Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
10 replies to this topic

#1 adept23

adept23

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 12 March 2008 - 05:56 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:10 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP1 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLServiceHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\RunServices: [WindowsUpdateServer] wsrv32.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2EA511B-A7DD-4E33-A87C-B85AEEB4CF3C}: NameServer = 68.87.77.130,68.87.72.130
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 9699 bytes

BC AdBot (Login to Remove)

 


#2 adept23

adept23
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 17 March 2008 - 05:24 PM

I have followed the preparation guide and tried everything I can think of to solve this problem.
spybot and adware away find the same things and say they fix them but they do not.
The only way I can get my internet to work properly is by canceling the explorer.exe process.
Any help would be greatly appreciated I am at a loss.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:43 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP1 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1125971335\ee\AOLServiceHost.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\RunServices: [WindowsUpdateServer] wsrv32.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2EA511B-A7DD-4E33-A87C-B85AEEB4CF3C}: NameServer = 68.87.77.130,68.87.72.130
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 9708 bytes

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:31 AM

Posted 31 March 2008 - 10:22 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.

#4 adept23

adept23
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 31 March 2008 - 04:14 PM

Ok here is a new hijackthis log, my computer seems to be running better but I am not sure if I got everything or not so any help would still be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:14 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP1 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1125971335\ee\AOLServiceHost.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [WindowsUpdateServer] wsrv32.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2EA511B-A7DD-4E33-A87C-B85AEEB4CF3C}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8976 bytes

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:31 AM

Posted 01 April 2008 - 04:30 PM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#6 adept23

adept23
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 01 April 2008 - 05:32 PM

Ok here is the combofix log:
ComboFix 08-04-01.2 - Dean 2008-04-01 18:18:33.3 - NTFSx86

Running from: C:\Documents and Settings\Dean\My Documents\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSTEM


((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-04-01 09:52 . 2008-04-01 09:52 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-30 09:43 . 2008-03-30 22:50 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-29 21:29 . 2008-03-29 21:28 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-29 21:29 . 2008-03-29 21:28 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-29 21:29 . 2008-03-29 21:28 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-29 21:27 . 2008-04-01 18:18 <DIR> d-------- C:\Program Files\ESET
2008-03-29 20:56 . 2008-04-01 18:25 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-03-29 17:58 . 2008-03-29 17:58 <DIR> d-------- C:\Program Files\Common Files\MainConcept
2008-03-29 17:57 . 2008-03-29 18:15 <DIR> d-------- C:\Documents and Settings\Dean\.SimpleCenter
2008-03-29 17:51 . 2008-03-29 17:52 <DIR> d-------- C:\Program Files\SimpleCenter
2008-03-29 17:51 . 2008-03-29 17:51 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2008-03-22 12:29 . 2008-03-22 12:29 <DIR> d-------- C:\Documents and Settings\Dean\Application Data\Media Player Classic
2008-03-22 12:28 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-22 12:28 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-03-22 12:28 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-03-22 12:28 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-22 12:28 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-03-22 12:28 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-22 12:28 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-22 12:28 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-03-17 16:18 . 2008-03-17 18:17 <DIR> d-------- C:\Documents and Settings\Dean\.housecall6.6
2008-03-15 19:55 . 2008-03-16 15:47 1,367,163 ---hs---- C:\WINDOWS\system32\uydxyhma.ini
2008-03-14 22:13 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-14 22:13 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-03-14 22:13 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-03-14 22:13 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-14 20:42 . 2008-03-14 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 20:41 . 2008-03-14 20:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 20:38 . 2008-03-14 20:55 <DIR> d-------- C:\Documents and Settings\Dean\Application Data\HouseCall 6.6
2008-03-14 18:52 . 2008-03-14 19:57 1,366,743 ---hs---- C:\WINDOWS\system32\dmeadwfp.ini
2008-03-13 18:52 . 2008-03-14 09:32 1,346,810 ---hs---- C:\WINDOWS\system32\aiotrbru.ini
2008-03-12 18:16 . 2008-03-12 18:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-12 18:14 . 2008-03-12 18:15 <DIR> d-------- C:\Program Files\PC Doc Pro
2008-03-12 18:14 . 2004-03-09 09:30 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-03-12 18:14 . 2001-08-17 00:00 494,352 --a------ C:\WINDOWS\system32\SHDOC401.DLL
2008-03-12 18:14 . 2000-05-22 15:58 83,144 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-03-12 18:14 . 2007-12-19 16:12 53,248 --a------ C:\WINDOWS\system32\ArmAccess.dll
2008-03-12 17:47 . 2008-03-12 18:05 1,320,095 ---hs---- C:\WINDOWS\system32\fegosdlg.ini
2008-03-12 17:04 . 2008-03-12 17:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-12 16:13 . 2008-03-12 16:25 <DIR> d-------- C:\Program Files\RegCure
2008-03-12 15:52 . 2008-03-29 14:31 <DIR> d-------- C:\Program Files\XoftSpySE
2008-03-12 07:38 . 2008-03-14 20:33 <DIR> d-------- C:\Documents and Settings\Dean\Application Data\Lavasoft
2008-03-11 20:50 . 2008-03-11 20:50 294 ---hs---- C:\WINDOWS\system32\yennbgfk.ini
2008-03-11 15:52 . 2008-03-11 15:52 <DIR> d-------- C:\VundoFix Backups
2008-03-11 11:45 . 2008-03-11 11:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-11 11:45 . 2008-03-11 11:45 2,549 --a------ C:\WINDOWS\unins000.dat
2008-03-10 17:51 . 2008-03-12 07:28 1,321,938 ---hs---- C:\WINDOWS\system32\iixvylof.ini
2008-03-09 17:45 . 2008-03-10 17:10 1,318,970 --ahs---- C:\WINDOWS\system32\moguwamy.ini
2008-03-08 15:08 . 2008-03-08 15:08 42,496 --a------ C:\WINDOWS\system32\wvurpmk.dll
2008-03-08 14:57 . 2008-03-08 14:57 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-08 14:57 . 2008-03-08 14:57 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys
2008-03-08 14:53 . 2008-03-22 12:20 <DIR> d-------- C:\Program Files\DirectVobSub

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 22:15 --------- d-----w C:\Documents and Settings\Dean\Application Data\uTorrent
2008-04-01 17:19 --------- d-----w C:\Documents and Settings\Dean\Application Data\Vso
2008-04-01 13:52 --------- d-----w C:\Program Files\Common Files\Real
2008-04-01 13:51 --------- d-----w C:\Program Files\Real
2008-04-01 13:51 --------- d-----w C:\Program Files\Common Files\csshare
2008-03-31 05:11 --------- d-----w C:\Documents and Settings\Katie\Application Data\U3
2008-03-30 01:27 --------- d-----w C:\Program Files\McAfee.com
2008-03-30 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-22 16:28 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-22 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-21 19:39 --------- d-----w C:\Program Files\Java
2008-03-15 02:16 47,360 -c--a-w C:\Documents and Settings\Dean\Application Data\pcouffin.sys
2008-03-15 02:16 --------- d-----w C:\Program Files\VSO
2008-03-15 00:42 --------- d-----w C:\Program Files\Lavasoft
2008-03-11 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 16:04 --------- d-----w C:\Program Files\Red Kawa
2008-03-11 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-11 15:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-24 21:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-24 15:44 --------- d-----w C:\Program Files\TVersity Codec Pack
2008-02-24 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-24 01:25 --------- d-----w C:\Program Files\Orb Networks
2008-02-23 15:57 --------- d-----w C:\Documents and Settings\Dean\Application Data\U3
2008-02-23 03:59 --------- d-----w C:\Program Files\Realtek AC97
2008-02-23 03:46 --------- d-----w C:\Program Files\Unibrain
2008-02-23 03:46 --------- d-----w C:\Program Files\Intel Desktop Board
2008-02-23 03:18 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-02-12 23:47 --------- d-----w C:\Program Files\ImgBurn
2008-02-12 21:56 --------- d-----w C:\Documents and Settings\Dean\Application Data\LimeWire
2004-10-14 22:01 21 -c--a-w C:\Program Files\AVPersonalAVWIN.INI
2003-08-27 18:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
2006-10-17 13:59 80 --sh--r C:\WINDOWS\system32\84711FDBD9.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:56 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2003-03-21 14:26 483840 C:\WINDOWS\mHotkey.exe]
"showicon2k"="C:\Program Files\\eM\Bay Reader\Shwicon2k.exe" [2003-07-04 13:55 135168]
"HostManager"="C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe" [2005-08-02 15:33 159832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 09:56 64512]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 21:58 8704]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51 257088]
"S3Trayp"="S3trayp.exe" [2007-04-25 16:41 176128 C:\WINDOWS\system32\S3Trayp.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2007-09-19 17:08 94208]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-29 21:28 949376]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-01 09:51 185632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WindowsUpdateServer"="wsrv32.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\1125971335\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\aim\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-03-30 20:58:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-01 22:25:04 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-27 07:04:11 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-01 22:25:03 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-04-01 13:02:02 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 18:24:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLServiceHost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\slrundll.exe
.
**************************************************************************
.
Completion time: 2008-04-01 18:28:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-01 22:28:19
ComboFix2.txt 2008-03-24 03:11:13
ComboFix3.txt 2008-03-19 14:11:43
Pre-Run: 52,498,452,480 bytes free
Post-Run: 52,506,533,888 bytes free
.
2007-07-29 14:12:10 --- E O F ---

