Virus Problems.

Evening, I am currently having some problems with viruses.
I have read another thread and my problem is pretty much identical to that.

The similar thread I found is:
http://www.windowsbbs.com/showthread.php?t=66384

I have followed the instructions on the above thread, all was looking well and good and I thought id finally got rid of the problem that’s plagued me for months. Unfortunately the annoying virus has returned.

Can anyone help... Please

I am currantly using AVG Anti Virus (Free). Also I previously was using norton but have recently removed it.

Here is my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:55:04, on 30/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\vjqcuxjd.dll ",forkonce
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 2277 bytes


Virus Names:
trojan horse downloader.generic4.zql (filename adfcook[1] )
trojan horse sheur.zq (filename yfafwckk.exe)
trojan horse downloader.generic5.qb (filename kcehc_eicooc20070702[1]
trojan horse sheur.zq (filename masiyxanidi[1])


Unsure if this is useful, but here is a screen shot of the AVG Virus Vault
http://www.swooshnet.co.uk/list.JPG

Any help would be appreciated.

Many Thanks,
James

EDIT:
Unsure if these problems are related. I am guessing they are as I never had them before.
- I have been receiving alot of pop-ups (888.com, Ebay,WinAntiVirus,PokerStarts,ErrorSafe.com)
- When ever I first turn on my computer, I receive just a blank desktop. I then have to restart before windows appears.
- When I run in safe mode. The windows desktop never comes up. I just receive the black safe mode screen. I can still do pretty much anything in safe mode by hitting the run button in the Task Manager.

 

Welcome to WindowsBBS Swoosh

Did you already run VundoFix as describe in the other topic? If so, please post the log. If not, please do so, then post the log.

 

Thank you for your quick reply and warm welcome.

I have indeed already ran VundoFix. But unlike the other topic, I received the Vundo virus before the others listed in my first post. After a couple of Google searches I ran VundoFix from Symantec and it seemed to have fixed the problem untill the viruses listed above showed up.

I have ran the VundoFix again, here is the log

--------------------------------------------------------------------------
Symantec Trojan.Vundo Removal Tool 1.5.0

C:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.
--------------------------------------------------------------------------

I followed the instructions on the other topic for the 3rd time last night, again everything seems fine and I’m not receiving any virus warnings. But like the last 2 times I’ve followed the instructions, I’m expecting them to appear at the most inconvenient moment. Is there perhaps a file hidden on my computer I’m not finding?

Regards,
Swoosh

 

Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

Done and i have ran that Deckards System Scanner and as predicted, after following the instructions on the other thread. The viruses are back again. Here is the main.txt log.

Deckard's System Scanner v20070729.57
Run by Swoosh on 2007-07-31 at 23:35:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-08-01 06:35:48 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Swoosh.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:29, on 31/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Documents and Settings\Swoosh\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Swoosh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9070E183-E5ED-4162-9923-30F9C7232A86} - C:\WINDOWS\System32\ddcyv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\System32\qbslbnns.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\mnkocufq.dll ",forkonce
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O20 - Winlogon Notify: ddcyv - C:\WINDOWS\System32\ddcyv.dll
O20 - Winlogon Notify: kbdvps - kbdvps.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 3332 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070729-074121-711 O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\System32\eyymlwee.dll ",sitypnow
backup-20070729-081841-216 O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\System32\jeurylcg.dll ",sitypnow
backup-20070729-094831-978 O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\System32\xhltmfuq.dll ",sitypnow
backup-20070730-102454-128 O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\System32\wvovkjvf.dll ",forkonce
backup-20070730-102454-180 O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
backup-20070730-102454-269 O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
backup-20070730-102454-365 O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
backup-20070730-102454-585 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
backup-20070730-102454-970 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
backup-20070730-102456-500 O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
backup-20070730-102456-854 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
backup-20070730-105023-358 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe ",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Winnotify (Windows Notification Service) -


