Solved Download Registry Defender Problem

[Resolved] Download Registry Defender Problem

Randomly my computer will open up a new internet browser that says my computer is at risk of becoming infected with spyware. It then opens another browser that starts a "virus" scan under the name of "easywinscanner ", although it is not my virus protection software doing the search. Somtimes it will also have window titled "Download Registry Defender" I was wondering if someone could help me get rid of this problem.
Here are my logs;
DDS (Ver_09-03-16.01) - NTFSx86
Run by Garrett at 9:34:59.32 on 23/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.292 [GMT -6:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\DKabcoms.exe
C:\Documents and Settings\Garrett\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0061005
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {609525ff-d5f3-4da9-9aa1-40f1f6cdce7c} - c:\windows\system32\sozerilu.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: {5c67d4f0-5e22-5faa-0554-6f9c7d66e70d}: {d07e66d7-c9f6-4550-aaf5-22e50f4d76c5} - c:\windows\system32\qvimua.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe "
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [ACROMOUSE] c:\program files\tech\office program selector\2.0\ACROMAPP.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe "
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\ATIPTAXX.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [vuvetodoza] Rundll32.exe "c:\windows\system32\tayazuvo.dll ",s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [64e5b56c] rundll32.exe "c:\windows\system32\bakivige.dll ",b
mRun: [CPM67d686f0] Rundll32.exe "c:\windows\system32\jevayeyi.dll ",a
StartupFolder: c:\docume~1\garrett\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
AppInit_DLLs: c:\windows\system32\gojidaja.dll qvimua.dll c:\windows\system32\jevayeyi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jevayeyi.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jevayeyi.dll
LSA: Notification Packages = scecli c:\windows\system32\gojidaja.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-2-25 70016]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R3 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]

=============== Created Last 30 ================

2009-03-23 08:36 1,809,639 ---sh--- c:\windows\system32\egivikab.ini
2009-03-23 08:35 140,800 a--sh--- c:\windows\system32\qvimua.dll
2009-03-22 20:34 1,809,622 ---sh--- c:\windows\system32\ajowadov.ini
2009-03-22 20:34 140,800 a--sh--- c:\windows\system32\lbmllz.dll
2009-03-20 08:47 1,809,613 ---sh--- c:\windows\system32\akapejuh.ini
2009-03-20 08:47 141,824 a--sh--- c:\windows\system32\jbkhlb.dll
2009-03-19 16:52 47,616 a------- c:\windows\system32\~.exe
2009-03-19 15:48 141,312 a--sh--- c:\windows\system32\qrkdif.dll
2009-03-18 20:36 1,807,658 ---sh--- c:\windows\system32\etuzonif.ini
2009-03-18 20:36 142,336 a--sh--- c:\windows\system32\jswpzs.dll
2009-03-18 08:37 2,713 ---sh--- c:\windows\system32\jikonidi.dll
2009-03-17 13:38 1,804,323 ---sh--- c:\windows\system32\arazesaz.ini
2009-03-17 13:38 142,848 a--sh--- c:\windows\system32\npehkd.dll
2009-03-16 22:52 1,722,836 ---sh--- c:\windows\system32\ilupiyam.ini
2009-03-16 22:52 141,312 a--sh--- c:\windows\system32\kefjmr.dll
2009-03-16 10:52 1,722,845 ---sh--- c:\windows\system32\itawajor.ini
2009-03-16 10:52 140,800 a--sh--- c:\windows\system32\ljqyoj.dll
2009-03-15 22:52 1,703,017 ---sh--- c:\windows\system32\alamilew.ini
2009-03-15 22:51 139,776 a--sh--- c:\windows\system32\yewpvj.dll
2009-03-15 11:28 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-15 11:27 0 a------- c:\windows\system32\REN224.tmp
2009-03-15 11:27 0 a------- c:\windows\system32\REN223.tmp
2009-03-15 11:27 0 a------- c:\windows\system32\REN222.tmp
2009-03-15 10:52 1,703,004 ---sh--- c:\windows\system32\emefisis.ini
2009-03-14 14:18 140,288 a--sh--- c:\windows\system32\chqjta.dll
2009-03-14 02:12 1,933,859 ---sh--- c:\windows\system32\oyukuvoy.ini
2009-03-14 02:12 142,848 a--sh--- c:\windows\system32\opbrce.dll
2009-03-13 14:12 2,713 ---sh--- c:\windows\system32\vetapema.dll
2009-03-13 14:12 142,336 a--sh--- c:\windows\system32\alygjr.dll
2009-03-12 22:05 1,933,859 ---sh--- c:\windows\system32\izokatiz.ini
2009-03-12 22:05 142,336 a--sh--- c:\windows\system32\bbvege.dll
2009-03-12 10:05 1,835,082 ---sh--- c:\windows\system32\umegekoh.ini
2009-03-12 10:05 143,360 a--sh--- c:\windows\system32\iphnmy.dll
2009-03-11 18:56 1,835,095 ---sh--- c:\windows\system32\obopagap.ini
2009-03-11 18:56 141,824 a--sh--- c:\windows\system32\wgdajd.dll
2009-03-10 11:12 1,835,095 ---sh--- c:\windows\system32\eyeyaboy.ini
2009-03-10 11:12 142,848 a--sh--- c:\windows\system32\pqedwg.dll
2009-03-09 23:12 1,835,095 ---sh--- c:\windows\system32\aduvamez.ini
2009-03-09 23:12 142,336 a--sh--- c:\windows\system32\ecwdks.dll
2009-03-09 11:12 1,835,095 ---sh--- c:\windows\system32\ozepeyal.ini
2009-03-09 11:12 142,848 a--sh--- c:\windows\system32\irdbtt.dll
2009-03-08 23:11 1,835,082 ---sh--- c:\windows\system32\etelokif.ini
2009-03-08 23:11 140,800 a--sh--- c:\windows\system32\urvved.dll

