HELP riddled with Trojans :(

[Hey it's me]

This one I don;t understand. An ANCIENT file!

Scanning of selected files
------------------------------------------------------------------------------------------
Program will try to scan 1 selected file(s) in the Chest

Move files to temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp125161757.tmp
FileID: 0000000038 Original file name: C:\Documents and Settings\Eve\My Documents\pomona\Dolphins\Dolphins and the Military web articles saved\Dolphins of War.mht\PartNo_0#4076310979 New folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp125161757.tmp\38

Scan files in the temporary folder: C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp125161757.tmp
C:\DOCUME~1\Eve\LOCALS~1\Temp\_avast4_\unp125161757.tmp\38 VBS:Malware-gen
------------------------------------------------------------------------------------------
Action was completed successfully!

 

[GameMaster]

Oh come on lol, you spammed the whole thread.
Relax, if only you've read the lines you would see the -No virus- at the end.
Please tell me is your system running any better now? Should be because the SDFix has removed much of the nasties.
Also I have a speech here for you.
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

uTorrent

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.


Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you wish to keep them, please do not use them until your computer is cleaned.

Shortly, I want you to delete the P2P sharing programs ( all that you have installed ) and then we can continue fixing your computer ( if any remnants left ).
Good luck

 

[GameMaster]

And there are some remnants, sorry. Please, if you are able, delete the P2P program and do the following:
Please visit this webpage for instructions for downloading ComboFix at your DESKTOP:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

 

[Hey it's me]

ok, working on it. ARGH! I did say I have a "BIT" of a "Torren-tial" addiction. I'm deleting Utorrent. I'll be back soon. please don;t go away. Thanks!

 

[Hey it's me]

here's a report combofix generated. is this what i was supposed to post?