-- Files created between 2007-06-30 and 2007-07-31 -----------------------------

2007-07-31 08:05:22 125504 --a------ C:\WINDOWS\System32\mnkocufq.dll
2007-07-31 06:53:05 17632 --a------ C:\Documents and Settings\Swoosh\Application Data\GDIPFONTCACHEV1.DAT
2007-07-30 10:30:47 0 dr-h----- C:\Documents and Settings\Swoosh\Recent
2007-07-30 09:19:07 0 d-------- C:\Documents and Settings\Swoosh\Application Data\Google
2007-07-30 09:17:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-07-30 09:16:47 0 d-------- C:\Program Files\Google
2007-07-30 09:16:38 0 d-------- C:\Program Files\FlashGet
2007-07-30 08:22:19 125504 --a------ C:\WINDOWS\System32\wvovkjvf.dll
2007-07-30 07:08:55 0 d-------- C:\!KillBox
2007-07-29 13:12:42 126016 --a------ C:\WINDOWS\System32\wvluqwyb.dll
2007-07-29 12:51:52 126016 --a------ C:\WINDOWS\System32\kpilygnb.dll
2007-07-29 08:43:54 126016 --a------ C:\WINDOWS\System32\xhltmfuq.dll
2007-07-29 08:28:42 0 d-------- C:\Program Files\CCleaner
2007-07-29 08:17:04 0 d-------- C:\Program Files\Trend Micro
2007-07-29 08:15:40 126016 --a------ C:\WINDOWS\System32\jeurylcg.dll
2007-07-29 07:38:44 126016 --a------ C:\WINDOWS\System32\eyymlwee.dll
2007-07-29 06:58:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-07-29 06:22:10 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-07-29 06:22:10 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-07-29 06:22:10 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-07-29 06:22:10 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-07-29 06:22:10 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-07-29 06:22:10 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-07-29 06:22:10 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-07-29 06:22:10 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-07-29 06:22:10 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-07-29 06:22:10 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-07-29 06:22:10 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-07-29 06:22:10 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-07-29 06:22:10 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-07-29 06:22:10 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-07-29 05:56:07 126016 --a------ C:\WINDOWS\System32\ikhegcrh.dll
2007-07-27 18:53:57 69184 --a------ C:\WINDOWS\System32\qbslbnns.dll
2007-07-27 18:53:53 126016 --a------ C:\WINDOWS\System32\dmaidqfs.dll
2007-07-27 18:48:06 0 d-------- C:\Program Files\WinASO
2007-07-27 18:36:35 126016 --a------ C:\WINDOWS\System32\kdcttuxa.dll
2007-07-27 18:30:20 0 d-------- C:\Documents and Settings\Swoosh\Application Data\MSN6
2007-07-27 18:30:20 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-07-26 22:04:14 8576 --a------ C:\WINDOWS\System32\VCdRom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
2007-07-25 20:22:16 0 dr-h----- C:\$VAULT$.AVG
2007-07-25 20:19:34 0 d-------- C:\Documents and Settings\Swoosh\Application Data\AVG7
2007-07-25 20:19:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-07-25 20:18:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-25 20:18:56 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-07-25 19:35:42 1047621 ---hs---- C:\WINDOWS\System32\vycdd.bak2
2007-07-24 21:58:12 1047621 ---hs---- C:\WINDOWS\System32\vycdd.ini2
2007-07-24 21:00:17 1048878 ---hs---- C:\WINDOWS\System32\vycdd.bak1
2007-07-24 21:00:07 228960 --a------ C:\WINDOWS\System32\ddcyv.dll
2007-07-24 18:59:53 228896 --a------ C:\WINDOWS\System32\mljjg.dll
2007-07-22 11:43:07 0 -ra------ C:\WINDOWS\System32\TFTP480
2007-07-22 11:20:16 4 -r-hs---- C:\MSDOS.BIN
2007-07-22 11:04:28 0 d-------- C:\Program Files\Sony
2007-07-21 19:31:58 0 -ra------ C:\WINDOWS\System32\TFTP164
2007-07-21 18:56:26 0 -ra------ C:\WINDOWS\System32\TFTP1860
2007-07-21 18:52:23 0 d-------- C:\Documents and Settings\Swoosh\Application Data\Sports Interactive
2007-07-21 18:49:19 0 -ra------ C:\WINDOWS\System32\TFTP1976
2007-07-21 18:33:38 0 d-------- C:\Program Files\Sports Interactive
2007-07-21 17:12:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-07-21 17:02:49 0 d-------- C:\WINDOWS\System32\E177E04D548C4006A465EEB92D3DE021
2007-07-21 17:02:42 0 d-------- C:\Documents and Settings\Swoosh\Application Data\Ipswitch
2007-07-21 17:02:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
2007-07-21 17:02:26 50688 --a------ C:\WINDOWS\System32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-07-21 16:55:40 10 --a------ C:\WINDOWS\415842642
2007-07-21 16:49:31 0 d---s---- C:\Documents and Settings\Swoosh\UserData
2007-07-21 16:47:57 0 d-------- C:\Program Files\Ipswitch
2007-07-21 16:24:03 0 d-------- C:\WINDOWS\Vbox
2007-07-21 16:23:48 0 d-------- C:\WINDOWS\System32\Iosubsys
2007-07-21 16:23:48 0 d-------- C:\Program Files\NewTech Infosystems
2007-07-21 16:23:06 0 d-------- C:\Program Files\Creative
2007-07-21 16:23:05 41984 --a------ C:\WINDOWS\CTREGRUN.EXE <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2007-07-20 21:14:41 368912 --a------ C:\WINDOWS\System32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-07-20 21:14:41 252176 --a------ C:\WINDOWS\System32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-07-20 21:14:41 24848 --a------ C:\WINDOWS\System32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-07-20 21:14:41 123664 --a------ C:\WINDOWS\System32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-07-20 21:14:40 1046288 --a------ C:\WINDOWS\System32\MSJET35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-07-20 21:13:29 0 d-------- C:\Documents and Settings\Swoosh\Application Data\Symantec
2007-07-20 21:13:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-07-20 21:13:06 94208 --a------ C:\WINDOWS\System32\msstkprp.dll <Not Verified; Microsoft Corporation; msprop32>
2007-07-20 21:13:04 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-20 21:07:28 0 d-------- C:\WINDOWS\pss
2007-07-20 21:06:18 0 d-------- C:\Program Files\SiSLan
2007-07-20 21:03:57 266240 --a------ C:\WINDOWS\CMIUninstall.exe <Not Verified; ; GeneralUninstall Application>
2007-07-20 21:03:57 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ; CmiRmRedundDir Application>
2007-07-20 21:03:57 28672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-07-20 21:03:57 0 d-------- C:\Program Files\C-Media 3D Audio
2007-07-20 21:02:16 110592 --a------ C:\WINDOWS\System32\TVMode.dll <Not Verified; Silicon Integrated Systems Corporation; TVModeLib Dynamic Link Library>
2007-07-20 21:02:16 184320 --a------ C:\WINDOWS\System32\SiSApCom.dll <Not Verified; Silicon Integrated Systems Corporation; SiSApCom Dynamic Link Library>
2007-07-20 21:01:54 331776 --a------ C:\WINDOWS\System32\sistray.exe <Not Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA SiSTray application>
2007-07-20 21:01:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-20 21:01:51 0 d-------- C:\WINDOWS\SiS
2007-07-20 21:01:49 0 d-------- C:\WUTemp
2007-07-20 21:01:35 49152 -ra------ C:\WINDOWS\System32\SiSPower.dll <Not Verified; Silicon Integrated Systems Corporation; SiS Power Scheme Library>
2007-07-20 21:01:24 0 d-------- C:\Program Files\SiS VGA Utilities V3.62
2007-07-20 21:01:19 0 d-------- C:\WINDOWS\System32\trayres
2007-07-20 20:59:49 0 d---s---- C:\WINDOWS\System32\Microsoft
2007-07-20 20:59:40 106496 --a------ C:\WINDOWS\SiSUSBrg.exe <Not Verified; Silicon Integrated Systems Corp.; SiS SiSUSBrg>
2007-07-20 20:59:40 3583 --a------ C:\WINDOWS\SiSport.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-07-20 20:59:40 32768 --a------ C:\WINDOWS\SIS_LIB.DLL
2007-07-20 20:59:37 0 d-------- C:\WINDOWS\System32\ReinstallBackups
2007-07-20 20:59:29 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-07-20 20:59:27 0 d-------- C:\Documents and Settings\Swoosh\WINDOWS
2007-07-20 20:58:57 0 d-------- C:\WINDOWS\System32\Tools
2007-07-20 20:58:50 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-20 20:49:17 0 d--hs---- C:\WINDOWS\Installer
2007-07-20 20:49:13 0 d-------- C:\Documents and Settings\Swoosh\Application Data\Identities
2007-07-20 20:48:58 0 d--h----- C:\Documents and Settings\Swoosh\Templates
2007-07-20 20:48:58 0 dr------- C:\Documents and Settings\Swoosh\Start Menu
2007-07-20 20:48:58 0 dr-h----- C:\Documents and Settings\Swoosh\SendTo
2007-07-20 20:48:58 0 d--h----- C:\Documents and Settings\Swoosh\PrintHood
2007-07-20 20:48:58 0 d--h----- C:\Documents and Settings\Swoosh\NetHood
2007-07-20 20:48:58 0 dr------- C:\Documents and Settings\Swoosh\My Documents
2007-07-20 20:48:58 0 d--h----- C:\Documents and Settings\Swoosh\Local Settings
2007-07-20 20:48:58 0 dr------- C:\Documents and Settings\Swoosh\Favorites
2007-07-20 20:48:58 0 d-------- C:\Documents and Settings\Swoosh\Desktop
2007-07-20 20:48:58 0 d---s---- C:\Documents and Settings\Swoosh\Cookies
2007-07-20 20:48:58 0 dr-h----- C:\Documents and Settings\Swoosh\Application Data
2007-07-20 20:48:57 3407872 --ah----- C:\Documents and Settings\Swoosh\NTUSER.DAT
2007-07-20 20:48:00 0 d--hs---- C:\System Volume Information
2007-07-20 20:47:52 0 d-------- C:\WINDOWS\Prefetch
2007-07-20 20:47:51 1310720 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-20 20:47:51 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-20 20:47:51 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-07-20 20:47:51 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-20 20:47:51 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-20 20:47:51 1310720 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-20 20:47:51 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-20 20:47:51 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-07-20 20:47:51 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-20 20:47:51 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-20 20:42:56 0 d-------- C:\WINDOWS\System32\xircom
2007-07-20 20:42:56 0 d-------- C:\Program Files\microsoft frontpage
2007-07-20 20:42:34 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-07-20 20:42:26 0 -rahs---- C:\MSDOS.SYS
2007-07-20 20:42:26 0 -rahs---- C:\IO.SYS
2007-07-20 20:42:26 0 --a------ C:\CONFIG.SYS
2007-07-20 20:42:26 0 --a------ C:\AUTOEXEC.BAT
2007-07-20 20:41:06 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-07-20 20:40:51 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-20 20:40:51 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-20 20:40:13 0 d-------- C:\WINDOWS\System32\DirectX
2007-07-20 20:39:31 0 d---s---- C:\WINDOWS\Tasks
2007-07-20 20:39:28 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-20 20:39:24 0 d-------- C:\WINDOWS\srchasst
2007-07-20 20:39:23 0 d-------- C:\WINDOWS\System32\Macromed
2007-07-20 20:39:21 0 d-------- C:\Program Files\Movie Maker
2007-07-20 20:39:17 0 d-------- C:\WINDOWS\System32\Restore
2007-07-20 20:39:17 0 d-------- C:\WINDOWS\PCHealth
2007-07-20 20:38:21 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-07-20 20:38:02 0 d-------- C:\WINDOWS\Registration
2007-07-20 20:37:55 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-20 20:37:55 0 d-------- C:\Program Files\Online Services
2007-07-20 20:37:46 0 d-------- C:\Program Files\Messenger
2007-07-20 20:37:41 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-20 20:37:00 0 d-------- C:\Program Files\Windows NT
2007-07-20 20:36:57 0 d-------- C:\WINDOWS\System32\MsDtc
2007-07-20 20:36:57 0 d-------- C:\WINDOWS\System32\Com
2007-07-20 15:43:59 0 d-------- C:\Documents and Settings\Swoosh\Contacts
2007-07-20 15:23:06 0 d-------- C:\WINDOWS\System32\QuickTime
2007-07-20 15:15:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-07-20 15:14:12 0 d-------- C:\Program Files\Macromedia
2007-07-20 15:14:12 0 d-------- C:\Program Files\Common Files\Macromedia
2007-07-20 15:08:38 0 d--h---c- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2007-07-20 15:08:06 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-20 15:05:57 0 d-------- C:\Documents and Settings\Swoosh\Application Data\WinRAR
2007-07-20 14:21:36 0 d-------- C:\Downloads
2007-07-20 14:19:38 0 d-------- C:\Program Files\BitComet
2007-07-20 14:18:11 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-07-20 14:13:15 0 d-------- C:\Program Files\MSN Messenger
2007-07-20 14:11:11 0 d-------- C:\Documents and Settings\Swoosh\Application Data\Macromedia
2007-07-20 14:08:25 0 d-------- C:\WINDOWS\System32\SoftwareDistribution
2007-07-20 14:06:23 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-20 13:56:22 0 d-------- C:\Program Files\Web Publish
2007-07-20 13:43:23 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-07-20 13:41:55 0 d-------- C:\WINDOWS\ShellNew
2007-07-19 13:31:24 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-19 13:31:20 0 dr------- C:\Program Files
2007-07-19 13:31:20 0 d-------- C:\Program Files\Common Files
2007-07-19 13:31:20 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-19 13:30:50 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-07-19 13:30:50 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-07-19 13:30:50 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-07-19 13:30:50 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-07-19 13:30:50 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-07-19 13:30:50 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-07-19 13:30:50 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-07-19 13:30:50 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-07-19 13:30:50 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-07-19 13:30:50 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-07-19 13:30:50 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-07-19 13:30:50 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-07-19 13:30:50 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-07-19 13:30:50 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-07-19 13:30:50 0 dr------- C:\Documents and Settings\All Users\Documents
2007-07-19 13:30:50 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-07-19 13:30:33 0 d-------- C:\WINDOWS\System32\CatRoot2
2007-07-19 13:30:33 0 d-------- C:\WINDOWS\System32\CatRoot
2007-07-19 13:30:28 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-07-19 13:30:28 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-07-19 13:30:27 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-07-19 13:30:27 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-07-19 13:30:08 0 d-------- C:\Documents and Settings
2007-07-19 13:25:01 0 d-------- C:\WINDOWS
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\WinSxS
2007-07-19 13:25:01 0 dr------- C:\WINDOWS\Web
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\twain_32
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\system32
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\wins
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\wbem
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\usmt
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\spool
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\ShellExt
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\Setup
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\ras
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\oobe
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\npp
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\mui
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\inetsrv
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\IME
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\icsxml
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\ias
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\export
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\drivers
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\drivers\etc
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-07-19 13:25:01 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\dhcp
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\config
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\3com_dmi
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\3076
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\2052
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\1054
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\1042
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\1041
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\1037
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\1033
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\1031
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\1028
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\System32\1025
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\system
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\security
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\Resources
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\repair
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\mui
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\msapps
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\msagent
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\Media
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\java
2007-07-19 13:25:01 0 d--h----- C:\WINDOWS\inf
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\ime
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\Help
2007-07-19 13:25:01 0 dr--s---- C:\WINDOWS\Fonts
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\Driver Cache
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\Debug
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\Cursors
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\Config
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\AppPatch
2007-07-19 13:25:01 0 d-------- C:\WINDOWS\addins
2007-07-04 03:52:42 34304 --a------ C:\WINDOWS\1764906 <Not Verified; Microsoft; NT Service Control Module>