==================== Find3M ====================

2009-03-23 08:35 102,912 a--sh--- c:\windows\system32\bakivige.dll
2009-03-23 08:35 140,800 a--sh--- c:\windows\system32\tusihivi.dll
2009-03-23 08:35 107,520 a--sh--- c:\windows\system32\jevayeyi.dll
2009-03-22 20:34 140,800 a--sh--- c:\windows\system32\wibotelo.dll
2009-03-22 20:34 108,032 a--sh--- c:\windows\system32\vabazaja.dll
2009-03-22 20:34 101,376 -------- c:\windows\system32\vodawoja.dll
2009-03-20 08:47 141,824 a--sh--- c:\windows\system32\majiriho.dll
2009-03-20 08:47 107,520 a--sh--- c:\windows\system32\zanamalo.dll
2009-03-19 15:48 141,312 a--sh--- c:\windows\system32\pekugedi.dll
2009-03-19 15:48 106,496 a--sh--- c:\windows\system32\tuduriro.dll
2009-03-18 20:36 142,336 a--sh--- c:\windows\system32\kowoziza.dll
2009-03-18 20:36 107,520 a--sh--- c:\windows\system32\vazalawi.dll
2009-03-17 13:38 101,376 -------- c:\windows\system32\zasezara.dll
2009-03-17 13:38 142,848 a--sh--- c:\windows\system32\vuzofafu.dll
2009-03-17 13:38 108,032 a--sh--- c:\windows\system32\navavaze.dll
2009-03-16 22:52 107,008 a--sh--- c:\windows\system32\bofofevu.dll
2009-03-16 22:52 141,312 a--sh--- c:\windows\system32\katunapi.dll
2009-03-16 22:52 101,376 -------- c:\windows\system32\mayipuli.dll
2009-03-16 10:52 140,800 a--sh--- c:\windows\system32\voganojo.dll
2009-03-16 10:52 105,984 a--sh--- c:\windows\system32\yakiyayi.dll
2009-03-15 22:52 102,400 -------- c:\windows\system32\welimala.dll
2009-03-15 22:51 105,472 a--sh--- c:\windows\system32\bidubiti.dll
2009-03-15 22:51 139,776 a--sh--- c:\windows\system32\yenihuku.dll
2009-03-15 11:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-15 10:51 107,520 a--sh--- c:\windows\system32\huhugafe.dll
2009-03-14 14:18 140,288 a--sh--- c:\windows\system32\putiheko.dll
2009-03-14 14:18 107,008 a--sh--- c:\windows\system32\muyifisu.dll
2009-03-14 02:12 99,840 a--sh--- c:\windows\system32\yovukuyo.dll
2009-03-14 02:12 142,848 a--sh--- c:\windows\system32\benabuve.dll
2009-03-14 02:12 107,008 a--sh--- c:\windows\system32\wobapemu.dll
2009-03-13 14:12 142,336 a--sh--- c:\windows\system32\kivigoru.dll
2009-03-13 14:12 107,008 a--sh--- c:\windows\system32\puzokaya.dll
2009-03-12 22:05 103,424 -------- c:\windows\system32\zitakozi.dll
2009-03-12 22:05 142,336 a--sh--- c:\windows\system32\wegabalu.dll
2009-03-12 22:05 105,984 a--sh--- c:\windows\system32\kojoyapi.dll
2009-03-12 10:05 143,360 a--sh--- c:\windows\system32\wutupile.dll
2009-03-12 10:05 107,520 a--sh--- c:\windows\system32\wowafuha.dll
2009-03-11 18:56 141,824 a--sh--- c:\windows\system32\yupabeda.dll
2009-03-11 18:56 101,376 -------- c:\windows\system32\pagapobo.dll
2009-03-11 18:56 105,472 a--sh--- c:\windows\system32\salizuya.dll
2009-03-10 11:12 101,376 -------- c:\windows\system32\yobayeye.dll
2009-03-10 11:12 142,848 a--sh--- c:\windows\system32\pawibobe.dll
2009-03-10 11:12 108,032 a--sh--- c:\windows\system32\tomeruga.dll
2009-03-09 23:12 101,888 -------- c:\windows\system32\zemavuda.dll
2009-03-09 23:12 142,336 a--sh--- c:\windows\system32\zubekopa.dll
2009-03-09 23:12 107,008 a--sh--- c:\windows\system32\selutanu.dll
2009-03-09 11:12 142,848 a--sh--- c:\windows\system32\hojubipa.dll
2009-03-09 11:12 107,520 a--sh--- c:\windows\system32\zuyisuro.dll
2009-03-09 11:12 101,376 -------- c:\windows\system32\layepezo.dll
2009-03-08 23:11 101,376 -------- c:\windows\system32\fikolete.dll
2009-03-08 23:11 107,008 a--sh--- c:\windows\system32\gikuyaju.dll
2009-03-08 23:11 140,800 a--sh--- c:\windows\system32\wiwuyafu.dll
2009-02-28 17:50 832 a------- c:\windows\fonts\Read Me.rtf
2009-02-28 17:50 684 a------- c:\windows\fonts\GREAM___.PFM
2009-02-28 16:27 484 a------- c:\windows\fonts\license.txt
2009-01-28 20:44 630 a------- c:\windows\fonts\Read Me.txt
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-10 23:23 1,170 a------- c:\windows\fonts\HITROAD.TXT
2009-01-09 17:44 325 a------- c:\windows\fonts\nottke.nfo
2009-01-09 17:43 681 a------- c:\windows\fonts\Alte Haas Grotesk licence.rtf
2009-01-09 17:36 778 a------- c:\windows\fonts\Sansation.txt
2008-12-17 14:24 8,030 a------- c:\docume~1\garrett\applic~1\wklnhst.dat
2008-12-10 15:00 157,272 a------- c:\program files\R150804.EXE
2008-12-10 10:27 27,041,136 a------- c:\program files\R119714.EXE
2007-01-31 20:26 88 ---shr-- c:\windows\system32\1CEAD6A851.sys
0000-00-00 00:00 69,120 a--sh--- c:\windows\system32\gojidaja.dll
2007-01-31 20:27 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
0000-00-00 00:00 69,120 a--sh--- c:\windows\system32\sozerilu.dll
0000-00-00 00:00 69,120 a--sh--- c:\windows\system32\tayazuvo.dll
0000-00-00 00:00 101,376 a--sh--- c:\windows\system32\tumigike.dll
0000-00-00 00:00 100,352 a--sh--- c:\windows\system32\wezisuve.dll
0000-00-00 00:00 101,376 a--sh--- c:\windows\system32\yedodugi.dll
2008-11-11 15:45 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111120081112\index.dat

============= FINISH: 9:37:28.71 ===============


DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/10/2006 9:22:40 PM
System Uptime: 23/03/2009 8:34:16 AM (1 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 169.676 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: TI Technologies Inc.
Description: RADEON X600 256MB HyperMemory Secondary
Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X600 256MB HyperMemory Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Service: ati2mtag