And here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:48 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP1 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLServiceHost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [WindowsUpdateServer] wsrv32.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2EA511B-A7DD-4E33-A87C-B85AEEB4CF3C}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8896 bytes

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:31 AM

Posted 02 April 2008 - 12:48 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\dmeadwfp.ini
C:\WINDOWS\system32\aiotrbru.ini
C:\WINDOWS\system32\uydxyhma.ini
C:\WINDOWS\system32\fegosdlg.ini
C:\WINDOWS\system32\yennbgfk.ini
C:\WINDOWS\system32\iixvylof.ini
C:\WINDOWS\system32\moguwamy.ini
C:\WINDOWS\system32\wvurpmk.dll
C:\WINDOWS\system32\84711FDBD9.dll
C:\Windows\System32\wsrv32.exe
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job

Suspect::[3]
C:\WINDOWS\system32\affv208325p1now.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"WindowsUpdateServer"=-


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#8 adept23

adept23
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 02 April 2008 - 05:02 PM

Ok here is the combofix.txt log:
ComboFix 08-04-01.2 - Dean 2008-04-02 17:52:39.4 - NTFSx86

Running from: C:\Documents and Settings\Dean\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dean\Desktop\CFScript.txt
* Resident AV is active


FILE ::
C:\WINDOWS\system32\84711FDBD9.dll
C:\WINDOWS\system32\aiotrbru.ini
C:\WINDOWS\system32\dmeadwfp.ini
C:\WINDOWS\system32\fegosdlg.ini
C:\WINDOWS\system32\iixvylof.ini
C:\WINDOWS\system32\moguwamy.ini
C:\WINDOWS\system32\uydxyhma.ini
C:\Windows\System32\wsrv32.exe
C:\WINDOWS\system32\wvurpmk.dll
C:\WINDOWS\system32\yennbgfk.ini
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\84711FDBD9.dll
C:\WINDOWS\system32\aiotrbru.ini
C:\WINDOWS\system32\dmeadwfp.ini
C:\WINDOWS\system32\fegosdlg.ini
C:\WINDOWS\system32\iixvylof.ini
C:\WINDOWS\system32\moguwamy.ini
C:\WINDOWS\system32\uydxyhma.ini
C:\WINDOWS\system32\yennbgfk.ini
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job

.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-04-01 09:52 . 2008-04-01 09:52 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-30 09:43 . 2008-03-30 22:50 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-29 21:29 . 2008-03-29 21:28 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-29 21:29 . 2008-03-29 21:28 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-29 21:29 . 2008-03-29 21:28 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-29 21:27 . 2008-04-01 18:18 <DIR> d-------- C:\Program Files\ESET
2008-03-29 20:56 . 2008-04-02 17:54 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-03-29 17:58 . 2008-03-29 17:58 <DIR> d-------- C:\Program Files\Common Files\MainConcept
2008-03-29 17:57 . 2008-03-29 18:15 <DIR> d-------- C:\Documents and Settings\Dean\.SimpleCenter
2008-03-29 17:51 . 2008-03-29 17:52 <DIR> d-------- C:\Program Files\SimpleCenter
2008-03-29 17:51 . 2008-03-29 17:51 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2008-03-22 12:29 . 2008-03-22 12:29 <DIR> d-------- C:\Documents and Settings\Dean\Application Data\Media Player Classic
2008-03-22 12:28 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-22 12:28 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-03-22 12:28 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-03-22 12:28 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-22 12:28 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-03-22 12:28 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-22 12:28 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-22 12:28 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-03-17 16:18 . 2008-03-17 18:17 <DIR> d-------- C:\Documents and Settings\Dean\.housecall6.6
2008-03-14 22:13 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-14 22:13 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-03-14 22:13 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-03-14 22:13 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-14 20:42 . 2008-03-14 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 20:41 . 2008-03-14 20:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 20:38 . 2008-03-14 20:55 <DIR> d-------- C:\Documents and Settings\Dean\Application Data\HouseCall 6.6
2008-03-12 18:16 . 2008-03-12 18:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-12 18:14 . 2008-03-12 18:15 <DIR> d-------- C:\Program Files\PC Doc Pro
2008-03-12 18:14 . 2004-03-09 09:30 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-03-12 18:14 . 2001-08-17 00:00 494,352 --a------ C:\WINDOWS\system32\SHDOC401.DLL
2008-03-12 18:14 . 2000-05-22 15:58 83,144 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-03-12 18:14 . 2007-12-19 16:12 53,248 --a------ C:\WINDOWS\system32\ArmAccess.dll
2008-03-12 17:04 . 2008-03-12 17:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-12 16:13 . 2008-03-12 16:25 <DIR> d-------- C:\Program Files\RegCure
2008-03-12 15:52 . 2008-03-29 14:31 <DIR> d-------- C:\Program Files\XoftSpySE
2008-03-12 07:38 . 2008-03-14 20:33 <DIR> d-------- C:\Documents and Settings\Dean\Application Data\Lavasoft
2008-03-11 15:52 . 2008-03-11 15:52 <DIR> d-------- C:\VundoFix Backups
2008-03-11 11:45 . 2008-03-11 11:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-11 11:45 . 2008-03-11 11:45 2,549 --a------ C:\WINDOWS\unins000.dat
2008-03-08 14:57 . 2008-03-08 14:57 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-08 14:57 . 2008-03-08 14:57 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys
2008-03-08 14:53 . 2008-03-22 12:20 <DIR> d-------- C:\Program Files\DirectVobSub

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 21:52 --------- d-----w C:\Documents and Settings\Dean\Application Data\uTorrent
2008-04-01 17:19 --------- d-----w C:\Documents and Settings\Dean\Application Data\Vso
2008-04-01 13:52 --------- d-----w C:\Program Files\Common Files\Real
2008-04-01 13:51 --------- d-----w C:\Program Files\Real
2008-04-01 13:51 --------- d-----w C:\Program Files\Common Files\csshare
2008-03-31 05:11 --------- d-----w C:\Documents and Settings\Katie\Application Data\U3
2008-03-30 01:27 --------- d-----w C:\Program Files\McAfee.com
2008-03-30 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-22 16:28 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-22 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-21 19:39 --------- d-----w C:\Program Files\Java
2008-03-15 02:16 47,360 -c--a-w C:\Documents and Settings\Dean\Application Data\pcouffin.sys
2008-03-15 02:16 --------- d-----w C:\Program Files\VSO
2008-03-15 00:42 --------- d-----w C:\Program Files\Lavasoft
2008-03-14 23:56 36,864 ----a-w C:\WINDOWS\system32\DeleteAtStartup.dll
2008-03-11 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 16:04 --------- d-----w C:\Program Files\Red Kawa
2008-03-11 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-11 15:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-24 21:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-24 15:44 --------- d-----w C:\Program Files\TVersity Codec Pack
2008-02-24 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-24 01:25 --------- d-----w C:\Program Files\Orb Networks
2008-02-23 15:57 --------- d-----w C:\Documents and Settings\Dean\Application Data\U3
2008-02-23 03:59 --------- d-----w C:\Program Files\Realtek AC97
2008-02-23 03:46 --------- d-----w C:\Program Files\Unibrain
2008-02-23 03:46 --------- d-----w C:\Program Files\Intel Desktop Board
2008-02-23 03:18 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-02-12 23:47 --------- d-----w C:\Program Files\ImgBurn
2008-02-12 21:56 --------- d-----w C:\Documents and Settings\Dean\Application Data\LimeWire
2004-10-14 22:01 21 -c--a-w C:\Program Files\AVPersonalAVWIN.INI
2003-08-27 18:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:56 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2003-03-21 14:26 483840 C:\WINDOWS\mHotkey.exe]
"showicon2k"="C:\Program Files\\eM\Bay Reader\Shwicon2k.exe" [2003-07-04 13:55 135168]
"HostManager"="C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe" [2005-08-02 15:33 159832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 09:56 64512]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 21:58 8704]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51 257088]
"S3Trayp"="S3trayp.exe" [2007-04-25 16:41 176128 C:\WINDOWS\system32\S3Trayp.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2007-09-19 17:08 94208]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-29 21:28 949376]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-01 09:51 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\1125971335\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\aim\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


*Newly Created Service* - CATCHME
*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-03-30 20:58:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 17:55:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-02 17:56:26
ComboFix-quarantined-files.txt 2008-04-02 21:56:05
ComboFix2.txt 2008-04-01 22:28:23
ComboFix3.txt 2008-03-24 03:11:13
ComboFix4.txt 2008-03-19 14:11:43
Pre-Run: 57,312,993,280 bytes free
Post-Run: 57,288,257,536 bytes free
.
2007-07-29 14:12:10 --- E O F ---
And here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:12 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP1 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLServiceHost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2EA511B-A7DD-4E33-A87C-B85AEEB4CF3C}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8864 bytes


Ok here is the combofix.txt log:
ComboFix 08-04-01.2 - Dean 2008-04-02 17:52:39.4 - NTFSx86

Running from: C:\Documents and Settings\Dean\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dean\Desktop\CFScript.txt
* Resident AV is active


FILE ::
C:\WINDOWS\system32\84711FDBD9.dll
C:\WINDOWS\system32\aiotrbru.ini
C:\WINDOWS\system32\dmeadwfp.ini
C:\WINDOWS\system32\fegosdlg.ini
C:\WINDOWS\system32\iixvylof.ini
C:\WINDOWS\system32\moguwamy.ini
C:\WINDOWS\system32\uydxyhma.ini
C:\Windows\System32\wsrv32.exe
C:\WINDOWS\system32\wvurpmk.dll
C:\WINDOWS\system32\yennbgfk.ini
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\84711FDBD9.dll
C:\WINDOWS\system32\aiotrbru.ini
C:\WINDOWS\system32\dmeadwfp.ini
C:\WINDOWS\system32\fegosdlg.ini
C:\WINDOWS\system32\iixvylof.ini
C:\WINDOWS\system32\moguwamy.ini
C:\WINDOWS\system32\uydxyhma.ini
C:\WINDOWS\system32\yennbgfk.ini
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
C:\WINDOWS\Tasks\XoftSpySE 2.job
C:\WINDOWS\Tasks\XoftSpySE.job

.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-04-01 09:52 . 2008-04-01 09:52 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-30 09:43 . 2008-03-30 22:50 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-29 21:29 . 2008-03-29 21:28 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-29 21:29 . 2008-03-29 21:28 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-29 21:29 . 2008-03-29 21:28 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-03-29 21:27 . 2008-04-01 18:18 <DIR> d-------- C:\Program Files\ESET
2008-03-29 20:56 . 2008-04-02 17:54 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-03-29 17:58 . 2008-03-29 17:58 <DIR> d-------- C:\Program Files\Common Files\MainConcept
2008-03-29 17:57 . 2008-03-29 18:15 <DIR> d-------- C:\Documents and Settings\Dean\.SimpleCenter
2008-03-29 17:51 . 2008-03-29 17:52 <DIR> d-------- C:\Program Files\SimpleCenter
2008-03-29 17:51 . 2008-03-29 17:51 <DIR> d-------- C:\Program Files\Common Files\i4j_jres
2008-03-22 12:29 . 2008-03-22 12:29 <DIR> d-------- C:\Documents and Settings\Dean\Application Data\Media Player Classic
2008-03-22 12:28 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-22 12:28 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-03-22 12:28 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-03-22 12:28 . 2008-01-10 13:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-22 12:28 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-03-22 12:28 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-22 12:28 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-22 12:28 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-03-17 16:18 . 2008-03-17 18:17 <DIR> d-------- C:\Documents and Settings\Dean\.housecall6.6
2008-03-14 22:13 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-03-14 22:13 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-03-14 22:13 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-03-14 22:13 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-03-14 20:42 . 2008-03-14 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-14 20:41 . 2008-03-14 20:41 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-14 20:38 . 2008-03-14 20:55 <DIR> d-------- C:\Documents and Settings\Dean\Application Data\HouseCall 6.6
2008-03-12 18:16 . 2008-03-12 18:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-12 18:14 . 2008-03-12 18:15 <DIR> d-------- C:\Program Files\PC Doc Pro
2008-03-12 18:14 . 2004-03-09 09:30 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-03-12 18:14 . 2001-08-17 00:00 494,352 --a------ C:\WINDOWS\system32\SHDOC401.DLL
2008-03-12 18:14 . 2000-05-22 15:58 83,144 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-03-12 18:14 . 2007-12-19 16:12 53,248 --a------ C:\WINDOWS\system32\ArmAccess.dll
2008-03-12 17:04 . 2008-03-12 17:04 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-12 16:13 . 2008-03-12 16:25 <DIR> d-------- C:\Program Files\RegCure
2008-03-12 15:52 . 2008-03-29 14:31 <DIR> d-------- C:\Program Files\XoftSpySE
2008-03-12 07:38 . 2008-03-14 20:33 <DIR> d-------- C:\Documents and Settings\Dean\Application Data\Lavasoft
2008-03-11 15:52 . 2008-03-11 15:52 <DIR> d-------- C:\VundoFix Backups
2008-03-11 11:45 . 2008-03-11 11:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-11 11:45 . 2008-03-11 11:45 2,549 --a------ C:\WINDOWS\unins000.dat
2008-03-08 14:57 . 2008-03-08 14:57 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-03-08 14:57 . 2008-03-08 14:57 3,082 --a------ C:\WINDOWS\system32\affv208325p1now.sys
2008-03-08 14:53 . 2008-03-22 12:20 <DIR> d-------- C:\Program Files\DirectVobSub

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 21:52 --------- d-----w C:\Documents and Settings\Dean\Application Data\uTorrent
2008-04-01 17:19 --------- d-----w C:\Documents and Settings\Dean\Application Data\Vso
2008-04-01 13:52 --------- d-----w C:\Program Files\Common Files\Real
2008-04-01 13:51 --------- d-----w C:\Program Files\Real
2008-04-01 13:51 --------- d-----w C:\Program Files\Common Files\csshare
2008-03-31 05:11 --------- d-----w C:\Documents and Settings\Katie\Application Data\U3
2008-03-30 01:27 --------- d-----w C:\Program Files\McAfee.com
2008-03-30 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-22 16:28 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-22 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-21 19:39 --------- d-----w C:\Program Files\Java
2008-03-15 02:16 47,360 -c--a-w C:\Documents and Settings\Dean\Application Data\pcouffin.sys
2008-03-15 02:16 --------- d-----w C:\Program Files\VSO
2008-03-15 00:42 --------- d-----w C:\Program Files\Lavasoft
2008-03-14 23:56 36,864 ----a-w C:\WINDOWS\system32\DeleteAtStartup.dll
2008-03-11 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 16:04 --------- d-----w C:\Program Files\Red Kawa
2008-03-11 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-11 15:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-24 21:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-24 15:44 --------- d-----w C:\Program Files\TVersity Codec Pack
2008-02-24 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-24 01:25 --------- d-----w C:\Program Files\Orb Networks
2008-02-23 15:57 --------- d-----w C:\Documents and Settings\Dean\Application Data\U3
2008-02-23 03:59 --------- d-----w C:\Program Files\Realtek AC97
2008-02-23 03:46 --------- d-----w C:\Program Files\Unibrain
2008-02-23 03:46 --------- d-----w C:\Program Files\Intel Desktop Board
2008-02-23 03:18 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-02-12 23:47 --------- d-----w C:\Program Files\ImgBurn
2008-02-12 21:56 --------- d-----w C:\Documents and Settings\Dean\Application Data\LimeWire
2004-10-14 22:01 21 -c--a-w C:\Program Files\AVPersonalAVWIN.INI
2003-08-27 18:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:56 15360]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2003-03-21 14:26 483840 C:\WINDOWS\mHotkey.exe]
"showicon2k"="C:\Program Files\\eM\Bay Reader\Shwicon2k.exe" [2003-07-04 13:55 135168]
"HostManager"="C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe" [2005-08-02 15:33 159832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 09:56 64512]
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 21:58 8704]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51 257088]
"S3Trayp"="S3trayp.exe" [2007-04-25 16:41 176128 C:\WINDOWS\system32\S3Trayp.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18 77824]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2007-09-19 17:08 94208]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-29 21:28 949376]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-01 09:51 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\1125971335\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\aim\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\TVersity\\Media Server\\TVersity.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


*Newly Created Service* - CATCHME
*Newly Created Service* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-03-30 20:58:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 17:55:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-02 17:56:26
ComboFix-quarantined-files.txt 2008-04-02 21:56:05
ComboFix2.txt 2008-04-01 22:28:23
ComboFix3.txt 2008-03-24 03:11:13
ComboFix4.txt 2008-03-19 14:11:43
Pre-Run: 57,312,993,280 bytes free
Post-Run: 57,288,257,536 bytes free
.
2007-07-29 14:12:10 --- E O F ---
And here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:12 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP1 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\AOL\1125971335\ee\AOLServiceHost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125971335\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2756083758-2271834320-3664635531-1005\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2EA511B-A7DD-4E33-A87C-B85AEEB4CF3C}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CS1\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{03D44FC0-53C9-4D20-BDEC-F82551AA7114}: NameServer = 68.87.77.130,68.87.72.130
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8864 bytes

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:31 AM

Posted 03 April 2008 - 04:11 PM

Looks clean. How does your computer feel to you now?

#10 adept23

adept23
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 03 April 2008 - 05:18 PM

Computer feels good my internet is fast again I think I forgot what that was like. Thank you very much for the help if you have anymore suggestions let me know.

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:31 AM

Posted 04 April 2008 - 04:43 PM

Now that your clean:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here for your particular Windows Version:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

or

Windows Vista System Restore Guide


Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


I am closing this topic. Please message a moderator if you need it reopened.

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users