I have closed your third thread here. Please stick to this thread until we are done. You may have multiple problems on your pc, but you need to give this a chance to work. If you start threads here there and everywhere, you are going to have different helpers scratching their heads wondering why certain things have changed that should not have and vice versa.
If you have a problem with that then let me know and I will close this thread and you can then start a new thread where hopefully you will get the assistance you obviously need .

==============

Please download DAFT and save it to your desktop:

1. Double-click the daft.exe icon. Read the disclaimer and click OK.
2. Click on the Scan button.
3. Place a checkmark next to the following entries:
   
   .reg
   .scr
   
   
4. Click the Fix button.
5. Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile with your next post.

===========

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix once only!

I'm sorry for starting the new threads. I'll see if this helped. all it said after i rescanned was

DAFT Log saved on 2008-08-25 13:27:39
-----------------------------------------------------------------------
All associations okay!

And combo fix is here

ComboFix 08-07-24.6 - Administrator 08/25/2008 13:31:53.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.49 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\mcrh.tmp
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-25 00:00 . 08-08-25 00:00 323,584 --------- C:\WINNT\system32\rqRLcBrq.dll
2008-08-25 00:00 . 08-08-25 00:01 347 --ahs---- C:\WINNT\system32\qrBcLRqr.ini
2008-08-24 21:08 . 08-08-24 21:08 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2c4.dat
2008-08-24 21:07 . 08-08-24 21:07 323,584 --------- C:\WINNT\system32\yaywvtTM.dll
2008-08-24 21:07 . 08-08-24 23:48 347 --ahs---- C:\WINNT\system32\MTtvwyay.ini
2008-08-24 19:37 . 08-08-24 19:53 347 --ahs---- C:\WINNT\system32\GNmSDfhk.ini
2008-08-24 19:20 . 99-10-12 15:57 68,912 --a------ C:\WINNT\system32\drivers\USBAUDIO.sys
2008-08-24 19:20 . 99-10-12 15:57 68,912 --a--c--- C:\WINNT\system32\dllcache\usbaudio.sys
2008-08-24 18:14 . 08-08-24 18:14 323,584 --------- C:\WINNT\system32\byXPGyvt.dll
2008-08-24 18:14 . 08-08-24 19:15 347 --ahs---- C:\WINNT\system32\tvyGPXyb.ini
2008-08-24 16:24 . 08-08-24 16:30 347 --ahs---- C:\WINNT\system32\AIhPYJlm.ini
2008-08-24 15:17 . 08-08-24 15:17 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_208.dat
2008-08-24 15:10 . 08-08-24 15:15 347 --ahs---- C:\WINNT\system32\qAJjkUtv.ini
2008-08-24 14:58 . 08-08-24 14:58 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-08-24 14:47 . 08-08-24 14:48 <DIR> d-------- C:\Program Files\Cacheman
2008-08-24 14:43 . 08-08-24 14:43 0 --a------ C:\WINNT\exctrlst.INI
2008-08-24 14:39 . 08-08-24 14:39 <DIR> d-------- C:\Program Files\Resource Kit
2008-08-24 13:42 . 08-08-24 16:59 <DIR> d-------- C:\Logs
2008-08-24 13:13 . 08-08-24 17:04 2,508 --a------ C:\WINNT\system32\tmp.reg
2008-08-24 13:12 . 07-09-06 00:22 289,144 --a------ C:\WINNT\system32\VCCLSID.exe
2008-08-24 13:12 . 06-04-27 17:49 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2008-08-24 13:12 . 08-05-29 09:35 86,528 --a------ C:\WINNT\system32\VACFix.exe
2008-08-24 13:12 . 08-05-18 21:40 82,944 --a------ C:\WINNT\system32\IEDFix.exe
2008-08-24 13:12 . 08-07-02 13:33 82,432 --a------ C:\WINNT\system32\IEDFix.C.exe
2008-08-24 13:12 . 08-05-23 18:21 81,920 --a------ C:\WINNT\system32\404Fix.exe
2008-08-24 13:12 . 03-06-05 21:13 53,248 --a------ C:\WINNT\system32\Process.exe
2008-08-24 13:12 . 04-07-31 18:50 51,200 --a------ C:\WINNT\system32\dumphive.exe
2008-08-24 13:12 . 07-10-04 00:36 25,600 --a------ C:\WINNT\system32\WS2Fix.exe
2008-08-24 12:50 . 08-08-24 12:50 116,864 --a------ C:\WINNT\system32\oolinlkh.dll
2008-08-24 12:50 . 08-08-24 12:50 116,864 --a------ C:\WINNT\system32\fqibbb.dll
2008-08-24 12:48 . 08-08-25 00:01 619,490 ---hs---- C:\WINNT\system32\afrkejra.ini
2008-08-24 12:48 . 08-08-24 12:48 94,848 --a------ C:\WINNT\system32\arjekrfa.dll
2008-08-24 12:47 . 08-08-24 12:47 <DIR> d-------- C:\Deckard
2008-08-24 12:47 . 08-08-24 14:59 347 --ahs---- C:\WINNT\system32\QYcKknmp.ini
2008-08-23 14:02 . 08-08-23 14:02 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_22c.dat
2008-08-23 13:34 . 08-08-23 13:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 13:28 . 08-08-23 14:03 354 ---hs---- C:\WINNT\system32\umgvdosw.ini
2008-08-22 13:25 . 08-08-22 13:25 <DIR> d-------- C:\Program Files\Vbsedit
2008-08-22 13:25 . 08-08-22 13:25 <DIR> d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Adersoft
2008-08-22 12:32 . 08-08-22 12:32 <DIR> d-------- C:\Xfire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 17:32 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Hamachi
2008-08-22 20:38 --------- d-----w C:\Program Files\GetRight
2008-07-24 16:35 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-07-24 16:19 --------- d-----w C:\Program Files\Quick Batch File Compiler
2008-07-24 02:51 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 02:51 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
2008-07-24 02:51 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Malwarebytes
2008-07-24 00:09 38,472 ----a-w C:\WINNT\system32\drivers\mbamswissarmy.sys
2008-07-24 00:09 17,144 ----a-w C:\WINNT\system32\drivers\mbam.sys
2008-07-23 21:48 --------- d-----w C:\Program Files\Batch File Compiler Professional Edition v4.0 DEMO
2008-07-23 21:20 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\uTorrent
2008-07-23 03:50 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
2008-07-23 03:47 33,152 ------w C:\WINNT\system32\nnnooOfe.dll
2008-07-23 00:48 58,000 ----a-w C:\WINNT\system32\drivers\cdr4_2K.sys
2008-07-23 00:48 57,344 ----a-w C:\WINNT\uneng.exe
2008-07-23 00:48 49,152 ----a-w C:\WINNT\system32\cdrtc.dll
2008-07-23 00:48 45,056 ----a-w C:\WINNT\system32\cdral.dll
2008-07-23 00:48 23,420 ----a-w C:\WINNT\system32\drivers\cdralw2k.sys
2008-07-23 00:48 --------- d---a-w C:\Program Files\Common Files\Adaptec Shared
2008-07-22 03:01 --------- d-----w C:\Program Files\BOTS
2008-07-21 22:11 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Xfire
2008-07-21 21:31 --------- d-----w C:\Program Files\IzPack
2008-07-21 21:17 --------- d-----w C:\Program Files\Launch4j
2008-07-17 17:21 --------- d-----w C:\Program Files\Video DVD Maker
2008-07-17 17:21 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Video DVD Maker FREE
2008-07-16 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 17:20 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\MP3Rocket
2008-07-16 14:13 --------- d-----w C:\Program Files\wise DVD Creator 8.0
2008-07-15 23:09 42,320 ----a-w C:\WINNT\system32\xfcodec.dll
2008-07-15 21:13 --------- d---a-w C:\Program Files\iPod
2008-07-15 20:53 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Apple Computer
2008-07-15 20:52 --------- d---a-w C:\Program Files\iTunes
2008-07-15 20:52 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\Apple Computer
2008-07-15 19:40 --------- d-----w C:\Program Files\FinalBurner
2008-07-15 19:07 --------- d-----w C:\Program Files\007DVD
2008-07-15 17:20 --------- d-----w C:\Program Files\Apple Software Update
2008-07-15 17:20 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Apple
2008-07-15 17:01 --------- d---a-w C:\Program Files\QuickTime
2008-07-15 16:57 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\vlc
2008-07-15 16:54 --------- d-----w C:\Program Files\VideoLAN
2008-07-15 14:43 --------- d-----w C:\Program Files\MP3 Rocket
2008-07-15 14:42 --------- d---a-w C:\Program Files\Java
2008-07-13 17:12 --------- d---a-w C:\Program Files\Common Files\Pure Networks Shared
2008-07-13 17:12 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Pure Networks
2008-07-08 19:14 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-07-08 19:14 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-08 19:07 717,296 ----a-w C:\WINNT\system32\drivers\sptd.sys
2008-07-08 19:07 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\DAEMON Tools
2008-07-08 17:06 --------- d-----w C:\Program Files\uTorrent
2008-07-08 16:24 25,280 ----a-w C:\WINNT\system32\drivers\hamachi.sys
2008-06-25 09:41 64,784 ----a-w C:\WINNT\system32\mswsock.dll
2008-06-25 09:41 105,744 ----a-w C:\WINNT\system32\msafd.dll
2008-06-07 03:47 10,520 ----a-w C:\WINNT\system32\avgrsstx.dll
2008-05-30 18:11 467,984 ----a-w C:\WINNT\system32\d3dx10_38.dll
2008-05-30 18:11 3,850,760 ----a-w C:\WINNT\system32\D3DX9_38.dll
2008-05-30 18:11 1,491,992 ----a-w C:\WINNT\system32\D3DCompiler_38.dll
2008-05-30 18:01 80,896 ----a-w C:\WINNT\system32\dxdllreg.exe
2008-05-25 02:30 4,194,304,000 --sha-w C:\gobackio.bin
2008-05-25 01:33 558,142 ----a-w C:\WINNT\java\Packages\4KD7RVNJ.ZIP
2008-05-25 01:33 271 ---h--w C:\Program Files\desktop.ini
2008-05-25 01:33 21,952 ---h--w C:\Program Files\folder.htt
2008-05-25 01:33 156,441 ----a-w C:\WINNT\java\Packages\MFL3ZFL3.ZIP
2008-03-08 03:58 0 ----a-w C:\Program Files\temp01
2005-01-21 00:53 45,056 ----a-r C:\Program Files\SetAttrib.exe
2004-11-30 07:23 40,960 ----a-r C:\Program Files\delete.exe
2003-01-01 11:38 9,143,496 ----a-w C:\Program Files\INSTALL_MSN_MESSENGER_NT.EXE
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}]
08-07-22 23:47 33152 --------- C:\WINNT\system32\nnnooOfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aa7a9fe8-481f-4547-854b-d341bd9d604b}]
08-08-24 12:50 116864 --a------ C:\WINNT\system32\fqibbb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [07-09-04 19:40 6856704]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [08-07-08 12:22 486856]
"Cacheman"="C:\PROGRA~1\Cacheman\Cacheman.exe" [03-07-31 14:13 1290752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [02-05-03 10:40 4341760]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [08-05-15 19:19 79224]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [08-01-08 17:20 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [08-01-18 10:32 451896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06-06-14 16:24 278528]
"acf5173c"="C:\WINNT\system32\arjekrfa.dll" [08-08-24 12:48 94848]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe]
"VTTimer"="VTTimer.exe" [05-03-08 03:33 53248 C:\WINNT\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]

C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-07-08 12:24:43 624416]
Xfire.lnk - D:\Josh from C\Xfire\xfire.exe [2008-07-15 19:09:02 3050832]

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
GetRight.lnk - C:\Program Files\GetRight\GetRight.exe [2008-06-06 23:29:38 4628752]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{769D8280-A207-4EEA-9963-F8B156C32855}"= "C:\WINNT\system32\nnnooOfe.dll" [08-07-22 23:47 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnooOfe]
08-07-22 23:47 33152 C:\WINNT\system32\nnnooOfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINNT\system32\rqRLcBrq

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

R0 videX32;videX32;C:\WINNT\system32\DRIVERS\videX32.sys [08-01-03 18:49 ]
R1 aswSP;avast! Self Protection;C:\WINNT\system32\drivers\aswSP.sys [08-05-15 19:20 ]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [08-06-06 23:47 ]
R2 aswFsBlk;aswFsBlk;C:\WINNT\system32\DRIVERS\aswFsBlk.sys [08-05-15 19:16 ]
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [08-01-17 12:34 ]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINNT\system32\Drivers\avgtdix.sys [08-06-06 23:47 ]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINNT\system32\DRIVERS\fetnd5bv.sys [07-09-21 19:24 ]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-15 22:19:04 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-23 21:00:01 C:\WINNT\Tasks\RegCure Program Check.job"
- D:\Josh from C\RegCure\RegCure.exe
"2008-07-17 14:06:20 C:\WINNT\Tasks\RegCure.job"
- D:\Josh from C\RegCure\RegCure.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{C1D2F57A-9944-435E-A16F-CA98B29D8884} - C:\WINNT\system32\yayaAQiH.dll
Toolbar-{A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - (no file)
ShellExecuteHooks-{6809e580-a3a7-11d1-9a00-00a0c945b006} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Local Page = C:\windows\system32\blank.htm
R0 -: HKLM-Main,Local Page = C:\windows\system32\blank.htm
O8 -: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 -: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

O16 -: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab
C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINNT\Java\classes\xmldso.cab
C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 13:32:59
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\WINNT\system32\nnnooOfe.dll
.
Completion time: 2008-08-25 13:38:18
ComboFix-quarantined-files.txt 2008-08-25 17:38:13

Pre-Run: 22,947,532,800 bytes free
Post-Run: 23,001,214,976 bytes free

221 --- E O F --- 2008-07-23 07:00:49

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINNT\system32\yaywvtTM.dll
C:\WINNT\system32\byXPGyvt.dll
C:\WINNT\system32\rqRLcBrq.dll
C:\WINNT\system32\oolinlkh.dll
C:\WINNT\system32\fqibbb.dll
C:\WINNT\system32\arjekrfa.dll
C:\WINNT\system32\nnnooOfe.dll
C:\WINNT\system32\drivers\cdr4_2K.sys
C:\Program Files\delete.exe

btw they were all with jotti's scan

Hard to beleive most of them had viruses and only 4 or 5 scanners detected them




ok well i just copied the page for each scan


File: yaywvtTM.dll
Status: INFECTED/MALWARE
MD5: ea62b5390c1e1c59e8ed230771b8e1aa
Packers detected: -

Scanner results
Scan taken on 26 Jul 2008 03:50:12 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Vundo
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found Win32/Adware.Virtumonde.FP application
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found nothing



File: byXPGyvt.dll
Status: INFECTED/MALWARE
MD5: 6b9b80c301808adb16a7f569b655e3d9
Packers detected: -

Scanner results
Scan taken on 26 Jul 2008 03:53:06 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Vundo
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found Win32/Adware.Virtumonde.FP application
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found nothing





File: rqRLcBrq.dll
Status: INFECTED/MALWARE
MD5: 76e70eac009a3d9c095f15aafa9ae13e
Packers detected: -

Scanner results
Scan taken on 26 Jul 2008 03:55:40 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Vundo
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found Win32/Adware.Virtumonde.FP application
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found nothing






File: oolinlkh.dll
Status: INFECTED/MALWARE
MD5: b2c06dbe4b47025ff6e299f21683a0b1
Packers detected: -

Scanner results
Scan taken on 26 Jul 2008 03:58:04 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Vundo
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Virus.Trojan.Win32.Monderb
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found nothing






File: fqibbb.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: b2c06dbe4b47025ff6e299f21683a0b1
Packers detected: -

Scanner results
Scan taken on 26 Jul 2008 04:00:26 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Vundo
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Virus.Trojan.Win32.Monderb
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found nothing







File: arjekrfa.dll
Status: INFECTED/MALWARE
MD5: b09b89aa1a328ef28235b4c6216a93e5
Packers detected: -

Scanner results
Scan taken on 26 Jul 2008 04:02:32 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Vundo
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Crypt.XPACK
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found nothing








File: nnnooOfe.dll
Status: INFECTED/MALWARE
MD5: 50206e16eb1b95c275d0d5ea1eba4757
Packers detected: -

Scanner results
Scan taken on 26 Jul 2008 04:04:31 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found Win32:Trojan-gen {Other}
AVG Antivirus Found Generic10.BHHQ
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Monderb.ads
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.Monderb.ads
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Troj/Virtum-Gen
VirusBuster Found nothing
VBA32 Found nothing







File: cdr4_2K.sys
Status: OK
MD5: 9880f86f4261699273f818ae50216b8c
Packers detected: -

Scanner results
Scan taken on 26 Jul 2008 04:06:27 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing






File: delete.exe
Status: OK
MD5: eeebbecd173aa30fcb629900c56e6106
Packers detected: -

Scanner results
Scan taken on 26 Jul 2008 04:08:23 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

BTW they were all taken with Jotti's

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt
• A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Ok here they are

ComboFix 08-07-24.6 - Administrator 08/26/2008 10:37:01.2 - NTFSx86
Running from: C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
C:\WINNT\system32\AIhPYJlm.ini
C:\WINNT\system32\arjekrfa.dll
C:\WINNT\system32\byXPGyvt.dll
C:\WINNT\system32\fqibbb.dll
C:\WINNT\system32\GNmSDfhk.ini
C:\WINNT\system32\MTtvwyay.ini
C:\WINNT\system32\nnnooOfe.dll
C:\WINNT\system32\oolinlkh.dll
C:\WINNT\system32\qAJjkUtv.ini
C:\WINNT\system32\qrBcLRqr.ini
C:\WINNT\system32\QYcKknmp.ini
C:\WINNT\system32\rqRLcBrq.dll
C:\WINNT\system32\tvyGPXyb.ini
C:\WINNT\system32\yaywvtTM.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\AIhPYJlm.ini
C:\WINNT\system32\arjekrfa.dll
C:\WINNT\system32\byXPGyvt.dll
C:\WINNT\system32\fqibbb.dll
C:\WINNT\system32\GNmSDfhk.ini
C:\WINNT\system32\MTtvwyay.ini
C:\WINNT\system32\nnnooOfe.dll
C:\WINNT\system32\oolinlkh.dll
C:\WINNT\system32\qAJjkUtv.ini
C:\WINNT\system32\qrBcLRqr.ini
C:\WINNT\system32\QYcKknmp.ini
C:\WINNT\system32\rqRLcBrq.dll
C:\WINNT\system32\tvyGPXyb.ini
C:\WINNT\system32\yaywvtTM.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-25 13:45 . 08-08-25 14:05 347 --ahs---- C:\WINNT\system32\hiOXbccf.ini
2008-08-24 19:20 . 99-10-12 15:57 68,912 --a------ C:\WINNT\system32\drivers\USBAUDIO.sys
2008-08-24 19:20 . 99-10-12 15:57 68,912 --a--c--- C:\WINNT\system32\dllcache\usbaudio.sys
2008-08-24 14:58 . 08-08-24 14:58 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2008-08-24 14:47 . 08-08-24 14:48 <DIR> d-------- C:\Program Files\Cacheman
2008-08-24 14:43 . 08-08-24 14:43 0 --a------ C:\WINNT\exctrlst.INI
2008-08-24 14:39 . 08-08-24 14:39 <DIR> d-------- C:\Program Files\Resource Kit
2008-08-24 13:42 . 08-08-24 16:59 <DIR> d-------- C:\Logs
2008-08-24 13:13 . 08-08-24 17:04 2,508 --a------ C:\WINNT\system32\tmp.reg
2008-08-24 13:12 . 07-09-06 00:22 289,144 --a------ C:\WINNT\system32\VCCLSID.exe
2008-08-24 13:12 . 06-04-27 17:49 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2008-08-24 13:12 . 08-05-29 09:35 86,528 --a------ C:\WINNT\system32\VACFix.exe
2008-08-24 13:12 . 08-05-18 21:40 82,944 --a------ C:\WINNT\system32\IEDFix.exe
2008-08-24 13:12 . 08-07-02 13:33 82,432 --a------ C:\WINNT\system32\IEDFix.C.exe
2008-08-24 13:12 . 08-05-23 18:21 81,920 --a------ C:\WINNT\system32\404Fix.exe
2008-08-24 13:12 . 03-06-05 21:13 53,248 --a------ C:\WINNT\system32\Process.exe
2008-08-24 13:12 . 04-07-31 18:50 51,200 --a------ C:\WINNT\system32\dumphive.exe
2008-08-24 13:12 . 07-10-04 00:36 25,600 --a------ C:\WINNT\system32\WS2Fix.exe
2008-08-24 12:48 . 08-08-25 00:01 619,490 ---hs---- C:\WINNT\system32\afrkejra.ini
2008-08-24 12:47 . 08-08-24 12:47 <DIR> d-------- C:\Deckard
2008-08-23 13:34 . 08-08-23 13:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-23 13:28 . 08-08-23 14:03 354 ---hs---- C:\WINNT\system32\umgvdosw.ini
2008-08-22 13:25 . 08-08-22 13:25 <DIR> d-------- C:\Program Files\Vbsedit
2008-08-22 13:25 . 08-08-22 13:25 <DIR> d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Adersoft
2008-08-22 12:32 . 08-08-22 12:32 <DIR> d-------- C:\Xfire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 14:35 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Hamachi
2008-08-25 18:39 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Xfire
2008-08-22 20:38 --------- d-----w C:\Program Files\GetRight
2008-07-24 16:35 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-07-24 16:19 --------- d-----w C:\Program Files\Quick Batch File Compiler
2008-07-24 02:51 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 02:51 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
2008-07-24 02:51 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Malwarebytes
2008-07-24 00:09 38,472 ----a-w C:\WINNT\system32\drivers\mbamswissarmy.sys
2008-07-24 00:09 17,144 ----a-w C:\WINNT\system32\drivers\mbam.sys
2008-07-23 21:48 --------- d-----w C:\Program Files\Batch File Compiler Professional Edition v4.0 DEMO
2008-07-23 21:20 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\uTorrent
2008-07-23 03:50 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
2008-07-23 00:48 58,000 ----a-w C:\WINNT\system32\drivers\cdr4_2K.sys
2008-07-23 00:48 57,344 ----a-w C:\WINNT\uneng.exe
2008-07-23 00:48 23,420 ----a-w C:\WINNT\system32\drivers\cdralw2k.sys
2008-07-23 00:48 --------- d---a-w C:\Program Files\Common Files\Adaptec Shared
2008-07-22 03:01 --------- d-----w C:\Program Files\BOTS
2008-07-21 21:31 --------- d-----w C:\Program Files\IzPack
2008-07-21 21:17 --------- d-----w C:\Program Files\Launch4j
2008-07-17 17:21 --------- d-----w C:\Program Files\Video DVD Maker
2008-07-17 17:21 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Video DVD Maker FREE
2008-07-16 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 17:20 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\MP3Rocket
2008-07-16 14:13 --------- d-----w C:\Program Files\wise DVD Creator 8.0
2008-07-15 21:13 --------- d---a-w C:\Program Files\iPod
2008-07-15 20:53 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Apple Computer
2008-07-15 20:52 --------- d---a-w C:\Program Files\iTunes
2008-07-15 20:52 --------- d---a-w C:\Documents and Settings\All Users.WINNT\Application Data\Apple Computer
2008-07-15 19:40 --------- d-----w C:\Program Files\FinalBurner
2008-07-15 19:07 --------- d-----w C:\Program Files\007DVD
2008-07-15 17:20 --------- d-----w C:\Program Files\Apple Software Update
2008-07-15 17:20 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Apple
2008-07-15 17:01 --------- d---a-w C:\Program Files\QuickTime
2008-07-15 16:57 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\vlc
2008-07-15 16:54 --------- d-----w C:\Program Files\VideoLAN
2008-07-15 14:43 --------- d-----w C:\Program Files\MP3 Rocket
2008-07-15 14:42 --------- d---a-w C:\Program Files\Java
2008-07-13 17:12 --------- d---a-w C:\Program Files\Common Files\Pure Networks Shared
2008-07-13 17:12 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Pure Networks
2008-07-08 19:14 --------- d-----w C:\Program Files\DAEMON Tools Toolbar
2008-07-08 19:14 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-07-08 19:07 717,296 ----a-w C:\WINNT\system32\drivers\sptd.sys
2008-07-08 19:07 --------- d-----w C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\DAEMON Tools
2008-07-08 17:06 --------- d-----w C:\Program Files\uTorrent
2008-07-08 16:24 25,280 ----a-w C:\WINNT\system32\drivers\hamachi.sys
2008-05-25 01:33 271 ---h--w C:\Program Files\desktop.ini
2008-05-25 01:33 21,952 ---h--w C:\Program Files\folder.htt
2008-03-08 03:58 0 ----a-w C:\Program Files\temp01
2005-01-21 00:53 45,056 ----a-r C:\Program Files\SetAttrib.exe
2004-11-30 07:23 40,960 ----a-r C:\Program Files\delete.exe
2003-01-01 11:38 9,143,496 ----a-w C:\Program Files\INSTALL_MSN_MESSENGER_NT.EXE
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((( snapshot@Mon 2008-08-25_13.37.51.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINNT\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-08-26 03:33:20 70,264 ----a-w C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [07-09-04 19:40 6856704]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [08-07-08 12:22 486856]
"Cacheman"="C:\PROGRA~1\Cacheman\Cacheman.exe" [03-07-31 14:13 1290752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [02-05-03 10:40 4341760]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [08-01-08 17:20 451896]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [08-01-18 10:32 451896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06-06-14 16:24 278528]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe]
"VTTimer"="VTTimer.exe" [05-03-08 03:33 53248 C:\WINNT\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]

C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-07-08 12:24:43 624416]
Xfire.lnk - D:\Josh from C\Xfire\xfire.exe [2008-07-15 19:09:02 3050832]

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
GetRight.lnk - C:\Program Files\GetRight\GetRight.exe [2008-06-06 23:29:38 4628752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINNT\system32\fccbXOih

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

R0 videX32;videX32;C:\WINNT\system32\DRIVERS\videX32.sys [08-01-03 18:49 ]
R1 aswSP;avast! Self Protection;C:\WINNT\system32\drivers\aswSP.sys [08-05-15 19:20 ]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [08-06-06 23:47 ]
R2 aswFsBlk;aswFsBlk;C:\WINNT\system32\DRIVERS\aswFsBlk.sys [08-05-15 19:16 ]
R2 aswMon;avast! Standard Shield Support;C:\WINNT\system32\drivers\aswMon.sys [08-01-17 12:34 ]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINNT\system32\Drivers\avgtdix.sys [08-06-06 23:47 ]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINNT\system32\DRIVERS\fetnd5bv.sys [07-09-21 19:24 ]

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2008-07-15 22:19:04 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-23 21:00:01 C:\WINNT\Tasks\RegCure Program Check.job"
- D:\Josh from C\RegCure\RegCure.exe
"2008-07-17 14:06:20 C:\WINNT\Tasks\RegCure.job"
- D:\Josh from C\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 10:41:21
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINNT\TEMP\_avast4_\unp135926609.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-08-26 10:50:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 14:50:36
ComboFix2.txt 2008-08-25 17:38:19

Pre-Run: 22,861,541,376 bytes free
Post-Run: 23,031,025,664 bytes free

199 --- E O F --- 2008-07-23 07:00:49






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45, on 2008-08-26
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINNT\PSEXESVC.EXE (file missing)

--
End of file - 6128 bytes

Is your anti-virus fully functional? How is the pc behaving now?

=

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
• Click on Scan Settings and configure as follows:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK and, under select a target to scan, select My Computer

When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Kas-SaveReport-1.gif
Kas-Savetxt.gif
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.