==== System Restore Points ===================

RP710: 29/12/2008 6:36:26 PM - System Checkpoint
RP711: 30/12/2008 9:54:54 PM - System Checkpoint
RP712: 04/01/2009 11:40:07 PM - System Checkpoint
RP713: 05/01/2009 12:39:36 PM - Installed Java(TM) 6 Update 11
RP714: 06/01/2009 2:05:18 PM - System Checkpoint
RP715: 07/01/2009 2:49:16 PM - System Checkpoint
RP716: 08/01/2009 3:41:45 PM - System Checkpoint
RP717: 09/01/2009 6:00:31 PM - System Checkpoint
RP718: 10/01/2009 6:35:49 PM - System Checkpoint
RP719: 11/01/2009 7:23:05 PM - System Checkpoint
RP720: 12/01/2009 7:35:30 PM - System Checkpoint
RP721: 13/01/2009 9:23:17 PM - System Checkpoint
RP722: 14/01/2009 9:33:28 PM - System Checkpoint
RP723: 15/01/2009 1:29:23 AM - Software Distribution Service 3.0
RP724: 16/01/2009 9:48:32 AM - System Checkpoint
RP725: 18/01/2009 1:20:45 PM - System Checkpoint
RP726: 19/01/2009 1:47:57 PM - System Checkpoint
RP727: 20/01/2009 2:27:38 PM - System Checkpoint
RP728: 21/01/2009 3:25:52 PM - System Checkpoint
RP729: 22/01/2009 7:59:53 PM - System Checkpoint
RP730: 23/01/2009 8:12:42 PM - System Checkpoint
RP731: 25/01/2009 6:00:19 PM - System Checkpoint
RP732: 26/01/2009 6:07:25 PM - System Checkpoint
RP733: 27/01/2009 7:11:13 PM - System Checkpoint
RP734: 28/01/2009 7:11:53 PM - System Checkpoint
RP735: 29/01/2009 7:24:35 PM - System Checkpoint
RP736: 30/01/2009 8:02:36 PM - System Checkpoint
RP737: 31/01/2009 8:55:01 PM - System Checkpoint
RP738: 01/02/2009 9:16:36 PM - System Checkpoint
RP739: 02/02/2009 10:52:54 PM - System Checkpoint
RP740: 03/02/2009 10:56:44 PM - System Checkpoint
RP741: 05/02/2009 10:35:41 AM - System Checkpoint
RP742: 06/02/2009 12:40:51 PM - System Checkpoint
RP743: 07/02/2009 2:20:18 PM - System Checkpoint
RP744: 08/02/2009 3:10:42 PM - System Checkpoint
RP745: 09/02/2009 3:24:40 PM - System Checkpoint
RP746: 10/02/2009 5:40:10 PM - System Checkpoint
RP747: 11/02/2009 6:14:16 PM - System Checkpoint
RP748: 12/02/2009 12:18:00 AM - Software Distribution Service 3.0
RP749: 22/02/2009 4:54:46 PM - System Checkpoint
RP750: 23/02/2009 7:00:52 PM - System Checkpoint
RP751: 24/02/2009 7:55:36 PM - System Checkpoint
RP752: 25/02/2009 8:51:00 PM - System Checkpoint
RP753: 25/02/2009 10:56:54 PM - Software Distribution Service 3.0
RP754: 26/02/2009 11:49:49 PM - System Checkpoint
RP755: 28/02/2009 8:40:32 AM - System Checkpoint
RP756: 01/03/2009 12:08:58 PM - System Checkpoint
RP757: 02/03/2009 7:49:01 PM - System Checkpoint
RP758: 03/03/2009 10:18:37 PM - System Checkpoint
RP759: 04/03/2009 10:30:48 PM - System Checkpoint
RP760: 06/03/2009 7:09:44 PM - Software Distribution Service 3.0
RP761: 07/03/2009 7:22:54 PM - System Checkpoint
RP762: 08/03/2009 8:22:57 PM - System Checkpoint
RP763: 09/03/2009 9:37:41 PM - System Checkpoint
RP764: 11/03/2009 7:28:20 PM - System Checkpoint
RP765: 12/03/2009 8:43:39 PM - System Checkpoint
RP766: 13/03/2009 9:40:24 PM - System Checkpoint
RP767: 14/03/2009 11:14:53 PM - System Checkpoint
RP768: 15/03/2009 11:26:50 AM - Removed Java(TM) 6 Update 10
RP769: 15/03/2009 11:27:32 AM - Installed Java(TM) 6 Update 12
RP770: 16/03/2009 12:15:23 PM - System Checkpoint
RP771: 17/03/2009 2:23:18 PM - System Checkpoint
RP772: 18/03/2009 2:41:01 PM - System Checkpoint
RP773: 19/03/2009 7:12:01 PM - System Checkpoint
RP774: 22/03/2009 10:30:23 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
CorelDRAW Graphics Suite X3
Dell AIO 810
Dell CinePlayer
Dell Digital Jukebox Driver
Dell DJ Explorer
Dell Driver Reset Tool
Dell Software Uninstall
Dell Support 3.2
Dell System Restore
EN
ESET NOD32 Antivirus
ESPNMotion
FinePixViewer Resource
FinePixViewer Ver.5.1
FontNav
FUJIFILM USB Driver
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio GDI+ Patch
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 12
Java(TM) 6 Update 7
LimeWire 5.1.1
MCU
Media Center Extender
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Works
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
Office Program Selector 2.0
ProFile
QBFC3.0b
QuickTime
RAW FILE CONVERTER LE
Remove KPK Data analysis
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Update for Office 2007 (KB946691)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Manager
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
USB PC Camera (SN9C102)
WebFldrs XP
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Zune

==== Event Viewer Messages From Past Week ========

16/03/2009 12:27:01 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================
Thanks,
gsere875

 

Hi and welcome

Your machine is in quite a mess.

If you can't get to the web sites to download these tools, please transfer from a clean machine by Pen/Flash/USB drive onto the infected.


Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.



Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================


Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

NEXT**
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
  

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.



In your next reply post:
Malwarebytes' Anti-Malware log
ComboFix.txt
New HJT log

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Here are the results
Malwarebytes' Anti-Malware 1.34
Database version: 1890
Windows 5.1.2600 Service Pack 3

23/03/2009 6:59:01 PM
mbam-log-2009-03-23 (18-59-00).txt

Scan type: Quick Scan
Objects scanned: 86140
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 8
Registry Keys Infected: 17
Registry Values Infected: 5
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\vodawoja.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gojidaja.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bakivige.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tayazuvo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sozerilu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\jevayeyi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tusihivi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qvimua.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d07e66d7-c9f6-4550-aaf5-22e50f4d76c5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d07e66d7-c9f6-4550-aaf5-22e50f4d76c5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609525ff-d5f3-4da9-9aa1-40f1f6cdce7c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{609525ff-d5f3-4da9-9aa1-40f1f6cdce7c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{609525ff-d5f3-4da9-9aa1-40f1f6cdce7c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d07e66d7-c9f6-4550-aaf5-22e50f4d76c5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\64e5b56c (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vuvetodoza (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm67d686f0 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\gojidaja.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gojidaja.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\gojidaja.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jevayeyi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jevayeyi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\qvimua.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bakivige.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\egivikab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fikolete.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etelokif.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\layepezo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ozepeyal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mayipuli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilupiyam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pagapobo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obopagap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vodawoja.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ajowadov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\welimala.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alamilew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yobayeye.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eyeyaboy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yovukuyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oyukuvoy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zasezara.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\arazesaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zemavuda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aduvamez.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zitakozi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\izokatiz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tayazuvo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\jevayeyi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sozerilu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gojidaja.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tusihivi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iphnmy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wutupile.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\voganojo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wowafuha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljqyoj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\salizuya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pekugedi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\puzokaya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yupabeda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



ComboFix 09-03-22.01 - Garrett 2009-03-23 19:12:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.516 [GMT -6:00]
Running from: c:\documents and settings\Garrett\Desktop\Tool1.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\akapejuh.ini
c:\windows\system32\alygjr.dll
c:\windows\system32\bbvege.dll
c:\windows\system32\benabuve.dll
c:\windows\system32\bidubiti.dll
c:\windows\system32\bofofevu.dll
c:\windows\system32\chqjta.dll
c:\windows\system32\ecwdks.dll
c:\windows\system32\emefisis.ini
c:\windows\system32\etuzonif.ini
c:\windows\system32\gikuyaju.dll
c:\windows\system32\hojubipa.dll
c:\windows\system32\huhugafe.dll
c:\windows\system32\irdbtt.dll
c:\windows\system32\itawajor.ini
c:\windows\system32\jbkhlb.dll
c:\windows\system32\jswpzs.dll
c:\windows\system32\katunapi.dll
c:\windows\system32\kefjmr.dll
c:\windows\system32\kivigoru.dll
c:\windows\system32\kojoyapi.dll
c:\windows\system32\kowoziza.dll
c:\windows\system32\lbmllz.dll
c:\windows\system32\majiriho.dll
c:\windows\system32\muyifisu.dll
c:\windows\system32\navavaze.dll
c:\windows\system32\npehkd.dll
c:\windows\system32\opbrce.dll
c:\windows\system32\pawibobe.dll
c:\windows\system32\pqedwg.dll
c:\windows\system32\putiheko.dll
c:\windows\system32\qrkdif.dll
c:\windows\system32\selutanu.dll
c:\windows\system32\tomeruga.dll
c:\windows\system32\tuduriro.dll
c:\windows\system32\umegekoh.ini
c:\windows\system32\urvved.dll
c:\windows\system32\vabazaja.dll
c:\windows\system32\vazalawi.dll
c:\windows\system32\vuzofafu.dll
c:\windows\system32\wegabalu.dll
c:\windows\system32\wgdajd.dll
c:\windows\system32\wibotelo.dll
c:\windows\system32\wiwuyafu.dll
c:\windows\system32\wobapemu.dll
c:\windows\system32\yakiyayi.dll
c:\windows\system32\yenihuku.dll
c:\windows\system32\yewpvj.dll
c:\windows\system32\zanamalo.dll
c:\windows\system32\zubekopa.dll
c:\windows\system32\zuyisuro.dll

