Real PC amateur... Need help with virus on PC. I've read the diagnositics on forum and
completed scans and logs as requested. Could really use help in trying to rid myself of these nasties.

First I have a
Red X next to my C: Drive,
Next when I log on i get 2 pops.

C:/windoows/system32/lxcowlfy.dll and / or
C:/windows/system32/spsaykqh.dll

and in my documents. I have hundreds of POS. files . Can someone help me remove ?

please review the attached logs

hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:48 PM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\orz.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\flashupdate20080416.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\realplayerupdate20080811.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {049B9FF0-9159-47EB-ADB2-6F53D7786F51} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26F36617-35CC-487E-AFFE-800CCBE16815} - C:\WINDOWS\system32\mljji.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GloveBHO - {9782d730-5648-4eb0-ab4e-fe82f580485a} - C:\Program Files\Glove\Glove.dll (file missing)
O2 - BHO: (no name) - {99EA4FC4-63CD-44B9-BB5A-EFDD451A7572} - C:\WINDOWS\system32\mlJYrpPF.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C8DC3782-A647-86E1-1795-A48F05562999} - C:\WINDOWS\system32\odo.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [a426f2d8] rundll32.exe "C:\WINDOWS\system32\lxcowlfy.dll",b
O4 - HKLM\..\Run: [GoogleUpdate] C:\Program Files\Internet Explorer\orz.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Logan Z\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: jyqemblz - jyqemblz.dll (file missing)
O20 - Winlogon Notify: pmnnmmn - pmnnmmn.dll (file missing)
O20 - Winlogon Notify: rqRLfDvS - rqRLfDvS.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 12024 bytes

Recommended Answers

All 5 Replies

download ComboFix
When you begin the download you may see a security warning. Click Save and save it to the desktop.
Once Combofix appears on the desktop then FIRST do the following;
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Once you click that Combofix Icon you may get another security warning
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
The scan will take awhile so be patient. Be sure NOT to touch the computer until the program has completed it's scan.
If you see your Windows desktop disappear, do not worry or the clock change time. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format.
NOTE; Remember DO NOT TOUCH the computer, keyboard or mouse while the program is running as it will interfere with the proper running of the program.
Once it is complete come back here and post that combofix log.

thanks and sorry for late reply

combofix log
ComboFix 08-08-12.01 - Gregg Z 2008-08-13 12:36:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.470 [GMT -4:00]
Running from: C:\Documents and Settings\Gregg Z\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gregg Z\Application Data\macromedia\Flash Player\#SharedObjects\75MPPBJ7\interclick.com
C:\Documents and Settings\Gregg Z\Application Data\macromedia\Flash Player\#SharedObjects\75MPPBJ7\interclick.com\ud.sol
C:\Documents and Settings\Gregg Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Gregg Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Laurie Z\Application Data\FunWebProducts
C:\Documents and Settings\Laurie Z\Application Data\FunWebProducts\Data\Laurie Z\avatar.dat
C:\Documents and Settings\Laurie Z\Application Data\FunWebProducts\Data\Laurie Z\zbucks.dat
C:\Documents and Settings\Laurie Z\Application Data\macromedia\Flash Player\#SharedObjects\RYCGABJ7\interclick.com
C:\Documents and Settings\Laurie Z\Application Data\macromedia\Flash Player\#SharedObjects\RYCGABJ7\interclick.com\ud.sol
C:\Documents and Settings\Laurie Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Laurie Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Taylor Z\Application Data\FNTS~1
C:\Documents and Settings\Taylor Z\Application Data\FunWebProducts
C:\Documents and Settings\Taylor Z\Application Data\FunWebProducts\Data\Taylor Z\avatar.dat
C:\Documents and Settings\Taylor Z\Application Data\FunWebProducts\Data\Taylor Z\register.dat
C:\Documents and Settings\Taylor Z\Application Data\FunWebProducts\Data\Taylor Z\zbucks.dat
C:\Documents and Settings\Taylor Z\Application Data\install.dat
C:\Documents and Settings\Taylor Z\Application Data\macromedia\Flash Player\#SharedObjects\6QR3FXV3\interclick.com
C:\Documents and Settings\Taylor Z\Application Data\macromedia\Flash Player\#SharedObjects\6QR3FXV3\interclick.com\ud.sol
C:\Documents and Settings\Taylor Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Taylor Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Taylor Z\Application Data\PPPATC~1
C:\Documents and Settings\Taylor Z\My Documents\SSTEM~1
C:\Documents and Settings\Taylor Z\My Documents\SSTEM~1\s?stem\
C:\Documents and Settings\Taylor Z\My Documents\YMBOLS~1
C:\Documents and Settings\Z Family\Application Data\FunWebProducts
C:\Documents and Settings\Z Family\Application Data\FunWebProducts\Data\Z Family\avatar.dat
C:\Documents and Settings\Z Family\Application Data\FunWebProducts\Data\Z Family\register.dat
C:\Documents and Settings\Z Family\Application Data\FunWebProducts\Data\Z Family\zbucks.dat
C:\Documents and Settings\Z Family\Application Data\macromedia\Flash Player\#SharedObjects\YPKEWGNL\interclick.com
C:\Documents and Settings\Z Family\Application Data\macromedia\Flash Player\#SharedObjects\YPKEWGNL\interclick.com\ud.sol
C:\Documents and Settings\Z Family\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Z Family\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\sks~1
C:\Program Files\Drmupgds
C:\Program Files\ecurit~1
C:\Program Files\racle~1
C:\temp\iee
C:\Temp\isgTi19
C:\WINDOWS\ecurit~1
C:\WINDOWS\system32\absftiuv.ini
C:\WINDOWS\system32\agvhiyar.ini
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\attfpuyh.ini
C:\WINDOWS\system32\BHNUvGgh.ini
C:\WINDOWS\system32\BHNUvGgh.ini2
C:\WINDOWS\system32\bhxvujxx.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cnvrkqak.ini
C:\WINDOWS\system32\cqklpwpk.ini
C:\WINDOWS\system32\cvpwmryl.ini
C:\WINDOWS\system32\dcucarka.ini
C:\WINDOWS\system32\dhfqsbih.ini
C:\WINDOWS\system32\dpuuadsa.ini
C:\WINDOWS\system32\efttyljx.ini
C:\WINDOWS\system32\ewjarpmt.ini
C:\WINDOWS\system32\fcylxhnm.ini
C:\WINDOWS\system32\ffloyurk.ini
C:\WINDOWS\system32\fgqnpeop.ini
C:\WINDOWS\system32\FPprYJlm.ini
C:\WINDOWS\system32\FPprYJlm.ini2
C:\WINDOWS\system32\gesqtskk.ini
C:\WINDOWS\system32\gfhrcppf.ini
C:\WINDOWS\system32\gicruxym.ini
C:\WINDOWS\system32\hbftkaqr.ini
C:\WINDOWS\system32\hbsfwsea.ini
C:\WINDOWS\system32\hdkgdprc.ini
C:\WINDOWS\system32\hyngkjlh.ini
C:\WINDOWS\system32\idwyankp.ini
C:\WINDOWS\system32\IhRqAcdd.ini
C:\WINDOWS\system32\IhRqAcdd.ini2
C:\WINDOWS\system32\iiygfniy.ini
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\imahecii.ini
C:\WINDOWS\system32\iuxfyhol.ini
C:\WINDOWS\system32\ivetlpme.ini
C:\WINDOWS\system32\jipwfoih.ini
C:\WINDOWS\system32\jjPrAcdd.ini
C:\WINDOWS\system32\jjPrAcdd.ini2
C:\WINDOWS\system32\jvrgbmak.ini
C:\WINDOWS\system32\kbigkfbu.ini
C:\WINDOWS\system32\khuyxcwc.ini
C:\WINDOWS\system32\kuirwsjh.ini
C:\WINDOWS\system32\laewkabv.ini
C:\WINDOWS\system32\lhkqfkpg.ini
C:\WINDOWS\system32\lqgacexk.ini
C:\WINDOWS\system32\lxorutni.ini
C:\WINDOWS\system32\masltafp.ini
C:\WINDOWS\system32\mcqslspu.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mtvsuwph.ini
C:\WINDOWS\system32\mxfufkxr.ini
C:\WINDOWS\system32\mximximf.ini
C:\WINDOWS\system32\newqibke.ini
C:\WINDOWS\system32\nmdntdsc.ini
C:\WINDOWS\system32\nrlmkxry.ini
C:\WINDOWS\system32\nxtcijgu.ini
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\offhnibf.ini
C:\WINDOWS\system32\ogdupvpe.ini
C:\WINDOWS\system32\orjflgek.ini
C:\WINDOWS\system32\ourvvxyp.ini
C:\WINDOWS\system32\owdotjuk.ini
C:\WINDOWS\system32\pbcwqcbu.ini
C:\WINDOWS\system32\prvegbxa.ini
C:\WINDOWS\system32\PXEhRXyb.ini
C:\WINDOWS\system32\PXEhRXyb.ini2
C:\WINDOWS\system32\qdigvsfm.ini
C:\WINDOWS\system32\qeyvoeob.ini
C:\WINDOWS\system32\qlwcwrgh.ini
C:\WINDOWS\system32\qnnlotlp.ini
C:\WINDOWS\system32\qrqxvbis.ini
C:\WINDOWS\system32\rrobjcff.ini
C:\WINDOWS\system32\sausmxbg.ini
C:\WINDOWS\system32\sbgjuhxt.ini
C:\WINDOWS\system32\sdkfslmv.ini
C:\WINDOWS\system32\sjasicuq.ini
C:\WINDOWS\system32\sjyvvyvc.ini
C:\WINDOWS\system32\sqkfvjfg.ini
C:\WINDOWS\system32\stem32~1
C:\WINDOWS\system32\tfrgrnmj.ini
C:\WINDOWS\system32\tpxgqdau.ini
C:\WINDOWS\system32\tvdshxri.ini
C:\WINDOWS\system32\twagyhdq.ini
C:\WINDOWS\system32\uaynswnt.ini
C:\WINDOWS\system32\uyupgxsm.ini
C:\WINDOWS\system32\vatraggg.ini
C:\WINDOWS\system32\vgsvhoiq.ini
C:\WINDOWS\system32\vkenfyhq.ini
C:\WINDOWS\system32\vlcaedsi.ini
C:\WINDOWS\system32\wjjdhunn.ini
C:\WINDOWS\system32\wkqxrttp.ini
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\xjohtpes.ini
C:\WINDOWS\system32\xjpnhfuc.ini
C:\WINDOWS\system32\xoesieub.ini
C:\WINDOWS\system32\yeoedqrd.ini
C:\WINDOWS\system32\yflwocxl.ini
C:\WINDOWS\system32\yfyjqdqb.ini
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ymryiyvo.ini
C:\WINDOWS\system32\yshdewnl.ini
C:\WINDOWS\system32\yxytbmkx.ini
C:\WINDOWS\system32\yyklupiy.ini
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-11 15:24 . 2008-08-11 15:24 <DIR> d-------- C:\Deckard
2008-08-11 14:01 . 2008-08-11 15:10 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-10 21:57 . 2008-08-10 21:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 21:57 . 2008-08-10 21:57 <DIR> d-------- C:\Documents and Settings\Gregg Z\Application Data\Malwarebytes
2008-08-10 21:57 . 2008-08-10 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 21:57 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-10 21:57 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 19:20 . 2008-08-10 19:20 <DIR> d-------- C:\Documents and Settings\Laurie Z\Application Data\Symantec
2008-08-10 18:29 . 2008-08-10 18:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-08 23:04 . 2008-08-08 23:04 <DIR> d-------- C:\Documents and Settings\Taylor Z\Application Data\Symantec
2008-08-07 23:23 . 2008-08-07 23:23 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-08-07 23:22 . 2008-08-07 23:49 <DIR> d-------- C:\Program Files\Norton 360
2008-08-07 23:21 . 2008-08-07 23:34 <DIR> d-------- C:\Program Files\Symantec
2008-08-07 23:21 . 2008-08-08 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-07 23:21 . 2008-08-07 23:34 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-07 23:21 . 2008-08-07 23:34 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-07 23:21 . 2008-08-07 23:34 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-07 23:21 . 2008-08-07 23:34 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-07 23:14 . 2008-08-13 12:42 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-07 23:10 . 2008-08-07 23:27 <DIR> d-------- C:\Documents and Settings\Gregg Z\Application Data\Symantec
2008-08-07 21:04 . 2008-08-07 21:04 37 --a------ C:\WINDOWS\marscam.ini
2008-08-07 14:35 . 2008-08-07 14:37 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-08-07 11:17 . 2008-08-07 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-08-06 23:38 . 2008-08-06 23:38 <DIR> d-------- C:\Program Files\VnrBlock
2008-07-16 04:01 . 2008-07-16 04:01 2,340 --a------ C:\links.html
2008-07-15 22:02 . 2008-07-16 14:42 2,174 ---hs---- C:\WINDOWS\system32\oxhyrwes.ini
2008-07-15 21:57 . 2008-07-15 21:57 1,590 ---hs---- C:\WINDOWS\system32\htpqnagr.ini
2008-07-14 22:41 . 2008-07-25 14:56 <DIR> d-------- C:\WINDOWS\system32\olixds01
2008-07-13 16:00 . 2008-07-13 16:00 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-08 02:00 --------- d-----w C:\Program Files\Yahoo!
2008-08-08 01:55 --------- d-----w C:\Documents and Settings\Gregg Z\Application Data\Yahoo!
2008-08-08 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-08 01:54 --------- d-----w C:\Program Files\Viewpoint
2008-08-08 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-08 01:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-08 01:50 --------- d-----w C:\Program Files\GameSpy Arcade
2008-08-08 01:49 --------- d-----w C:\Program Files\GemMaster
2008-08-07 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-04 03:35 --------- d-----w C:\Program Files\LimeWire
2008-07-30 21:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-30 19:32 --------- d-----w C:\Program Files\Google
2008-07-18 03:05 --------- d-----w C:\Documents and Settings\Gregg Z\Application Data\AVGTOOLBAR
2008-07-16 13:49 --------- d-----w C:\Documents and Settings\Laurie Z\Application Data\AVGTOOLBAR
2008-07-09 05:27 --------- d-----w C:\Documents and Settings\Taylor Z\Application Data\Apple Computer
2008-06-28 23:49 --------- d-----w C:\Documents and Settings\Z Family\Application Data\Apple Computer
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 18:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 18:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 18:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 18:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 18:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 18:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 18:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 18:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 18:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 18:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-02-17 17:49 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48 36975]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 09:50 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 22:05 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 09:50 131072]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-01 09:40 26112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 14:38 69632]
"dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 15:03 425984]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-26 21:15 29744]
"GoogleUpdate"="C:\Program Files\Internet Explorer\orz.EXE" [2008-08-03 19:51 176128]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 15:37 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 10:50 988512]
"P17Helper"="P17.dll" [2004-06-10 17:51 60928 C:\WINDOWS\system32\P17.dll]

C:\Documents and Settings\Gregg Z\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-15 14:29:57 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-14 14:13:05 125624]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 12:59:36 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 15:37]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-26 21:15]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 16:12]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-10 06:00]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{049B9FF0-9159-47EB-ADB2-6F53D7786F51} - C:\WINDOWS\system32\mljji.dll
BHO-{26F36617-35CC-487E-AFFE-800CCBE16815} - C:\WINDOWS\system32\mljji.dll
BHO-{9782d730-5648-4eb0-ab4e-fe82f580485a} - C:\Program Files\Glove\Glove.dll
BHO-{99EA4FC4-63CD-44B9-BB5A-EFDD451A7572} - C:\WINDOWS\system32\mlJYrpPF.dll
BHO-{C8DC3782-A647-86E1-1795-A48F05562999} - C:\WINDOWS\system32\odo.dll
HKLM-Run-a426f2d8 - C:\WINDOWS\system32\lxcowlfy.dll
Notify-jyqemblz - jyqemblz.dll
Notify-pmnnmmn - pmnnmmn.dll
Notify-rqRLfDvS - rqRLfDvS.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://my.att.net/
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
O8 -: &Search
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Logan Z\Start Menu\Programs\IMVU\Run IMVU.lnk

O16 -: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
C:\WINDOWS\Downloaded Program Files\install.inf
C:\WINDOWS\Downloaded Program Files\GoogleGadgetPluginIEWin.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 12:45:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
GoogleUpdate = C:\Program Files\Internet Explorer\orz.EXE??????????????X9??????(????????????????????????????????=???????????????????????@@@?????????????A??(?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Internet Explorer\javaupdate20080409.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\visualbasicupdate20080409.exe
C:\Program Files\Internet Explorer\acdseeupdate20080415.exe
C:\Program Files\Internet Explorer\flashupdate20080416.exe
C:\Program Files\Internet Explorer\realplayerupdate20080811.exe
.
**************************************************************************
.
Completion time: 2008-08-13 12:49:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-13 16:49:06

Pre-Run: 119,296,086,016 bytes free
Post-Run: 119,208,882,176 bytes free

375 --- E O F --- 2008-08-10 07:06:01

Run the ESET Online Scanner again and have it FIX anything found.
Then run a new HiJackThis scan please and post that new log and the ESET Scanner log?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:48 PM, on 8/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\orz.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GoogleUpdate] C:\Program Files\Internet Explorer\orz.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Logan Z\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 10738 bytes

Where is the ESET Scanner log?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.