ComboFix 08-03-17.1 - Eve 2008-03-17 17:36:01.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.855 [GMT -5:00]
Running from: C:\Documents and Settings\Eve\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-17 16:50 . 2008-03-17 16:50 <DIR> d----c--- C:\WINDOWS\LastGood
2008-03-15 19:18 . 2008-03-15 19:18 <DIR> d----c--- C:\Program Files\Trend Micro
2008-03-15 18:29 . 2006-03-18 06:09 613,376 --a--c--- C:\WINDOWS\system32\XFlower.dll
2008-03-13 16:35 . 2008-03-13 16:35 <DIR> d----c--- C:\Program Files\Windows Sidebar
2008-03-13 16:35 . 2008-03-13 16:40 <DIR> d----c--- C:\Program Files\Norton AntiVirus
2008-03-13 16:35 . 2008-03-13 16:36 123,952 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-13 16:35 . 2008-03-13 16:36 60,800 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-13 16:35 . 2008-03-13 16:36 10,563 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-13 16:35 . 2008-03-13 16:36 805 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-13 13:21 . 2008-03-13 13:21 <DIR> d----c--- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-02-28 13:28 . 2005-07-19 23:05 135,168 --a--c--- C:\WINDOWS\system32\igfxres.dll
2008-02-28 13:27 . 2007-12-04 08:04 837,496 --a--c--- C:\WINDOWS\system32\aswBoot.exe
2008-02-28 13:27 . 2004-01-09 04:13 380,928 --a--c--- C:\WINDOWS\system32\actskin4.ocx
2008-02-28 13:27 . 2007-12-04 07:54 95,608 --a--c--- C:\WINDOWS\system32\AvastSS.scr
2008-02-28 13:21 . 2004-08-10 06:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-02-28 13:20 . 2004-08-10 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-02-28 13:19 . 2004-08-10 06:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-02-28 13:18 . 2008-02-28 13:18 316,640 --a--c--- C:\WINDOWS\WMSysPr9.prx
2008-02-28 13:18 . 2008-02-28 13:18 23,392 --a--c--- C:\WINDOWS\system32\nscompat.tlb
2008-02-28 13:18 . 2008-02-28 13:18 16,832 --a--c--- C:\WINDOWS\system32\amcompat.tlb
2008-02-28 13:18 . 2008-02-28 13:18 0 --a--c--- C:\WINDOWS\control.ini
2008-02-28 13:13 . 2008-02-28 13:13 749 -rah-c--- C:\WINDOWS\WindowsShell.Manifest
2008-02-28 13:13 . 2008-02-28 13:13 749 -rah-c--- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-02-28 13:13 . 2008-02-28 13:13 749 -rah-c--- C:\WINDOWS\system32\sapi.cpl.manifest
2008-02-28 13:13 . 2008-02-28 13:13 749 -rah-c--- C:\WINDOWS\system32\nwc.cpl.manifest
2008-02-28 13:13 . 2008-02-28 13:13 749 -rah-c--- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-02-28 13:13 . 2008-02-28 13:13 488 -rah-c--- C:\WINDOWS\system32\logonui.exe.manifest
2008-02-28 13:12 . 2004-08-10 06:00 188,416 --a--c--- C:\WINDOWS\system32\msh261.drv
2008-02-28 13:12 . 2004-08-10 06:00 118,784 --a--c--- C:\WINDOWS\system32\msg723.acm
2008-02-28 13:12 . 2004-08-10 06:00 48,680 ---hsc--- C:\WINDOWS\winnt256.bmp
2008-02-28 13:12 . 2004-08-10 06:00 48,680 ---hsc--- C:\WINDOWS\winnt.bmp
2008-02-28 13:12 . 2004-08-10 06:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-02-28 13:12 . 2004-08-10 06:00 2 --a--c--- C:\WINDOWS\system32\desktop.ini
2008-02-28 13:12 . 2004-08-10 06:00 2 --a--c--- C:\WINDOWS\desktop.ini
2008-02-28 13:07 . 2008-02-28 13:07 <DIR> d----c--- C:\WINDOWS\system32\FxsTmp
2008-02-28 13:07 . 2008-02-28 13:07 34,380 --a--c--- C:\WINDOWS\system32\emptyregdb.dat
2008-02-28 13:07 . 2008-02-28 13:07 37 --a--c--- C:\WINDOWS\vbaddin.ini
2008-02-28 13:07 . 2008-02-28 13:07 36 --a--c--- C:\WINDOWS\vb.ini
2008-02-28 13:05 . 2004-08-10 06:00 345,088 --a--c--- C:\WINDOWS\system32\hypertrm.dll
2008-02-28 12:55 . 2004-08-10 06:00 2,008,817 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-02-28 12:54 . 2004-08-10 06:00 1,086,058 -ra--c--- C:\WINDOWS\SETD7.tmp
2008-02-28 12:54 . 2004-08-10 06:00 106,147 -ra--c--- C:\WINDOWS\SETD4.tmp
2008-02-28 12:54 . 2004-08-10 06:00 13,753 -ra--c--- C:\WINDOWS\SETE3.tmp
2008-02-28 07:49 . 2008-02-28 13:24 238 --a--c--- C:\WINDOWS\system32\$winnt$.inf
2008-02-24 20:33 . 2007-07-30 19:19 271,224 --a--c--- C:\WINDOWS\system32\mucltui.dll
2008-02-24 20:33 . 2007-07-30 19:19 30,072 --a--c--- C:\WINDOWS\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 21:56 --------- dc----w C:\Documents and Settings\Eve\Application Data\MailWasherPro
2008-03-15 18:06 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-03-13 21:38 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-13 21:36 --------- dc----w C:\Program Files\Symantec
2008-03-13 20:38 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-03-13 20:38 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-13 20:28 --------- dc----w C:\Documents and Settings\Eve\Application Data\Symantec
2008-03-13 20:27 --------- dc----w C:\Program Files\Azureus
2008-03-13 18:11 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 18:11 --------- dc----w C:\Documents and Settings\Eve\Application Data\SUPERAntiSpyware.com
2008-03-13 18:09 --------- dc----w C:\Program Files\CCleaner
2008-02-25 02:29 --------- dc----w C:\Documents and Settings\Eve\Application Data\Azureus
2008-02-08 23:29 --------- dc----w C:\Program Files\MSECACHE
2008-02-06 18:43 579,464 -c--a-w C:\WINDOWS\system32\SymNeti.dll
2008-02-06 18:43 31,408 -c--a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-02-06 18:43 207,240 -c--a-w C:\WINDOWS\system32\SymRedir.dll
2008-02-06 18:43 13,021 -c--a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-02-05 16:34 96,432 -c--a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-02-05 16:34 41,008 -c--a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-02-05 16:34 38,576 -c--a-w C:\WINDOWS\system32\drivers\symids.sys
2008-02-05 16:34 37,424 -c--a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-02-05 16:34 22,320 -c--a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-02-05 16:34 188,464 -c--a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-02-05 16:34 13,616 -c--a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-02-05 16:34 1,612 -c--a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-02-04 17:27 1,430 -c--a-w C:\WINDOWS\system32\drivers\srtspl.inf
2008-02-04 17:27 1,421 -c--a-w C:\WINDOWS\system32\drivers\srtspx.inf
2008-02-04 17:27 1,415 -c--a-w C:\WINDOWS\system32\drivers\srtsp.inf
2008-02-01 19:55 10,549 -c--a-w C:\WINDOWS\system32\drivers\srtspx.cat
2008-02-01 19:55 10,549 -c--a-w C:\WINDOWS\system32\drivers\srtspl.cat
2008-02-01 19:55 10,545 -c--a-w C:\WINDOWS\system32\drivers\srtsp.cat
2008-02-01 06:02 --------- dc----w C:\Program Files\Soulseek
2008-01-31 22:51 43,696 -c--a-w C:\WINDOWS\system32\drivers\srtspx.sys
2008-01-31 22:51 317,616 -c--a-w C:\WINDOWS\system32\drivers\srtspl.sys
2008-01-31 22:51 279,088 -c--a-w C:\WINDOWS\system32\drivers\srtsp.sys
2008-01-31 22:04 --------- dc----w C:\Documents and Settings\All Users\Application Data\Creative
2008-01-31 22:03 --------- dc----w C:\Program Files\Dell
2008-01-30 02:22 --------- dc----w C:\Program Files\Motorola Phone Tools
2008-01-29 23:12 --------- dc----w C:\Program Files\SmitfraudFix
2008-01-29 23:09 --------- dc----w C:\Program Files\Flash
2008-01-29 23:09 --------- dc----w C:\Program Files\Comodo
2008-01-29 22:27 --------- dc----w C:\Program Files\FireTrust
2008-01-19 14:20 --------- dc----w C:\Program Files\itunes
2008-01-18 21:01 --------- dc----w C:\Program Files\iPod
2008-01-18 20:58 --------- dc----w C:\Program Files\QuickTime
2008-01-17 23:06 --------- dc----w C:\Program Files\SUPERAntiSpyware
2008-01-17 14:05 --------- dc----w C:\Program Files\Foxit Software
2008-01-17 13:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\BOC425
2007-12-04 14:56 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-12-21 03:27 92,064 -c--a-w C:\Documents and Settings\Eve\mqdmmdm.sys
2006-12-21 03:27 9,232 -c--a-w C:\Documents and Settings\Eve\mqdmmdfl.sys
2006-12-21 03:27 79,328 -c--a-w C:\Documents and Settings\Eve\mqdmserd.sys
2006-12-21 03:27 66,656 -c--a-w C:\Documents and Settings\Eve\mqdmbus.sys
2006-12-21 03:27 6,208 -c--a-w C:\Documents and Settings\Eve\mqdmcmnt.sys
2006-12-21 03:27 5,936 -c--a-w C:\Documents and Settings\Eve\mqdmwhnt.sys
2006-12-21 03:27 4,048 -c--a-w C:\Documents and Settings\Eve\mqdmcr.sys
2006-12-21 03:27 25,600 -c--a-w C:\Documents and Settings\Eve\usbsermptxp.sys
2006-12-21 03:27 22,768 -c--a-w C:\Documents and Settings\Eve\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-13 16:37 116088 --a--c--- C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\Avast4\ALWILS~1\ashDisp.exe" [2007-12-04 08:00 79224]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 23:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 23:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 23:10 114688]
"SigmatelSysTrayApp"="stsystra.exe" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-06 22:49 718704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-10 05:00 44544]

C:\Documents and Settings\Eve\Start Menu\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [2008-01-29 17:27:41 5661184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\auto.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cross.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Discovery.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guangd.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SDGames.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\servet.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ShuiNiu.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sos.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\svch0st.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Systom.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TNT.Exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TxoMoU.Exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UFO.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Wsyscheck.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\XP.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe]
Debugger=C:\WINDOWS\system32\Flower.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SAC-Desktop-Alert.lnk]
backup=C:\WINDOWS\pss\SAC-Desktop-Alert.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eve^Start Menu^Programs^Startup^Norton Disk Doctor.LNK]
backup=C:\WINDOWS\pss\Norton Disk Doctor.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a--c--- 2007-04-27 16:17 50736 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BOC-425]
--a--c--- 2007-11-26 10:38 342272 C:\PROGRA~1\Comodo\CBOClean\BOC425.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--a--c--- 2004-07-30 11:04 245760 C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a--c--- 2005-02-23 16:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a--c--- 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a--c--- 2007-02-15 06:00 179200 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a--c--- 2003-09-03 20:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCamPro.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a--c--- 2007-07-18 20:04 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\itunes\\iTunes.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"%windir%\\system32\\sessmgr.exe"=

R2 NMSAccessU;NMSAccessU;C:\Program Files\iDumpPro\NMSAccessU.exe [2007-10-12 04:34]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 13:43]
S2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-29 20:55]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 13:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 20:46:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-13 21:40:04 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Eve.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 17:38:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-17 17:39:30
.
2008-03-17 21:55:24 --- E O F ---

 

[GameMaster]

Fine, thanks.
Now let's try some more things.
F-Secure Online Scan

Scan online using F-Secure Online Scanner Next Generation using Internet Explorer
http://support.f-secure.com/enu/home/ols3.shtml

• Click on the link "F-Secure Online Scanner Next Generation".
• You may receive an alert on the address bar at this point to install the ActiveX control.
• Click on that alert and then Click Insall ActiveX component.
• Read the license agreement and click "Accept".
• Click "Full System Scan" to download the scanning components and begin scan and cleaning.
• When done click "Show report" and copy/paste its contents into your next reply.

 

[Hey it's me]

GM, While I'm doing the F-Secure thing can you tell me if it matters that AVAST has put the Trojans and viruses in its "CHEST"? I mean is it protected in their? AM I supposed to press something in the AVAST program to "delete" those files that are infected?

 

[GameMaster]

As long as the files/malwares are in the chest the PC should be relatively safe.
Please, when done scanning, post the F-Secure log; I realise it may take long, so take your time.
I think I will most likely be able to answer to you tomorrow.

 

[Hey it's me]

OK, I understand, I'm hoping it will finish before you have to go to sleep (I see you're in completely different Time zone!). I have moved to my (borrowed) laptop so the desktop can ONLY focus on the F-Secure scan. I'm not going to be home with my desktop tomorrow (Tuesday EST), but I'll be back on it Wednesday. This is frustrating. I know...it's my own fault. I thought I had the issue covered. I was scanning the downloaded items every time before opening them. Hey! BTW, can you see I have TWO hard drives in the reports? I mean, is it possible to have my "other" hard drive infected and have the computer report it? I guess it would say if the issue was in the C drive or (what i have named) Shenanigans Padunkadunk (my "other" hard drive.)

 

[Hey it's me]

F-Secure report

Scanning Report
Monday, March 17, 2008 17:54:50 - 19:06:28

Computer name: DESKTOP
Scanning type: Scan system for malware, rootkits
Target: C:\ E:\
Result: 2 malware found
RiskTool.Win32.Reboot (spyware)

* System

Tracking Cookie (spyware)

* System

Statistics
Scanned:

* Files: 49912
* System: 3602
* Not scanned: 9

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{79B3A11B-972A-4BD6-BA69-C14957A5E81A}.BIN
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3AD391678A806EC4D691E83AAA393B6F_5B150187-0F05-4C72-917C-77C8E6964AC4

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Blacklight: 1.0.64
* F-Secure Hydra: 2.8.8110, 2008-03-17
* F-Secure Pegasus: 1.20.0, 2008-02-07
* F-Secure AVP: 7.0.171, 2008-03-17

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

 

[Vizy]

man that looks scary

 

[GameMaster]

man that looks scary

Not at all.

OK, I've analysed it. The scan found two malwares, both spywares.
I will only suggest you a Spybot search and destroy and you can do a scan and fix with it when on your (infected) computer.

Apart from that, the system is definetely clean.

Spybot Search & Destroy

Spybot S&D is available from here.

Download and Install Spybot S&D (if you haven't already), accept the Default Settings
In the Menu Bar at the top of the Spybot window you will see Mode.
Make certain that 'Default Mode has a check mark beside it.
Close ALL windows except Spybot S&D
Click the button to 'Search for Updates' then download and install the updates.
-----------------------------
Next click the button 'Check for Problems'
When Spybot is complete, it will be showing 'RED' entries bold 'BLACK' entries and 'GREEN' entries in the window
Make certain there is a check mark beside all of the RED entries ONLY.
Choose 'Fix Selected Problems' and allow Spybot to fix the RED entries.

 

[Hey it's me]

Game Master, Thanks so much for the help. you were a HUGE help. I think I'm cleaned up now. Not quite sure, but things seem to be moving better. I was using AVAST and Norton 2008. Now I'm planning on using only NAV 2006. Hopefully that will be good enough. I want to sell this Dell soon and get a Mac anyway.

 

[konsole]

dang you got a ton of programs install there. Not that there creating any negative performance but looks like you could free up some of that space.