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-23 18:45 . 2009-03-23 18:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 18:45 . 2009-03-23 18:45 <DIR> d-------- c:\documents and settings\Garrett\Application Data\Malwarebytes
2009-03-23 18:45 . 2009-03-23 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 18:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 18:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-19 18:19 . 2009-03-19 18:19 <DIR> d-------- c:\documents and settings\Garrett\Application Data\Move Networks
2009-03-18 08:37 . 2009-03-18 08:37 2,713 ---hs---- c:\windows\system32\jikonidi.dll
2009-03-15 11:28 . 2009-03-15 11:27 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-15 11:27 . 2009-03-15 11:27 0 --a------ c:\windows\system32\REN224.tmp
2009-03-15 11:27 . 2009-03-15 11:27 0 --a------ c:\windows\system32\REN223.tmp
2009-03-15 11:27 . 2009-03-15 11:27 0 --a------ c:\windows\system32\REN222.tmp
2009-03-13 14:12 . 2009-03-13 14:12 2,713 ---hs---- c:\windows\system32\vetapema.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 17:27 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 05:20 --------- d-----w c:\program files\LimeWire
2009-02-28 23:50 832 ----a-w c:\windows\Fonts\Read Me.rtf
2009-02-28 23:50 684 ----a-w c:\windows\Fonts\GREAM___.PFM
2009-02-28 22:27 484 ----a-w c:\windows\Fonts\license.txt
2009-01-29 02:44 630 ----a-w c:\windows\Fonts\Read Me.txt
2009-01-24 00:56 --------- d-----w c:\program files\Google
2009-01-17 04:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-11 05:23 1,170 ----a-w c:\windows\Fonts\HITROAD.TXT
2009-01-09 23:44 325 ----a-w c:\windows\Fonts\nottke.nfo
2009-01-09 23:43 681 ----a-w c:\windows\Fonts\Alte Haas Grotesk licence.rtf
2009-01-09 23:36 778 ----a-w c:\windows\Fonts\Sansation.txt
2008-12-17 20:24 8,030 ----a-w c:\documents and settings\Garrett\Application Data\wklnhst.dat
2008-12-10 21:00 157,272 ----a-w c:\program files\R150804.EXE
2008-12-10 16:27 27,041,136 ----a-w c:\program files\R119714.EXE
2007-02-01 02:26 88 --sh--r c:\windows\system32\1CEAD6A851.sys
2007-02-01 02:27 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
1601-01-01 00:12 101,376 --sha-w c:\windows\system32\tumigike.dll
2008-11-11 21:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111120081112\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcgmon.exe "= "c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"REGSHAVE "= "c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"snpstd "= "c:\windows\vsnpstd.exe" [2005-10-11 339968]
"ACROMOUSE "= "c:\program files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-28 554496]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2007-03-14 24104]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"mmtask "= "c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"ATIPTA "= "c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2006-02-09 344064]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-02-10 c:\windows\stsystra.exe]

c:\documents and settings\Garrett\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2007-01-31 282624]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "= qvimua.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\DKabcoms.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP "= 3776:UDP:Media Center Extender Service
"3390:TCP "= 3390:TCP:Remote Media Center Experience

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-03-13 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-02-25 70016]
S3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0061005
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 19:15:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-23 19:16:52
ComboFix-quarantined-files.txt 2009-03-24 01:16:41

Pre-Run: 182,500,605,952 bytes free
Post-Run: 182,613,368,832 bytes free

192 --- E O F --- 2009-03-07 02:10:19

DDS (Ver_09-03-16.01) - NTFSx86
Run by Garrett at 19:20:21.01 on 23/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.422 [GMT -6:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Garrett\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0061005
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe "
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [ACROMOUSE] c:\program files\tech\office program selector\2.0\ACROMAPP.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe "
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\ATIPTAXX.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\garrett\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
AppInit_DLLs: qvimua.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-2-25 70016]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S3 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]

=============== Created Last 30 ================

2009-03-23 19:10 161,792 a------- c:\windows\SWREG.exe
2009-03-23 19:10 98,816 a------- c:\windows\sed.exe
2009-03-23 18:45 <DIR> --d----- c:\docume~1\garrett\applic~1\Malwarebytes
2009-03-23 18:45 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-23 18:45 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 18:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 18:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-18 08:37 2,713 ---sh--- c:\windows\system32\jikonidi.dll
2009-03-15 11:28 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-15 11:27 0 a------- c:\windows\system32\REN224.tmp
2009-03-15 11:27 0 a------- c:\windows\system32\REN223.tmp
2009-03-15 11:27 0 a------- c:\windows\system32\REN222.tmp
2009-03-13 14:12 2,713 ---sh--- c:\windows\system32\vetapema.dll

==================== Find3M ====================

2009-03-15 11:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-28 17:50 832 a------- c:\windows\fonts\Read Me.rtf
2009-02-28 17:50 684 a------- c:\windows\fonts\GREAM___.PFM
2009-02-28 16:27 484 a------- c:\windows\fonts\license.txt
2009-01-28 20:44 630 a------- c:\windows\fonts\Read Me.txt
2009-01-16 22:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-10 23:23 1,170 a------- c:\windows\fonts\HITROAD.TXT
2009-01-09 17:44 325 a------- c:\windows\fonts\nottke.nfo
2009-01-09 17:43 681 a------- c:\windows\fonts\Alte Haas Grotesk licence.rtf
2009-01-09 17:36 778 a------- c:\windows\fonts\Sansation.txt
2008-12-17 14:24 8,030 a------- c:\docume~1\garrett\applic~1\wklnhst.dat
2008-12-10 15:00 157,272 a------- c:\program files\R150804.EXE
2008-12-10 10:27 27,041,136 a------- c:\program files\R119714.EXE
2007-01-31 20:26 88 ---shr-- c:\windows\system32\1CEAD6A851.sys
2007-01-31 20:27 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
0000-00-00 00:00 101,376 a--sh--- c:\windows\system32\tumigike.dll
2008-11-11 15:45 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111120081112\index.dat

============= FINISH: 19:20:30.81 ===============



Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/10/2006 9:22:40 PM
System Uptime: 23/03/2009 7:01:47 PM (0 hours ago)

Motherboard: Dell Inc. | | 0HJ054
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 170.081 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: TI Technologies Inc.
Description: RADEON X600 256MB HyperMemory Secondary
Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X600 256MB HyperMemory Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B72&SUBSYS_06031002&REV_00\4&1603E009&0&0108
Service: ati2mtag

