HiJackThis Help

rationalthinking

rationalthinking

New Member
Logfile of HijackThis v1.99.1
Scan saved at 4:07:15 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hpmvmlgv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomehomepage.com/newsletter.php?list=laughnetwork
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\kljiddjj.dll",sitypnow
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140243586140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144096988906
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\hpmvmlgv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)



Can anyone find anything out of the ordinary?
 
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\kljiddjj.dll",sitypnow
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
 
There's more going on here than that. Please download the latest version of HijackThis from http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe and save it to a permenant folder on your computer. Please rename the file to scanner.exe (or anything else that's not HijackThis.exe).

Please download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log from the new & renamed version of HijackThis.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:43 AM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jerry.DFKZWZ81\My Documents\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomehomepage.com/newsletter.php?list=laughnetwork
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D00D130-05E3-496D-A235-70A2D6C7C1BE} - C:\WINDOWS\Help\SBSI\smvcnifo.dll (file missing)
O2 - BHO: (no name) - {2784D530-4F37-43FD-B2C4-38DD075AC2F4} - C:\WINDOWS\system32\cmprop.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B14ED26F-A523-4A6B-AA96-39ED8A52DD5d} - C:\WINDOWS\system32\jvmtnfrg.dll
O2 - BHO: (no name) - {BCB63CCF-D248-4504-8628-9C37C7A7C5Ca} - C:\WINDOWS\system32\iwerskgy.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140243586140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144096988906
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.fgnetbet.com/fg/fe/images/common/banner.jpg

--
End of file - 7069 bytes




VundoFix V6.5.10

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 6:55:11 AM 10/24/2007

Listing files found while scanning....

C:\WINDOWS\Help\SBSI\ofincvms.bak1
C:\WINDOWS\Help\SBSI\ofincvms.bak2
C:\WINDOWS\Help\SBSI\ofincvms.ini
C:\WINDOWS\Help\SBSI\ofincvms.ini2
C:\WINDOWS\Help\SBSI\ofincvms.tmp
C:\WINDOWS\Help\SBSI\smvcnifo.dll
C:\windows\system32\ahvwqafi.dll
C:\windows\system32\aseushux.exe
C:\windows\system32\atcdqfin.exe
C:\windows\system32\awcyjimg.exe
C:\windows\system32\awtgtulk.exe
C:\windows\system32\beyunnat.exe
C:\windows\system32\bhnfycqh.dll
C:\windows\system32\blaxfoce.exe
C:\windows\system32\boumjdnf.ini
C:\windows\system32\bvkivafc.exe
C:\windows\system32\cbtifgia.exe
C:\windows\system32\cccqotaa.exe
C:\windows\system32\cjrrlhjt.exe
C:\windows\system32\cqdcawmp.ini
C:\windows\system32\dbghqocs.ini
C:\windows\system32\dmpegulg.exe
C:\windows\system32\dwpgpref.exe
C:\windows\system32\dxackrwc.exe
C:\windows\system32\efmdlqou.dll
C:\windows\system32\efumxxjq.exe
C:\windows\system32\ehhnwqbu.dll
C:\windows\system32\ekdpcgbj.exe
C:\windows\system32\ekwgcafs.dll
C:\windows\system32\elmcdnbx.ini
C:\windows\system32\fbpoogfm.dll
C:\WINDOWS\system32\fcxdyyba.dll
C:\windows\system32\fjkwrfck.exe
C:\windows\system32\fndjmuob.dll
C:\windows\system32\fpswwkhi.dll
C:\windows\system32\futucwnw.dll
C:\windows\system32\gbbwvexj.dll
C:\windows\system32\gdyxpgfd.exe
C:\windows\system32\gncvfuui.ini
C:\windows\system32\gqscseqe.exe
C:\windows\system32\hcjovswv.exe
C:\windows\system32\hnukfcrx.exe
C:\windows\system32\ifaqwvha.ini
C:\windows\system32\ihkwwspf.ini
C:\windows\system32\iluimfgr.exe
C:\windows\system32\imoeweks.ini
C:\windows\system32\isuiywgn.exe
C:\windows\system32\iuufvcng.dll
C:\windows\system32\jfimqyou.ini
C:\windows\system32\jjddijlk.ini
C:\windows\system32\jrolnvjm.dll
C:\windows\system32\jubebpvx.dll
C:\windows\system32\kbitjvev.exe
C:\windows\system32\kivgilnr.exe
C:\WINDOWS\system32\kljiddjj.dll
C:\windows\system32\kpiqvbdf.exe
C:\windows\system32\kxuilgnc.dll
C:\windows\system32\logrghhq.exe
C:\windows\system32\lxhlyflm.exe
C:\windows\system32\mgwtfjhn.dll
C:\windows\system32\miehygon.exe
C:\windows\system32\mjvnlorj.ini
C:\windows\system32\mlvnjtyy.exe
C:\windows\system32\mpnlugyk.exe
C:\windows\system32\ncuufbfv.exe
C:\windows\system32\nhjftwgm.ini
C:\windows\system32\nifsdmiy.exe
C:\windows\system32\nllvttgu.exe
C:\windows\system32\ntbiqowl.exe
C:\windows\system32\oglyqnof.exe
C:\windows\system32\oiusabhb.exe
C:\windows\system32\opewrcmg.exe
C:\windows\system32\ordqdfjo.exe
C:\WINDOWS\system32\pijjfwbh.dll
C:\windows\system32\pkhhiwjj.exe
C:\windows\system32\pmwacdqc.dll
C:\windows\system32\pwyhmdke.exe
C:\windows\system32\qcvxnemq.dll
C:\windows\system32\qhpervis.ini
C:\windows\system32\qmenxvcq.ini
C:\windows\system32\qmwcudif.exe
C:\WINDOWS\system32\qryfkhrw.dll
C:\windows\system32\qxwepuql.dll
C:\windows\system32\scoqhgbd.dll
C:\windows\system32\sfacgwke.ini
C:\windows\system32\sfrcvrxi.exe
C:\windows\system32\sivrephq.dll
C:\windows\system32\skeweomi.dll
C:\windows\system32\sosvjpqk.exe
C:\windows\system32\tchlnwkl.dll
C:\windows\system32\thulwfxn.exe
C:\windows\system32\uegglors.exe
C:\windows\system32\uiqkmjpy.ini
C:\windows\system32\ujsttxok.exe
C:\windows\system32\ukxjyxli.exe
C:\windows\system32\uoyqmifj.dll
C:\WINDOWS\system32\uprmdhry.dll
C:\windows\system32\vflfqjwj.dll
C:\windows\system32\vfxtfecp.exe
C:\windows\system32\vjisohvh.exe
C:\windows\system32\vrgdkiju.exe
C:\WINDOWS\system32\wfucmlkg.dll
C:\windows\system32\wfyltcid.exe
C:\windows\system32\wglaoyoh.exe
C:\windows\system32\wixintqh.exe
C:\windows\system32\wnwcutuf.ini
C:\windows\system32\wrknbvgy.exe
C:\windows\system32\xbndcmle.dll
C:\windows\system32\xchvdvns.dll
C:\windows\system32\xgglipew.exe
C:\windows\system32\xreaqstp.dll
C:\windows\system32\yilgnhmj.exe
C:\windows\system32\ykfoeaap.exe
C:\windows\system32\ypepvwbu.exe
C:\windows\system32\ypjmkqiu.dll
C:\windows\system32\yyyxioje.exe
 