-- Find3M Report ---------------------------------------------------------------

2007-07-20 14:21:37 2560 --a------ C:\WINDOWS\System32\BitCometRes.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-07-19 13:30:50 62 --ahs---- C:\Documents and Settings\Swoosh\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9070E183-E5ED-4162-9923-30F9C7232A86}]
24/07/2007 21:00 228960 --a------ C:\WINDOWS\System32\ddcyv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
27/07/2007 18:53 69184 --a------ C:\WINDOWS\System32\qbslbnns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [25/07/2007 20:18]
"SystemOptimizer "= "C:\WINDOWS\System32\mnkocufq.dll" [31/07/2007 08:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyv]
C:\WINDOWS\System32\ddcyv.dll 24/07/2007 21:00 228960 C:\WINDOWS\system32\ddcyv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdvps]
kbdvps.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Swoosh^Start Menu^Programs^Startup^Reboot.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\System32\ikhegcrh.dll ",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
Rundll32.exe SiSPower.dll,ModeAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Network Firewall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Winnotify "=2 (0x2)
"SBService "=2 (0x2)
"NProtectService "=2 (0x2)
"navapsvc "=3 (0x3)




-- End of Deckard's System Scanner: finished at 2007-07-31 at 23:38:22 ---------

 

Quite a few nasties there. I want to see what ComboFix will remove on it's own before we attempt using it to remove what I see needs to go.

Download Combofix, saving it to your desktop.
Double click combofix.exe Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post the contents of that log in your next reply, along with a new HijackThis log (you may need to break it up into two or more posts).
I would also like you to post the contents of the combofix-quarantined-files.txt as well. Should be located in C:

Post a fresh HijackThis log created after running ComboFix too.

 

Here is the information you requested.

ComboFix 07-07-30.2 - "Swoosh" 2007-08-02 7:55:09.1 [GMT -7:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.True
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\qbslbnns.dll
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini2
C:\WINDOWS\system32\vycdd.tmp
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini2
C:\WINDOWS\system32\vycdd.tmp
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.bak2
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini2
C:\WINDOWS\system32\vycdd.tmp
C:\WINDOWS\system32\ddcyv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_WINNOTIFY
-------\asc3550u
-------\Winnotify


((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))


2007-08-02 07:53 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 07:53 125,504 --a------ C:\WINDOWS\system32\hsqbnohj.dll
2007-08-01 09:12 125,504 --a------ C:\WINDOWS\system32\evbltjml.dll
2007-07-31 23:24 <DIR> d-------- C:\Deckard
2007-07-31 06:53 17,632 --a------ C:\DOCUME~1\Swoosh\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-30 09:19 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Google
2007-07-30 09:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-30 09:16 <DIR> d-------- C:\Program Files\Google
2007-07-30 09:16 <DIR> d-------- C:\Program Files\FlashGet
2007-07-30 08:22 125,504 --a------ C:\WINDOWS\system32\wvovkjvf.dll
2007-07-30 07:08 <DIR> d-------- C:\!KillBox
2007-07-29 13:12 126,016 --a------ C:\WINDOWS\system32\wvluqwyb.dll
2007-07-29 12:51 126,016 --a------ C:\WINDOWS\system32\kpilygnb.dll
2007-07-29 08:43 126,016 --a------ C:\WINDOWS\system32\xhltmfuq.dll
2007-07-29 08:28 <DIR> d-------- C:\Program Files\CCleaner
2007-07-29 08:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-29 08:15 126,016 --a------ C:\WINDOWS\system32\jeurylcg.dll
2007-07-29 07:38 126,016 --a------ C:\WINDOWS\system32\eyymlwee.dll
2007-07-29 06:22 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-29 05:56 126,016 --a------ C:\WINDOWS\system32\ikhegcrh.dll
2007-07-27 18:53 126,016 --a------ C:\WINDOWS\system32\dmaidqfs.dll
2007-07-27 18:48 <DIR> d-------- C:\Program Files\WinASO
2007-07-27 18:36 126,016 --a------ C:\WINDOWS\system32\kdcttuxa.dll
2007-07-27 18:30 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\MSN6
2007-07-27 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-07-26 22:04 8,576 --a------ C:\WINDOWS\system32\VCdRom.sys
2007-07-22 11:20 4 -r-hs---- C:\MSDOS.BIN
2007-07-22 11:04 <DIR> d-------- C:\Program Files\Sony
2007-07-21 18:52 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Sports Interactive
2007-07-21 18:33 <DIR> d-------- C:\Program Files\Sports Interactive
2007-07-21 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-21 17:02 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-07-21 17:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-21 17:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-21 17:02 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-21 17:02 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-07-21 17:02 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Ipswitch
2007-07-21 17:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ipswitch
2007-07-21 16:49 <DIR> d---s---- C:\DOCUME~1\Swoosh\UserData
2007-07-21 16:47 <DIR> d-------- C:\Program Files\Ipswitch
2007-07-21 16:24 <DIR> d-------- C:\WINDOWS\Vbox
2007-07-21 16:23 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2007-07-21 16:23 <DIR> d-------- C:\WINDOWS\system32\Iosubsys
2007-07-21 16:23 <DIR> d-------- C:\Program Files\NewTech Infosystems
2007-07-21 16:23 <DIR> d-------- C:\Program Files\Creative
2007-07-20 21:14 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2007-07-20 21:14 252,176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL
2007-07-20 21:14 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2007-07-20 21:14 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2007-07-20 21:14 1,046,288 --a------ C:\WINDOWS\system32\MSJET35.DLL
2007-07-20 21:13 94,208 --a------ C:\WINDOWS\system32\msstkprp.dll
2007-07-20 21:13 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-20 21:13 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Symantec
2007-07-20 21:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-20 21:07 <DIR> d-------- C:\WINDOWS\pss
2007-07-20 21:06 32,256 -ra------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-07-20 21:06 <DIR> d-------- C:\Program Files\SiSLan
2007-07-20 21:04 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll
2007-07-20 21:04 821,760 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys
2007-07-20 21:04 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-07-20 21:04 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-07-20 21:04 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2007-07-20 21:04 7,040 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-07-20 21:04 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-20 21:04 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-07-20 21:04 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-07-20 21:04 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-07-20 21:04 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-07-20 21:04 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-07-20 21:04 44,416 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-07-20 21:04 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-07-20 21:04 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-07-20 21:04 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll
2007-07-20 21:04 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2007-07-20 21:04 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
2007-07-20 21:04 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-07-20 21:04 163,840 -ra------ C:\WINDOWS\system32\cmuda.dll
2007-07-20 21:04 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-07-20 21:04 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-07-20 21:04 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-20 21:04 131,712 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-07-20 21:04 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe
2007-07-20 21:03 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-07-20 21:03 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2007-07-20 21:03 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2007-07-20 21:03 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-07-20 21:02 184,320 --a------ C:\WINDOWS\system32\SiSApCom.dll
2007-07-20 21:02 110,592 --a------ C:\WINDOWS\system32\TVMode.dll
2007-07-20 21:01 812,032 -ra------ C:\WINDOWS\system32\sisgrv.dll
2007-07-20 21:01 7,168 -ra------ C:\WINDOWS\system32\instFunc.dll
2007-07-20 21:01 65,536 -ra------ C:\WINDOWS\system32\sis760.bin
2007-07-20 21:01 65,536 -ra------ C:\WINDOWS\system32\sis741.bin
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\SiSPower.dll
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\SiSBase.dll
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\sis660.bin
2007-07-20 21:01 331,776 --a------ C:\WINDOWS\system32\sistray.exe
2007-07-20 21:01 258,048 -ra------ C:\WINDOWS\system32\SiSParse.dll
2007-07-20 21:01 24,576 -ra------ C:\WINDOWS\system32\SiSPInst.dll
2007-07-20 21:01 229,888 -ra------ C:\WINDOWS\system32\drivers\sisgrp.sys
2007-07-20 21:01 185,624 --a------ C:\WINDOWS\system32\iuengine.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 18:43 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-20 14:21 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-25 20:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdvps]
kbdvps.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Swoosh^Start Menu^Programs^Startup^Reboot.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\System32\ikhegcrh.dll ",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
Rundll32.exe SiSPower.dll,ModeAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Network Firewall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Winnotify "=2 (0x2)
"SBService "=2 (0x2)
"NProtectService "=2 (0x2)
"navapsvc "=3 (0x3)