==== System Restore Points ===================

RP710: 29/12/2008 6:36:26 PM - System Checkpoint
RP711: 30/12/2008 9:54:54 PM - System Checkpoint
RP712: 04/01/2009 11:40:07 PM - System Checkpoint
RP713: 05/01/2009 12:39:36 PM - Installed Java(TM) 6 Update 11
RP714: 06/01/2009 2:05:18 PM - System Checkpoint
RP715: 07/01/2009 2:49:16 PM - System Checkpoint
RP716: 08/01/2009 3:41:45 PM - System Checkpoint
RP717: 09/01/2009 6:00:31 PM - System Checkpoint
RP718: 10/01/2009 6:35:49 PM - System Checkpoint
RP719: 11/01/2009 7:23:05 PM - System Checkpoint
RP720: 12/01/2009 7:35:30 PM - System Checkpoint
RP721: 13/01/2009 9:23:17 PM - System Checkpoint
RP722: 14/01/2009 9:33:28 PM - System Checkpoint
RP723: 15/01/2009 1:29:23 AM - Software Distribution Service 3.0
RP724: 16/01/2009 9:48:32 AM - System Checkpoint
RP725: 18/01/2009 1:20:45 PM - System Checkpoint
RP726: 19/01/2009 1:47:57 PM - System Checkpoint
RP727: 20/01/2009 2:27:38 PM - System Checkpoint
RP728: 21/01/2009 3:25:52 PM - System Checkpoint
RP729: 22/01/2009 7:59:53 PM - System Checkpoint
RP730: 23/01/2009 8:12:42 PM - System Checkpoint
RP731: 25/01/2009 6:00:19 PM - System Checkpoint
RP732: 26/01/2009 6:07:25 PM - System Checkpoint
RP733: 27/01/2009 7:11:13 PM - System Checkpoint
RP734: 28/01/2009 7:11:53 PM - System Checkpoint
RP735: 29/01/2009 7:24:35 PM - System Checkpoint
RP736: 30/01/2009 8:02:36 PM - System Checkpoint
RP737: 31/01/2009 8:55:01 PM - System Checkpoint
RP738: 01/02/2009 9:16:36 PM - System Checkpoint
RP739: 02/02/2009 10:52:54 PM - System Checkpoint
RP740: 03/02/2009 10:56:44 PM - System Checkpoint
RP741: 05/02/2009 10:35:41 AM - System Checkpoint
RP742: 06/02/2009 12:40:51 PM - System Checkpoint
RP743: 07/02/2009 2:20:18 PM - System Checkpoint
RP744: 08/02/2009 3:10:42 PM - System Checkpoint
RP745: 09/02/2009 3:24:40 PM - System Checkpoint
RP746: 10/02/2009 5:40:10 PM - System Checkpoint
RP747: 11/02/2009 6:14:16 PM - System Checkpoint
RP748: 12/02/2009 12:18:00 AM - Software Distribution Service 3.0
RP749: 22/02/2009 4:54:46 PM - System Checkpoint
RP750: 23/02/2009 7:00:52 PM - System Checkpoint
RP751: 24/02/2009 7:55:36 PM - System Checkpoint
RP752: 25/02/2009 8:51:00 PM - System Checkpoint
RP753: 25/02/2009 10:56:54 PM - Software Distribution Service 3.0
RP754: 26/02/2009 11:49:49 PM - System Checkpoint
RP755: 28/02/2009 8:40:32 AM - System Checkpoint
RP756: 01/03/2009 12:08:58 PM - System Checkpoint
RP757: 02/03/2009 7:49:01 PM - System Checkpoint
RP758: 03/03/2009 10:18:37 PM - System Checkpoint
RP759: 04/03/2009 10:30:48 PM - System Checkpoint
RP760: 06/03/2009 7:09:44 PM - Software Distribution Service 3.0
RP761: 07/03/2009 7:22:54 PM - System Checkpoint
RP762: 08/03/2009 8:22:57 PM - System Checkpoint
RP763: 09/03/2009 9:37:41 PM - System Checkpoint
RP764: 11/03/2009 7:28:20 PM - System Checkpoint
RP765: 12/03/2009 8:43:39 PM - System Checkpoint
RP766: 13/03/2009 9:40:24 PM - System Checkpoint
RP767: 14/03/2009 11:14:53 PM - System Checkpoint
RP768: 15/03/2009 11:26:50 AM - Removed Java(TM) 6 Update 10
RP769: 15/03/2009 11:27:32 AM - Installed Java(TM) 6 Update 12
RP770: 16/03/2009 12:15:23 PM - System Checkpoint
RP771: 17/03/2009 2:23:18 PM - System Checkpoint
RP772: 18/03/2009 2:41:01 PM - System Checkpoint
RP773: 19/03/2009 7:12:01 PM - System Checkpoint
RP774: 22/03/2009 10:30:23 PM - System Checkpoint
RP775: 23/03/2009 7:11:39 PM - ComboFix created restore point

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
ABBYY FineReader 6.0 Sprint
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
CorelDRAW Graphics Suite X3
Dell AIO 810
Dell CinePlayer
Dell Digital Jukebox Driver
Dell DJ Explorer
Dell Driver Reset Tool
Dell Software Uninstall
Dell Support 3.2
Dell System Restore
EN
ESET NOD32 Antivirus
ESPNMotion
FinePixViewer Resource
FinePixViewer Ver.5.1
FontNav
FUJIFILM USB Driver
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio GDI+ Patch
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 12
Java(TM) 6 Update 7
LimeWire 5.1.1
Malwarebytes' Anti-Malware
MCU
Media Center Extender
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Works
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
Office Program Selector 2.0
ProFile
QBFC3.0b
QuickTime
RAW FILE CONVERTER LE
Remove KPK Data analysis
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Update for Office 2007 (KB946691)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Manager
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
USB PC Camera (SN9C102)
WebFldrs XP
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
Zune

==== Event Viewer Messages From Past Week ========

16/03/2009 12:27:01 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

Thanks Garrett

 

Welcome back

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.




NEXT**
Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: C:\lopR.txt


~~~~~~~~~~~~~~~~~~~~~~~~~~

NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419



In your next reply post:
ComboFix.txt
C:\lopR.txt
Kaspersky log


You may need several replies to post the requested logs, otherwise they might get cut off.

 

Here are the results;
ComboFix 09-03-22.01 - Garrett 2009-03-23 22:27:22.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.484 [GMT -6:00]
Running from: c:\documents and settings\Garrett\Desktop\Tool1.exe
Command switches used :: c:\documents and settings\Garrett\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\jikonidi.dll
c:\windows\system32\REN222.tmp
c:\windows\system32\REN223.tmp
c:\windows\system32\REN224.tmp
c:\windows\system32\tumigike.dll
c:\windows\system32\vetapema.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\jikonidi.dll
c:\windows\system32\REN222.tmp
c:\windows\system32\REN223.tmp
c:\windows\system32\REN224.tmp
c:\windows\system32\tumigike.dll
c:\windows\system32\vetapema.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-23 18:45 . 2009-03-23 18:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 18:45 . 2009-03-23 18:45 <DIR> d-------- c:\documents and settings\Garrett\Application Data\Malwarebytes
2009-03-23 18:45 . 2009-03-23 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 18:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 18:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-19 18:19 . 2009-03-19 18:19 <DIR> d-------- c:\documents and settings\Garrett\Application Data\Move Networks
2009-03-15 11:28 . 2009-03-15 11:27 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-15 17:27 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 05:20 --------- d-----w c:\program files\LimeWire
2009-02-28 23:50 832 ----a-w c:\windows\Fonts\Read Me.rtf
2009-02-28 23:50 684 ----a-w c:\windows\Fonts\GREAM___.PFM
2009-02-28 22:27 484 ----a-w c:\windows\Fonts\license.txt
2009-01-29 02:44 630 ----a-w c:\windows\Fonts\Read Me.txt
2009-01-24 00:56 --------- d-----w c:\program files\Google
2009-01-17 04:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-11 05:23 1,170 ----a-w c:\windows\Fonts\HITROAD.TXT
2009-01-09 23:44 325 ----a-w c:\windows\Fonts\nottke.nfo
2009-01-09 23:43 681 ----a-w c:\windows\Fonts\Alte Haas Grotesk licence.rtf
2009-01-09 23:36 778 ----a-w c:\windows\Fonts\Sansation.txt
2008-12-17 20:24 8,030 ----a-w c:\documents and settings\Garrett\Application Data\wklnhst.dat
2008-12-10 21:00 157,272 ----a-w c:\program files\R150804.EXE
2008-12-10 16:27 27,041,136 ----a-w c:\program files\R119714.EXE
2007-02-01 02:26 88 --sh--r c:\windows\system32\1CEAD6A851.sys
2007-02-01 02:27 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-11 21:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111120081112\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcgmon.exe "= "c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"REGSHAVE "= "c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"snpstd "= "c:\windows\vsnpstd.exe" [2005-10-11 339968]
"ACROMOUSE "= "c:\program files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-28 554496]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2007-03-14 24104]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"mmtask "= "c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"ATIPTA "= "c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2006-02-09 344064]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-02-10 c:\windows\stsystra.exe]

c:\documents and settings\Garrett\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2007-01-31 282624]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\DKabcoms.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP "= 3776:UDP:Media Center Extender Service
"3390:TCP "= 3390:TCP:Remote Media Center Experience

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-03-13 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-02-25 70016]
R3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0061005
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 22:28:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-23 22:30:24
ComboFix-quarantined-files.txt 2009-03-24 04:30:22
ComboFix2.txt 2009-03-24 01:16:53

Pre-Run: 182,579,605,504 bytes free
Post-Run: 182,573,035,520 bytes free

144 --- E O F --- 2009-03-07 02:10:19


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A05
USER : Garrett ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 Antivirus 3.0 3.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:228 Go (Free:170 Go)
D:\ (CD or DVD)
F:\ (USB) - FAT - Total:495 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 23/03/2009|22:32 )

--------------------\\ Listing folders in APPLIC~1

[05/10/2006|08:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> GTek
[16/08/2005|03:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[16/08/2005|03:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[10/12/2008|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[26/08/2007|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/08/2007|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[09/02/2007|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[04/02/2008|11:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[16/09/2008|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[11/10/2006|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[16/08/2005|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DIGStream
[27/11/2008|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ESET
[23/01/2009|06:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/11/2008|02:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GreenPoint
[05/10/2006|08:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[05/10/2006|08:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[28/01/2007|09:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[23/03/2009|06:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[05/10/2006|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[27/11/2008|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[17/09/2008|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[26/09/2008|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[10/12/2008|02:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[31/01/2007|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSScanAppDataDir
[19/09/2008|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[05/10/2006|08:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[10/01/2007|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[26/11/2008|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[05/03/2008|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[15/06/2008|03:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> XemiComputers
[30/07/2008|08:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ZoomBrowser

[05/10/2006|08:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Gtek
[16/08/2005|03:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[16/08/2005|03:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[12/03/2008|06:59] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Adobe
[19/05/2008|10:53] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> AdobeUM
[29/12/2008|06:43] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Apple Computer
[09/12/2008|11:45] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> ATI
[05/02/2008|09:27] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Azureus
[19/01/2007|06:56] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> BitTorrent
[01/01/2007|04:09] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Canon
[16/09/2008|01:46] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Corel
[15/10/2006|06:01] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Corel Photo Album
[03/08/2007|09:59] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> FUJIFILM
[08/08/2008|08:47] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Google
[16/09/2008|06:49] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> GreenPoint
[05/10/2006|08:34] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Gtek
[08/08/2007|09:03] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Help
[16/08/2005|03:50] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Identities
[12/10/2006|06:02] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> InterTrust
[26/09/2007|02:49] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> iShell
[28/12/2006|12:58] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Jasc Software Inc
[09/01/2007|09:52] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Leadertech
[12/10/2006|05:41] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Macromedia
[23/03/2009|06:45] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Malwarebytes
[26/11/2008|07:40] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> McAfee.com Personal Firewall
[13/11/2008|12:59] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Microsoft
[19/03/2009|06:19] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Move Networks
[07/03/2009|11:20] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Mozilla
[10/07/2007|04:32] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> MSNInstaller
[30/09/2008|07:56] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Musicmatch
[09/01/2007|09:52] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Sonic
[16/11/2006|11:11] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Sun
[01/01/2007|08:09] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Template
[17/12/2006|01:04] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> Ventrilo
[15/06/2008|03:47] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> XemiComputers
[30/07/2008|08:37] C:\DOCUME~1\Garrett\APPLIC~1\<DIR> ZoomBrowser EX

[18/12/2008|07:47] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Adobe
[18/12/2008|07:48] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Google
[05/10/2006|08:34] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Gtek
[16/08/2005|03:50] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Identities
[18/12/2008|07:48] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Macromedia
[18/12/2008|07:47] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Microsoft

[10/09/2008|06:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[14/03/2007|04:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[11/10/2006|09:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[06/09/2007|04:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[05/10/2006|08:34] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Gtek
[16/08/2005|03:50] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Identities
[11/10/2007|02:02] C:\DOCUME~1\MCX1\APPLIC~1\<DIR> Microsoft

[16/08/2005|03:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[18/03/2009 11:08 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/03/2009 03:00 PM][--a------] C:\WINDOWS\tasks\Disk Cleanup.job
[23/03/2009 10:30 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 04:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/01/2007|11:08] C:\Program Files\<DIR> Abbyy FineReader 6.0 Sprint
[12/10/2006|06:02] C:\Program Files\<DIR> Adobe
[08/08/2008|02:36] C:\Program Files\<DIR> Apple Software Update
[10/12/2008|10:29] C:\Program Files\<DIR> ATI Technologies
[05/02/2008|09:29] C:\Program Files\<DIR> Azureus
[05/10/2006|08:30] C:\Program Files\<DIR> BAE
[10/09/2008|12:58] C:\Program Files\<DIR> Bonjour
[23/07/2007|05:55] C:\Program Files\<DIR> Canon
[23/03/2009|10:28] C:\Program Files\<DIR> Common Files
[16/08/2005|03:38] C:\Program Files\<DIR> ComPlus Applications
[16/09/2008|01:39] C:\Program Files\<DIR> Corel
[05/10/2006|08:26] C:\Program Files\<DIR> Corel Corporation
[03/09/2007|01:12] C:\Program Files\<DIR> Dell
[28/12/2006|04:27] C:\Program Files\<DIR> Dell AIO 810
[05/10/2006|08:34] C:\Program Files\<DIR> Dell Support
[03/09/2007|01:01] C:\Program Files\<DIR> Dell_HostCD
[06/09/2007|02:45] C:\Program Files\<DIR> DIFX
[16/08/2005|07:54] C:\Program Files\<DIR> DIGStream
[17/12/2007|10:41] C:\Program Files\<DIR> DivX
[02/09/2007|09:35] C:\Program Files\<DIR> Dl_cats
[14/11/2007|12:20] C:\Program Files\<DIR> EA GAMES
[27/11/2008|12:23] C:\Program Files\<DIR> ESET
[16/08/2005|07:54] C:\Program Files\<DIR> ESPNMotion
[02/09/2008|04:33] C:\Program Files\<DIR> FinePixViewer
[16/08/2005|07:54] C:\Program Files\<DIR> GemMaster
[23/01/2009|06:56] C:\Program Files\<DIR> Google
[17/12/2008|02:16] C:\Program Files\<DIR> InstallShield Installation Information
[05/10/2006|08:22] C:\Program Files\<DIR> Intel
[05/10/2006|08:23] C:\Program Files\<DIR> InterActual
[12/02/2009|01:18] C:\Program Files\<DIR> Internet Explorer
[10/12/2008|03:01] C:\Program Files\<DIR> iPod
[31/01/2007|08:37] C:\Program Files\<DIR> IrfanView
[10/12/2008|03:02] C:\Program Files\<DIR> iTunes
[28/12/2006|12:58] C:\Program Files\<DIR> Jasc Software Inc
[05/01/2009|01:40] C:\Program Files\<DIR> Java
[07/03/2009|11:20] C:\Program Files\<DIR> LimeWire
[23/03/2009|06:45] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[05/10/2006|08:28] C:\Program Files\<DIR> McAfee
[11/11/2008|01:37] C:\Program Files\<DIR> Messenger
[16/08/2005|03:43] C:\Program Files\<DIR> microsoft frontpage
[26/09/2008|11:50] C:\Program Files\<DIR> Microsoft Games
[17/09/2008|11:15] C:\Program Files\<DIR> Microsoft Office
[18/04/2008|08:25] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[05/10/2006|08:23] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[05/10/2006|08:33] C:\Program Files\<DIR> Microsoft Visual Studio
[17/09/2008|11:15] C:\Program Files\<DIR> Microsoft Works
[09/09/2008|05:35] C:\Program Files\<DIR> Microsoft.NET
[11/11/2008|01:32] C:\Program Files\<DIR> Movie Maker
[16/04/2008|05:02] C:\Program Files\<DIR> MSECache
[10/07/2007|04:32] C:\Program Files\<DIR> MSN
[16/08/2005|03:37] C:\Program Files\<DIR> MSN Gaming Zone
[15/11/2006|01:38] C:\Program Files\<DIR> MSXML 4.0
[07/09/2007|12:46] C:\Program Files\<DIR> MSXML 6.0
[30/09/2008|07:57] C:\Program Files\<DIR> MUSICMATCH
[11/11/2008|01:28] C:\Program Files\<DIR> NetMeeting
[16/08/2005|03:38] C:\Program Files\<DIR> Online Services
[11/11/2008|01:28] C:\Program Files\<DIR> Outlook Express
[04/11/2008|02:00] C:\Program Files\<DIR> ProFile
[10/12/2008|02:59] C:\Program Files\<DIR> QuickTime
[31/01/2007|08:39] C:\Program Files\<DIR> REGSHAVE
[16/08/2005|07:58] C:\Program Files\<DIR> RGB
[05/10/2006|08:29] C:\Program Files\<DIR> Roxio
[30/07/2008|08:20] C:\Program Files\<DIR> Safari
[05/10/2006|08:21] C:\Program Files\<DIR> Sigmatel
[05/10/2006|08:30] C:\Program Files\<DIR> Sonic
[09/02/2007|07:23] C:\Program Files\<DIR> Tech
[16/08/2005|03:50] C:\Program Files\<DIR> Uninstall Information
[09/02/2008|01:55] C:\Program Files\<DIR> Windows Journal Viewer
[05/03/2008|09:13] C:\Program Files\<DIR> Windows Live
[18/12/2007|04:34] C:\Program Files\<DIR> Windows Media Connect 2
[18/12/2007|04:34] C:\Program Files\<DIR> Windows Media Player
[11/11/2008|01:28] C:\Program Files\<DIR> Windows NT
[16/08/2005|03:37] C:\Program Files\<DIR> Windows Plus
[16/08/2005|03:40] C:\Program Files\<DIR> WindowsUpdate
[08/08/2007|09:02] C:\Program Files\<DIR> World of Warcraft
[16/08/2005|03:43] C:\Program Files\<DIR> xerox
[19/03/2007|11:43] C:\Program Files\<DIR> Yahoo!
[06/09/2007|04:44] C:\Program Files\<DIR> Zune

--------------------\\ Listing Folders in C:\Program Files\Common Files

[26/08/2007|09:46] C:\Program Files\Common Files\<DIR> Adobe
[10/12/2008|03:01] C:\Program Files\Common Files\<DIR> Apple
[26/12/2006|03:15] C:\Program Files\Common Files\<DIR> Canon
[06/09/2007|02:45] C:\Program Files\Common Files\<DIR> ComponentOne
[16/09/2008|01:39] C:\Program Files\Common Files\<DIR> Corel
[09/09/2008|05:35] C:\Program Files\Common Files\<DIR> DESIGNER
[25/08/2007|03:09] C:\Program Files\Common Files\<DIR> EasyInfo
[05/10/2006|08:36] C:\Program Files\Common Files\<DIR> InstallShield
[16/09/2008|06:49] C:\Program Files\Common Files\<DIR> Intuit
[28/12/2006|12:57] C:\Program Files\Common Files\<DIR> Jasc Software Inc
[05/10/2006|08:17] C:\Program Files\Common Files\<DIR> Java
[06/03/2009|08:10] C:\Program Files\Common Files\<DIR> Microsoft Shared
[16/08/2005|03:40] C:\Program Files\Common Files\<DIR> MSSoap
[16/08/2005|03:33] C:\Program Files\Common Files\<DIR> ODBC
[05/10/2006|08:23] C:\Program Files\Common Files\<DIR> Roxio Shared
[16/08/2005|03:40] C:\Program Files\Common Files\<DIR> Services
[02/02/2007|11:49] C:\Program Files\Common Files\<DIR> snpstd
[05/10/2006|08:30] C:\Program Files\Common Files\<DIR> Sonic Shared
[16/08/2005|03:33] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/11/2008|01:28] C:\Program Files\Common Files\<DIR> System
[05/10/2006|08:29] C:\Program Files\Common Files\<DIR> TiVo Shared
[05/03/2008|09:12] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 61 Processes )

IEXPLORE.EXE ~ [PID:3772]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Garrett\Cookies\garrett@advertising[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 22:33:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 29

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Garrett\My Documents\My Music\data disk\the transplants\Tijuana Crackwhore - Crazy Train (korn, sepultura, pantera, soulfly, coal chamber).mp3


[F:1][D:8]-> C:\DOCUME~1\Garrett\LOCALS~1\Temp
[F:34][D:0]-> C:\DOCUME~1\Garrett\Cookies
[F:187][D:8]-> C:\DOCUME~1\Garrett\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 23/03/2009|22:34 - Option : [1]

--------------------\\ Scan completed at 22:34:30



KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 24, 2009 05:41:00
Records in database: 1960481
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Files scanned: 88299
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:36:29


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\yenihuku.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.mkx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yewpvj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.mkx 1
F:\system.exe Infected: Worm.Win32.AutoRun.vgr 1

The selected area was scanned.


KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 24, 2009 05:41:00
Records in database: 1960481
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Files scanned: 88299
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:36:29


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\yenihuku.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.mkx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yewpvj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.mkx 1
F:\system.exe Infected: Worm.Win32.AutoRun.vgr 1

The selected area was scanned.


KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 24, 2009 05:41:00
Records in database: 1960481
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Files scanned: 88299
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:36:29


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\yenihuku.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.mkx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yewpvj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.mkx 1
F:\system.exe Infected: Worm.Win32.AutoRun.vgr 1

The selected area was scanned.

Thanks Garrett

 

Welcome back

P2P software/programs are a major contributor to infections. I see you have Limewire. Not passing judgment on file-sharing, However will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs can also be found
Here and Here

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system.




Scans and logs are returning looking much better.


Go to My Computer->Tools->Folder Options->View tab:

• Under the Hidden files and folders heading:
  
• Select - Show hidden files and folders.
  
• Uncheck- Hide protected operating system files (recommended) option.
  
• Also, make sure there is no checkmark beside Hide file extensions for known file types.
  
• Click OK. (Remember to Hide files and folders once done)

Using Windows Explorer (right-click your "Start" button and select "Explore "), please navigate to and delete the following files/folders in bold

F:\system.exe

You can delete
Lop S&D
C:\Lop SD\LopR_1.txt <--delete this file


Empty your recycle bin and then reboot your computer.


Post back once more and tell me how the computer is now.

 

hi there sorry i cannot find the F:\system.exe where should it be located?

 

Should be located in My Computer.

I'm thinking USB drive?

If you can't find we can use a tool to delete it.

 

yeah even with my USB brive in i still am not able to locate the file.

 

Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include rocesses )

Code:

:Processes
explorer.exe
:Files
F:\system.exe
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• - Close ALL open windows (especially Internet Explorer!)-
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.


By the way, how's the computer?

 

here are the results:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder F:\system.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_110.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_440.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03242009_123446

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_110.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_440.dat not found!

The computer is running smooth and i have not had the pop-up problem lately.
I have uninstalled lime wire and will not continue to use it. Can i delete all of the tools that i have been using and have saved on my desktop to help with this problem. Also i was wondering if there is any other security program that i need other than my ESET NOD32 antivirus software to prevent this infection again?

 

What we recommend is layered security.
A more secure browser like Firefox
Firewall


SpywareBlaster protects against bad ActiveX.
http://www.javacoolsoftware.com/spywareblaster.html

SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
http://www.javacoolsoftware.com/spywareguard.html



I want to see if Combofix can find that file. If it can't then I'll post final cleanup measures.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Please post the log it creates.

 

here are the results:
ComboFix 09-03-22.01 - Garrett 2009-03-24 15:11:33.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.495 [GMT -6:00]
Running from: c:\documents and settings\Garrett\Desktop\Tool1.exe
Command switches used :: c:\documents and settings\Garrett\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
F:\system.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft Common

.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-24 12:34 . 2009-03-24 12:34 <DIR> d-------- C:\_OTMoveIt
2009-03-23 22:32 . 2009-03-24 10:33 <DIR> d-------- C:\Lop SD
2009-03-23 18:45 . 2009-03-23 18:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 18:45 . 2009-03-23 18:45 <DIR> d-------- c:\documents and settings\Garrett\Application Data\Malwarebytes
2009-03-23 18:45 . 2009-03-23 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 18:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 18:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-19 18:19 . 2009-03-19 18:19 <DIR> d-------- c:\documents and settings\Garrett\Application Data\Move Networks
2009-03-15 11:28 . 2009-03-15 11:27 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 23:50 832 ----a-w c:\windows\Fonts\Read Me.rtf
2009-02-28 23:50 684 ----a-w c:\windows\Fonts\GREAM___.PFM
2009-02-28 22:27 484 ----a-w c:\windows\Fonts\license.txt
2009-01-29 02:44 630 ----a-w c:\windows\Fonts\Read Me.txt
2009-01-24 00:56 --------- d-----w c:\program files\Google
2009-01-11 05:23 1,170 ----a-w c:\windows\Fonts\HITROAD.TXT
2009-01-09 23:44 325 ----a-w c:\windows\Fonts\nottke.nfo
2009-01-09 23:43 681 ----a-w c:\windows\Fonts\Alte Haas Grotesk licence.rtf
2009-01-09 23:36 778 ----a-w c:\windows\Fonts\Sansation.txt
2008-12-17 20:24 8,030 ----a-w c:\documents and settings\Garrett\Application Data\wklnhst.dat
2008-12-10 21:00 157,272 ----a-w c:\program files\R150804.EXE
2008-12-10 16:27 27,041,136 ----a-w c:\program files\R119714.EXE
2007-02-01 02:26 88 --sh--r c:\windows\system32\1CEAD6A851.sys
2007-02-01 02:27 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-11 21:45 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111120081112\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-23_19.15.43.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-28 18:22:54 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-24 16:28:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-28 18:22:54 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-24 16:28:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-24 18:37:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_19c.dat
+ 2009-03-24 18:37:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_340.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"updateMgr "= "c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcgmon.exe "= "c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"REGSHAVE "= "c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"snpstd "= "c:\windows\vsnpstd.exe" [2005-10-11 339968]
"ACROMOUSE "= "c:\program files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-28 554496]
"Zune Launcher "= "c:\program files\Zune\ZuneLauncher.exe" [2007-03-14 24104]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"mmtask "= "c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-09 53248]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"ATIPTA "= "c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2006-02-09 344064]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-02-10 c:\windows\stsystra.exe]

c:\documents and settings\Garrett\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2007-01-31 282624]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\DKabcoms.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP "= 3776:UDP:Media Center Extender Service
"3390:TCP "= 3390:TCP:Remote Media Center Experience

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-03-13 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-02-25 70016]
R3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-04-13 18:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=0061005
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 15:12:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-24 15:13:59
ComboFix-quarantined-files.txt 2009-03-24 21:13:56
ComboFix2.txt 2009-03-24 04:30:26
ComboFix3.txt 2009-03-24 01:16:53

Pre-Run: 182,538,067,968 bytes free
Post-Run: 182,532,014,080 bytes free

144 --- E O F --- 2009-03-07 02:10:19

 

We got it!!

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below





NEXT**
Next open OTMoveIt, then click on "CleanUp! ". If you receive a warning from your Firewall please allow...In the left pane, it will display a list of tools and other related files which you may or may have not downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OTMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.



You should be good to go, good job!


Please take the time to read over a few of my preventive tips.


Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software
Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

 

Thank you so much for your help. i will read over the documents...
On one last note... I have herd that the new google chrome browser is a good browser, is this one more safe than the IE i am using now?

 

I really can't comment on the Google browser since I haven't downloaded and used it, or that performance is any better.
I can comment on what I've seen on machines afterwards.....it does install several files to run the browser.

What I can recommend, and it is from personal use and observation, is FireFox browser.
Many security addons are worked into the browser and I do feel safer using it.