM - System Checkpoint
RP494: 1/6/2009 2:10:42 PM - System Checkpoint
RP495: 1/6/2009 2:10:42 PM - Software Distribution Service 3.0
RP496: 1/6/2009 2:10:42 PM - System Checkpoint
RP497: 1/6/2009 2:10:42 PM - System Checkpoint
RP498: 1/6/2009 2:10:42 PM - System Checkpoint
RP499: 1/6/2009 2:10:42 PM - System Checkpoint
RP500: 1/6/2009 2:10:42 PM - System Checkpoint
RP501: 1/6/2009 2:10:43 PM - Software Distribution Service 3.0
RP502: 1/6/2009 2:10:43 PM - Software Distribution Service 3.0
RP503: 1/6/2009 2:10:43 PM - System Checkpoint
RP504: 1/6/2009 2:10:43 PM - Shockwave Player
RP505: 1/6/2009 2:10:43 PM - Software Distribution Service 3.0
RP506: 1/6/2009 2:10:43 PM - System Checkpoint
RP507: 1/6/2009 2:10:43 PM - Software Distribution Service 3.0
RP508: 1/6/2009 2:10:43 PM - System Checkpoint
RP509: 1/6/2009 2:10:44 PM - Installed Microsoft ActiveSync
RP510: 1/6/2009 2:10:44 PM - System Checkpoint
RP511: 1/6/2009 2:10:45 PM - Software Distribution Service 3.0
RP512: 1/6/2009 2:10:45 PM - Software Distribution Service 3.0
RP513: 1/6/2009 2:10:45 PM - Software Distribution Service 3.0
RP514: 1/6/2009 2:10:46 PM - System Checkpoint
RP515: 1/6/2009 2:10:46 PM - System Checkpoint
RP516: 1/6/2009 2:10:47 PM - System Checkpoint
RP517: 1/6/2009 2:10:47 PM - Software Distribution Service 3.0
RP518: 1/6/2009 2:10:48 PM - System Checkpoint
RP519: 1/6/2009 2:10:48 PM - System Checkpoint
RP520: 1/6/2009 2:10:49 PM - Software Distribution Service 3.0
RP521: 1/6/2009 2:10:49 PM - System Checkpoint
RP522: 1/6/2009 2:10:49 PM - System Checkpoint
RP523: 1/6/2009 2:10:49 PM - Software Distribution Service 3.0
RP524: 1/6/2009 2:10:49 PM - System Checkpoint
RP525: 1/6/2009 2:10:50 PM - Software Distribution Service 3.0
RP526: 1/6/2009 2:10:50 PM - Removed Zen MicroPhoto Media Explorer
RP527: 1/6/2009 2:10:50 PM - Removed Creative Audio CD Ripper (Unicode)
RP528: 1/6/2009 2:10:50 PM - Removed Creative Import Wizard (Unicode)
RP529: 1/6/2009 2:10:50 PM - Removed Creative Media Toolbox
RP530: 1/6/2009 2:10:50 PM - Removed Creative Auto Tag Cleaner
RP531: 1/6/2009 2:10:50 PM - Removed Creative Zen MicroPhoto
RP532: 1/6/2009 2:10:50 PM - Software Distribution Service 3.0
RP533: 1/6/2009 2:10:51 PM - Installed Ad-Aware
RP534: 1/6/2009 2:10:51 PM - System Checkpoint
RP535: 1/6/2009 2:10:51 PM - System Checkpoint
RP536: 1/6/2009 2:10:51 PM - System Checkpoint
RP537: 1/6/2009 2:10:51 PM - Software Distribution Service 3.0
RP538: 1/6/2009 2:10:51 PM - System Checkpoint
RP539: 1/6/2009 2:10:52 PM - Software Distribution Service 3.0
RP540: 1/6/2009 2:10:52 PM - Software Distribution Service 3.0
RP541: 1/6/2009 2:10:52 PM - System Checkpoint
RP542: 1/6/2009 2:10:52 PM - System Checkpoint
RP543: 1/6/2009 2:10:52 PM - System Checkpoint
RP544: 1/6/2009 2:10:52 PM - System Checkpoint
RP545: 1/6/2009 2:10:53 PM - Software Distribution Service 3.0
RP546: 1/6/2009 2:10:53 PM - System Checkpoint
RP547: 1/6/2009 2:10:53 PM - System Checkpoint
RP548: 1/6/2009 2:10:53 PM - Software Distribution Service 3.0
RP549: 1/6/2009 2:10:53 PM - Software Distribution Service 3.0
RP550: 1/6/2009 2:10:54 PM - System Checkpoint
RP551: 1/21/2009 8:56:07 AM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player 11
AOLIcon
AVG Free 8.0
Broadcom Management Programs
BufferChm
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
CP_PLSBusinessFlyers
Creative MediaSource
Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin
Creative Music Store Plugin
Creative Removable Disk Manager
Creative System Information
CreativeProjects
Dell CinePlayer
Dell Support 3.2.1
Dell System Restore
Destinations
Digital Line Detect
Director
DocProc
Documentation & Support Launcher
DocumentViewer
Games, Music, & Photos Launcher
Google Desktop
Google Earth
Google Updater
GoToMeeting/GoToWebinar 3.0.0.198
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Color LaserJet 2820/2830/2840 1.0
HP Image Zone 4.7
HP Software Update
hppCLJ2800
hppDustDevil
hppFaxDrv
hppFonts
hppIOFiles
hppManuals2800
hppscan2800
hppScanTo
hppSendFax
hppTooCool
HPSystemDiagnostics
InstantShare
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
LG USB Drivers
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NetWaiting
NVIDIA Drivers
PhotoGallery
QFolder
QuickBooks Pro 2008
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
SearchAssist
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SkinsHP1
Sonic Activation Module
Sonic Update Manager
SpywareBlaster 4.1
SupportSoft Assisted Service
TrayApp
Unload
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
URL Assistant
V CAST Music
Viewpoint Media Player
WD Backup
WD Diagnostics
WD Firewire HID Driver
WebFldrs XP
WebReg
Window Washer
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPatrol 2008
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZoneAlarm

==== Event Viewer Messages From Past Week ========

2/2/2009 9:44:45 PM, error: DCOM [10009] - DCOM was unable to communicate with the computer M521 using any of the configured protocols.
2/2/2009 6:36:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
2/2/2009 2:03:54 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer M521 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D058D42-6AD9-44FB-8D12. The master browser is stopping or an election is being forced.
2/2/2009 9:01:40 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
2/2/2009 7:23:13 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
2/2/2009 7:23:13 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
2/1/2009 1:27:35 PM, error: System Error [1003] - Error code 0000004e, parameter1 00000099, parameter2 000a0de9, parameter3 00000000, parameter4 00000000.
2/1/2009 10:46:39 AM, error: System Error [1003] - Error code 1000000a, parameter1 4288177c, parameter2 00000002, parameter3 00000000, parameter4 804f45aa.
2/3/2009 12:48:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
2/3/2009 12:48:35 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/3/2009 1:16:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/3/2009 1:16:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/3/2009 1:17:42 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/3/2009 1:17:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/3/2009 1:17:42 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/3/2009 1:17:42 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
2/3/2009 1:17:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/3/2009 1:17:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 Fips IPSec KLIF MRxSmb NetBIOS NetBT nvatabus nvraid Processor RasAcd Rdbss Tcpip vsdatant
2/3/2009 1:56:54 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

==== End Of File ===========================


PLEASE HELP!

Thank you.

 

Have you tried using Malware Bytes?

http://www.malwarebytes.org/mbam.php

I contracted something a few months ago (I beleive it was the Vundo trojan horse virus) and AVG wouldn't get rid of it. Malware bytes couldn't get rid of it either in normal mode. However the trick was to reboot in safe mode with networking enabled.

Then download the update and run Malwarebytes in safe mode.

To be on the safe side I also ran Ccleaner to get rid of anything in the temporary directories. Then ran Windows Disk Cleanup with everything selected just as a secondary measure.

http://www.ccleaner.com/download

I'd run Ccleaner and Disk cleanup prior to running Malware bytes just in case the virus is embedded in one of the temporary directories.

 

I already had used Malware Bytes.

It did find the trojans and Malware and supposedly delete it.

Since then Ad-Aware doesn't show anything on a scan,

however,

AVG system shield pops up now showing a list of the Vundo problems....I go thru and delete each one. This has never happened before.

