camaro1185

here is the log for the hijack this and the combo fix.

ComboFix 08-06-19.2 - varhuem 2008-06-20 8:08:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1391 [GMT -4:00]
Running from: C:\MATT C Drive\ComboFix.exe
Command switches used :: C:\MATT C Drive\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\ayhxxrbt.dll
C:\WINDOWS\system32\dojttunq.dll
C:\WINDOWS\system32\fxjgdkok.dll
C:\WINDOWS\system32\hgGASMdB.dll
C:\WINDOWS\system32\lddwskjf.dll
C:\WINDOWS\system32\mtejfprj.dll
C:\WINDOWS\system32\nbuxtonv.dll
C:\WINDOWS\system32\qhtpgyck.dll
C:\WINDOWS\system32\qqerciqr.dll
C:\WINDOWS\system32\qwhffqyr.dll
C:\WINDOWS\system32\smswifys.dll
C:\WINDOWS\system32\tjrwkjvw.exe
C:\WINDOWS\system32\tplngtmn.dll
C:\WINDOWS\system32\vmmyibyr.exe
C:\WINDOWS\system32\wgtpaita.exe
C:\WINDOWS\system32\wqmjebst.dll
C:\WINDOWS\system32\yxgabave.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMd76bfe83.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ayhxxrbt.dll
C:\WINDOWS\system32\dojttunq.dll
C:\WINDOWS\system32\fxjgdkok.dll
C:\WINDOWS\system32\hgGASMdB.dll
C:\WINDOWS\system32\kQsAyyay.ini
C:\WINDOWS\system32\kQsAyyay.ini2
C:\WINDOWS\system32\lddwskjf.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mtejfprj.dll
C:\WINDOWS\system32\nbuxtonv.dll
C:\WINDOWS\system32\qhtpgyck.dll
C:\WINDOWS\system32\qqerciqr.dll
C:\WINDOWS\system32\qwhffqyr.dll
C:\WINDOWS\system32\smswifys.dll
C:\WINDOWS\system32\tjrwkjvw.exe
C:\WINDOWS\system32\tplngtmn.dll
C:\WINDOWS\system32\utkniphi.ini
C:\WINDOWS\system32\vmmyibyr.exe
C:\WINDOWS\system32\wgtpaita.exe
C:\WINDOWS\system32\wqjvlods.dll
C:\WINDOWS\system32\wqmjebst.dll
C:\WINDOWS\system32\yayyAsQk.dll
C:\WINDOWS\system32\yxgabave.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BMd76bfe83.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aylknvco.dll
C:\WINDOWS\system32\bhyjbnli.dll
C:\WINDOWS\system32\bkbvxcgh.dll
C:\WINDOWS\system32\buewmnky.dll
C:\WINDOWS\system32\bwtavvaw.ini
C:\WINDOWS\system32\djphvggt.ini
C:\WINDOWS\system32\dkipppvp.dll
C:\WINDOWS\system32\DLlUuBeg.ini
C:\WINDOWS\system32\DLlUuBeg.ini2
C:\WINDOWS\system32\eapoytgt.dll
C:\WINDOWS\system32\efmfifoj.dll
C:\WINDOWS\system32\eleeqslf.ini
C:\WINDOWS\system32\emccgrad.dll
C:\WINDOWS\system32\fknuxkvj.ini
C:\WINDOWS\system32\fkuiwjte.ini
C:\WINDOWS\system32\foelccet.exe
C:\WINDOWS\system32\fqvvtejf.dll
C:\WINDOWS\system32\fshwgjmw.dll
C:\WINDOWS\system32\fvavojtx.dll
C:\WINDOWS\system32\geBuUlLD.dll
C:\WINDOWS\system32\ghevlqfo.ini
C:\WINDOWS\system32\gsoyhdrl.ini
C:\WINDOWS\system32\gwmcekuh.ini
C:\WINDOWS\system32\gxieirih.dll
C:\WINDOWS\system32\hldppsti.dll
C:\WINDOWS\system32\hovcgsnu.exe
C:\WINDOWS\system32\hpqqpcch.dll
C:\WINDOWS\system32\hturdljm.dll
C:\WINDOWS\system32\hukecmwg.dll
C:\WINDOWS\system32\hxjdavhe.dll
C:\WINDOWS\system32\hxsxuwlt.dll
C:\WINDOWS\system32\imymxxdk.dll
C:\WINDOWS\system32\ioujeptc.dll
C:\WINDOWS\system32\jcvrcejk.dll
C:\WINDOWS\system32\jdpqpfhj.dll
C:\WINDOWS\system32\jevrxvuw.dll
C:\WINDOWS\system32\jgmgqxyo.exe
C:\WINDOWS\system32\jyknilve.dll
C:\WINDOWS\system32\kbsywbsu.dll
C:\WINDOWS\system32\kkbfueni.dll
C:\WINDOWS\system32\kqvfgrrc.dll
C:\WINDOWS\system32\laoicyaf.dll
C:\WINDOWS\system32\ldapvubl.ini
C:\WINDOWS\system32\lnlsltox.dll
C:\WINDOWS\system32\lsilapab.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdngerwv.exe
C:\WINDOWS\system32\mppuypwg.ini
C:\WINDOWS\system32\mrpaugxr.ini
C:\WINDOWS\system32\myatvapw.dll
C:\WINDOWS\system32\nkedxhlx.dll
C:\WINDOWS\system32\ocgaxpqm.ini
C:\WINDOWS\system32\ocwjkshh.dll
C:\WINDOWS\system32\odwwrhuu.ini
C:\WINDOWS\system32\oqiitkvf.ini
C:\WINDOWS\system32\owqpempy.exe
C:\WINDOWS\system32\oxfibyqs.ini
C:\WINDOWS\system32\pgywdayp.exe
C:\WINDOWS\system32\qdmvntmh.dll
C:\WINDOWS\system32\qksdbcpi.dll
C:\WINDOWS\system32\qyrehyhg.ini
C:\WINDOWS\system32\rfbsoadc.dll
C:\WINDOWS\system32\rmbhmhpj.exe
C:\WINDOWS\system32\rslvlkgp.exe
C:\WINDOWS\system32\TtAHPqru.ini
C:\WINDOWS\system32\TtAHPqru.ini2
C:\WINDOWS\system32\uuhrwwdo.dll
C:\WINDOWS\system32\vahfwjxt.dll
C:\WINDOWS\system32\vdmhddqq.ini
C:\WINDOWS\system32\vmvowmaw.exe
C:\WINDOWS\system32\wdbltxau.dll
C:\WINDOWS\system32\WEfOqXyb.ini
C:\WINDOWS\system32\WEfOqXyb.ini2
C:\WINDOWS\system32\wjkfqkoc.dll
C:\WINDOWS\system32\wmjgwhsf.ini
C:\WINDOWS\system32\wuvxrvej.ini
C:\WINDOWS\system32\xlkhvhlq.dll
C:\WINDOWS\system32\yfwwrwiq.exe
C:\WINDOWS\system32\yjwwprht.dll
C:\WINDOWS\system32\yrvckije.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 07:41 . 2008-06-20 07:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 07:40 . 2008-06-20 07:40 79,360 --a------ C:\WINDOWS\system32\ihpinktu.dll
2008-06-20 07:38 . 2008-06-20 07:38 90,112 --a------ C:\WINDOWS\system32\vrfqmbdx.dll
2008-06-18 22:22 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-18 22:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-18 22:22 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-18 22:22 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-18 14:44 . 2008-06-18 14:44 <DIR> d-------- C:\Program Files\CCleaner
2008-06-18 12:39 . 2008-06-18 14:29 <DIR> d-------- C:\Incomplete
2008-06-18 12:38 . 2008-06-18 14:30 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\LimeWire
2008-06-18 12:37 . 2008-06-18 12:38 <DIR> d-------- C:\Program Files\LimeWire
2008-06-18 11:45 . 2008-06-18 11:45 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\STOPzilla!
2008-06-18 11:44 . 2008-06-18 20:52 <DIR> d-------- C:\Program Files\STOPzilla!
2008-06-18 11:42 . 2008-06-18 11:54 <DIR> d-------- C:\Program Files\Desktop Armor
2008-06-16 18:56 . 2008-06-16 18:57 99 --a------ C:\WINDOWS\WirelessFTP.INI
2008-06-15 12:13 . 2008-06-15 12:13 <DIR> d-------- C:\Program Files\AOD
2008-06-15 12:13 . 2008-06-15 12:13 <DIR> d-------- C:\Program Files\AIM
2008-06-15 12:13 . 2008-06-15 12:14 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\Aim
2008-06-15 12:13 . 2002-12-18 18:46 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-06-15 11:52 . 2008-06-18 20:43 2,397 --a------ C:\WINDOWS\mozver.dat
2008-06-09 15:03 . 2008-06-09 15:03 0 --a------ C:\WINDOWS\MS.INI
2008-06-08 16:26 . 2008-06-08 16:26 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\CiscoCAA
2008-06-08 16:25 . 2008-06-08 16:25 <DIR> d-------- C:\savinstall
2008-06-08 16:25 . 2008-06-08 16:25 <DIR> d-------- C:\Program Files\Cisco Systems
2008-06-02 14:58 . 2008-06-02 15:11 27 --a------ C:\WINDOWS\settings.ini
2008-05-29 15:28 . 2008-05-29 15:28 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\DivX
2008-05-29 15:27 . 2008-05-29 15:27 <DIR> d-------- C:\Program Files\DivX
2008-05-29 15:27 . 2007-07-09 15:07 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-05-29 15:27 . 2007-07-09 15:07 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-05-29 15:23 . 2008-05-29 15:23 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-27 19:57 . 2008-05-27 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-22 13:34 . 2008-05-22 13:34 <DIR> d-------- C:\Program Files\Google
2008-05-22 13:34 . 2008-06-19 07:47 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 21:54 . 2008-06-18 13:37 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\uTorrent
2008-05-21 21:53 . 2008-06-15 12:31 <DIR> d-------- C:\Program Files\uTorrent
2008-05-21 16:18 . 2008-06-19 20:27 476 --a------ C:\WINDOWS\hpbafd.ini
2008-05-21 14:17 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-21 14:16 . 2008-06-16 14:26 <DIR> d-------- C:\Program Files\matlib
2008-05-21 14:15 . 2008-05-21 14:17 <DIR> d-------- C:\MATLIB
2008-05-21 14:15 . 2008-05-21 14:15 78 --a------ C:\WINDOWS\mes.ini
2008-05-21 14:07 . 1996-12-09 13:51 703,984 --a------ C:\WINDOWS\system32\Ss32x25.ocx
2008-05-21 14:07 . 1998-06-24 00:00 260,920 --a------ C:\WINDOWS\system32\MSDATGRD.OCX
2008-05-21 14:07 . 1995-12-04 14:09 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2008-05-21 14:07 . 1998-06-18 00:00 146,944 --a------ C:\WINDOWS\system32\VB6EXT.OLB
2008-05-21 14:01 . 2008-05-21 14:08 <DIR> d-------- C:\Program Files\CAMWorks2008-07
2008-05-21 13:56 . 2008-05-21 13:58 <DIR> d-------- C:\Program Files\CAMWorksFlexLM
2008-05-21 12:38 . 2008-05-21 12:40 <DIR> d-------- C:\Program Files\Winamp
2008-05-21 12:38 . 2008-05-21 12:40 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\Winamp
2008-05-21 09:52 . 2008-05-21 09:52 0 --a------ C:\WINDOWS\system32\history.aaw
2008-05-21 09:51 . 2008-06-15 15:06 153 --a------ C:\WINDOWS\wininit.ini
2008-05-21 09:25 . 2008-05-21 09:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-21 09:25 . 2008-05-21 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-21 09:24 . 2008-05-21 09:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 09:23 . 2008-06-16 14:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-21 09:23 . 2008-06-16 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 15:39 . 2008-05-21 13:48 7,680 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-20 12:14 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-20 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-18 02:08 --------- d-----w C:\Documents and Settings\varhuem\Application Data\U3
2008-06-16 22:28 --------- d-----w C:\Program Files\SolidWorks
2008-06-16 22:27 --------- d-----w C:\Documents and Settings\Default User\Application Data\SolidWorks
2008-06-02 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-21 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 18:04 --------- d-----w C:\Program Files\LMC
2008-05-19 18:04 --------- d-----w C:\Program Files\Common Files\LMC
2008-05-16 23:36 --------- d-----w C:\Program Files\Avanquest update
2008-05-16 23:35 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-05-16 23:34 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-05-16 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-05-16 19:12 --------- d-----w C:\Program Files\Motorola USB Drivers
2008-05-15 19:48 --------- d-----w C:\Program Files\Investintech.com Inc
2008-05-15 00:12 --------- d-----w C:\Documents and Settings\varhuem\Application Data\vlc
2008-05-15 00:11 --------- d-----w C:\Program Files\VideoLAN
2008-05-15 00:11 --------- d-----w C:\Program Files\AIM6
2008-05-15 00:11 --------- d-----w C:\Documents and Settings\varhuem\Application Data\acccore
2008-05-15 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-15 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-15 00:10 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-06 13:29 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-05-06 12:16 --------- d-----w C:\Program Files\Microsoft Works
2008-05-02 14:04 --------- d-----w C:\Documents and Settings\varhuem\Application Data\SolidWorks
2008-05-01 18:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-01 18:32 --------- d-----w C:\Program Files\Common Files\L&H
2008-05-01 18:19 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-01 18:17 --------- d-----w C:\Documents and Settings\setup.WIT-B94B9000F37\Application Data\Autodesk
2008-05-01 18:16 --------- d-----w C:\Program Files\Autodesk
2008-04-30 15:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-30 15:48 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-22 19:31 --------- d-----w C:\Program Files\Java
2008-04-22 19:30 --------- d-----w C:\Program Files\Common Files\Java
2008-04-22 19:15 --------- d-----w C:\Program Files\QuickTime
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\varhuem\Application Data\Apple Computer
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\setup.WIT-B94B9000F37\Application Data\Apple Computer
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\admin\Application Data\Apple Computer
2008-04-22 19:14 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-22 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-17 07:19 737,280 ----a-w C:\WINDOWS\iun6002.exe
2004-03-15 21:51 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 13:36 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 14:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 14:48 133,920 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-20_ 7.37.16.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 11:15:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-20 12:13:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-20 11:33:55 122,312 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-20 11:57:39 122,830 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-20 11:33:55 546,116 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-20 11:57:39 546,992 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-05-23 12:53 68856]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NVHotkey"="nvHotkey.dll" [2007-04-28 19:05 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2007-04-28 19:05 81920 C:\WINDOWS\system32\nvmctray.dll]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-03 20:56 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 19:05 8429568]

C:\Documents and Settings\admin\Start Menu\Programs\Startup\
Shortcut to bg.lnk - C:\Documents and Settings\Administrator\BGinfo\bg.bat [2008-04-17 10:19:11 34]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Shortcut to bg.lnk - C:\Documents and Settings\Administrator\BGinfo\bg.bat [2008-04-17 10:19:11 34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-2746289630-3061505222-2800193894-17919\Scripts\Logon\0\0]
"Script"=\\wit.private\SysVol\wit.private\scripts\ students.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename]
--------- 2004-01-12 16:29 102400 C:\PROGRA~1\AIM\AIMWDI~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-07-02 13:29 159744 C:\Program Files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2007-10-09 19:17 2183168 C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2006-03-07 13:02 53408 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-28 19:05 8429568 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-28 19:05 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-28 19:05 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperProfessional]
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-02-19 14:26 303104 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2004-08-03 20:56 143360 C:\WINDOWS\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2006-03-17 06:34 124656 C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\nipalk.s ys [2007-02-15 22:59]
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\WINDOWS\system32\drivers\nipbcfk.sys [2007-02-15 17:23]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvin tdrv.sys [2007-02-21 10:00]
R2 mxssvr;NI Configuration Manager;"C:\Program Files\National Instruments\MAX\nimxs.exe" [2007-03-20 16:19]
R2 NextMove;NextMove;C:\WINDOWS\system32\drivers\NEXT MOVE.SYS [1999-08-27 09:40]
R2 ni488enumsvc;NI-488.2 Enumeration Service;C:\WINDOWS\system32\nipalsm.exe [2007-02-16 10:21]
R2 niarbk;niarbk;C:\WINDOWS\system32\drivers\niarbk.d ll [2007-02-02 09:36]
R2 nibffrk;nibffrk;C:\WINDOWS\system32\drivers\nibffr k.dll [2007-02-02 09:37]
R2 nidevldu;NI Device Loader;C:\WINDOWS\system32\nipalsm.exe [2007-02-16 10:21]
R2 nimdsk;nimdsk;C:\WINDOWS\system32\drivers\nimdsk.d ll [2007-02-02 09:37]
R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipx irmkl.sys [2007-02-22 11:18]
R2 nistck;nistck;C:\WINDOWS\system32\drivers\nistck.d ll [2007-02-02 09:38]
R2 NITaggerService;National Instruments Variable Engine;"C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe" [2007-02-06 22:47]
R2 NiViPxiK;NI-VISA PXI Driver;C:\WINDOWS\system32\drivers\NiViPxiKl.sys [2007-02-23 10:25]
R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;"C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAlone Slv.exe" [2007-02-27 17:27]
R3 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimkl. sys [2007-02-21 22:20]
R3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbg kl.sys [2007-02-21 21:46]
R3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2 kl.sys [2007-02-21 22:39]
R3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimsts kl.sys [2007-02-25 20:12]
R3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdf kl.sys [2007-02-21 22:10]
R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbkl. sys [2007-02-21 21:39]
S2 Nidaq32k;Nidaq32k;C:\WINDOWS\system32\drivers\Nida q32k.sys [2007-02-02 10:55]
S2 nidmmk;NI DMM and Data Logger Kernel Driver;C:\WINDOWS\system32\drivers\nidmmk.dll [2007-02-02 10:57]
S3 lvalarmk;lvalarmk;C:\WINDOWS\system32\drivers\lval armk.sys [2007-01-11 10:18]
S3 ni1006k;NI PXI-1006 Chassis Pilot;C:\WINDOWS\system32\drivers\ni1006k.sys [2007-02-22 11:40]
S3 ni1045k;NI PXI-1045 Chassis Pilot;C:\WINDOWS\system32\drivers\ni1045kl.sys [2007-02-22 11:43]
S3 ni488lock;NI-488.2 Locking Service;C:\WINDOWS\system32\drivers\ni488lock.sys [2007-02-26 12:40]
S3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrkl. sys [2007-02-22 18:18]
S3 nidmxfk;nidmxfk;C:\WINDOWS\system32\drivers\nidmxf kl.sys [2007-02-25 20:12]
S3 nidsark;nidsark;C:\WINDOWS\system32\drivers\nidsar kl.sys [2007-02-23 17:43]
S3 nidwgk;nidwgk;C:\WINDOWS\system32\drivers\nidwgkl. sys [2007-02-23 22:32]
S3 niemrk;niemrk;C:\WINDOWS\system32\drivers\niemrkl. sys [2007-02-25 19:13]
S3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrkl. sys [2007-02-25 19:13]
S3 nifslk;nifslk;C:\WINDOWS\system32\drivers\nifslkl. sys [2007-02-22 13:21]
S3 nigplk;nigplk;C:\WINDOWS\system32\drivers\nigplkl. sys [2007-02-23 16:20]
S3 nihsdrk;nihsdrk;C:\WINDOWS\system32\drivers\nihsdr kl.sys [2007-02-24 01:10]
S3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdr kl.sys [2007-02-25 20:10]
S3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.d ll [2006-12-18 12:55]
S3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrl k.dll [2006-12-18 12:55]
S3 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpkl. sys [2007-02-22 13:26]
S3 ninshsdk;ninshsdk;C:\WINDOWS\system32\drivers\nins hsdkl.sys [2007-02-23 17:25]
S3 nipalfwedl;nipalfwedl;C:\WINDOWS\system32\drivers\ nipalfwedl.sys [2007-02-15 23:00]
S3 nipalusbedl;nipalusbedl;C:\WINDOWS\system32\driver s\nipalusbedl.sys [2007-02-15 23:00]
S3 nipsdk;nipsdk;C:\WINDOWS\system32\drivers\nipsdkl. sys [2007-02-23 22:19]
S3 nipxigpk;NI PXI Generic Chassis Pilot;C:\WINDOWS\system32\drivers\nipxigpk.sys [2007-02-22 11:45]
S3 nirfsa2k;nirfsa2k;C:\WINDOWS\system32\drivers\nirf sa2kl.sys [2007-02-24 04:19]
S3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdkl. sys [2007-02-26 16:31]
S3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdig kl.sys [2007-02-25 19:11]
S3 nisftk;nisftk;C:\WINDOWS\system32\drivers\nisftkl. sys [2007-02-24 00:17]
S3 nisldk;nisldk;C:\WINDOWS\system32\drivers\nisldkl. sys [2007-02-23 22:05]
S3 nismbusk;nismbusk;C:\WINDOWS\system32\drivers\nism busk.sys [2007-02-22 11:34]
S3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdkl. sys [2007-02-26 16:31]
S3 nisrcdk;nisrcdk;C:\WINDOWS\system32\drivers\nisrcd kl.sys [2007-02-23 22:28]
S3 nissrk;nissrk;C:\WINDOWS\system32\drivers\nissrkl. sys [2007-02-25 19:13]
S3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2 kl.sys [2007-02-22 20:17]
S3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcr kl.sys [2007-02-23 03:14]
S3 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdkl. sys [2007-02-23 20:44]
S3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitior kl.sys [2007-02-23 15:54]
S3 nitnr2k;nitnr2k;C:\WINDOWS\system32\drivers\nitnr2 kl.sys [2007-02-24 00:09]
S3 NiViFWK;NI-VISA FireWire Driver;C:\WINDOWS\system32\drivers\NiViFWKl.sys [2007-02-22 10:42]
S3 NiViPciK;NI-VISA PCI Driver;C:\WINDOWS\system32\drivers\NiViPciKl.sys [2007-02-23 10:25]
S3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrkl. sys [2007-02-25 19:13]
S3 nixsrk;nixsrk;C:\WINDOWS\system32\drivers\nixsrkl. sys [2007-02-25 19:13]
S3 usb6xxxk;usb6xxxk;C:\WINDOWS\system32\drivers\usb6 xxxk.sys [2007-02-25 19:11]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{644520cc-2277-11dd-b316-001e37ed397d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a034b3c6-2665-11dd-b323-001644bc7fc4}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 01:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-19 16:05:00 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-06-20 12:14:01 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 08:14:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
.
************************************************** ************************
.
Completion time: 2008-06-20 8:19:31 - machine was rebooted [varhuem]
ComboFix-quarantined-files.txt 2008-06-20 12:19:23

Pre-Run: 120,213,803,008 bytes free
Post-Run: 120,226,344,960 bytes free

460 --- E O F --- 2008-05-14 20:19:24

camaro1185

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:20, on 2008-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAlone Slv.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\mobsync.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vernier.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://antivirus.wit.edu/webinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wit.private
O17 - HKLM\Software\..\Telephony: DomainName = wit.private
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wit.private
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wit.private
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2007 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAlone Slv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11576 bytes

camaro1185

thanks for the help it seems to be running a lot better now. im gonna see if i get any problems during the day today but it looks good. thanks again.

RAMbam

Get firefox. Use spybot and AVG, its that simple lol

g25racer

No problem! It seems that combofix did its job very well.

__________________
CPU - AMD Athlon 64x2 5200+ @ 2.6ghz
Ram - 2GB Stock clock
HD - 320gb seagate & Samsung 750gb 32mb cache
GPU - XFX 8600GT XXX Zalman @ 680 or 700mhz
PSU - Ultra X-finity 600watt
OS - Vista Home Premium(32) & Ubuntu (8.04) Ultimate Ed
Audio - JVC 460watts
Control - Logitech G25 Wheel & Logitech Rumblepad 2
Games - GTR2 and LFS
-- Race Sim's for Life --

ceewi1

Great, the active infection has been removed. Just a couple of last things that can be removed for cleanup purposes.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:

• O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
  

Please close all open windows except for HijackThis and choose Fix checked

Please delete the following files:
C:\WINDOWS\system32\ihpinktu.dll
C:\WINDOWS\system32\vrfqmbdx.dll

Please click on Start -> Run. Type ComboFix /u and click OK.
Note the space between the ComboFix and the /u
This will remove the backups that ComboFix has created as well as the program itself.



Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths