0

Hey guys,
Like a bunch of other people that I've found on this website, I had a serious infection on my computer. It's mostly cleared up, and I ran HouseCall, and Windows Defender caught a few Trojans, and ZoneAlarm found a few things. I even deleted as many tmp files as I could find. What's seriously bugging me (no pun intended) is that I have a red x instead of the regular C drive icon, and an Agfa Digital Camera shows up in my Computer-- which I do not have. I ran a virus scan on my c drive just to make sure, and I noticed that there were thousands of zip files (some for music, some for things I have no business looking at) in my fonts folder that I never downloaded. Zone Alarm didn't delete them since it didn't recognize them as viruses, and when I look in the fonts folder, I can't find them (even though I clicked show hidden files). Someone please Help!

Thanks,
IraDel

2
Contributors
43
Replies
44
Views
9 Years
Discussion Span
Last Post by IraDel
0

My HijackThis Logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:45 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\TXlybGFuZGUgR2xlbWF1ZA\command.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\vturp.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\MC7B14~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe"
O4 - HKLM\..\Run: [BM2f81ebcc] Rundll32.exe "C:\WINDOWS\system32\dructuux.dll",s
O4 - HKLM\..\Run: [2cb2d850] rundll32.exe "C:\WINDOWS\system32\dfqotrby.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\ICROSO~1.NET\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Fengpef] "C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2371f5ca2e1bfdd51401/netzip/RdxIE601.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\hkgkdiki.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TXlybGFuZGUgR2xlbWF1ZA\command.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 8915 bytes

0

Hello, Ira, for a start let's see where this takes us:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply with a fresh hijackthis log too.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

0

Thanks for responding! Anyways, here's the logs from Combofix and Hijackthis:
Running from: C:\Documents and Settings\Irving Glemaud\My Documents\New Folder\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Script messages for sUBs --
GREP -Fivxf temp04
VFind -tf "C:\* .exe"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -Eisf temp00
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Irving Glemaud\My Documents\PPPATC~1
C:\Documents and Settings\Irving Glemaud\My Documents\PPPATC~1\m?hta.exe
C:\Documents and Settings\Irving Glemaud\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Irving Glemaud\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Irving Glemaud\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\inetget2
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\video activex object
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM2f81ebcc.xml
C:\WINDOWS\Fonts\-
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\icroso~1.net
C:\WINDOWS\icroso~1.net\?icrosoft.NET\
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aibjtgus.dll
C:\WINDOWS\SYSTEM32\blcqrkga.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\SYSTEM32\dmimktsn.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\dructuux.dll
C:\WINDOWS\system32\ejypsjof.dll
C:\WINDOWS\system32\esjdlqyy.dll
C:\WINDOWS\SYSTEM32\fojspyje.ini
C:\WINDOWS\system32\glvatumx.dll
C:\WINDOWS\system32\ipydnakh.dll
C:\WINDOWS\system32\jeyummyf.dll
C:\WINDOWS\SYSTEM32\jybtdvkt.ini
C:\WINDOWS\system32\khfggge.dll
C:\WINDOWS\system32\kqemkgol.dll
C:\WINDOWS\system32\lidliloh.dll
C:\WINDOWS\system32\lwtcrixm.dll
C:\WINDOWS\SYSTEM32\madkyyso.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mnvumapm.ini
C:\WINDOWS\system32\mpamuvnm.dll
C:\WINDOWS\system32\mzvyhpcf.dll
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\nGpxx18\nGpxx182328.exe
C:\WINDOWS\system32\nnnooon.dll
C:\WINDOWS\system32\npkcrfvp.dll
C:\WINDOWS\SYSTEM32\olodbdwk.ini
C:\WINDOWS\system32\osyykdam.dll
C:\WINDOWS\system32\otiixewc.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\prutv.ini
C:\WINDOWS\SYSTEM32\prutv.ini2
C:\WINDOWS\system32\qbycqjvw.dll
C:\WINDOWS\system32\tkvdtbyj.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\vturp.exe
C:\WINDOWS\system32\wdwqhtob.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\SYSTEM32\yyqldjse.ini
C:\WINDOWS\TXlybGFuZGUgR2xlbWF1ZA\
C:\WINDOWS\TXlybGFuZGUgR2xlbWF1ZA\\asappsrv.dll
C:\WINDOWS\TXlybGFuZGUgR2xlbWF1ZA\\command.exe
C:\WINDOWS\TXlybGFuZGUgR2xlbWF1ZA\\nr5Vv3IRt3o0lZU5vqIYtE.vbs
C:\WINDOWS\TXlybGFuZGUgR2xlbWF1ZA\command.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Service_cmdService
-------\Legacy_MSControlService
-------\MSControlService


((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

2008-03-26 21:03 . 2008-03-26 21:03 <DIR> d-------- C:\Temp\tn3
2008-03-21 14:57 . 2008-03-23 20:02 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-21 14:56 . 2008-03-21 14:56 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-21 14:56 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2008-03-21 14:30 . 2008-03-21 14:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 18:22 . 2008-03-22 20:48 1,544,675 ---hs---- C:\WINDOWS\SYSTEM32\ybrtoqfd.ini
2008-03-19 18:30 . 2008-03-25 15:30 <DIR> d----c--- C:\Documents and Settings\Irving Glemaud\.housecall6.6
2008-03-18 17:07 . 2002-08-29 07:00 152,844 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\framdit.ttf
2008-03-18 17:07 . 2002-08-29 07:00 135,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\framd.ttf
2008-03-18 17:07 . 2002-08-29 07:00 12,288 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\script.fon
2008-03-18 17:07 . 2002-08-29 07:00 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\modern.fon
2008-03-18 17:05 . 2008-03-23 14:43 <DIR> d-------- C:\WINDOWS\Font
2008-03-11 22:27 . 2008-03-20 18:23 1,716,983 ---hs---- C:\WINDOWS\SYSTEM32\lbojbini.ini
2008-03-10 23:11 . 2003-08-07 19:41 270,336 --a------ C:\WINDOWS\SYSTEM32\mcgdmgr.dll
2008-03-10 22:57 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\SYSTEM32\hhactivex.dll
2008-03-10 22:57 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\SYSTEM32\COMCT332.OCX
2008-03-10 22:57 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\SYSTEM32\ssa3d30.ocx
2008-03-10 22:57 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\SYSTEM32\RcdScan.dll
2008-03-10 22:57 . 1998-09-24 12:03 171,967 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.hlp
2008-03-10 22:57 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\SYSTEM32\VB5DB.DLL
2008-03-10 22:57 . 1998-09-24 12:03 7,348 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.cnt
2008-03-09 19:28 . 2008-03-09 19:28 338,432 --a------ C:\WINDOWS\SYSTEM32\RCX488.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 01:06 --------- d-----w C:\Program Files\Dl_cats
2008-03-26 23:57 --------- d-----w C:\Program Files\LimeWire
2008-03-24 22:50 376,320 ----a-w C:\WINDOWS\mrofinu1188.exe.tmp
2008-03-23 22:32 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB19C.tmp
2008-03-23 22:30 2,707,456 ----a-w C:\WINDOWS\Internet Logs\xDB19D.tmp
2008-03-22 05:53 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB19B.tmp
2008-03-20 06:28 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB19A.tmp
2008-03-19 22:17 --------- d-----w C:\Program Files\Sony Setup
2008-03-19 22:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 22:15 --------- d-----w C:\Program Files\Incomplete
2008-03-18 22:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-18 20:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-03-18 16:34 --------- d-----w C:\Program Files\QuickTime
2008-03-18 16:33 --------- d-----w C:\Program Files\Winamp
2008-03-18 16:33 --------- d-----w C:\Program Files\DellSupport
2008-03-18 16:33 --------- d-----w C:\Program Files\Dell Photo AIO Printer 924
2008-03-13 11:28 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1E58.tmp
2008-03-13 10:55 228,864 ----a-w C:\WINDOWS\Internet Logs\xDB198.tmp
2008-03-12 03:32 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB25ED.tmp
2008-03-12 03:14 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB1EE2.tmp
2008-03-11 06:00 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB22C9.tmp
2008-03-11 05:59 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB24FF.tmp
2008-03-11 05:13 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB2478.tmp
2008-03-11 05:03 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2013.tmp
2008-03-11 03:46 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB239E.tmp
2008-03-11 03:46 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB24E1.tmp
2008-03-11 02:12 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2165.tmp
2008-03-11 02:12 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB23DD.tmp
2008-03-11 01:46 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1CAC.tmp
2008-03-11 01:24 45,568 ----a-w C:\WINDOWS\Internet Logs\xDB2020.tmp
2008-03-11 00:35 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB200C.tmp
2008-03-11 00:35 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1B7B.tmp
2008-03-11 00:35 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB197.tmp
2008-03-10 22:56 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB29E9.tmp
2008-03-10 22:55 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB235A.tmp
2008-03-09 23:56 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB23CE.tmp
2008-03-09 23:56 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2186.tmp
2008-03-08 17:37 31,232 ----a-w C:\WINDOWS\Internet Logs\xDB287F.tmp
2008-03-08 17:34 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB23B4.tmp
2008-03-08 16:53 45,568 ----a-w C:\WINDOWS\Internet Logs\xDBE44.tmp
2008-03-08 16:47 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDBB25.tmp
2008-03-06 21:40 104,448 ----a-w C:\WINDOWS\Internet Logs\xDB2867.tmp
2008-03-06 21:39 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2602.tmp
2008-03-04 23:00 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB205F.tmp
2008-03-04 22:59 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1D55.tmp
2008-03-04 20:57 14,848 ----a-w C:\WINDOWS\Internet Logs\xDBE7B.tmp
2008-03-04 20:53 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB929.tmp
2008-03-03 23:24 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1E70.tmp
2008-03-03 23:24 2,695,680 ----a-w C:\WINDOWS\Internet Logs\xDB21E6.tmp
2008-02-25 12:50 2,726,912 ----a-w C:\WINDOWS\Internet Logs\xDB20AE.tmp
2008-02-25 12:47 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1D7F.tmp
2008-02-18 16:49 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB2708.tmp
2008-02-18 16:24 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB263C.tmp
2008-02-18 16:20 927,232 ----a-w C:\WINDOWS\Internet Logs\xDB2B0B.tmp
2008-02-18 04:40 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1DD6.tmp
2008-02-15 23:17 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2424.tmp
2008-02-13 08:20 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2520.tmp
2008-02-13 08:20 2,677,248 ----a-w C:\WINDOWS\Internet Logs\xDB26AB.tmp
2008-02-12 20:01 --------- d-----w C:\Documents and Settings\Irving Glemaud\Application Data\LimeWire
2008-02-12 19:57 32,768 -c--a-w C:\Documents and Settings\Irving Glemaud\services.exe
2008-02-11 02:18 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB226F.tmp
2008-02-07 02:34 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1E9F.tmp
2008-02-07 02:33 2,715,136 ----a-w C:\WINDOWS\Internet Logs\xDB20BA.tmp
2008-02-03 03:10 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB1DFE.tmp
2008-02-03 02:47 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1C02.tmp
2008-02-03 02:20 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB19DC.tmp
2008-02-03 02:11 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB1A85.tmp
2008-02-03 01:31 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB172D.tmp
2008-02-02 15:59 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1699.tmp
2008-02-02 15:55 61,952 ----a-w C:\WINDOWS\Internet Logs\xDB169A.tmp
2008-01-31 21:36 169,984 ----a-w C:\WINDOWS\Internet Logs\xDB1228.tmp
2008-01-31 21:34 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1214.tmp
2008-01-30 18:56 36,864 ----a-r C:\WINDOWS\mrofinu.exe
2008-01-30 00:25 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1023.tmp
2008-01-29 02:23 25,600 ----a-w C:\WINDOWS\Internet Logs\xDBE2E.tmp
2008-01-29 02:19 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDBE2D.tmp
2008-01-29 01:48 22,528 ----a-w C:\WINDOWS\Internet Logs\xDBC3B.tmp
2008-01-29 01:42 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDBC3A.tmp
2008-01-29 01:10 29,184 ----a-w C:\WINDOWS\Internet Logs\xDBA47.tmp
2008-01-29 01:08 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDBA46.tmp
2008-01-29 00:41 36,864 ----a-w C:\WINDOWS\mrofinu1000106.exe
2008-01-29 00:36 376,320 ----a-w C:\WINDOWS\mrofinu1000106.exe.tmp
2008-01-29 00:19 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB852.tmp
2008-01-29 00:16 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB853.tmp
2008-01-28 23:44 778,240 ----a-w C:\WINDOWS\Internet Logs\xDB457.tmp
2008-01-28 23:25 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB456.tmp
2008-01-27 22:11 2,948,608 ----a-w C:\WINDOWS\Internet Logs\xDB199.tmp
2008-01-27 22:09 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB196.tmp
2008-01-27 03:01 --------- d-----w C:\Program Files\Acoustica Mixcraft
2008-01-27 02:34 41,724 --sh--w C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
2008-01-27 02:02 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB193.tmp
2008-01-27 02:02 2,721,792 ----a-w C:\WINDOWS\Internet Logs\xDB195.tmp
2008-01-24 12:49 224,256 ----a-w C:\WINDOWS\b116.exe
2008-01-21 00:21 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB192.tmp
2008-01-21 00:21 2,955,264 ----a-w C:\WINDOWS\Internet Logs\xDB194.tmp
2008-01-15 21:34 140,800 --sh--w C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
2008-01-11 08:41 53,760 ----a-w C:\WINDOWS\b122.exe
2008-01-10 08:11 363,008 ----a-w C:\WINDOWS\Internet Logs\xDB191.tmp
2008-01-10 08:10 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB190.tmp
2008-01-07 15:51 716,288 ----a-w C:\WINDOWS\Internet Logs\xDB18E.tmp
2006-06-22 00:51 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

<pre>
----a-w           313,472 2008-03-13 21:35:35  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w           124,520 2008-03-13 21:31:38  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w           180,269 2008-03-13 21:29:31  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           155,648 2008-03-13 21:29:18  C:\Program Files\Common Files\Sonic\Update Manager\sgtray  .exe
----a-w           494,592 2008-03-13 21:28:23  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w           204,800 2008-03-13 21:28:42  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w           425,984 2008-03-13 21:30:27  C:\Program Files\Dell Photo AIO Printer 924\dlccmon .exe
----a-w           460,784 2008-03-13 21:33:38  C:\Program Files\DellSupport\DSAgnt .exe
----a-w            68,856 2008-03-13 21:34:59  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w            83,608 2008-03-13 21:29:49  C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w           135,168 2008-03-18 22:16:42  C:\Program Files\McAfee.com\Agent\MC1E26~1 .EXE
----a-w           180,224 2008-03-13 21:32:42  C:\Program Files\McAfee.com\Agent\MC2D68~1 .EXE
----a-w           542,208 2008-03-18 18:58:59  C:\Program Files\McAfee.com\Agent\MC46B5~1 .EXE
----a-w           180,224 2008-03-18 19:00:05  C:\Program Files\McAfee.com\Agent\MC46B5~2 .EXE
----a-w           180,224 2008-03-12 21:35:15  C:\Program Files\McAfee.com\Agent\MC5267~1 .EXE
----a-w           180,224 2008-03-27 00:32:11  C:\Program Files\McAfee.com\Agent\MC7B14~1    .EXE
----a-w           542,208 2008-03-27 00:30:57  C:\Program Files\McAfee.com\Agent\MC7B14~1   .EXE
----a-w           542,208 2008-03-24 22:50:42  C:\Program Files\McAfee.com\Agent\MC7B14~1  .EXE
----a-w           542,208 2008-03-23 22:46:55  C:\Program Files\McAfee.com\Agent\MC7B14~1 .EXE
----a-w           180,224 2008-03-23 22:48:02  C:\Program Files\McAfee.com\Agent\MC7B14~2 .EXE
----a-w           542,208 2008-03-24 23:23:30  C:\Program Files\McAfee.com\Agent\MC7B14~4 .EXE
----a-w           499,200 2008-03-13 21:25:27  C:\Program Files\McAfee.com\Agent\MCABBE~1 .EXE
----a-w           499,200 2008-03-18 18:00:48  C:\Program Files\McAfee.com\Agent\MCABBE~2 .EXE
----a-w           499,200 2008-03-18 18:58:58  C:\Program Files\McAfee.com\Agent\MCABBE~3 .EXE
----a-w           499,200 2008-03-18 22:15:29  C:\Program Files\McAfee.com\Agent\MCABBE~4 .EXE
----a-w           245,760 2008-03-13 21:32:43  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w           542,208 2008-03-20 22:15:11  C:\Program Files\McAfee.com\Agent\MCC335~1  .EXE
----a-w           542,208 2008-03-19 22:24:11  C:\Program Files\McAfee.com\Agent\MCC335~1 .EXE
----a-w           180,224 2008-03-23 00:46:53  C:\Program Files\McAfee.com\Agent\MCC335~3   .EXE
----a-w           542,208 2008-03-23 00:44:11  C:\Program Files\McAfee.com\Agent\MCC335~3  .EXE
----a-w           542,208 2008-03-20 23:00:16  C:\Program Files\McAfee.com\Agent\MCC335~3 .EXE
----a-w            61,440 2008-03-11 04:00:21  C:\Program Files\McAfee.com\Agent\mcdeltag .exe
----a-w           180,224 2008-03-12 22:47:29  C:\Program Files\McAfee.com\Agent\MCDFDE~1 .EXE
----a-w           499,200 2008-03-11 05:18:50  C:\Program Files\McAfee.com\Agent\mcregwiz .exe
----a-w           499,200 2008-03-12 02:06:35  C:\Program Files\McAfee.com\Agent\MCREGW~1 .EXE
----a-w           499,200 2008-03-12 02:32:48  C:\Program Files\McAfee.com\Agent\MCREGW~2 .EXE
----a-w           499,200 2008-03-12 21:27:11  C:\Program Files\McAfee.com\Agent\MCREGW~3 .EXE
----a-w           499,200 2008-03-12 22:39:15  C:\Program Files\McAfee.com\Agent\MCREGW~4 .EXE
----a-w           542,208 2008-03-18 22:15:30  C:\Program Files\McAfee.com\Agent\McUpdate        .exe
----a-w           542,208 2008-03-18 18:00:50  C:\Program Files\McAfee.com\Agent\McUpdate       .exe
----a-w           542,208 2008-03-13 21:25:43  C:\Program Files\McAfee.com\Agent\McUpdate      .exe
----a-w           542,208 2008-03-13 12:21:29  C:\Program Files\McAfee.com\Agent\McUpdate     .exe
----a-w           542,208 2008-03-12 22:39:35  C:\Program Files\McAfee.com\Agent\McUpdate    .exe
----a-w           542,208 2008-03-12 21:27:30  C:\Program Files\McAfee.com\Agent\McUpdate   .exe
----a-w           542,208 2008-03-12 02:33:03  C:\Program Files\McAfee.com\Agent\McUpdate  .exe
----a-w           542,208 2008-03-11 05:19:10  C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w           542,208 2008-03-12 02:07:01  C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
----a-w           180,224 2008-03-12 02:16:18  C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w           180,224 2008-03-12 02:42:20  C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w            24,576 2008-03-11 04:01:11  C:\Program Files\McAfee.com\Agent\mcwelcom .exe
----a-w           163,840 2008-03-13 21:32:26  C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w         1,694,208 2008-03-10 22:23:12  C:\Program Files\Messenger\msmsgs .exe
----a-w           286,720 2008-03-13 21:28:52  C:\Program Files\QuickTime\QTTask                                                     .exe
----a-w           652,288 2008-03-13 21:24:17  C:\Program Files\QuickTime\QTTask                                                    .exe
----a-w           652,288 2008-03-13 12:19:44  C:\Program Files\QuickTime\QTTask                                                   .exe
----a-w           652,288 2008-03-12 22:38:03  C:\Program Files\QuickTime\QTTask                                                  .exe
----a-w           652,288 2008-03-12 21:25:44  C:\Program Files\QuickTime\QTTask                                                 .exe
----a-w           652,288 2008-03-12 02:31:30  C:\Program Files\QuickTime\QTTask                                                .exe
----a-w           652,288 2008-03-12 02:05:27  C:\Program Files\QuickTime\QTTask                                               .exe
----a-w           652,288 2008-03-11 06:08:00  C:\Program Files\QuickTime\QTTask                                              .exe
----a-w           652,288 2008-03-11 05:17:30  C:\Program Files\QuickTime\QTTask                                             .exe
----a-w           652,288 2008-03-11 03:51:08  C:\Program Files\QuickTime\QTTask                                            .exe
----a-w           652,288 2008-03-11 02:40:50  C:\Program Files\QuickTime\QTTask                                           .exe
----a-w           652,288 2008-03-11 01:55:25  C:\Program Files\QuickTime\QTTask                                          .exe
----a-w           652,288 2008-03-10 23:37:44  C:\Program Files\QuickTime\QTTask                                         .exe
----a-w           652,288 2008-03-10 23:02:01  C:\Program Files\QuickTime\QTTask                                        .exe
----a-w           652,288 2008-03-10 22:14:55  C:\Program Files\QuickTime\QTTask                                       .exe
----a-w           652,288 2008-03-10 00:01:01  C:\Program Files\QuickTime\QTTask                                      .exe
----a-w           652,288 2008-03-09 23:27:23  C:\Program Files\QuickTime\QTTask                                     .exe
----a-w           652,288 2008-03-08 16:58:51  C:\Program Files\QuickTime\QTTask                                    .exe
----a-w           652,288 2008-03-08 16:25:49  C:\Program Files\QuickTime\QTTask                                   .exe
----a-w           652,288 2008-03-06 21:44:41  C:\Program Files\QuickTime\QTTask                                  .exe
----a-w           652,288 2008-03-06 20:34:25  C:\Program Files\QuickTime\QTTask                                 .exe
----a-w           652,288 2008-03-04 23:05:13  C:\Program Files\QuickTime\QTTask                                .exe
----a-w           652,288 2008-03-04 22:27:29  C:\Program Files\QuickTime\QTTask                               .exe
----a-w           652,288 2008-03-04 20:31:15  C:\Program Files\QuickTime\QTTask                              .exe
----a-w           652,288 2008-02-25 14:06:58  C:\Program Files\QuickTime\QTTask                             .exe
----a-w           652,288 2008-02-18 16:58:05  C:\Program Files\QuickTime\QTTask                            .exe
----a-w           652,288 2008-02-18 16:29:52  C:\Program Files\QuickTime\QTTask                           .exe
----a-w           652,288 2008-02-18 15:43:38  C:\Program Files\QuickTime\QTTask                          .exe
----a-w           652,288 2008-02-17 19:00:56  C:\Program Files\QuickTime\QTTask                         .exe
----a-w           652,288 2008-02-15 22:32:53  C:\Program Files\QuickTime\QTTask                        .exe
----a-w           652,288 2008-02-13 08:24:21  C:\Program Files\QuickTime\QTTask                       .exe
----a-w           652,288 2008-02-12 19:45:49  C:\Program Files\QuickTime\QTTask                      .exe
----a-w           652,288 2008-02-11 23:52:51  C:\Program Files\QuickTime\QTTask                     .exe
----a-w           652,288 2008-02-11 23:21:13  C:\Program Files\QuickTime\QTTask                    .exe
----a-w           652,288 2008-02-07 02:40:43  C:\Program Files\QuickTime\QTTask                   .exe
----a-w           652,288 2008-02-05 13:42:45  C:\Program Files\QuickTime\QTTask                  .exe
----a-w           652,288 2008-02-04 14:18:47  C:\Program Files\QuickTime\QTTask                 .exe
----a-w           652,288 2008-02-03 02:51:59  C:\Program Files\QuickTime\QTTask                .exe
----a-w           652,288 2008-02-03 02:27:58  C:\Program Files\QuickTime\QTTask               .exe
----a-w           652,288 2008-02-03 01:51:39  C:\Program Files\QuickTime\QTTask              .exe
----a-w           652,288 2008-02-03 00:11:42  C:\Program Files\QuickTime\QTTask             .exe
----a-w           652,288 2008-02-02 16:03:58  C:\Program Files\QuickTime\QTTask            .exe
----a-w           652,288 2008-02-02 14:34:18  C:\Program Files\QuickTime\QTTask           .exe
----a-w           652,288 2008-01-31 21:42:54  C:\Program Files\QuickTime\QTTask          .exe
----a-w           652,288 2008-01-31 20:53:23  C:\Program Files\QuickTime\QTTask         .exe
----a-w           652,288 2008-01-29 21:21:45  C:\Program Files\QuickTime\QTTask        .exe
----a-w           652,288 2008-01-29 01:55:11  C:\Program Files\QuickTime\QTTask       .exe
----a-w           652,288 2008-01-29 01:14:52  C:\Program Files\QuickTime\QTTask      .exe
----a-w           652,288 2008-01-29 00:34:48  C:\Program Files\QuickTime\QTTask     .exe
----a-w           652,288 2008-01-29 00:23:49  C:\Program Files\QuickTime\QTTask    .exe
----a-w           652,288 2008-01-28 23:48:35  C:\Program Files\QuickTime\QTTask   .exe
----a-w           652,288 2008-01-28 23:28:53  C:\Program Files\QuickTime\QTTask  .exe
----a-w           652,288 2008-01-27 02:11:51  C:\Program Files\QuickTime\QTTask .exe
----a-w            35,328 2008-03-13 21:32:10  C:\Program Files\Winamp\winampa .exe
----a-w         4,662,776 2008-01-27 02:22:48  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w         4,662,776 2008-01-28 23:35:19  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w           697,624 2008-03-24 22:51:43  C:\Program Files\Zone Labs\ZoneAlarm\zlclient  .exe
----a-w         1,728,512 2008-03-13 21:29:39  C:\WINDOWS\kdx\KHost .exe
----a-w            15,360 2008-03-24 22:51:45  C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w            28,672 2008-03-13 21:28:31  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           126,976 2008-03-13 21:28:00  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-03-13 21:27:54  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w        18,214,008 2008-02-13 08:34:09  C:\WINDOWS\SYSTEM32\MRT .exe
----a-w           114,741 2008-03-13 21:28:18  C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe
</pre>

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Aim6"="" []
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"Fengpef"="C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 14:38 69632]
"WService"="WService.EXE" [2002-09-07 06:23 28672 C:\WINDOWS\SYSTEM32\WService.exe]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\MC75C2~1.EXE" [2008-03-26 20:32 180224]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-01-06 14:02:05 36953]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray.Excn"= {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\hkgkdiki.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vuyixeyg]
vuyixeyg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutrpo]
wvutrpo.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1133661202\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1133661202\\ee\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\SYSTEM32\\dlcccoms.exe"=
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dlccPSWX.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 Tablet2kk;Tablet2kk;C:\WINDOWS\system32\drivers\Tablet2kk.sys [2008-01-20 20:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ba0458d-8340-11dc-88f5-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-26 22:50:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-27 01:12:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D8QVF341-Irving Glemaud).job"
- C:\PROGRA~1\McAfee.com\Agent\MC7B14~1 .EX
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 21:05:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-26 21:12:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-27 01:12:14
.
2008-03-18 16:21:40 --- E O F ---

And HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:22 PM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\MC75C2~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Fengpef] "C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2371f5ca2e1bfdd51401/netzip/RdxIE601.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O20 - Winlogon Notify: vuyixeyg - vuyixeyg.dll (file missing)
O20 - Winlogon Notify: wvutrpo - wvutrpo.dll (file missing)
O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\hkgkdiki.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 8390 bytes

0

Just how did you uninstall Mcafee? There are traces of it everywhere.
=Uninstall [Add/Remove pgms] Yazzle and any other pgm that contains "Oin" eg Yazzle by Oin.
=Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\MC75C2~1.EXE
O4 - HKCU\..\Run: [Fengpef] "C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZK
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

==Go Start, run, type or paste this line into the run text box and press Enter:
sc delete mcupdmgr.exe
Search for and delete this file:
C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe
What is in this folder?:
C:\Program Files\Incomplete
Delete this folder:
C:\PROGRA~1\McAfee.com
C:\Documents and Settings\All Users\Application Data\McAfee.com
==Java update!!! This is for security reasons. Go control panel > java > update, & press update now. Restart after installing the update, and then go into control panel again, add/remove pgms and remove all old versions of java. Vsn 1.6.0.5 is current....

==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.
__________________________________________________________
Killall::

File::
C:\WINDOWS\SYSTEM32\ybrtoqfd.ini
C:\WINDOWS\SYSTEM32\lbojbini.ini
C:\WINDOWS\SYSTEM32\mcgdmgr.dll
C:\WINDOWS\SYSTEM32\RCX488.tmp
C:\WINDOWS\Internet Logs\xDB19C.tmp
C:\WINDOWS\Internet Logs\xDB19D.tmp
C:\WINDOWS\Internet Logs\xDB19B.tmp
C:\WINDOWS\Internet Logs\xDB19A.tmp
2008-03-13 11:28 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1E58.tmp
2008-03-13 10:55 228,864 ----a-w C:\WINDOWS\Internet Logs\xDB198.tmp
2008-03-12 03:32 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB25ED.tmp
2008-03-12 03:14 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB1EE2.tmp
2008-03-11 06:00 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB22C9.tmp
2008-03-11 05:59 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB24FF.tmp
2008-03-11 05:13 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB2478.tmp
2008-03-11 05:03 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2013.tmp
2008-03-11 03:46 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB239E.tmp
2008-03-11 03:46 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB24E1.tmp
2008-03-11 02:12 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2165.tmp
2008-03-11 02:12 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB23DD.tmp
2008-03-11 01:46 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1CAC.tmp
2008-03-11 01:24 45,568 ----a-w C:\WINDOWS\Internet Logs\xDB2020.tmp
2008-03-11 00:35 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB200C.tmp
2008-03-11 00:35 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1B7B.tmp
2008-03-11 00:35 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB197.tmp
2008-03-10 22:56 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB29E9.tmp
2008-03-10 22:55 66,560 ----a-w C:\WINDOWS\Internet Logs\xDB235A.tmp
2008-03-09 23:56 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB23CE.tmp
2008-03-09 23:56 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2186.tmp
2008-03-08 17:37 31,232 ----a-w C:\WINDOWS\Internet Logs\xDB287F.tmp
2008-03-08 17:34 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB23B4.tmp
2008-03-08 16:53 45,568 ----a-w C:\WINDOWS\Internet Logs\xDBE44.tmp
2008-03-08 16:47 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDBB25.tmp
2008-03-06 21:40 104,448 ----a-w C:\WINDOWS\Internet Logs\xDB2867.tmp
2008-03-06 21:39 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2602.tmp
2008-03-04 23:00 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB205F.tmp
2008-03-04 22:59 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1D55.tmp
2008-03-04 20:57 14,848 ----a-w C:\WINDOWS\Internet Logs\xDBE7B.tmp
2008-03-04 20:53 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB929.tmp
2008-03-03 23:24 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1E70.tmp
2008-03-03 23:24 2,695,680 ----a-w C:\WINDOWS\Internet Logs\xDB21E6.tmp
2008-02-25 12:50 2,726,912 ----a-w C:\WINDOWS\Internet Logs\xDB20AE.tmp
2008-02-25 12:47 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1D7F.tmp
2008-02-18 16:49 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB2708.tmp
2008-02-18 16:24 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB263C.tmp
2008-02-18 16:20 927,232 ----a-w C:\WINDOWS\Internet Logs\xDB2B0B.tmp
2008-02-18 04:40 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1DD6.tmp
2008-02-15 23:17 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2424.tmp
2008-02-13 08:20 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB2520.tmp
2008-02-13 08:20 2,677,248 ----a-w C:\WINDOWS\Internet Logs\xDB26AB.tmp
2008-02-12 19:57 32,768 -c--a-w C:\Documents and Settings\Irving Glemaud\services.exe
2008-02-11 02:18 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB226F.tmp
2008-02-07 02:34 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1E9F.tmp
2008-02-07 02:33 2,715,136 ----a-w C:\WINDOWS\Internet Logs\xDB20BA.tmp
2008-02-03 03:10 16,896 ----a-w C:\WINDOWS\Internet Logs\xDB1DFE.tmp
2008-02-03 02:47 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1C02.tmp
2008-02-03 02:20 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB19DC.tmp
2008-02-03 02:11 34,304 ----a-w C:\WINDOWS\Internet Logs\xDB1A85.tmp
2008-02-03 01:31 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB172D.tmp
2008-02-02 15:59 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1699.tmp
2008-02-02 15:55 61,952 ----a-w C:\WINDOWS\Internet Logs\xDB169A.tmp
2008-01-31 21:36 169,984 ----a-w C:\WINDOWS\Internet Logs\xDB1228.tmp
2008-01-31 21:34 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1214.tmp
2008-01-30 18:56 36,864 ----a-r C:\WINDOWS\mrofinu.exe
2008-01-30 00:25 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1023.tmp
2008-01-29 02:23 25,600 ----a-w C:\WINDOWS\Internet Logs\xDBE2E.tmp
2008-01-29 02:19 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDBE2D.tmp
2008-01-29 01:48 22,528 ----a-w C:\WINDOWS\Internet Logs\xDBC3B.tmp
2008-01-29 01:42 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDBC3A.tmp
2008-01-29 01:10 29,184 ----a-w C:\WINDOWS\Internet Logs\xDBA47.tmp
2008-01-29 01:08 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDBA46.tmp
2008-01-29 00:41 36,864 ----a-w C:\WINDOWS\mrofinu1000106.exe
2008-01-29 00:36 376,320 ----a-w C:\WINDOWS\mrofinu1000106.exe.tmp
2008-01-29 00:19 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB852.tmp
2008-01-29 00:16 24,064 ----a-w C:\WINDOWS\Internet Logs\xDB853.tmp
2008-01-28 23:44 778,240 ----a-w C:\WINDOWS\Internet Logs\xDB457.tmp
2008-01-28 23:25 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB456.tmp
2008-01-27 22:11 2,948,608 ----a-w C:\WINDOWS\Internet Logs\xDB199.tmp
2008-01-27 22:09 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB196.tmp
2008-01-27 02:34 41,724 --sh--w C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
2008-01-27 02:02 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB193.tmp
2008-01-27 02:02 2,721,792 ----a-w C:\WINDOWS\Internet Logs\xDB195.tmp
2008-01-24 12:49 224,256 ----a-w C:\WINDOWS\b116.exe
2008-01-21 00:21 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB192.tmp
2008-01-21 00:21 2,955,264 ----a-w C:\WINDOWS\Internet Logs\xDB194.tmp
2008-01-15 21:34 140,800 --sh--w C:\Program Files\Common Files\Yazzle1560OinAdmin.exe
2008-01-11 08:41 53,760 ----a-w C:\WINDOWS\b122.exe
2008-01-10 08:11 363,008 ----a-w C:\WINDOWS\Internet Logs\xDB191.tmp
2008-01-10 08:10 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB190.tmp
2008-01-07 15:51 716,288 ----a-w C:\WINDOWS\Internet Logs\xDB18E.tmp

Folder::
C:\Temp\tn3

RenV::
----a-w 313,472 2008-03-13 21:35:35 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 124,520 2008-03-13 21:31:38 C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w 180,269 2008-03-13 21:29:31 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 155,648 2008-03-13 21:29:18 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w 494,592 2008-03-13 21:28:23 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w 204,800 2008-03-13 21:28:42 C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w 425,984 2008-03-13 21:30:27 C:\Program Files\Dell Photo AIO Printer 924\dlccmon .exe
----a-w 460,784 2008-03-13 21:33:38 C:\Program Files\DellSupport\DSAgnt .exe
----a-w 68,856 2008-03-13 21:34:59 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 83,608 2008-03-13 21:29:49 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 135,168 2008-03-18 22:16:42 C:\Program Files\McAfee.com\Agent\MC1E26~1 .EXE
----a-w 180,224 2008-03-13 21:32:42 C:\Program Files\McAfee.com\Agent\MC2D68~1 .EXE
----a-w 542,208 2008-03-18 18:58:59 C:\Program Files\McAfee.com\Agent\MC46B5~1 .EXE
----a-w 180,224 2008-03-18 19:00:05 C:\Program Files\McAfee.com\Agent\MC46B5~2 .EXE
----a-w 180,224 2008-03-12 21:35:15 C:\Program Files\McAfee.com\Agent\MC5267~1 .EXE
----a-w 180,224 2008-03-27 00:32:11 C:\Program Files\McAfee.com\Agent\MC7B14~1 .EXE
----a-w 542,208 2008-03-27 00:30:57 C:\Program Files\McAfee.com\Agent\MC7B14~1 .EXE
----a-w 542,208 2008-03-24 22:50:42 C:\Program Files\McAfee.com\Agent\MC7B14~1 .EXE
----a-w 542,208 2008-03-23 22:46:55 C:\Program Files\McAfee.com\Agent\MC7B14~1 .EXE
----a-w 180,224 2008-03-23 22:48:02 C:\Program Files\McAfee.com\Agent\MC7B14~2 .EXE
----a-w 542,208 2008-03-24 23:23:30 C:\Program Files\McAfee.com\Agent\MC7B14~4 .EXE
----a-w 499,200 2008-03-13 21:25:27 C:\Program Files\McAfee.com\Agent\MCABBE~1 .EXE
----a-w 499,200 2008-03-18 18:00:48 C:\Program Files\McAfee.com\Agent\MCABBE~2 .EXE
----a-w 499,200 2008-03-18 18:58:58 C:\Program Files\McAfee.com\Agent\MCABBE~3 .EXE
----a-w 499,200 2008-03-18 22:15:29 C:\Program Files\McAfee.com\Agent\MCABBE~4 .EXE
----a-w 245,760 2008-03-13 21:32:43 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 542,208 2008-03-20 22:15:11 C:\Program Files\McAfee.com\Agent\MCC335~1 .EXE
----a-w 542,208 2008-03-19 22:24:11 C:\Program Files\McAfee.com\Agent\MCC335~1 .EXE
----a-w 180,224 2008-03-23 00:46:53 C:\Program Files\McAfee.com\Agent\MCC335~3 .EXE
----a-w 542,208 2008-03-23 00:44:11 C:\Program Files\McAfee.com\Agent\MCC335~3 .EXE
----a-w 542,208 2008-03-20 23:00:16 C:\Program Files\McAfee.com\Agent\MCC335~3 .EXE
----a-w 61,440 2008-03-11 04:00:21 C:\Program Files\McAfee.com\Agent\mcdeltag .exe
----a-w 180,224 2008-03-12 22:47:29 C:\Program Files\McAfee.com\Agent\MCDFDE~1 .EXE
----a-w 499,200 2008-03-11 05:18:50 C:\Program Files\McAfee.com\Agent\mcregwiz .exe
----a-w 499,200 2008-03-12 02:06:35 C:\Program Files\McAfee.com\Agent\MCREGW~1 .EXE
----a-w 499,200 2008-03-12 02:32:48 C:\Program Files\McAfee.com\Agent\MCREGW~2 .EXE
----a-w 499,200 2008-03-12 21:27:11 C:\Program Files\McAfee.com\Agent\MCREGW~3 .EXE
----a-w 499,200 2008-03-12 22:39:15 C:\Program Files\McAfee.com\Agent\MCREGW~4 .EXE
----a-w 542,208 2008-03-18 22:15:30 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 542,208 2008-03-18 18:00:50 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 542,208 2008-03-13 21:25:43 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 542,208 2008-03-13 12:21:29 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 542,208 2008-03-12 22:39:35 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 542,208 2008-03-12 21:27:30 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 542,208 2008-03-12 02:33:03 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 542,208 2008-03-11 05:19:10 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 542,208 2008-03-12 02:07:01 C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
----a-w 180,224 2008-03-12 02:16:18 C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
----a-w 180,224 2008-03-12 02:42:20 C:\Program Files\McAfee.com\Agent\MCUPDA~3 .EXE
----a-w 24,576 2008-03-11 04:01:11 C:\Program Files\McAfee.com\Agent\mcwelcom .exe
----a-w 163,840 2008-03-13 21:32:26 C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w 1,694,208 2008-03-10 22:23:12 C:\Program Files\Messenger\msmsgs .exe
----a-w 286,720 2008-03-13 21:28:52 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-13 21:24:17 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-13 12:19:44 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-12 22:38:03 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-12 21:25:44 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-12 02:31:30 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-12 02:05:27 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-11 06:08:00 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-11 05:17:30 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-11 03:51:08 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-11 02:40:50 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-11 01:55:25 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-10 23:37:44 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-10 23:02:01 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-10 22:14:55 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-10 00:01:01 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-09 23:27:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-08 16:58:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-08 16:25:49 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-06 21:44:41 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-06 20:34:25 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-04 23:05:13 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-04 22:27:29 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-03-04 20:31:15 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-25 14:06:58 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-18 16:58:05 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-18 16:29:52 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-18 15:43:38 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-17 19:00:56 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-15 22:32:53 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-13 08:24:21 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-12 19:45:49 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-11 23:52:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-11 23:21:13 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-07 02:40:43 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-05 13:42:45 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-04 14:18:47 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-03 02:51:59 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-03 02:27:58 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-03 01:51:39 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-03 00:11:42 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-02 16:03:58 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-02-02 14:34:18 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-01-31 21:42:54 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-01-31 20:53:23 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-01-29 21:21:45 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-01-29 01:55:11 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-01-29 01:14:52 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-01-29 00:34:48 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-01-29 00:23:49 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-01-28 23:48:35 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-01-28 23:28:53 C:\Program Files\QuickTime\QTTask .exe
----a-w 652,288 2008-01-27 02:11:51 C:\Program Files\QuickTime\QTTask .exe
----a-w 35,328 2008-03-13 21:32:10 C:\Program Files\Winamp\winampa .exe
----a-w 4,662,776 2008-01-27 02:22:48 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w 4,662,776 2008-01-28 23:35:19 C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w 697,624 2008-03-24 22:51:43 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w 1,728,512 2008-03-13 21:29:39 C:\WINDOWS\kdx\KHost .exe
----a-w 15,360 2008-03-24 22:51:45 C:\WINDOWS\SYSTEM32\ctfmon .exe
----a-w 28,672 2008-03-13 21:28:31 C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w 126,976 2008-03-13 21:28:00 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 155,648 2008-03-13 21:27:54 C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w 18,214,008 2008-02-13 08:34:09 C:\WINDOWS\SYSTEM32\MRT .exe
----a-w 114,741 2008-03-13 21:28:18 C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray.Excn"= -
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vuyixeyg]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutrpo]
__________________________________________________________

Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.
..and a fresh hijackthis log too...

0

Correction to the order of things. Would you please perform this section of the fix detailed above last ie aftre the CFScript/Combofix run?

=Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\MC75C2~1.EXE
O4 - HKCU\..\Run: [Fengpef] "C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZK
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

==Go Start, run, type or paste this line into the run text box and press Enter:
sc delete mcupdmgr.exe
Search for and delete this file:
C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe
What is in this folder?:
C:\Program Files\Incomplete
Delete this folder:
C:\PROGRA~1\McAfee.com
C:\Documents and Settings\All Users\Application Data\McAfee.com
==Java update!!! This is for security reasons. Go control panel > java > update, & press update now. Restart after installing the update, and then go into control panel again, add/remove pgms and remove all old versions of java. Vsn 1.6.0.5 is current....
Good-oh.

0

Okay, I did everything you told me to, but I couldn't find anything by Oin. I misunderstood what you meant with CFScript the first time, and the order of stuff, but I ended up doing it right (I think). But now there are IE popups while I'm in Firefox, and they're getting really aggressive now. Ah well, here's those logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:25 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WService.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2371f5ca2e1bfdd51401/netzip/RdxIE601.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 8478 bytes

ComboFix 08-03-25.4 - Irving Glemaud 2008-03-27 20:59:15.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.85 [GMT -4:00]
Running from: C:\Documents and Settings\Irving Glemaud\My Documents\New Folder\ComboFix.exe
Command switches used :: C:\Documents and Settings\Irving Glemaud\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
2008-03-13 11:28 6,569,984 ----a-w C:\WINDOWS\Internet Logs\xDB1E58.tmp
C:\WINDOWS\Internet Logs\xDB19A.tmp
C:\WINDOWS\Internet Logs\xDB19B.tmp
C:\WINDOWS\Internet Logs\xDB19C.tmp
C:\WINDOWS\Internet Logs\xDB19D.tmp
C:\WINDOWS\SYSTEM32\lbojbini.ini
C:\WINDOWS\SYSTEM32\mcgdmgr.dll
C:\WINDOWS\SYSTEM32\RCX488.tmp
C:\WINDOWS\SYSTEM32\ybrtoqfd.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\SYSTEM32\lbojbini.ini
C:\WINDOWS\SYSTEM32\mcgdmgr.dll
C:\WINDOWS\SYSTEM32\RCX488.tmp
C:\WINDOWS\SYSTEM32\ybrtoqfd.ini
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-27 21:06 . 2008-03-27 21:06 <DIR> d-------- C:\Temp\tn3
2008-03-26 22:23 . 2008-03-26 22:23 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-03-26 22:04 . 2008-03-26 22:04 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-26 22:04 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2008-03-26 22:04 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\SYSTEM32\actskin4.ocx
2008-03-26 22:04 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2008-03-26 22:04 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2008-03-26 22:04 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2008-03-26 22:04 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2008-03-26 22:04 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2008-03-26 22:04 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2008-03-21 14:57 . 2008-03-27 20:01 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-21 14:56 . 2008-03-21 14:56 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-21 14:56 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2008-03-21 14:30 . 2008-03-21 14:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 18:30 . 2008-03-25 15:30 <DIR> d----c--- C:\Documents and Settings\Irving Glemaud\.housecall6.6
2008-03-18 17:07 . 2002-08-29 07:00 152,844 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\framdit.ttf
2008-03-18 17:07 . 2002-08-29 07:00 135,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\framd.ttf
2008-03-18 17:07 . 2002-08-29 07:00 12,288 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\script.fon
2008-03-18 17:07 . 2002-08-29 07:00 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\modern.fon
2008-03-18 17:05 . 2008-03-23 14:43 <DIR> d-------- C:\WINDOWS\Font
2008-03-10 22:57 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\SYSTEM32\hhactivex.dll
2008-03-10 22:57 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\SYSTEM32\COMCT332.OCX
2008-03-10 22:57 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\SYSTEM32\ssa3d30.ocx
2008-03-10 22:57 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\SYSTEM32\RcdScan.dll
2008-03-10 22:57 . 1998-09-24 12:03 171,967 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.hlp
2008-03-10 22:57 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\SYSTEM32\VB5DB.DLL
2008-03-10 22:57 . 1998-09-24 12:03 7,348 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.cnt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 01:05 932 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-28 00:58 --------- d-----w C:\Program Files\Winamp
2008-03-28 00:58 --------- d-----w C:\Program Files\QuickTime
2008-03-28 00:58 --------- d-----w C:\Program Files\DellSupport
2008-03-28 00:58 --------- d-----w C:\Program Files\Dell Photo AIO Printer 924
2008-03-27 23:26 --------- d-----w C:\Program Files\Java
2008-03-27 23:21 --------- d-----w C:\Program Files\LimeWire
2008-03-27 01:06 --------- d-----w C:\Program Files\Dl_cats
2008-03-24 22:51 15,360 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-03-24 22:51 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-03-19 22:17 --------- d-----w C:\Program Files\Sony Setup
2008-03-19 22:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 22:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-13 21:28 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-03-13 21:28 126,976 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-03-13 21:27 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-02-17 19:15 97,344 ----a-w C:\WINDOWS\SYSTEM32\utxhpiev.dll
2008-02-15 22:45 93,248 ----a-w C:\WINDOWS\SYSTEM32\vqdduwgj.dll
2008-02-12 20:01 --------- d-----w C:\Documents and Settings\Irving Glemaud\Application Data\LimeWire
2008-02-12 19:57 32,768 -c--a-w C:\Documents and Settings\Irving Glemaud\services.exe
2008-02-11 23:39 93,248 ----a-w C:\WINDOWS\SYSTEM32\ooamstjb.dll
2008-02-10 21:59 93,248 ----a-w C:\WINDOWS\SYSTEM32\rhrxhuva.dll
2008-02-06 22:21 93,248 ----a-w C:\WINDOWS\SYSTEM32\fwtatqob.dll
2008-02-04 14:34 93,248 ----a-w C:\WINDOWS\SYSTEM32\lphvwlaf.dll
2008-02-02 14:47 96,832 ----a-w C:\WINDOWS\SYSTEM32\lxpngupc.dll
2008-01-19 23:45 147,456 ----a-w C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2005-12-19 01:04 557,056 -c--a-w C:\Documents and Settings\Irving Glemaud\chatlnk.exe
2006-06-22 00:51 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

<pre>
----a-w           155,648 2008-03-13 21:29:18  C:\Program Files\Common Files\Sonic\Update Manager\sgtray  .exe
----a-w           286,720 2008-03-13 21:28:52  C:\Program Files\QuickTime\QTTask                                                     .exe
----a-w           652,288 2008-03-13 21:24:17  C:\Program Files\QuickTime\QTTask                                                    .exe
----a-w           652,288 2008-03-13 12:19:44  C:\Program Files\QuickTime\QTTask                                                   .exe
----a-w           652,288 2008-03-12 22:38:03  C:\Program Files\QuickTime\QTTask                                                  .exe
----a-w           652,288 2008-03-12 21:25:44  C:\Program Files\QuickTime\QTTask                                                 .exe
----a-w           652,288 2008-03-12 02:31:30  C:\Program Files\QuickTime\QTTask                                                .exe
----a-w           652,288 2008-03-12 02:05:27  C:\Program Files\QuickTime\QTTask                                               .exe
----a-w           652,288 2008-03-11 06:08:00  C:\Program Files\QuickTime\QTTask                                              .exe
----a-w           652,288 2008-03-11 05:17:30  C:\Program Files\QuickTime\QTTask                                             .exe
----a-w           652,288 2008-03-11 03:51:08  C:\Program Files\QuickTime\QTTask                                            .exe
----a-w           652,288 2008-03-11 02:40:50  C:\Program Files\QuickTime\QTTask                                           .exe
----a-w           652,288 2008-03-11 01:55:25  C:\Program Files\QuickTime\QTTask                                          .exe
----a-w           652,288 2008-03-10 23:37:44  C:\Program Files\QuickTime\QTTask                                         .exe
----a-w           652,288 2008-03-10 23:02:01  C:\Program Files\QuickTime\QTTask                                        .exe
----a-w           652,288 2008-03-10 22:14:55  C:\Program Files\QuickTime\QTTask                                       .exe
----a-w           652,288 2008-03-10 00:01:01  C:\Program Files\QuickTime\QTTask                                      .exe
----a-w           652,288 2008-03-09 23:27:23  C:\Program Files\QuickTime\QTTask                                     .exe
----a-w           652,288 2008-03-08 16:58:51  C:\Program Files\QuickTime\QTTask                                    .exe
----a-w           652,288 2008-03-08 16:25:49  C:\Program Files\QuickTime\QTTask                                   .exe
----a-w           652,288 2008-03-06 21:44:41  C:\Program Files\QuickTime\QTTask                                  .exe
----a-w           652,288 2008-03-06 20:34:25  C:\Program Files\QuickTime\QTTask                                 .exe
----a-w           652,288 2008-03-04 23:05:13  C:\Program Files\QuickTime\QTTask                                .exe
----a-w           652,288 2008-03-04 22:27:29  C:\Program Files\QuickTime\QTTask                               .exe
----a-w           652,288 2008-03-04 20:31:15  C:\Program Files\QuickTime\QTTask                              .exe
----a-w           652,288 2008-02-25 14:06:58  C:\Program Files\QuickTime\QTTask                             .exe
----a-w           652,288 2008-02-18 16:58:05  C:\Program Files\QuickTime\QTTask                            .exe
----a-w           652,288 2008-02-18 16:29:52  C:\Program Files\QuickTime\QTTask                           .exe
----a-w           652,288 2008-02-18 15:43:38  C:\Program Files\QuickTime\QTTask                          .exe
----a-w           652,288 2008-02-17 19:00:56  C:\Program Files\QuickTime\QTTask                         .exe
----a-w           652,288 2008-02-15 22:32:53  C:\Program Files\QuickTime\QTTask                        .exe
----a-w           652,288 2008-02-13 08:24:21  C:\Program Files\QuickTime\QTTask                       .exe
----a-w           652,288 2008-02-12 19:45:49  C:\Program Files\QuickTime\QTTask                      .exe
----a-w           652,288 2008-02-11 23:52:51  C:\Program Files\QuickTime\QTTask                     .exe
----a-w           652,288 2008-02-11 23:21:13  C:\Program Files\QuickTime\QTTask                    .exe
----a-w           652,288 2008-02-07 02:40:43  C:\Program Files\QuickTime\QTTask                   .exe
----a-w           652,288 2008-02-05 13:42:45  C:\Program Files\QuickTime\QTTask                  .exe
----a-w           652,288 2008-02-04 14:18:47  C:\Program Files\QuickTime\QTTask                 .exe
----a-w           652,288 2008-02-03 02:51:59  C:\Program Files\QuickTime\QTTask                .exe
----a-w           652,288 2008-02-03 02:27:58  C:\Program Files\QuickTime\QTTask               .exe
----a-w           652,288 2008-02-03 01:51:39  C:\Program Files\QuickTime\QTTask              .exe
----a-w           652,288 2008-02-03 00:11:42  C:\Program Files\QuickTime\QTTask             .exe
----a-w           652,288 2008-02-02 16:03:58  C:\Program Files\QuickTime\QTTask            .exe
----a-w           652,288 2008-02-02 14:34:18  C:\Program Files\QuickTime\QTTask           .exe
----a-w           652,288 2008-01-31 21:42:54  C:\Program Files\QuickTime\QTTask          .exe
----a-w           652,288 2008-01-31 20:53:23  C:\Program Files\QuickTime\QTTask         .exe
----a-w           652,288 2008-01-29 21:21:45  C:\Program Files\QuickTime\QTTask        .exe
----a-w           652,288 2008-01-29 01:55:11  C:\Program Files\QuickTime\QTTask       .exe
----a-w           652,288 2008-01-29 01:14:52  C:\Program Files\QuickTime\QTTask      .exe
----a-w           652,288 2008-01-29 00:34:48  C:\Program Files\QuickTime\QTTask     .exe
----a-w           652,288 2008-01-29 00:23:49  C:\Program Files\QuickTime\QTTask    .exe
----a-w           652,288 2008-01-28 23:48:35  C:\Program Files\QuickTime\QTTask   .exe
----a-w           652,288 2008-01-28 23:28:53  C:\Program Files\QuickTime\QTTask  .exe
----a-w           697,624 2008-03-24 22:51:43  C:\Program Files\Zone Labs\ZoneAlarm\zlclient  .exe
</pre>

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-03-10 18:23 1694208]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2008-01-28 19:35 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-24 18:51 15360]
"Aim6"="" []
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"Fengpef"="C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"WService"="WService.EXE" [2002-09-07 06:23 28672 C:\WINDOWS\SYSTEM32\WService.exe]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\MC75C2~1.EXE" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 14:38 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-01-06 14:02:05 36953]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1133661202\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1133661202\\ee\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\SYSTEM32\\dlcccoms.exe"=
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dlccPSWX.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 Tablet2kk;Tablet2kk;C:\WINDOWS\system32\drivers\Tablet2kk.sys [2008-01-20 20:33]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ba0458d-8340-11dc-88f5-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-26 22:50:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-27 21:25:02 C:\WINDOWS\Tasks\McAfee.com Update Check (D8QVF341-Irving Glemaud).job"
- C:\PROGRA~1\McAfee.com\Agent\MC7B14~1 .EX
- C:\PROGRA~1\McAfee.com\Agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 21:07:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-03-27 21:17:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-28 01:17:26
ComboFix2.txt 2008-03-28 00:35:22
ComboFix3.txt 2008-03-28 00:01:00
ComboFix4.txt 2008-03-27 01:12:31
.
2008-03-18 16:21:40 --- E O F ---

0

It looks like Combofix was not too happy with that workload - it may not have appreciated the way or what I fed it [actually the formatting on this webpage alters filenames...], so we shall try again and also use another specialised tool that should remove your multiplying infection.
Also you have a lot of open ports on your machine - we shall close those.
=Please go to Scheduled Tasks and remove this :
C:\WINDOWS\Tasks\McAfee.com Update Check (D8QVF341-Irving Glemaud).job
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

!!! Check the Vundofix log for any found files that were not deleted - if present rerun Vundofix !!!
=Restart your system in Safe Mode.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.
__________________________________________________________
Killall::

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\SYSTEM32\utxhpiev.dll
C:\WINDOWS\SYSTEM32\vqdduwgj.dll
C:\WINDOWS\SYSTEM32\ooamstjb.dll
C:\WINDOWS\SYSTEM32\rhrxhuva.dll
C:\WINDOWS\SYSTEM32\fwtatqob.dll
C:\WINDOWS\SYSTEM32\lphvwlaf.dll
C:\WINDOWS\SYSTEM32\lxpngupc.dll
C:\PROGRA~1\McAfee.com\Agent\MC7B14~1 .EX
C:\PROGRA~1\McAfee.com\Agent
C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe

Folder::
C:\Temp\tn3

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fengpef"=-

[-HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22009
__________________________________________________________

Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.
Okay, now in normal mode....
==Please download RenV by sUBs: http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
-save it to your Desktop.
=Please extract the attached Log.zip file to your desktop.
-now drag Log.txt icon onto RenV.exe [drag the icon on your desktop]. RenV will start, let it run, post the log it produces.

Post the contents of C:\vundofix.txt, C:\Combofix.txt, the RenV log plus a new HijackThis log run in normal mode.

Attachments
0

Ira, because of the icons appearing in my text, you will have to edit the line where they appear as follows-
-please replace the three "*" in the line below with colons ":" and use the new line to replace the bottom line in CFScript.txt.
"3389:TCP"= 3389:TCP*LocalSubNet*Disabled*@xpsp2res.dll,-22009

0

Ira, skip the post above... I have taken a lesson in smiley annhilation and smiley "code" and now know what the line should be... please use THIS new line to replace the bottom line in CFScript.txt.

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

Actually, here is the whole CFScript thing reposted to eliminate error:
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.

__________________________________________________________
Killall::

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\SYSTEM32\utxhpiev.dll
C:\WINDOWS\SYSTEM32\vqdduwgj.dll
C:\WINDOWS\SYSTEM32\ooamstjb.dll
C:\WINDOWS\SYSTEM32\rhrxhuva.dll
C:\WINDOWS\SYSTEM32\fwtatqob.dll
C:\WINDOWS\SYSTEM32\lphvwlaf.dll
C:\WINDOWS\SYSTEM32\lxpngupc.dll
C:\PROGRA~1\McAfee.com\Agent\MC7B14~1 .EX
C:\PROGRA~1\McAfee.com\Agent
C:\Documents and Settings\Irving Glemaud\My Documents\?ppPatch\m?hta.exe

Folder::
C:\Temp\tn3

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fengpef"=-

[-HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
__________________________________________________________
0

Okay, ran ComboFix, this is the log:
ComboFix 08-03-25.4 - Irving Glemaud 2008-03-30 21:12:43.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.104 [GMT -4:00]
Running from: C:\Documents and Settings\Irving Glemaud\My Documents\New Folder\ComboFix.exe
Command switches used :: C:\Documents and Settings\Irving Glemaud\My Documents\New Folder\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\PROGRA~1\McAfee.com\Agent
C:\PROGRA~1\McAfee.com\Agent\MC7B14~1 .EX
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\SYSTEM32\fwtatqob.dll
C:\WINDOWS\SYSTEM32\lphvwlaf.dll
C:\WINDOWS\SYSTEM32\lxpngupc.dll
C:\WINDOWS\SYSTEM32\ooamstjb.dll
C:\WINDOWS\SYSTEM32\rhrxhuva.dll
C:\WINDOWS\SYSTEM32\utxhpiev.dll
C:\WINDOWS\SYSTEM32\vqdduwgj.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\SYSTEM32\fwtatqob.dll
C:\WINDOWS\SYSTEM32\lphvwlaf.dll
C:\WINDOWS\SYSTEM32\lxpngupc.dll
C:\WINDOWS\SYSTEM32\ooamstjb.dll
C:\WINDOWS\SYSTEM32\rhrxhuva.dll
C:\WINDOWS\SYSTEM32\utxhpiev.dll
C:\WINDOWS\SYSTEM32\vqdduwgj.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-30 21:20 . 2008-03-30 21:20 <DIR> d-------- C:\Temp\tn3
2008-03-30 20:30 . 2008-03-30 20:30 165 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fwdrv.err
2008-03-26 22:23 . 2008-03-26 22:23 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-03-26 22:04 . 2008-03-26 22:04 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-26 22:04 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2008-03-26 22:04 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\SYSTEM32\actskin4.ocx
2008-03-26 22:04 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2008-03-26 22:04 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2008-03-26 22:04 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2008-03-26 22:04 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2008-03-26 22:04 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2008-03-26 22:04 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2008-03-21 14:57 . 2008-03-27 20:01 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-21 14:56 . 2008-03-21 14:56 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-21 14:56 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2008-03-21 14:30 . 2008-03-21 14:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 18:30 . 2008-03-25 15:30 <DIR> d----c--- C:\Documents and Settings\Irving Glemaud\.housecall6.6
2008-03-18 17:07 . 2002-08-29 07:00 152,844 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\framdit.ttf
2008-03-18 17:07 . 2002-08-29 07:00 135,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\framd.ttf
2008-03-18 17:07 . 2002-08-29 07:00 12,288 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\script.fon
2008-03-18 17:07 . 2002-08-29 07:00 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\modern.fon
2008-03-18 17:05 . 2008-03-23 14:43 <DIR> d-------- C:\WINDOWS\Font
2008-03-10 22:57 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\SYSTEM32\hhactivex.dll
2008-03-10 22:57 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\SYSTEM32\COMCT332.OCX
2008-03-10 22:57 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\SYSTEM32\ssa3d30.ocx
2008-03-10 22:57 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\SYSTEM32\RcdScan.dll
2008-03-10 22:57 . 1998-09-24 12:03 171,967 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.hlp
2008-03-10 22:57 . 1998-06-17 23:00 89,360 --a------ C:\WINDOWS\SYSTEM32\VB5DB.DLL
2008-03-10 22:57 . 1998-09-24 12:03 7,348 --a------ C:\WINDOWS\SYSTEM32\Odbcjet.cnt
2008-02-13 04:14 . 2008-03-18 12:21 215 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-02-12 21:49 . 2001-08-17 23:36 99,328 --a------ C:\WINDOWS\SYSTEM32\srusd.dll
2008-02-12 21:49 . 2001-08-17 23:36 99,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\srusd.dll
2008-02-12 21:49 . 2001-08-17 23:36 71,680 --a------ C:\WINDOWS\SYSTEM32\fnfilter.dll
2008-02-12 21:49 . 2001-08-17 23:36 71,680 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\fnfilter.dll
2008-02-12 21:49 . 2001-08-17 14:53 6,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\serscan.sys
2008-02-12 21:49 . 2001-08-17 14:53 6,784 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\serscan.sys
2008-02-06 18:23 . 2008-02-10 18:00 354 ---hs---- C:\WINDOWS\SYSTEM32\modvlaff.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 01:20 167,545 ----a-w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-28 00:58 --------- d-----w C:\Program Files\Winamp
2008-03-28 00:58 --------- d-----w C:\Program Files\QuickTime
2008-03-28 00:58 --------- d-----w C:\Program Files\DellSupport
2008-03-28 00:58 --------- d-----w C:\Program Files\Dell Photo AIO Printer 924
2008-03-27 23:26 --------- d-----w C:\Program Files\Java
2008-03-27 23:21 --------- d-----w C:\Program Files\LimeWire
2008-03-27 01:06 --------- d-----w C:\Program Files\Dl_cats
2008-03-24 22:51 15,360 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ctfmon.exe
2008-03-24 22:51 15,360 ----a-w C:\WINDOWS\SYSTEM32\ctfmon.exe
2008-03-19 22:17 --------- d-----w C:\Program Files\Sony Setup
2008-03-19 22:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 22:26 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-13 21:28 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-03-13 21:28 126,976 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-03-13 21:27 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-02-12 20:01 --------- d-----w C:\Documents and Settings\Irving Glemaud\Application Data\LimeWire
2008-02-12 19:57 32,768 -c--a-w C:\Documents and Settings\Irving Glemaud\services.exe
2008-01-19 23:45 147,456 ----a-w C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2005-12-19 01:04 557,056 -c--a-w C:\Documents and Settings\Irving Glemaud\chatlnk.exe
2006-06-22 00:51 848 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

<pre>
----a-w           155,648 2008-03-13 21:29:18  C:\Program Files\Common Files\Sonic\Update Manager\sgtray  .exe
----a-w           286,720 2008-03-13 21:28:52  C:\Program Files\QuickTime\QTTask                                                     .exe
----a-w           652,288 2008-03-13 21:24:17  C:\Program Files\QuickTime\QTTask                                                    .exe
----a-w           652,288 2008-03-13 12:19:44  C:\Program Files\QuickTime\QTTask                                                   .exe
----a-w           652,288 2008-03-12 22:38:03  C:\Program Files\QuickTime\QTTask                                                  .exe
----a-w           652,288 2008-03-12 21:25:44  C:\Program Files\QuickTime\QTTask                                                 .exe
----a-w           652,288 2008-03-12 02:31:30  C:\Program Files\QuickTime\QTTask                                                .exe
----a-w           652,288 2008-03-12 02:05:27  C:\Program Files\QuickTime\QTTask                                               .exe
----a-w           652,288 2008-03-11 06:08:00  C:\Program Files\QuickTime\QTTask                                              .exe
----a-w           652,288 2008-03-11 05:17:30  C:\Program Files\QuickTime\QTTask                                             .exe
----a-w           652,288 2008-03-11 03:51:08  C:\Program Files\QuickTime\QTTask                                            .exe
----a-w           652,288 2008-03-11 02:40:50  C:\Program Files\QuickTime\QTTask                                           .exe
----a-w           652,288 2008-03-11 01:55:25  C:\Program Files\QuickTime\QTTask                                          .exe
----a-w           652,288 2008-03-10 23:37:44  C:\Program Files\QuickTime\QTTask                                         .exe
----a-w           652,288 2008-03-10 23:02:01  C:\Program Files\QuickTime\QTTask                                        .exe
----a-w           652,288 2008-03-10 22:14:55  C:\Program Files\QuickTime\QTTask                                       .exe
----a-w           652,288 2008-03-10 00:01:01  C:\Program Files\QuickTime\QTTask                                      .exe
----a-w           652,288 2008-03-09 23:27:23  C:\Program Files\QuickTime\QTTask                                     .exe
----a-w           652,288 2008-03-08 16:58:51  C:\Program Files\QuickTime\QTTask                                    .exe
----a-w           652,288 2008-03-08 16:25:49  C:\Program Files\QuickTime\QTTask                                   .exe
----a-w           652,288 2008-03-06 21:44:41  C:\Program Files\QuickTime\QTTask                                  .exe
----a-w           652,288 2008-03-06 20:34:25  C:\Program Files\QuickTime\QTTask                                 .exe
----a-w           652,288 2008-03-04 23:05:13  C:\Program Files\QuickTime\QTTask                                .exe
----a-w           652,288 2008-03-04 22:27:29  C:\Program Files\QuickTime\QTTask                               .exe
----a-w           652,288 2008-03-04 20:31:15  C:\Program Files\QuickTime\QTTask                              .exe
----a-w           652,288 2008-02-25 14:06:58  C:\Program Files\QuickTime\QTTask                             .exe
----a-w           652,288 2008-02-18 16:58:05  C:\Program Files\QuickTime\QTTask                            .exe
----a-w           652,288 2008-02-18 16:29:52  C:\Program Files\QuickTime\QTTask                           .exe
----a-w           652,288 2008-02-18 15:43:38  C:\Program Files\QuickTime\QTTask                          .exe
----a-w           652,288 2008-02-17 19:00:56  C:\Program Files\QuickTime\QTTask                         .exe
----a-w           652,288 2008-02-15 22:32:53  C:\Program Files\QuickTime\QTTask                        .exe
----a-w           652,288 2008-02-13 08:24:21  C:\Program Files\QuickTime\QTTask                       .exe
----a-w           652,288 2008-02-12 19:45:49  C:\Program Files\QuickTime\QTTask                      .exe
----a-w           652,288 2008-02-11 23:52:51  C:\Program Files\QuickTime\QTTask                     .exe
----a-w           652,288 2008-02-11 23:21:13  C:\Program Files\QuickTime\QTTask                    .exe
----a-w           652,288 2008-02-07 02:40:43  C:\Program Files\QuickTime\QTTask                   .exe
----a-w           652,288 2008-02-05 13:42:45  C:\Program Files\QuickTime\QTTask                  .exe
----a-w           652,288 2008-02-04 14:18:47  C:\Program Files\QuickTime\QTTask                 .exe
----a-w           652,288 2008-02-03 02:51:59  C:\Program Files\QuickTime\QTTask                .exe
----a-w           652,288 2008-02-03 02:27:58  C:\Program Files\QuickTime\QTTask               .exe
----a-w           652,288 2008-02-03 01:51:39  C:\Program Files\QuickTime\QTTask              .exe
----a-w           652,288 2008-02-03 00:11:42  C:\Program Files\QuickTime\QTTask             .exe
----a-w           652,288 2008-02-02 16:03:58  C:\Program Files\QuickTime\QTTask            .exe
----a-w           652,288 2008-02-02 14:34:18  C:\Program Files\QuickTime\QTTask           .exe
----a-w           652,288 2008-01-31 21:42:54  C:\Program Files\QuickTime\QTTask          .exe
----a-w           652,288 2008-01-31 20:53:23  C:\Program Files\QuickTime\QTTask         .exe
----a-w           652,288 2008-01-29 21:21:45  C:\Program Files\QuickTime\QTTask        .exe
----a-w           652,288 2008-01-29 01:55:11  C:\Program Files\QuickTime\QTTask       .exe
----a-w           652,288 2008-01-29 01:14:52  C:\Program Files\QuickTime\QTTask      .exe
----a-w           652,288 2008-01-29 00:34:48  C:\Program Files\QuickTime\QTTask     .exe
----a-w           652,288 2008-01-29 00:23:49  C:\Program Files\QuickTime\QTTask    .exe
----a-w           652,288 2008-01-28 23:48:35  C:\Program Files\QuickTime\QTTask   .exe
----a-w           652,288 2008-01-28 23:28:53  C:\Program Files\QuickTime\QTTask  .exe
----a-w           697,624 2008-03-24 22:51:43  C:\Program Files\Zone Labs\ZoneAlarm\zlclient  .exe
</pre>

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-03-10 18:23 1694208]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2008-01-28 19:35 4662776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-24 18:51 15360]
"Aim6"="" []
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 17:34 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"WService"="WService.EXE" [2002-09-07 06:23 28672 C:\WINDOWS\SYSTEM32\WService.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 14:38 69632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-01-06 14:02:05 36953]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1133661202\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1133661202\\ee\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\SYSTEM32\\dlcccoms.exe"=
"C:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\dlccPSWX.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 Tablet2kk;Tablet2kk;C:\WINDOWS\system32\drivers\Tablet2kk.sys [2008-01-20 20:33]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ba0458d-8340-11dc-88f5-00038a000015}]
\Shell\AutoRun\command - setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-26 22:50:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 21:22:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-03-30 21:31:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-31 01:31:16
ComboFix2.txt 2008-03-28 01:17:38
ComboFix3.txt 2008-03-28 00:35:22
ComboFix4.txt 2008-03-28 00:01:00
ComboFix5.txt 2008-03-27 01:12:31
.
2008-03-28 02:20:30 --- E O F ---

0

Ira, could you also please do the parts referring to Vundofix, and RenV involving the zipped file Log.txt please?

0

Ira, I probably confused you with my troubles with smileys interferring with text. However I it is important that you finish the remainder of my post #9. [vundofix and RenV]
Next, restart in Safe Mode then search for:
C:\windows\system32\drivers\core.cache.dsk
Order the files in drivers\ by date modified or date created and see if any other files were created at the same time - please post their entries here. Some other file is regenerating/protecting core.cache.dsk.
One may be core.sys, but I doubt it because Combofix would have found it... if it is, delete both core.sys and core.cache.dsk.
Delete...
C:\WINDOWS\SYSTEM32\modvlaff.ini
C:\WINDOWS\SYSTEM32\MRT.INI

==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Core" /s >>C:\showkey.txt
start C:\showkey.txt
__________________________________________________________
-if it returns a blank notepad just say so - it means that that service I was querying for did not exist.

0

Sorry I didn't run VundoFix and RenV earlier, for some reason I couldn't see that post so I had to change the settings on how I saw the thread. Anyways, showkey returned a blank notepad, and VundoFix didn't find anything. I couldn't find C:\WINDOWS\SYSTEM32\modvlaff.ini and the only thing that was created around the same time as core.cache.dsk is fwdrv.err....Should I delete it?

0

Here's the RenV Log:

Ran on Mon 03/31/2008 - 19:20:29.59

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0

And HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:56 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WService.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2371f5ca2e1bfdd51401/netzip/RdxIE601.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 8425 bytes

0

Hi, Ira, no, you do not need to delete fwdrv.err - it is an error log from your Sunbelt firewall.
I have had problems viewing this website with FF, missing sections of posts and so forth, so I now use Opera. It performs best with IE but I avoid using that unless a requisite of some websites.
The hijackthis log is clean, RenV applied the fix and reported no further spoofed files [they were those files in the Combofix logs with an incrementing number of spaces in the filename].
Is this file still extant?: C:\windows\system32\drivers\core.cache.dsk
If it will not delete in safe mode you could try this tool:
=This one is a general purpose deleter, Unlocker: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
...or does it get regenerated?
Assuming that it is gone....
-your Windows\fonts files.... I don't know how to remove the bad ones except by arranging them by Modified order and seeing if that helps you select the block of incorrect files. The zip files ... try rclicking the headings border, and selecting View, List by Similarity.
- are your icons still incorrect?
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

0

Hey gerbil, as far as the fonts file, everything seems to be quite fine. Before it was nearly 300 megabytes, now its only 20, so I guess it's fixed. This C:\windows\system32\drivers\core.cache.dsk is pesky, but it seems gone for now. The panda scan however.......I went to the link you posted, and when I saw the link that said "Scan Your PC Now", I clicked it....and nothing happened. No redirect or hourglass icon or anything. Which led me to search for it on google. Some of the sites I saw with a "Panda ActiveScan" seemed strange, but I tried it, only to find Avast pop up saying it blocked malware from being downloaded. So I found whatever was already downloaded to a folder in My Computer and deleted it immediately. What should I do now??

0

Configure IE to allow Active-X's from trusted sites [you did use IE, right? It works by ActiveX component installation [a small application] so you must use IE and no other browser], plus Avast to accept PandaActiveScan.
I just tested the scan site; it worked/commenced loading.

0

Well, I did the scan...and it didn't look pretty, I think. Here it is:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-02 20:15:04
PROTECTIONS: 1
MALWARE: 54
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.7.1098 [VPS 080402-0] 4.7.1098 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00034463 adware/wupd Adware No 0 Yes No c:\windows\downloaded program files\mediagatewayx.dll
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\mediagatewayx.installer
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Irving Glemaud\Cookies\irving_glemaud@clickbank[1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Irving Glemaud\Cookies\irving_glemaud@tickle[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Irving Glemaud\Cookies\irving_glemaud@www.burstbeacon[2].txt
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Irving Glemaud\Cookies\irving_glemaud@web.tickle[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Irving Glemaud\Cookies\irving_glemaud@realmedia[1].txt
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_cmdservice
00219235 Adware/CommAd Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266084.dll
00219235 Adware/CommAd Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\TXlybGFuZGUgR2xlbWF1ZA\asappsrv.dll.vir
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\services\cmdservice
00219238 Adware/CommAd Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\TXlybGFuZGUgR2xlbWF1ZA\command.exe.vir
00219238 Adware/CommAd Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266080.exe
00248329 adware/toolbarpartner Adware No 0 Yes No c:\$$$_.log
00250251 Adware/ISearch Adware No 0 No No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266627.exe[MTE3MTk6ODoxNg.exe]
00250251 Adware/ISearch Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir[MTE3MTk6ODoxNg.exe]
00251146 Adware/SearchAid Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir
00251146 Adware/SearchAid Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266624.vbs
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Irving Glemaud\Cookies\irving_glemaud@atwola[1].txt
00262492 Adware/CommAd Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\TXlybGFuZGUgR2xlbWF1ZA\nr5Vv3IRt3o0lZU5vqIYtE.vbs.vir
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\atmtd.dll._.vir
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\atmtd.dll.vir
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266623.dll
00392623 Adware/ActiveSearch Adware No 0 No No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266627.exe[²ÜÇ\Services.dll]
00392623 Adware/ActiveSearch Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir[²ÜÇ\Services.dll]
00463502 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266627.exe
00463502 Generic Trojan Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266646.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP764\A0266872.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266098.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266755.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268021.EXE
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Irving Glemaud\Cookies\irving_glemaud@enhance[1].txt
01259911 Trj/Downloader.PLQ Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir
01259911 Trj/Downloader.PLQ Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266630.exe
02885555 Bck/IRCbot.BMV Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\Fonts\Setup.exe.vir
02885555 Bck/IRCbot.BMV Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0265946.exe
02885555 Bck/IRCbot.BMV Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266052.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266091.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266746.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266637.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268012.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP764\A0266863.sys
02887738 Trj/Downloader.PLF Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nGpxx18\nGpxx182328.exe.vir
02887738 Trj/Downloader.PLF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266083.exe
02888175 Adware/Zenosearch Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir
02888175 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266048.dll
02891362 Adware/Yazzle Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1560OinUninstaller.exe.vir
02891362 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266622.exe
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266060.dll
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\jeyummyf.dll.vir
02893342 Trj/Downloader.SCI Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir
02893342 Trj/Downloader.SCI Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266049.exe
02893513 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP753\A0264903.exe
02893513 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266044.exe
02893513 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vturp.exe.vir
02893513 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX488.tmp.vir
02893513 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0266006.exe
02893513 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0265903.exe
02893586 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\catchme2008-03-26_210525.30.zip[vturp.dll]
02894844 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266053.dll
02894844 Adware/PurityScan Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mzvyhpcf.dll.vir
02895511 Trj/Downloader.SGB Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP753\A0264900.exe
02895511 Trj/Downloader.SGB Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0266022.exe
02895511 Trj/Downloader.SGB Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir
02895511 Trj/Downloader.SGB Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266626.exe
02895511 Trj/Downloader.SGB Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0265900.exe
02895511 Trj/Downloader.SGB Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0266003.exe
02896112 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266621.exe
02896112 Adware/Yazzle Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1560OinAdmin.exe.vir
02896636 Adware/Matcash Adware No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\b151.exe.vir
02896636 Adware/Matcash Adware No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266631.exe
02897137 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\khfggge.dll.vir
02897137 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266061.dll
02897144 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nnnooon.dll.vir
02897144 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266066.dll
02897803 Trj/Downloader.SJM Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266625.exe
02897803 Trj/Downloader.SJM Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\mrofinu.exe.vir
02898733 Trj/Downloader.SLD Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\b116.exe.vir
02898733 Trj/Downloader.SLD Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266628.exe
02899316 Trj/ZapChast.DO Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\windows.vir
02899662 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268004.dll
02899662 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fwtatqob.dll.vir
02899662 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268001.dll
02899662 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268000.dll
02899662 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lphvwlaf.dll.vir
02899662 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rhrxhuva.dll.vir
02901062 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268003.dll
02901062 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vqdduwgj.dll.vir
02901062 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268006.dll
02901062 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ooamstjb.dll.vir
02902051 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\glvatumx.dll.vir
02902051 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266058.dll
02902094 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266065.dll
02902094 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mpamuvnm.dll.vir
02902097 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\utxhpiev.dll.vir
02902097 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268005.dll
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268138.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268137.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268136.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP753\A0264909.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP753\A0264902.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268148.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0265902.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268135.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268149.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0265909.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268139.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268143.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268147.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268140.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268134.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268133.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268150.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268151.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268144.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\mrofinu1188.exe.vir
02903521 W32/Trats.B Virus No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\mrofinu1188.exe.tmp.vir
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268145.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266685.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268141.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266687.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266689.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266690.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266691.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266692.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266693.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268152.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.tmp.vir
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266767.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266768.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266770.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266771.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266774.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266777.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266778.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266780.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266781.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266782.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266783.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266787.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266788.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266789.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266790.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266791.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266792.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266793.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266794.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266795.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP763\A0266801.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266686.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268154.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268146.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0266005.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0266012.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266041.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268142.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP762\A0266681.EXE
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266043.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Zone Labs\ZoneAlarm\zlclient .exe.vir
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268101.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268102.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268103.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268104.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268105.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268106.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268107.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268108.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268109.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268110.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268111.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268112.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268113.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268114.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268115.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268116.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268117.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268118.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268119.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268120.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268121.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268122.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268123.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268124.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268125.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268126.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268127.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268128.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268129.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268130.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268131.exe
02903521 W32/Trats.B Virus No 0 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP768\A0268132.exe
02907595 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ipydnakh.dll.vir
02907595 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266059.dll
02908062 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qbycqjvw.dll.vir
02908062 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266070.dll
02908063 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dructuux.dll.vir
02908063 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266055.dll
02908065 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aibjtgus.dll.vir
02908065 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266054.dll
02908211 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266067.dll
02908211 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\npkcrfvp.dll.vir
02908215 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP754\A0265894.dll
02909334 Rootkit/Agent.IKR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\DRIVERS\Tablet2kk.sys
02909339 Adware/Maxifiles Adware No 1 Yes No C:\WINDOWS\SYSTEM32\extz1\lovstadcom2.exe
02910322 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266062.dll
02910322 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\otiixewc.dll.vir
02910322 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\kqemkgol.dll.vir
02910322 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266069.dll
02910805 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lwtcrixm.dll.vir
02910805 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lidliloh.dll.vir
02910805 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266064.dll
02910805 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266063.dll
02910851 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wdwqhtob.dll.vir
02910851 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP757\A0266072.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location .3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description .3
;===================================================================================================================================================================================
;===================================================================================================================================================================================

0

That is a bit ugly.... These are the most unsafe of the entries in that log. We can clear the remainder of them easily.
Id Description Type Active Severity Disinfectable Disinfected Location
====================================================
00034463 adware/wupd Adware No 0 Yes No c:\windows\downloaded program files\mediagatewayx.dll
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\mediagatewayx.installer
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_cmdservice
00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\services\cmdservice
00248329 adware/toolbarpartner Adware No 0 Yes No c:\$$$_.log
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Irving Glemaud\Cookies\irving_glemaud@enhance[1].txt
02909334 Rootkit/Agent.IKR Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\DRIVERS\Tablet2kk.sys
02909339 Adware/Maxifiles Adware No 1 Yes No C:\WINDOWS\SYSTEM32\extz1\lovstadcom2.exe

Delete C:\QooBox\
Delete these files:
c:\windows\downloaded program files\mediagatewayx.dll
c:\$$$_.log
C:\WINDOWS\SYSTEM32\DRIVERS\Tablet2kk.sys
C:\WINDOWS\SYSTEM32\extz1\lovstadcom2.exe

==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....
__________________________________________________________
Windows Registry Editor Version 5.00

[-hkey_classes_root\mediagatewayx.installer]
[-hkey_local_machine\system\controlset001\enum\root\legacy_cmdservice]
[-hkey_local_machine\system\controlset001\services\cmdservice]
_________________________________________________________
Now if all those files above deleted successfully:
==You SHOULD clear all your system restore points because some have been infected.... So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.
[[a quick way in is Start > run, paste: control sysdm.cpl,,4 -and OK]]
Now make a fresh, clean restore point: Start > programs > accessories > system tools > system restore and create a restore point now!!
[[the quick way to System Restore is Start > run, paste: %systemroot%\system32\restore\rstrui.exe -and OK]]

Now please run this scan:
==Bitdefender Online Scan using IE only from http://www.bitdefender.com/

0

Okay, I ran the scan but can't post the log since it's in html format.

0

Here's the log, oh and the file it said was infected, I just deleted the whole folder.
BitDefender Online Scanner

Scan report generated at: Thu, Apr 03, 2008 - 20:02:40

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time


01:09:45

Files


166007

Folders


5816

Boot Sectors


3

Archives


3312

Packed Files


5520

Results

Identified Viruses


1

Infected Files


1

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


1

Engines Info

Virus Definitions


1105717

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


41

Unpack plugins


7

E-mail plugins


6

System plugins


5

Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions


Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes


Scanned File


Status

C:\Documents and Settings\Irving Glemaud\My Documents\My Music\DeepPaint\dpaint_2.0.0.23_nonesd.exe=>wise0055


Infected with: Win32.Stration.Gen@mm

C:\Documents and Settings\Irving Glemaud\My Documents\My Music\DeepPaint\dpaint_2.0.0.23_nonesd.exe=>wise0055


Disinfection failed

C:\Documents and Settings\Irving Glemaud\My Documents\My Music\DeepPaint\dpaint_2.0.0.23_nonesd.exe=>wise0055


Deleted

C:\Documents and Settings\Irving Glemaud\My Documents\My Music\DeepPaint\dpaint_2.0.0.23_nonesd.exe


Update failed

0

Ira, if you carries out all the ops in my post above [cleared your restore points, deleted those four files, etc ...] then you should be clean?
To fix your icon get Powertoys for Windows Tweak UI [from M$ or whoever has it when you google for it]. Got it installed? Right, down the bottom to Repair, option you wnat is Rebuild Icons. This will reset your system to use the corect icons from Shell32.
Say how things are...

0

Well, I did everything, and for some reason neither the red x or the digital camera will disappear. I used Windows Tweak UI, and the icons still won't change....I'm going berserk now...

0

Found the icon in shell32!!
Ira, in an explorer window if you go Tools, Folder Options, View tab, uncheck Hide Protected Op SYS files, Apply and OK... do you have a C:\autorun.inf file? If so, drag it into an empty notepad and post it, please. Lastly, check that box again to hide those files.
If you do not have that C:\autorun.inf file then next search [as a word or phrase] your C: drive for :
shell32.dll,240 [stop the search when it gets to C:\Windows... a waste of time]
If it is not found go start, run, type regedit and OK.
Click on My Computer at top, then go Edit, find, type in..
shell32.dll,240
... and tell me the keys it occurs in.

0

? Only a period in the last post? Anyways, I did find an autorun.inf file, and here it is:

[autorun]
open=setup.exe
icon=McAppIns.exe,0
label=VirusScan

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.