I will wait to hear from an analysist.

Thanks for the help.

 

Hi mattco
Sorry for the delay.

Please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Thanks
Geri

 

Thank you for your help.

I haven't had any obvious problems since running Malwarebytes.

Here is the log as you requested from combofix.

ComboFix 09-02-08.02 - Shelley 2009-02-10 9:45:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1355 [GMT -8:00]
Running from: c:\documents and settings\Shelley\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\bszip.dll
c:\windows\system32\gbitxqif.ini
c:\windows\system32\ltxqbpid.ini
c:\windows\system32\nquffnpx.ini
c:\windows\system32\phcrjbay.ini
c:\windows\system32\RrtCLkkj.ini
c:\windows\system32\RrtCLkkj.ini2
c:\windows\system32\twwjbnsn.ini
c:\windows\system32\vasgjgnn.ini
c:\windows\system32\vsknikau.ini

----- BITS: Possible infected sites -----

hxxp://3.gvt0.com
hxxp://0.gvt0.com
hxxp://1.gvt0.com
hxxp://higherheel.blogspot.com
hxxp://1.bp.blogspot.com
hxxp://3.bp.blogspot.com
hxxp://4.bp.blogspot.com
hxxp://2.bp.blogspot.com
hxxp://bp1.blogger.com
hxxp://bp3.blogger.com
hxxp://bp0.blogger.com
hxxp://www.e-junkie.com
hxxp://bp2.blogger.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-04 11:44 . 2009-02-04 11:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-04 11:00 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-02-04 09:09 . 2009-02-04 09:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 09:09 . 2009-02-04 09:09 <DIR> d-------- c:\documents and settings\Shelley\Application Data\Malwarebytes
2009-02-04 09:09 . 2009-02-04 09:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-04 09:09 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 09:09 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-03 14:20 . 2009-02-03 14:20 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 13:16 . 2007-05-07 14:50 <DIR> d--h----- c:\documents and settings\Administrator\Application Data\Gtek
2009-02-03 13:16 . 2009-02-03 13:17 <DIR> d-------- c:\documents and settings\Administrator
2009-02-03 11:30 . 2009-02-03 11:30 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-03 11:29 . 2009-02-03 11:29 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-03 11:29 . 2009-02-03 11:29 <DIR> d-------- c:\program files\MSBuild
2009-02-03 11:28 . 2009-02-03 11:29 <DIR> d-------- C:\e44c318f87b1c7da5ae5e6882f
2009-02-03 11:28 . 2008-07-06 04:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-03 11:28 . 2008-07-06 04:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-03 11:28 . 2008-07-06 02:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-03 11:28 . 2008-07-06 04:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-03 11:28 . 2008-07-06 04:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-03 11:28 . 2008-07-06 04:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-03 11:28 . 2008-07-06 04:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-03 11:12 . 2009-02-03 11:12 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-02-03 11:12 . 2008-03-07 09:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2009-02-03 11:12 . 2008-03-07 09:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2009-02-03 11:12 . 2008-03-07 09:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2009-02-01 21:37 . 2009-02-01 21:37 <DIR> d-------- c:\program files\Common Files\Webroot Shared
2009-02-01 21:37 . 2009-02-01 21:37 <DIR> d-------- c:\documents and settings\Shelley\Application Data\Webroot
2009-02-01 21:37 . 2009-02-01 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2009-02-01 14:07 . 2009-02-01 14:07 <DIR> d-------- c:\windows\Symbols
2009-01-29 07:34 . 2009-02-10 00:08 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-26 13:54 . 2009-01-26 13:54 350,720 --a------ c:\windows\system32\ipvofdec.dll
2009-01-26 13:30 . 2009-01-26 13:30 <DIR> d--h----- c:\program files\CCleaner
2009-01-26 11:21 . 2009-02-10 08:37 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-26 11:21 . 2009-01-26 11:21 <DIR> d--h----- c:\program files\AVG
2009-01-26 11:21 . 2009-01-26 15:33 <DIR> d-------- c:\documents and settings\Shelley\Application Data\AVGTOOLBAR
2009-01-26 11:21 . 2009-02-04 07:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-26 11:21 . 2009-01-26 11:43 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-26 11:21 . 2009-01-26 11:43 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-21 08:56 . 2009-01-21 08:56 <DIR> d-------- c:\program files\My Book
2009-01-21 08:56 . 2009-01-21 08:56 <DIR> d-------- c:\documents and settings\Shelley\Application Data\ArcSoft
2009-01-21 08:56 . 2009-01-21 08:56 20 --ahs---- C:\ArcDeviceInfo
2009-01-21 08:55 . 2009-01-21 08:55 <DIR> d-------- c:\program files\Western Digital Technologies
2009-01-21 08:34 . 2009-01-21 08:55 364,544 --a------ c:\windows\system32\WDBtnMgr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 05:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-05 14:58 --------- d-----w c:\program files\Windows Desktop Search
2009-02-04 19:41 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-04 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 19:34 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-02-03 23:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-03 23:17 --------- d-----w c:\program files\SpywareBlaster
2009-02-02 18:05 --------- d-----w c:\program files\Yahoo!
2009-02-02 18:04 --------- d-----w c:\documents and settings\Shelley\Application Data\Yahoo!
2009-02-02 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-28 17:30 --------- d--h--w c:\program files\Citrix
2009-01-21 16:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 06:06 --------- d--h--w c:\program files\Common Files\Blizzard Entertainment
2008-12-27 20:44 --------- d-----w c:\documents and settings\Guest\Application Data\Yahoo!
2008-12-12 22:15 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-12 22:15 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-12 22:14 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-12 22:13 --------- d-----w c:\program files\Lavasoft
2008-12-12 22:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-12 21:43 --------- d-----w c:\program files\Creative
2008-12-12 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-06 05:28 666 ----a-w c:\documents and settings\Shelley\Application Data\wklnhst.dat
2007-06-21 16:10 56,912 ----a-w c:\documents and settings\Shelley\g2mdlhlpx.exe
2008-09-07 20:03 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-16 14:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101620081017\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Window Washer "= "c:\program files\Webroot\Washer\wwDisp.exe" [2007-10-03 1222984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-07 29744]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-26 1601304]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"TomcatStartup 2.5 "= "c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE" [2004-07-27 221184]
"WD Button Manager "= "WDBtnMgr.exe" [2009-01-21 c:\windows\system32\WDBtnMgr.exe]
"nwiz "= "nwiz.exe" [2006-08-23 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2009-01-21 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Patorsel "= {9E67368D-FD8E-4F78-A1A5-0EC90FBADACF} - c:\windows\system32\vbatubit.dll [2008-04-13 921600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-26 11:43 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Documents and Settings\\Shelley\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-26 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-26 298264]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2009-02-01 598856]
S0 kwxi;kwxi;c:\windows\system32\drivers\njgy.sys --> c:\windows\system32\drivers\njgy.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-05-07 29744]
.
Contents of the 'Scheduled Tasks' folder

2009-02-10 c:\windows\Tasks\pnqmzgts.job
- c:\windows\system32\jkkjIBSJ.dll []
.
- - - - ORPHANS REMOVED - - - -

BHO-{0C2D610C-439A-460F-951C-BDC7F372B3EC} - (no file)
HKU-Default-Run-msiexec.exe - msiconf.exe
ShellExecuteHooks-{827D3881-317C-442A-B4ED-F576CBA700BB} - (no file)
Notify-hgGyvTLE - hgGyvTLE.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search - ?p=ZKfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} - hxxps://vmodlms.widerthanam.com/component/VZWDLManager.cab
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_8.CAB
FF - ProfilePath - c:\documents and settings\Shelley\Application Data\Mozilla\Firefox\Profiles\0jez0eec.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Shelley\Application Data\Mozilla\Firefox\Profiles\0jez0eec.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 09:53:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\Dell\Media Experience\DMXLauncher.exe
c:\program files\HP\HP Software Update\hpwuSchd2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
.
**************************************************************************
.
Completion time: 2009-02-10 9:56:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-10 17:56:28

Pre-Run: 209,336,909,824 bytes free
Post-Run: 209,441,234,944 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

252 --- E O F --- 2009-02-02 15:23:38

 

Hi
Before we go any futher you need to close the thread you started here. Tell them you are receiving help at another forum.
http://forums.techguy.org/malware-removal-hijackthis-logs/797469-malware-problem-help.html

It is a waste of time for me or the helper that may help you there to have 2 people working on the same problem.

Let me know when that is done.

Geri

 

Geri,
I am afraid I don't understand specifically what you want me to do.
As far as I know I have only asked one question and opened up one thread.
You are the only person I can see that is helping me.
I have done nothing else but what I have been directed to do in this thread.
Who am I supposed to tell that I am recieving help at what forum?
Who else is working on the problem?
Thanks in advance for the clarifycation.

 

Hi
You posted at the techguy forum, If you click on the link I gave above, is that not you?

I know it hasn't been answered, but it would save anyone that may look over your log there from spending the time to go over it when it would not be needed.

Please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
**NOTE - Allow ComboFix to update if prompted.

Code:

File::
c:\windows\system32\drivers\njgy.sys
c:\windows\Tasks\pnqmzgts.job
c:\windows\system32\jkkjIBSJ.dll 
Driver::
kwxi 

Please post the Combofix log.

Thanks
Geri

 

I have stopped the thread at the other site, thanks.

Here is the log as you requested:

ComboFix 09-02-12.01 - Shelley 2009-02-12 9:47:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1185 [GMT -8:00]
Running from: c:\documents and settings\Shelley\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Shelley\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\njgy.sys
c:\windows\system32\jkkjIBSJ.dll
c:\windows\Tasks\pnqmzgts.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\pnqmzgts.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kwxi


((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))
.

2009-02-10 10:30 . 2009-02-10 10:30 <DIR> d-------- c:\documents and settings\Shelley\Tracing
2009-02-10 10:29 . 2009-02-10 10:29 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-10 10:29 . 2009-02-10 10:30 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector
2009-02-10 10:29 . 2009-02-10 10:29 <DIR> d-------- c:\program files\Microsoft
2009-02-10 10:28 . 2009-02-10 10:29 <DIR> d-------- c:\program files\Windows Live
2009-02-10 10:26 . 2009-02-10 10:26 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-10 10:06 . 2009-02-10 10:06 <DIR> d-------- c:\documents and settings\Shelley\Application Data\Windows Desktop Search
2009-02-10 10:05 . 2009-02-11 03:00 1,374 --a------ c:\windows\imsins.BAK
2009-02-04 11:44 . 2009-02-04 11:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-04 11:00 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-02-04 09:09 . 2009-02-04 09:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-04 09:09 . 2009-02-04 09:09 <DIR> d-------- c:\documents and settings\Shelley\Application Data\Malwarebytes
2009-02-04 09:09 . 2009-02-04 09:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-04 09:09 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-04 09:09 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-03 14:20 . 2009-02-03 14:20 <DIR> d-------- c:\program files\Trend Micro
2009-02-03 13:16 . 2007-05-07 14:50 <DIR> d--h----- c:\documents and settings\Administrator\Application Data\Gtek
2009-02-03 13:16 . 2009-02-03 13:17 <DIR> d-------- c:\documents and settings\Administrator
2009-02-03 11:30 . 2009-02-03 11:30 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-03 11:29 . 2009-02-03 11:29 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-03 11:29 . 2009-02-03 11:29 <DIR> d-------- c:\program files\MSBuild
2009-02-03 11:28 . 2009-02-03 11:29 <DIR> d-------- C:\e44c318f87b1c7da5ae5e6882f
2009-02-03 11:28 . 2008-07-06 04:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-03 11:28 . 2008-07-06 04:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-03 11:28 . 2008-07-06 02:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-03 11:28 . 2008-07-06 04:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-03 11:28 . 2008-07-06 04:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-03 11:28 . 2008-07-06 04:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-03 11:28 . 2008-07-06 04:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-03 11:12 . 2009-02-03 11:12 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-02-03 11:12 . 2008-03-07 09:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2009-02-03 11:12 . 2008-03-07 09:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2009-02-03 11:12 . 2008-03-07 09:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2009-02-01 21:37 . 2009-02-01 21:37 <DIR> d-------- c:\program files\Common Files\Webroot Shared
2009-02-01 21:37 . 2009-02-01 21:37 <DIR> d-------- c:\documents and settings\Shelley\Application Data\Webroot
2009-02-01 21:37 . 2009-02-01 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Webroot
2009-02-01 14:07 . 2009-02-01 14:07 <DIR> d-------- c:\windows\Symbols
2009-01-29 07:34 . 2009-02-12 00:06 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-26 13:54 . 2009-01-26 13:54 350,720 --a------ c:\windows\system32\ipvofdec.dll
2009-01-26 13:30 . 2009-01-26 13:30 <DIR> d--h----- c:\program files\CCleaner
2009-01-26 11:21 . 2009-02-12 08:49 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-26 11:21 . 2009-01-26 11:21 <DIR> d--h----- c:\program files\AVG
2009-01-26 11:21 . 2009-01-26 15:33 <DIR> d-------- c:\documents and settings\Shelley\Application Data\AVGTOOLBAR
2009-01-26 11:21 . 2009-02-04 07:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-26 11:21 . 2009-01-26 11:43 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-26 11:21 . 2009-01-26 11:43 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-21 08:56 . 2009-01-21 08:56 <DIR> d-------- c:\program files\My Book
2009-01-21 08:56 . 2009-01-21 08:56 <DIR> d-------- c:\documents and settings\Shelley\Application Data\ArcSoft
2009-01-21 08:56 . 2009-01-21 08:56 20 --ahs---- C:\ArcDeviceInfo
2009-01-21 08:55 . 2009-01-21 08:55 <DIR> d-------- c:\program files\Western Digital Technologies
2009-01-21 08:34 . 2009-01-21 08:55 364,544 --a------ c:\windows\system32\WDBtnMgr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 07:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-10 18:05 --------- d-----w c:\program files\Windows Desktop Search
2009-02-04 19:41 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-04 19:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-04 19:34 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-02-03 23:17 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-03 23:17 --------- d-----w c:\program files\SpywareBlaster
2009-02-02 18:05 --------- d-----w c:\program files\Yahoo!
2009-02-02 18:04 --------- d-----w c:\documents and settings\Shelley\Application Data\Yahoo!
2009-02-02 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-28 17:30 --------- d--h--w c:\program files\Citrix
2009-01-21 16:56 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 06:06 --------- d--h--w c:\program files\Common Files\Blizzard Entertainment
2008-12-27 20:44 --------- d-----w c:\documents and settings\Guest\Application Data\Yahoo!
2008-12-12 22:15 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-12 22:15 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-12 22:14 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-12 22:13 --------- d-----w c:\program files\Lavasoft
2008-12-12 22:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-12 21:43 --------- d-----w c:\program files\Creative
2008-12-12 21:43 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-08-06 05:28 666 ----a-w c:\documents and settings\Shelley\Application Data\wklnhst.dat
2007-06-21 16:10 56,912 ----a-w c:\documents and settings\Shelley\g2mdlhlpx.exe
2008-09-07 20:03 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-16 14:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101620081017\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-10_ 9.55.30.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2009-02-10 18:29:01 62,288 ----a-r c:\windows\Installer\{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}\IconWlc.exe
+ 2009-02-10 18:29:45 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-02-10 18:30:00 29,316 ----a-r c:\windows\Installer\{95120000-0120-0409-0000-0000000FF1CE}\olc_setup.exe
- 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-10-16 20:38:34 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 ------w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:38:35 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 23:15:13 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:38:35 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:38:37 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:38:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-17 05:35:14 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-10-16 20:38:39 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:38:39 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-04-14 00:11:56 169,088 ----a-w c:\windows\system32\exevudir32.dll
+ 2008-04-14 00:11:56 170,884 ----a-w c:\windows\system32\exevudir32.dll
- 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-17 05:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-05-27 06:17:44 34,816 ------w c:\windows\system32\msscb.dll
+ 2008-05-27 06:17:26 60,416 ------w c:\windows\system32\msscntrs.dll
+ 2008-05-27 06:17:38 11,776 ------w c:\windows\system32\msshooks.dll
+ 2008-05-27 06:18:34 231,936 ------w c:\windows\system32\msshsq.dll
+ 2008-05-27 06:17:26 87,552 ------w c:\windows\system32\mssitlb.dll
+ 2008-05-27 06:18:26 350,208 ------w c:\windows\system32\mssph.dll
+ 2008-05-27 06:18:56 203,776 ------w c:\windows\system32\mssphtb.dll
+ 2008-05-27 06:17:28 32,768 ------w c:\windows\system32\mssprxy.dll
+ 2008-05-27 06:21:26 1,418,240 ------w c:\windows\system32\mssrch.dll
+ 2008-05-27 06:18:42 44,032 ------w c:\windows\system32\msstrc.dll
- 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-05-27 06:19:36 273,408 ------w c:\windows\system32\oeph.dll
+ 2008-05-27 06:19:16 11,264 ------w c:\windows\system32\oephRes.dll
- 2009-02-04 20:43:31 72,576 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-10 18:05:36 79,630 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-04 20:43:31 445,370 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-10 18:05:36 466,414 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-05-27 06:18:08 71,680 ------w c:\windows\system32\propdefs.dll
+ 2008-05-27 06:17:48 754,176 ------w c:\windows\system32\propsys.dll
+ 2008-05-27 06:18:32 38,400 ------w c:\windows\system32\rtffilt.dll
+ 2008-05-27 06:17:56 87,552 ------w c:\windows\system32\searchfilterhost.exe
+ 2008-05-27 06:18:44 439,808 ------w c:\windows\system32\searchindexer.exe
+ 2008-05-27 06:18:18 184,832 ------w c:\windows\system32\searchprotocolhost.exe
+ 2008-12-03 06:37:20 49,480 ----a-w c:\windows\system32\sirenacm.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-05-27 06:17:30 301,568 ------w c:\windows\system32\srchadmin.dll
+ 2008-05-27 05:59:40 106,605 ------w c:\windows\system32\structuredqueryschema.bin
+ 2008-05-27 05:59:42 18,904 ------w c:\windows\system32\structuredqueryschematrivial.bin
+ 2008-05-27 06:21:08 1,582,592 ------w c:\windows\system32\tquery.dll
+ 2008-05-27 06:19:20 97,792 ------w c:\windows\system32\UncCplExt.dll
+ 2008-05-27 06:19:22 143,872 ------w c:\windows\system32\UncDMS.dll
+ 2008-05-27 06:19:28 108,032 ------w c:\windows\system32\UncNE.dll
+ 2008-05-27 06:19:28 131,072 ------w c:\windows\system32\UncPH.dll
+ 2008-05-27 06:19:26 2,048 ------w c:\windows\system32\UncRes.dll
- 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-05-27 06:18:34 56,320 ------w c:\windows\system32\xmlfilter.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Window Washer "= "c:\program files\Webroot\Washer\wwDisp.exe" [2007-10-03 1222984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-07 29744]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-26 1601304]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"TomcatStartup 2.5 "= "c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.EXE" [2004-07-27 221184]
"WD Button Manager "= "WDBtnMgr.exe" [2009-01-21 c:\windows\system32\WDBtnMgr.exe]
"nwiz "= "nwiz.exe" [2006-08-23 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2009-01-21 98304]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Patorsel "= {9E67368D-FD8E-4F78-A1A5-0EC90FBADACF} - c:\windows\system32\vbatubit.dll [2008-04-13 921600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-26 11:43 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Documents and Settings\\Shelley\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-26 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-26 298264]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2009-02-01 598856]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-05-07 29744]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search - ?p=ZKfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} - hxxps://vmodlms.widerthanam.com/component/VZWDLManager.cab
DPF: {8646A6AF-0AE4-4BF8-B716-DB1513803972} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_8.CAB
FF - ProfilePath - c:\documents and settings\Shelley\Application Data\Mozilla\Firefox\Profiles\0jez0eec.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Shelley\Application Data\Mozilla\Firefox\Profiles\0jez0eec.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 09:53:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\Dell\Media Experience\DMXLauncher.exe
c:\program files\HP\HP Software Update\hpwuSchd2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-02-12 9:57:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-12 17:57:02
ComboFix2.txt 2009-02-10 17:56:33

Pre-Run: 208,603,185,152 bytes free
Post-Run: 208,605,392,896 bytes free

422 --- E O F --- 2009-02-11 11:03:04

Thanks for your help Geri.

 

Hi
OK good.

Please check your system for the problems you stated in your first post and let me know how things are working.

Thanks
Geri

 

Things are working much better, no more problems.
Thanks for your help.
Have a great day!

 

Hi
OK good

Lets get a on line scan, please do the following.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now the scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri