[evilfantasy]

Open Hijackthis and select Do a system scan only then place a check mark next to:

• O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\sjmxcfmu.dll
• O20 - Winlogon Notify: tuvsqpq - tuvsqpq.dll (file missing)
• O20 - Winlogon Notify: yaywuvw - yaywuvw.dll (file missing)

Close all windows except for Hijackthis and click Fix checked.

----------

Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)

• Link #1
• Link #2
• Link #3

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  • Click this link to see a list of security programs that should be disabled and how to disable them.
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
• Double click combofix.exe & follow the prompts.
  • Choose Yes to accept the Disclaimers.[
• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

If needed, see this Combofix tutorial with screenshots that will detail the downloading and running of combofix more thoroughly.

----------

Next post add
Combofix log
Let me know how things are now

[RB211]

Computer is running alot better right now..

Next Log:

ComboFix 08-04-04.1 - Danny 2008-04-05 11:10:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1352 [GMT 1:00]
Running from: C:\Documents and Settings\Danny\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\kmd.exe
C:\Temp\isgTi19
C:\WINDOWS\BMafb2445c.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\pxmbopvh.dll
C:\WINDOWS\system32\rrqss.ini2
.
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.
2008-04-05 10:37 . 2008-04-05 10:37 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-05 10:33 . 2008-04-05 10:33 <DIR> d-------- C:\sdfix
2008-04-05 10:07 . 2008-04-05 10:20 <DIR> d-------- C:\VundoFix Backups
2008-04-05 09:24 . 2008-04-05 09:24 <DIR> d-------- C:\Program Files\Safari
2008-04-05 09:23 . 2008-04-05 10:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 09:23 . 2008-04-05 09:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 09:22 . 2008-04-05 09:22 <DIR> d-------- C:\Program Files\iTunes
2008-04-05 09:22 . 2008-04-05 09:22 <DIR> d-------- C:\Program Files\iPod
2008-04-05 08:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-05 08:35 . 2008-04-05 08:36 <DIR> d-------- C:\Program Files\Java
2008-04-05 08:35 . 2008-04-05 08:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-05 08:19 . 2008-04-05 08:37 <DIR> d-------- C:\Documents and Settings\Danny\.SunDownloadManager
2008-04-04 22:56 . 2008-04-04 22:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-04 22:56 . 2008-04-04 22:56 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-04 22:56 . 2008-04-04 22:56 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Malwarebytes
2008-04-04 22:56 . 2008-04-04 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-04 20:19 . 2008-04-04 20:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-04 20:19 . 2008-04-04 20:19 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\SUPERAntiSpyware.com
2008-04-04 20:19 . 2008-04-04 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-04 20:08 . 2008-04-04 20:08 <DIR> d-------- C:\Program Files\CCleaner
2008-04-04 18:41 . 2008-04-04 18:45 <DIR> d-------- C:\Program Files\123 OutLook Express Backup
2008-04-04 18:14 . 2008-04-04 18:14 53,312 --a------ C:\WINDOWS\system32\sjmxcfmu.dll
2008-04-03 23:02 . 2008-04-03 23:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-04-03 23:02 . 2008-04-03 23:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-04-03 19:44 . 2008-04-03 19:44 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\PCToolsSpamMonitorPlus
2008-04-03 19:44 . 2008-04-03 19:44 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\PCToolsFirewallPlus
2008-04-03 19:37 . 2008-04-04 19:31 <DIR> d-------- C:\Program Files\PC Tools Internet Security
2008-04-03 19:37 . 2008-04-04 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-03 17:34 . 2008-04-03 17:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-04-03 17:34 . 2008-04-03 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-03 17:33 . 2008-04-03 17:33 <DIR> dr-hs---- C:\_Backup.RC
2008-04-03 17:33 . 2008-04-03 17:33 <DIR> d--h----- C:\_Backup
2008-04-03 17:29 . 2008-04-03 17:29 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Avanquest
2008-04-03 17:28 . 2008-04-03 17:28 <DIR> d-------- C:\Program Files\Avanquest
2008-04-02 20:05 . 2008-04-02 20:05 <DIR> d-------- C:\Documents and Settings\Roz\Application Data\Grisoft
2008-04-02 18:02 . 2006-02-28 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-02 17:59 . 2008-04-02 17:59 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-02 17:59 . 2008-04-02 17:59 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-02 17:59 . 2008-04-02 17:59 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-02 17:59 . 2008-04-02 17:59 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-02 17:59 . 2008-04-02 17:59 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-01 22:29 . 2008-04-01 22:29 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Grisoft
2008-04-01 22:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-01 20:26 . 2008-04-01 20:26 <DIR> d-------- C:\Documents and Settings\Roz\Application Data\Apple Computer
2008-04-01 18:49 . 2008-04-01 18:49 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-01 17:51 . 2002-07-01 01:00 162,816 --a------ C:\WINDOWS\system32\wget.exe
2008-04-01 17:51 . 2002-12-04 01:00 125,744 --a------ C:\WINDOWS\system32\pslist.exe
2008-03-31 21:24 . 2008-03-31 23:08 6,616 --ahs---- C:\WINDOWS\system32\vvvwa.ini
2008-03-31 17:57 . 2008-03-31 17:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SPAMfighter
2008-03-30 21:07 . 2008-03-30 21:07 26,624 --a------ C:\Documents and Settings\Danny\file.exe
2008-03-30 11:25 . 2008-03-30 11:26 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Media Player Classic
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 21:37 . 2008-04-04 19:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 19:49 . 2008-03-24 19:59 <DIR> d-------- C:\Program Files\AirCfgChecker
2008-03-21 19:31 . 2008-03-21 20:03 <DIR> d-------- C:\Program Files\AI Flight Creator
2008-03-21 17:08 . 2008-03-21 17:08 <DIR> d-------- C:\Program Files\FS Panel Studio
2008-03-15 20:15 . 2008-03-15 20:15 <DIR> d-------- C:\Program Files\SnapShot
2008-03-15 15:28 . 2008-03-15 15:28 <DIR> d-------- C:\Program Files\MP3 Rocket
2008-03-15 15:28 . 2008-03-15 15:28 <DIR> d-------- C:\Program Files\AskSBar
2008-03-15 15:28 . 2008-04-03 22:04 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\MP3Rocket
2008-03-08 20:15 . 2008-03-08 20:15 <DIR> d-------- C:\New Folder
2008-03-08 16:57 . 2008-03-18 23:10 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-08 16:50 . 2008-03-08 16:50 <DIR> d-------- C:\Valve
2008-03-08 11:38 . 2008-03-08 20:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-05 11:57 . 2008-03-05 12:00 <DIR> d-------- C:\Program Files\vasfmc-2.0a5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-05 10:11 --------- d-----w C:\Documents and Settings\Danny\Application Data\DNA
2008-04-05 09:48 --------- d-----w C:\Program Files\SPAMfighter
2008-04-05 08:24 --------- d-----w C:\Documents and Settings\Danny\Application Data\Apple Computer
2008-04-05 08:22 --------- d-----w C:\Program Files\QuickTime
2008-04-05 07:00 --------- d-----w C:\Documents and Settings\Danny\Application Data\AVG7
2008-04-04 22:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-04 19:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 17:32 --------- d-----w C:\Documents and Settings\Roz\Application Data\AVG7
2008-04-03 18:39 --------- d-----w C:\Documents and Settings\Danny\Application Data\BitTorrent
2008-04-01 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-31 16:57 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-29 14:22 1,328 ----a-w C:\FSUIPC_reg.bin
2008-03-25 19:26 --------- d-----w C:\Program Files\hp deskjet 970c series
2008-03-24 19:00 --------- d-----w C:\Program Files\Logitech
2008-03-08 09:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 07:41 --------- d-----w C:\Program Files\BitTorrent
2008-03-04 21:39 1,690 ----a-w C:\Program Files\INSTALL.LOG
2008-03-02 12:17 --------- d-----w C:\Program Files\Microsoft Hardware
2008-02-23 08:35 --------- d-----w C:\Program Files\FrostWire
2008-02-23 08:23 --------- d-----w C:\Documents and Settings\Roz\Application Data\ICQ
2008-02-22 21:57 --------- d-----w C:\Documents and Settings\Danny\Application Data\FrostWire
2008-02-16 16:14 --------- d-----w C:\Program Files\LimeWire
2008-02-16 16:11 --------- d-----w C:\Documents and Settings\Danny\Application Data\LimeWire
2008-02-11 11:03 286,720 ----a-w C:\WINDOWS\iun506.exe
2008-02-11 10:06 --------- d-----w C:\Program Files\ImTOO
2008-02-10 10:55 --------- d-----w C:\Documents and Settings\Danny\Application Data\Image Zone Express
2008-02-08 19:52 --------- d-----w C:\Documents and Settings\Danny\Application Data\ICQ
2008-02-06 18:28 --------- d-----w C:\Program Files\Avex
2008-02-06 18:27 --------- d-----w C:\Program Files\Cucusoft
2008-02-05 16:58 --------- d-----w C:\Program Files\Trend Micro
2008-01-26 23:58 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-01-26 15:03 155,995 ----a-w C:\WINDOWS\java\Packages\C37BLNDB.ZIP
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-15 15:28 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-15 15:28 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-27 00:14 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-27 19:01 288576]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"C6501Sound"="c6501.cpl" []
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-12-07 07:59 935936]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.ex e" [2003-12-09 13:03 57344]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 17:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"MediaLifeService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 22:23 110739]
"Samsung LBP SM"="C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 10:40 266240]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 14:48 509224]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 18:03 308880]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 14:34 936960]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 12:06 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb04.exe" [2001-11-29 20:44 196608]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-04 22:19 579072]
"SideWinderTrayV4"="C:\PROGRA~1\MI948F~1\GAMECO~1\ Common\SWTrayV4.exe" [2000-06-28 16:41 24649]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 20:13 988584]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 20:01 1037736]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-04 18:58 219136]
C:\Documents and Settings\Danny\Start Menu\Programs\Startup\
MP3 Rocket (Minimized).lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe [2007-11-13 18:27:06 116224]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2008-01-28 15:17:53 217088]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2003-12-16 12:03:04 434176]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"vidc.LEAD"= LCODCCMP.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
--a------ 2006-07-31 21:00 19857408 C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 AMDRAIDXpert;AMD RAIDXpert;"C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe" -s raidxpert.wrapper.conf []
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 18:03]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 02:42]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 15:02]
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Danny\LOCALS~1\Temp\ cusbohcn.sys []
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\Ma ilScan.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-24 20:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Danny.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 11:14:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
.
************************************************** ************************
.
Completion time: 2008-04-05 11:18:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-05 10:18:33
Pre-Run: 139,065,184,256 bytes free
Post-Run: 139,019,829,248 bytes free
.
2008-04-05 02:00:22 --- E O F ---

[evilfantasy]

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

Killall::
Folder::
C:\Documents and Settings\All Users\Application Data\TEMP
File::
C:\WINDOWS\system32\sjmxcfmu.dll
C:\WINDOWS\system32\vvvwa.ini
C:\Documents and Settings\Danny\file.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

[RB211]

OK Next log:

ComboFix 08-04-04.1 - Danny 2008-04-05 23:20:28.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1460 [GMT 1:00]
Running from: C:\Documents and Settings\Danny\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Danny\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Documents and Settings\Danny\file.exe
C:\WINDOWS\system32\sjmxcfmu.dll
C:\WINDOWS\system32\vvvwa.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data\TEMP\430C6D84.TMP
C:\Documents and Settings\Danny\file.exe
C:\WINDOWS\system32\sjmxcfmu.dll
C:\WINDOWS\system32\vvvwa.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-05 to 2008-04-05 )))))))))))))))))))))))))))))))
.
2008-04-05 10:37 . 2008-04-05 10:37 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-05 10:33 . 2008-04-05 10:33 <DIR> d-------- C:\sdfix
2008-04-05 10:07 . 2008-04-05 10:20 <DIR> d-------- C:\VundoFix Backups
2008-04-05 09:24 . 2008-04-05 09:24 <DIR> d-------- C:\Program Files\Safari
2008-04-05 09:23 . 2008-04-05 20:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 09:23 . 2008-04-05 09:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 09:22 . 2008-04-05 09:22 <DIR> d-------- C:\Program Files\iTunes
2008-04-05 09:22 . 2008-04-05 09:22 <DIR> d-------- C:\Program Files\iPod
2008-04-05 08:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-05 08:35 . 2008-04-05 08:36 <DIR> d-------- C:\Program Files\Java
2008-04-05 08:35 . 2008-04-05 08:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-05 08:19 . 2008-04-05 08:37 <DIR> d-------- C:\Documents and Settings\Danny\.SunDownloadManager
2008-04-04 22:56 . 2008-04-04 22:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-04 22:56 . 2008-04-04 22:56 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-04 22:56 . 2008-04-04 22:56 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Malwarebytes
2008-04-04 22:56 . 2008-04-04 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-04 20:19 . 2008-04-04 20:19 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-04 20:19 . 2008-04-04 20:19 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\SUPERAntiSpyware.com
2008-04-04 20:19 . 2008-04-04 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-04 20:08 . 2008-04-04 20:08 <DIR> d-------- C:\Program Files\CCleaner
2008-04-04 18:41 . 2008-04-04 18:45 <DIR> d-------- C:\Program Files\123 OutLook Express Backup
2008-04-03 23:02 . 2008-04-03 23:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsSpamMonitorPlus
2008-04-03 23:02 . 2008-04-03 23:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PCToolsFirewallPlus
2008-04-03 19:44 . 2008-04-03 19:44 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\PCToolsSpamMonitorPlus
2008-04-03 19:44 . 2008-04-03 19:44 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\PCToolsFirewallPlus
2008-04-03 19:37 . 2008-04-04 19:31 <DIR> d-------- C:\Program Files\PC Tools Internet Security
2008-04-03 19:37 . 2008-04-04 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-03 17:34 . 2008-04-03 17:34 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-04-03 17:34 . 2008-04-03 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-03 17:33 . 2008-04-03 17:33 <DIR> dr-hs---- C:\_Backup.RC
2008-04-03 17:33 . 2008-04-03 17:33 <DIR> d--h----- C:\_Backup
2008-04-03 17:29 . 2008-04-03 17:29 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Avanquest
2008-04-03 17:28 . 2008-04-03 17:28 <DIR> d-------- C:\Program Files\Avanquest
2008-04-02 20:05 . 2008-04-02 20:05 <DIR> d-------- C:\Documents and Settings\Roz\Application Data\Grisoft
2008-04-02 18:02 . 2006-02-28 13:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-04-02 17:59 . 2008-04-02 17:59 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-04-02 17:59 . 2008-04-02 17:59 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-04-02 17:59 . 2008-04-02 17:59 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-04-02 17:59 . 2008-04-02 17:59 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-04-02 17:59 . 2008-04-02 17:59 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-04-01 22:29 . 2008-04-01 22:29 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Grisoft
2008-04-01 22:29 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-01 20:26 . 2008-04-01 20:26 <DIR> d-------- C:\Documents and Settings\Roz\Application Data\Apple Computer
2008-04-01 18:49 . 2008-04-01 18:49 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-01 17:51 . 2002-07-01 01:00 162,816 --a------ C:\WINDOWS\system32\wget.exe
2008-04-01 17:51 . 2002-12-04 01:00 125,744 --a------ C:\WINDOWS\system32\pslist.exe
2008-03-31 17:57 . 2008-03-31 17:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SPAMfighter
2008-03-30 11:25 . 2008-03-30 11:26 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\Media Player Classic
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-24 19:49 . 2008-03-24 19:59 <DIR> d-------- C:\Program Files\AirCfgChecker
2008-03-21 19:31 . 2008-03-21 20:03 <DIR> d-------- C:\Program Files\AI Flight Creator
2008-03-21 17:08 . 2008-03-21 17:08 <DIR> d-------- C:\Program Files\FS Panel Studio
2008-03-15 20:15 . 2008-03-15 20:15 <DIR> d-------- C:\Program Files\SnapShot
2008-03-15 15:28 . 2008-03-15 15:28 <DIR> d-------- C:\Program Files\MP3 Rocket
2008-03-15 15:28 . 2008-03-15 15:28 <DIR> d-------- C:\Program Files\AskSBar
2008-03-15 15:28 . 2008-04-03 22:04 <DIR> d-------- C:\Documents and Settings\Danny\Application Data\MP3Rocket
2008-03-08 20:15 . 2008-03-08 20:15 <DIR> d-------- C:\New Folder
2008-03-08 16:57 . 2008-03-18 23:10 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-08 16:50 . 2008-03-08 16:50 <DIR> d-------- C:\Valve
2008-03-08 11:38 . 2008-03-08 20:16 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-05 11:57 . 2008-03-05 12:00 <DIR> d-------- C:\Program Files\vasfmc-2.0a5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-05 22:16 --------- d-----w C:\Documents and Settings\Danny\Application Data\DNA
2008-04-05 19:40 --------- d-----w C:\Program Files\SPAMfighter
2008-04-05 19:40 --------- d-----w C:\Documents and Settings\Roz\Application Data\AVG7
2008-04-05 12:05 --------- d-----w C:\Program Files\BAVOSP
2008-04-05 08:24 --------- d-----w C:\Documents and Settings\Danny\Application Data\Apple Computer
2008-04-05 08:22 --------- d-----w C:\Program Files\QuickTime
2008-04-05 07:00 --------- d-----w C:\Documents and Settings\Danny\Application Data\AVG7
2008-04-04 22:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-04 19:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-03 18:39 --------- d-----w C:\Documents and Settings\Danny\Application Data\BitTorrent
2008-04-01 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-31 16:57 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-29 14:22 1,328 ----a-w C:\FSUIPC_reg.bin
2008-03-25 19:26 --------- d-----w C:\Program Files\hp deskjet 970c series
2008-03-24 19:00 --------- d-----w C:\Program Files\Logitech
2008-03-08 09:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 07:41 --------- d-----w C:\Program Files\BitTorrent
2008-03-04 21:39 1,690 ----a-w C:\Program Files\INSTALL.LOG
2008-03-02 12:17 --------- d-----w C:\Program Files\Microsoft Hardware
2008-02-23 08:35 --------- d-----w C:\Program Files\FrostWire
2008-02-23 08:23 --------- d-----w C:\Documents and Settings\Roz\Application Data\ICQ
2008-02-22 21:57 --------- d-----w C:\Documents and Settings\Danny\Application Data\FrostWire
2008-02-16 16:14 --------- d-----w C:\Program Files\LimeWire
2008-02-16 16:11 --------- d-----w C:\Documents and Settings\Danny\Application Data\LimeWire
2008-02-11 11:03 286,720 ----a-w C:\WINDOWS\iun506.exe
2008-02-11 10:06 --------- d-----w C:\Program Files\ImTOO
2008-02-10 10:55 --------- d-----w C:\Documents and Settings\Danny\Application Data\Image Zone Express
2008-02-08 19:52 --------- d-----w C:\Documents and Settings\Danny\Application Data\ICQ
2008-02-06 18:28 --------- d-----w C:\Program Files\Avex
2008-02-06 18:27 --------- d-----w C:\Program Files\Cucusoft
2008-02-05 16:58 --------- d-----w C:\Program Files\Trend Micro
2008-01-26 23:58 796,672 ----a-w C:\WINDOWS\GPInstall.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-05_11.18.25.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-05 09:47:32 59,780 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-05 10:17:46 59,780 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-05 09:47:32 397,560 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-05 10:17:46 397,560 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-15 15:28 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-15 15:28 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-01-27 00:14 68856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-27 19:01 288576]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"C6501Sound"="c6501.cpl" []
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-12-07 07:59 935936]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.ex e" [2003-12-09 13:03 57344]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 17:35 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"MediaLifeService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 22:23 110739]
"Samsung LBP SM"="C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 10:40 266240]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 14:48 509224]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 18:03 308880]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 14:34 936960]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 12:06 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb04.exe" [2001-11-29 20:44 196608]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-04 22:19 579072]
"SideWinderTrayV4"="C:\PROGRA~1\MI948F~1\GAMECO~1\ Common\SWTrayV4.exe" [2000-06-28 16:41 24649]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 20:13 988584]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 20:01 1037736]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-04 18:58 219136]
C:\Documents and Settings\Danny\Start Menu\Programs\Startup\
MP3 Rocket (Minimized).lnk - C:\Program Files\MP3 Rocket\MP3Rocket.exe [2007-11-13 18:27:06 116224]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2008-01-28 15:17:53 217088]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2003-12-16 12:03:04 434176]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"vidc.LEAD"= LCODCCMP.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
--a------ 2006-07-31 21:00 19857408 C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 AMDRAIDXpert;AMD RAIDXpert;"C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe" -s raidxpert.wrapper.conf []
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2008-01-02 18:03]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [2007-07-10 02:42]
R3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 15:02]
S3 cusbohcn;cusbohcn;C:\DOCUME~1\Danny\LOCALS~1\Temp\ cusbohcn.sys []
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\Ma ilScan.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-24 20:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Danny.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 23:24:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AMD\RAIDXpert\_jvm\bin\java.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
.
************************************************** ************************
.
Completion time: 2008-04-05 23:28:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-05 22:28:37
ComboFix2.txt 2008-04-05 10:18:36
Pre-Run: 139,929,350,144 bytes free
Post-Run: 139,905,179,648 bytes free
.
2008-04-05 02:00:22 --- E O F ---

[evilfantasy]

OK, we are getting closer to ridding everything now. Need to do a thorough cleaning and then run another scan to make sure nothing is hiding.

----------

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.

• Under the Main tab, put a check next to Select All.
  Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
• If you use the Firefox browser:
  Click on Firefox at the top and put a check next to Select All.
  If you would like to keep your saved passwords, click No at the prompt.
  Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)
• If you use the Opera browser:
  Click on Opera at the top and put a check next to Select All.
  If you would like to keep your saved passwords, click No at the prompt.
  Click the Empty Selected button. (Note: if you remove cookies, automated login at forums and sites will be disabled. If you do not want this, uncheck Cookies)

Important: Restart the computer before continuing.

----------
This scanner works with Internet Explorer only
Go to the BitDefender Online Scanner
Click I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report



When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save



This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)

This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

This log will be huge and must be added as an attachment.

• Click the button, or if replying to an existing thread click the button
• Scroll down to Manage Attachments
• A window will open up.
• Click the Browse... button and find the file
• Then double click it to add it.
• Click the Upload button
• Wait until you see the file in Current Attachments .
• Close the Manage Attachments window
• The attachment will be added in the post.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us

Attach the bdscan.txt in the next post.

How is everything now?

[RB211]

I think the Bitedefender site is down....

[RB211]

Save as box would not let me change the log file to txt? What next?
Cheers

[evilfantasy]

Just go ahead and attach it.

[RB211]

It wont attach. Says invalid file etc only takes jpegs, txt etc

[evilfantasy]

Go here http://savefile.com/

You don't need to register. Upload the file and post the link to it back here.

If that doesn't work then just copy and paste it into the thread. Use two posts if needed.