R1 vcdrom;Virtual CD-ROM Device Driver;\??\C:\WINDOWS\system32\VCdRom.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\System32\drivers\cmuda.sys

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 08:01:09
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-02 8:02:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-02 08:01

--- E O F ---
-------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:04:52, on 02/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O20 - Winlogon Notify: kbdvps - kbdvps.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 2411 bytes

 

2007-07-24 19:06 228896 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mljjg.dll.vir
2007-07-24 21:00 228960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcyv.dll.vir
2007-07-24 21:19 6466 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.ini.vir
2007-07-24 21:21 6466 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.tmp.vir
2007-07-27 18:53 69184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qbslbnns.dll.vir
2007-08-02 07:45 1047031 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.bak2.vir
2007-08-02 07:45 1047575 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.bak1.vir
2007-08-02 07:58 1012 --a------ C:\Qoobox\Quarantine\Registry_backups\services_Winnotify.reg.cf
2007-08-02 07:58 1044 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_ASC3550U.reg.cf
2007-08-02 07:58 1049561 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.ini2.vir
2007-08-02 07:58 51 --a------ C:\Qoobox\Quarantine\catchme.log
2007-08-02 07:58 850 --a------ C:\Qoobox\Quarantine\Registry_backups\services_asc3550u.reg.cf
2007-08-02 07:58 852 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_WINNOTIFY.reg.cf


Folder PATH listing
Volume serial number is 71FAE346 D8DE:7993
C:\QOOBOX
\---Quarantine
| catchme.log
|
+---C
| \---WINDOWS
| \---system32
| ddcyv.dll.vir
| mljjg.dll.vir
| qbslbnns.dll.vir
| vycdd.bak1.vir
| vycdd.bak2.vir
| vycdd.ini.vir
| vycdd.ini2.vir
| vycdd.tmp.vir
|
\---Registry_backups
LEGACY_ASC3550U.reg.cf
LEGACY_WINNOTIFY.reg.cf
services_asc3550u.reg.cf
services_Winnotify.reg.cf

 

Great! Copy the contents of the quote box below and paste into a blank notepad. Save it to the desktop as CFScript.txt

Now close all other programs and open windows, then drag CFScipt.txt on top of ComboFix.exe and drop it. ComboFix will run and reboot your machine if needed. When complete, a new ComboFix log will open. Post the contents of that log, along with a new HijackThis log.

Please do not click on the ComboFix window or anything else while it is running a scan. This can cause it to stall.

 

I have done as requested. Have already noticed some improvements in my system too. My computer no longer stalls when it loads windows. Normally it just loaded windows and flashed up with the background of my desktop. Its no longer doing that, So thank you

Here is the new log :-

ComboFix 07-07-30.2 - "Swoosh" 2007-08-03 5:04:58.4 [GMT -7:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Swoosh\Desktop\CFScipt.txt


((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))


2007-08-02 09:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ipswitch
2007-08-02 07:53 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 07:53 125,504 --a------ C:\WINDOWS\system32\hsqbnohj.dll
2007-08-01 09:12 125,504 --a------ C:\WINDOWS\system32\evbltjml.dll
2007-07-31 23:24 <DIR> d-------- C:\Deckard
2007-07-31 06:53 17,632 --a------ C:\DOCUME~1\Swoosh\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-30 09:19 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Google
2007-07-30 09:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-30 09:16 <DIR> d-------- C:\Program Files\Google
2007-07-30 08:22 125,504 --a------ C:\WINDOWS\system32\wvovkjvf.dll
2007-07-30 07:08 <DIR> d-------- C:\!KillBox
2007-07-29 13:12 126,016 --a------ C:\WINDOWS\system32\wvluqwyb.dll
2007-07-29 12:51 126,016 --a------ C:\WINDOWS\system32\kpilygnb.dll
2007-07-29 08:43 126,016 --a------ C:\WINDOWS\system32\xhltmfuq.dll
2007-07-29 08:28 <DIR> d-------- C:\Program Files\CCleaner
2007-07-29 08:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-29 08:15 126,016 --a------ C:\WINDOWS\system32\jeurylcg.dll
2007-07-29 07:38 126,016 --a------ C:\WINDOWS\system32\eyymlwee.dll
2007-07-29 06:22 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-29 05:56 126,016 --a------ C:\WINDOWS\system32\ikhegcrh.dll
2007-07-27 18:53 126,016 --a------ C:\WINDOWS\system32\dmaidqfs.dll
2007-07-27 18:48 <DIR> d-------- C:\Program Files\WinASO
2007-07-27 18:36 126,016 --a------ C:\WINDOWS\system32\kdcttuxa.dll
2007-07-27 18:30 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\MSN6
2007-07-27 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-07-26 22:04 8,576 --a------ C:\WINDOWS\system32\VCdRom.sys
2007-07-22 11:20 4 -r-hs---- C:\MSDOS.BIN
2007-07-22 11:04 <DIR> d-------- C:\Program Files\Sony
2007-07-21 18:52 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Sports Interactive
2007-07-21 18:33 <DIR> d-------- C:\Program Files\Sports Interactive
2007-07-21 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-21 17:02 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-07-21 17:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-21 17:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-21 17:02 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-21 17:02 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-07-21 17:02 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Ipswitch
2007-07-21 17:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ipswitch
2007-07-21 16:49 <DIR> d---s---- C:\DOCUME~1\Swoosh\UserData
2007-07-21 16:47 <DIR> d-------- C:\Program Files\Ipswitch
2007-07-21 16:24 <DIR> d-------- C:\WINDOWS\Vbox
2007-07-21 16:23 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2007-07-21 16:23 <DIR> d-------- C:\WINDOWS\system32\Iosubsys
2007-07-21 16:23 <DIR> d-------- C:\Program Files\NewTech Infosystems
2007-07-21 16:23 <DIR> d-------- C:\Program Files\Creative
2007-07-20 21:14 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2007-07-20 21:14 252,176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL
2007-07-20 21:14 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2007-07-20 21:14 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2007-07-20 21:14 1,046,288 --a------ C:\WINDOWS\system32\MSJET35.DLL
2007-07-20 21:13 94,208 --a------ C:\WINDOWS\system32\msstkprp.dll
2007-07-20 21:13 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-20 21:13 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Symantec
2007-07-20 21:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-20 21:07 <DIR> d-------- C:\WINDOWS\pss
2007-07-20 21:06 32,256 -ra------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-07-20 21:06 <DIR> d-------- C:\Program Files\SiSLan
2007-07-20 21:04 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll
2007-07-20 21:04 821,760 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys
2007-07-20 21:04 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-07-20 21:04 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-07-20 21:04 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2007-07-20 21:04 7,040 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-07-20 21:04 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-20 21:04 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-07-20 21:04 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-07-20 21:04 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-07-20 21:04 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-07-20 21:04 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-07-20 21:04 44,416 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-07-20 21:04 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-07-20 21:04 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-07-20 21:04 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll
2007-07-20 21:04 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2007-07-20 21:04 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
2007-07-20 21:04 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-07-20 21:04 163,840 -ra------ C:\WINDOWS\system32\cmuda.dll
2007-07-20 21:04 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-07-20 21:04 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-07-20 21:04 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-20 21:04 131,712 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-07-20 21:04 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe
2007-07-20 21:03 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-07-20 21:03 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2007-07-20 21:03 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2007-07-20 21:03 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-07-20 21:02 184,320 --a------ C:\WINDOWS\system32\SiSApCom.dll
2007-07-20 21:02 110,592 --a------ C:\WINDOWS\system32\TVMode.dll
2007-07-20 21:01 812,032 -ra------ C:\WINDOWS\system32\sisgrv.dll
2007-07-20 21:01 7,168 -ra------ C:\WINDOWS\system32\instFunc.dll
2007-07-20 21:01 65,536 -ra------ C:\WINDOWS\system32\sis760.bin
2007-07-20 21:01 65,536 -ra------ C:\WINDOWS\system32\sis741.bin
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\SiSPower.dll
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\SiSBase.dll
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\sis660.bin
2007-07-20 21:01 331,776 --a------ C:\WINDOWS\system32\sistray.exe
2007-07-20 21:01 258,048 -ra------ C:\WINDOWS\system32\SiSParse.dll
2007-07-20 21:01 24,576 -ra------ C:\WINDOWS\system32\SiSPInst.dll
2007-07-20 21:01 229,888 -ra------ C:\WINDOWS\system32\drivers\sisgrp.sys
2007-07-20 21:01 185,624 --a------ C:\WINDOWS\system32\iuengine.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 18:43 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-20 14:21 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-25 20:18]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Swoosh^Start Menu^Programs^Startup^Reboot.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\System32\ikhegcrh.dll ",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
Rundll32.exe SiSPower.dll,ModeAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Network Firewall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Winnotify "=2 (0x2)
"SBService "=2 (0x2)
"NProtectService "=2 (0x2)
"navapsvc "=3 (0x3)

R1 vcdrom;Virtual CD-ROM Device Driver;\??\C:\WINDOWS\system32\VCdRom.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\System32\drivers\cmuda.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-03 05:06:49
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-03 5:07:39
C:\ComboFix-quarantined-files.txt ... 2007-08-03 05:07
C:\ComboFix2.txt ... 2007-08-03 05:03
C:\ComboFix3.txt ... 2007-08-02 09:34

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:11:22, on 03/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 2319 bytes

Code:

2007-07-24 19:06      228896    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mljjg.dll.vir
2007-07-24 21:00      228960    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcyv.dll.vir
2007-07-24 21:19      6466    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.ini.vir
2007-07-24 21:21      6466    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.tmp.vir
2007-07-27 18:53      69184    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\qbslbnns.dll.vir
2007-08-02 07:45      1047031    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.bak2.vir
2007-08-02 07:45      1047575    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.bak1.vir
2007-08-02 07:58      1012    --a------    C:\Qoobox\Quarantine\Registry_backups\services_Winnotify.reg.cf
2007-08-02 07:58      1044    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_ASC3550U.reg.cf
2007-08-02 07:58      1049561    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.ini2.vir
2007-08-02 07:58      51    --a------    C:\Qoobox\Quarantine\catchme.log
2007-08-02 07:58      850    --a------    C:\Qoobox\Quarantine\Registry_backups\services_asc3550u.reg.cf
2007-08-02 07:58      852    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_WINNOTIFY.reg.cf


Folder PATH listing
Volume serial number is 71FAE346 D8DE:7993
C:\QOOBOX
\---Quarantine
    |   catchme.log
    |   
    +---C
    |   \---WINDOWS
    |       \---system32
    |               ddcyv.dll.vir
    |               mljjg.dll.vir
    |               qbslbnns.dll.vir
    |               vycdd.bak1.vir
    |               vycdd.bak2.vir
    |               vycdd.ini.vir
    |               vycdd.ini2.vir
    |               vycdd.tmp.vir
    |               
    \---Registry_backups
            LEGACY_ASC3550U.reg.cf
            LEGACY_WINNOTIFY.reg.cf
            services_asc3550u.reg.cf
            services_Winnotify.reg.cf
            

 

Unfortunately, it didn't work the way it should have. It may be because of the naming. You ran CFScipt.txt
That text file was supposed to be named CFScript.txt (missed the r). Please rename and try again.

 

Ah, never even noticed that. I copied it exactly from your post

Here is the new log:
ComboFix 07-07-30.2 - "Swoosh" 2007-08-03 10:40:28.5 [GMT -7:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Swoosh\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))


2007-08-02 09:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ipswitch
2007-08-02 07:53 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 07:53 125,504 --a------ C:\WINDOWS\system32\hsqbnohj.dll
2007-08-01 09:12 125,504 --a------ C:\WINDOWS\system32\evbltjml.dll
2007-07-31 23:24 <DIR> d-------- C:\Deckard
2007-07-31 06:53 17,632 --a------ C:\DOCUME~1\Swoosh\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-30 09:19 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Google
2007-07-30 09:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-30 09:16 <DIR> d-------- C:\Program Files\Google
2007-07-30 08:22 125,504 --a------ C:\WINDOWS\system32\wvovkjvf.dll
2007-07-30 07:08 <DIR> d-------- C:\!KillBox
2007-07-29 13:12 126,016 --a------ C:\WINDOWS\system32\wvluqwyb.dll
2007-07-29 12:51 126,016 --a------ C:\WINDOWS\system32\kpilygnb.dll
2007-07-29 08:43 126,016 --a------ C:\WINDOWS\system32\xhltmfuq.dll
2007-07-29 08:28 <DIR> d-------- C:\Program Files\CCleaner
2007-07-29 08:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-29 08:15 126,016 --a------ C:\WINDOWS\system32\jeurylcg.dll
2007-07-29 07:38 126,016 --a------ C:\WINDOWS\system32\eyymlwee.dll
2007-07-29 06:22 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-29 05:56 126,016 --a------ C:\WINDOWS\system32\ikhegcrh.dll
2007-07-27 18:53 126,016 --a------ C:\WINDOWS\system32\dmaidqfs.dll
2007-07-27 18:48 <DIR> d-------- C:\Program Files\WinASO
2007-07-27 18:36 126,016 --a------ C:\WINDOWS\system32\kdcttuxa.dll
2007-07-27 18:30 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\MSN6
2007-07-27 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-07-26 22:04 8,576 --a------ C:\WINDOWS\system32\VCdRom.sys
2007-07-22 11:20 4 -r-hs---- C:\MSDOS.BIN
2007-07-22 11:04 <DIR> d-------- C:\Program Files\Sony
2007-07-21 18:52 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Sports Interactive
2007-07-21 18:33 <DIR> d-------- C:\Program Files\Sports Interactive
2007-07-21 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-21 17:02 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-07-21 17:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-21 17:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-21 17:02 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-21 17:02 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-07-21 17:02 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Ipswitch
2007-07-21 17:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ipswitch
2007-07-21 16:49 <DIR> d---s---- C:\DOCUME~1\Swoosh\UserData
2007-07-21 16:47 <DIR> d-------- C:\Program Files\Ipswitch
2007-07-21 16:24 <DIR> d-------- C:\WINDOWS\Vbox
2007-07-21 16:23 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2007-07-21 16:23 <DIR> d-------- C:\WINDOWS\system32\Iosubsys
2007-07-21 16:23 <DIR> d-------- C:\Program Files\NewTech Infosystems
2007-07-21 16:23 <DIR> d-------- C:\Program Files\Creative
2007-07-20 21:14 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2007-07-20 21:14 252,176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL
2007-07-20 21:14 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2007-07-20 21:14 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2007-07-20 21:14 1,046,288 --a------ C:\WINDOWS\system32\MSJET35.DLL
2007-07-20 21:13 94,208 --a------ C:\WINDOWS\system32\msstkprp.dll
2007-07-20 21:13 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-20 21:13 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Symantec
2007-07-20 21:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-20 21:07 <DIR> d-------- C:\WINDOWS\pss
2007-07-20 21:06 32,256 -ra------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-07-20 21:06 <DIR> d-------- C:\Program Files\SiSLan
2007-07-20 21:04 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll
2007-07-20 21:04 821,760 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys
2007-07-20 21:04 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-07-20 21:04 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-07-20 21:04 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2007-07-20 21:04 7,040 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-07-20 21:04 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-20 21:04 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-07-20 21:04 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-07-20 21:04 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-07-20 21:04 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-07-20 21:04 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-07-20 21:04 44,416 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-07-20 21:04 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-07-20 21:04 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-07-20 21:04 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll
2007-07-20 21:04 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2007-07-20 21:04 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
2007-07-20 21:04 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-07-20 21:04 163,840 -ra------ C:\WINDOWS\system32\cmuda.dll
2007-07-20 21:04 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-07-20 21:04 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-07-20 21:04 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-20 21:04 131,712 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-07-20 21:04 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe
2007-07-20 21:03 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-07-20 21:03 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2007-07-20 21:03 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2007-07-20 21:03 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-07-20 21:02 184,320 --a------ C:\WINDOWS\system32\SiSApCom.dll
2007-07-20 21:02 110,592 --a------ C:\WINDOWS\system32\TVMode.dll
2007-07-20 21:01 812,032 -ra------ C:\WINDOWS\system32\sisgrv.dll
2007-07-20 21:01 7,168 -ra------ C:\WINDOWS\system32\instFunc.dll
2007-07-20 21:01 65,536 -ra------ C:\WINDOWS\system32\sis760.bin
2007-07-20 21:01 65,536 -ra------ C:\WINDOWS\system32\sis741.bin
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\SiSPower.dll
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\SiSBase.dll
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\sis660.bin
2007-07-20 21:01 331,776 --a------ C:\WINDOWS\system32\sistray.exe
2007-07-20 21:01 258,048 -ra------ C:\WINDOWS\system32\SiSParse.dll
2007-07-20 21:01 24,576 -ra------ C:\WINDOWS\system32\SiSPInst.dll
2007-07-20 21:01 229,888 -ra------ C:\WINDOWS\system32\drivers\sisgrp.sys
2007-07-20 21:01 185,624 --a------ C:\WINDOWS\system32\iuengine.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 18:43 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-20 14:21 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-25 20:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Swoosh^Start Menu^Programs^Startup^Reboot.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\System32\ikhegcrh.dll ",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
Rundll32.exe SiSPower.dll,ModeAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBService "=2 (0x2)
"NProtectService "=2 (0x2)
"navapsvc "=3 (0x3)
"Avg7UpdSvc "=2 (0x2)

R1 vcdrom;Virtual CD-ROM Device Driver;\??\C:\WINDOWS\system32\VCdRom.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\System32\drivers\cmuda.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-03 10:42:47
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-03 10:43:41
C:\ComboFix-quarantined-files.txt ... 2007-08-03 10:43
C:\ComboFix2.txt ... 2007-08-03 05:07
C:\ComboFix3.txt ... 2007-08-03 05:03

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:10, on 03/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 2190 bytes

 

Ahhh....... I see now that I made a typo as well. The CFScript started with Files:: rather than File::

So, lets do this one more time (sorry )

Open CFScript.txt and delete everything, then copy the contents of the quote box below and paste it into CFScript.txt, close and save changes. Drag-n-drop it onto ComboFix.exe, wait for it to complete and post the new log.

 

Its ok, seems to have worked this time

ComboFix 07-07-30.2 - "Swoosh" 2007-08-04 0:23:09.6 [GMT -7:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Swoosh\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dmaidqfs.dll
C:\WINDOWS\system32\evbltjml.dll
C:\WINDOWS\system32\eyymlwee.dll
C:\WINDOWS\system32\hsqbnohj.dll
C:\WINDOWS\system32\ikhegcrh.dll
C:\WINDOWS\system32\jeurylcg.dll
C:\WINDOWS\system32\kdcttuxa.dll
C:\WINDOWS\system32\kpilygnb.dll
C:\WINDOWS\system32\wvluqwyb.dll
C:\WINDOWS\system32\wvovkjvf.dll
C:\WINDOWS\system32\xhltmfuq.dll


((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 )))))))))))))))))))))))))))))))


2007-08-02 09:20 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ipswitch
2007-08-02 07:53 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-31 23:24 <DIR> d-------- C:\Deckard
2007-07-31 06:53 17,632 --a------ C:\DOCUME~1\Swoosh\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-30 09:19 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Google
2007-07-30 09:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-30 09:16 <DIR> d-------- C:\Program Files\Google
2007-07-30 07:08 <DIR> d-------- C:\!KillBox
2007-07-29 08:28 <DIR> d-------- C:\Program Files\CCleaner
2007-07-29 08:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-29 06:22 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-27 18:48 <DIR> d-------- C:\Program Files\WinASO
2007-07-27 18:30 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\MSN6
2007-07-27 18:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-07-26 22:04 8,576 --a------ C:\WINDOWS\system32\VCdRom.sys
2007-07-22 11:20 4 -r-hs---- C:\MSDOS.BIN
2007-07-22 11:04 <DIR> d-------- C:\Program Files\Sony
2007-07-21 18:52 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Sports Interactive
2007-07-21 18:33 <DIR> d-------- C:\Program Files\Sports Interactive
2007-07-21 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-21 17:02 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-07-21 17:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-21 17:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-21 17:02 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-07-21 17:02 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-07-21 17:02 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Ipswitch
2007-07-21 17:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ipswitch
2007-07-21 16:49 <DIR> d---s---- C:\DOCUME~1\Swoosh\UserData
2007-07-21 16:47 <DIR> d-------- C:\Program Files\Ipswitch
2007-07-21 16:24 <DIR> d-------- C:\WINDOWS\Vbox
2007-07-21 16:23 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2007-07-21 16:23 <DIR> d-------- C:\WINDOWS\system32\Iosubsys
2007-07-21 16:23 <DIR> d-------- C:\Program Files\NewTech Infosystems
2007-07-21 16:23 <DIR> d-------- C:\Program Files\Creative
2007-07-20 21:14 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL
2007-07-20 21:14 252,176 --a------ C:\WINDOWS\system32\MSRD2X35.DLL
2007-07-20 21:14 24,848 --a------ C:\WINDOWS\system32\MSJTER35.DLL
2007-07-20 21:14 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2007-07-20 21:14 1,046,288 --a------ C:\WINDOWS\system32\MSJET35.DLL
2007-07-20 21:13 94,208 --a------ C:\WINDOWS\system32\msstkprp.dll
2007-07-20 21:13 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-20 21:13 <DIR> d-------- C:\DOCUME~1\Swoosh\APPLIC~1\Symantec
2007-07-20 21:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-20 21:07 <DIR> d-------- C:\WINDOWS\pss
2007-07-20 21:06 32,256 -ra------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-07-20 21:06 <DIR> d-------- C:\Program Files\SiSLan
2007-07-20 21:04 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll
2007-07-20 21:04 821,760 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys
2007-07-20 21:04 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-07-20 21:04 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-07-20 21:04 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2007-07-20 21:04 7,040 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-07-20 21:04 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-07-20 21:04 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-07-20 21:04 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-07-20 21:04 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-07-20 21:04 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-07-20 21:04 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-07-20 21:04 44,416 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-07-20 21:04 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-07-20 21:04 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-07-20 21:04 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll
2007-07-20 21:04 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2007-07-20 21:04 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
2007-07-20 21:04 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-07-20 21:04 163,840 -ra------ C:\WINDOWS\system32\cmuda.dll
2007-07-20 21:04 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-07-20 21:04 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-07-20 21:04 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-07-20 21:04 131,712 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-07-20 21:04 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe
2007-07-20 21:03 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-07-20 21:03 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2007-07-20 21:03 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2007-07-20 21:03 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-07-20 21:02 184,320 --a------ C:\WINDOWS\system32\SiSApCom.dll
2007-07-20 21:02 110,592 --a------ C:\WINDOWS\system32\TVMode.dll
2007-07-20 21:01 812,032 -ra------ C:\WINDOWS\system32\sisgrv.dll
2007-07-20 21:01 7,168 -ra------ C:\WINDOWS\system32\instFunc.dll
2007-07-20 21:01 65,536 -ra------ C:\WINDOWS\system32\sis760.bin
2007-07-20 21:01 65,536 -ra------ C:\WINDOWS\system32\sis741.bin
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\SiSPower.dll
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\SiSBase.dll
2007-07-20 21:01 49,152 -ra------ C:\WINDOWS\system32\sis660.bin
2007-07-20 21:01 331,776 --a------ C:\WINDOWS\system32\sistray.exe
2007-07-20 21:01 258,048 -ra------ C:\WINDOWS\system32\SiSParse.dll
2007-07-20 21:01 24,576 -ra------ C:\WINDOWS\system32\SiSPInst.dll
2007-07-20 21:01 229,888 -ra------ C:\WINDOWS\system32\drivers\sisgrp.sys
2007-07-20 21:01 185,624 --a------ C:\WINDOWS\system32\iuengine.dll
2007-07-20 21:01 184,320 -ra------ C:\WINDOWS\system32\SiSInst.dll
2007-07-20 21:01 12,928 -ra------ C:\WINDOWS\system32\drivers\srvkp.sys
2007-07-20 21:01 1,864,425 -ra------ C:\WINDOWS\system32\sisgl.dll
2007-07-20 21:01 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-07-20 21:01 <DIR> d-------- C:\WUTemp
2007-07-20 21:01 <DIR> d-------- C:\WINDOWS\system32\trayres
2007-07-20 21:01 <DIR> d-------- C:\WINDOWS\SiS
2007-07-20 21:01 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.62
2007-07-20 20:59 36,992 -ra------ C:\WINDOWS\system32\drivers\SISAGPX.SYS
2007-07-20 20:59 32,768 --a------ C:\WINDOWS\SIS_LIB.DLL
2007-07-20 20:59 306,688 --a------ C:\WINDOWS\IsUninst.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-21 18:43 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-20 14:21 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-25 20:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Swoosh^Start Menu^Programs^Startup^Reboot.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
rundll32.exe "C:\WINDOWS\System32\ikhegcrh.dll ",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
Rundll32.exe SiSPower.dll,ModeAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBService "=2 (0x2)
"NProtectService "=2 (0x2)
"navapsvc "=3 (0x3)
"Avg7UpdSvc "=2 (0x2)

R1 vcdrom;Virtual CD-ROM Device Driver;\??\C:\WINDOWS\system32\VCdRom.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\System32\drivers\cmuda.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-04 00:25:46
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-04 0:26:29
C:\ComboFix-quarantined-files.txt ... 2007-08-04 00:26
C:\ComboFix2.txt ... 2007-08-03 10:43
C:\ComboFix3.txt ... 2007-08-03 05:07

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:28:00, on 04/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 2226 bytes

 

It did work, mostly. I just noticed another typo on my part.

Regsitry::
should read Registry::

Not a problem though. Those are disabled startup items. Open msconfig and recheck these two entries on the Startup tab.

C:\Documents and Settings\Swoosh\Start Menu\Programs\Startup\Reboot.exe
MemoryManager rundll32.exe "C:\WINDOWS\System32\ikhegcrh.dll ",sitypnow

Click Apply, then OK. Exit without restarting.
Scan again with HijackThis. There should be two 04 entries present representing the above startup items. Fix them.

Logs look good otherwise. Please delete the folder C:\Qoobox, then empty the recycle bin.

Lets do an online scan just to be sure we haven't missed something.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC now button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HJT log.

 

That scan found some more, I seem to have a never ending list of virus. No idea where I even got them from


Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Swoosh\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Virus:W32/Sdbot.KYD.worm Disinfected C:\WINDOWS\system32\firewall.exe
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
Virus:W32/Sdbot.KVD.worm Disinfected C:\WINDOWS\system32\winamp.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:58:02, on 04/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 2248 bytes

 

Looks like you're now clean.

Please delete the following tools, folders and files created by those tools.

C:\WINDOWS\nircmd.exe
C:\Deckard
C:\!KillBox
C:\QOOBOX
ComboFix.exe
VundoFix.exe
dss.exe
ComboFix logs and script
VundoFix log

You really need to head over to Windows Update and bring that computer up-to-date. The many critical updates available and Service Pack 2 would go a long way in helping to protect against future re-infection.

I also recommend you get a software firewall installed. Zone Alarm, Comodo and Sygate are several freeware that come to mind.

Everything working OK now?

 

Every thing seems to be working normally now, my computer is running that little bit faster too. Thank you. I’m eternally grateful. Would have taken me months to get rid of all that stuff.

 

Happy to hear that, Swoosh. Thanks for posting back!

Glad I could help