I have to work/sleep sometime you know :D.

1. Please download this file - Combofix to your desktop
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply together with a new HijackThis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
ComboFix 07-10-25.1 - Jerry 2007-10-24 17:43:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.207 [GMT -5:00]
Running from: C:\Documents and Settings\Jerry.DFKZWZ81\My Documents\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jerry.DFKZWZ81\err.log
C:\Documents and Settings\Jerry\Application Data\install.dat
C:\WA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\dat.txt
C:\WINDOWS\main_uninstaller.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\sounddrv.dll
C:\WINDOWS\soundplugin.dll
C:\WINDOWS\system32\afdiqoyq.exe
C:\WINDOWS\system32\akdyfkya.dll
C:\WINDOWS\system32\akqmfran.exe
C:\WINDOWS\system32\alqywvcn.exe
C:\WINDOWS\system32\aoklvpby.exe
C:\WINDOWS\system32\avgxdyhw.dll
C:\WINDOWS\system32\awcexepi.exe
C:\WINDOWS\system32\bcnhbohm.exe
C:\WINDOWS\system32\bwwcesis.dll
C:\WINDOWS\system32\calmdlsn.exe
C:\WINDOWS\system32\cbdydmkp.exe
C:\WINDOWS\system32\cfpokoaj.exe
C:\WINDOWS\system32\ciienmsw.exe
C:\WINDOWS\system32\cjlemnxn.exe
C:\WINDOWS\system32\cpriftdg.exe
C:\WINDOWS\system32\cshbnulm.exe
C:\WINDOWS\system32\cynlaarb.dll
C:\WINDOWS\system32\dhsusqsf.exe
C:\WINDOWS\system32\dhusxssg.exe
C:\WINDOWS\system32\dmafmnwq.exe
C:\WINDOWS\system32\drivers\thwfiqqc.sys
C:\WINDOWS\system32\drivers\zvlowdne.sys
C:\WINDOWS\system32\dvejcjuy.exe
C:\WINDOWS\system32\eawdfwni.exe
C:\WINDOWS\system32\efqksghj.exe
C:\WINDOWS\system32\epbjoqqc.exe
C:\WINDOWS\system32\errykhnh.exe
C:\WINDOWS\system32\extlekit.exe
C:\WINDOWS\system32\fdyyvypi.dll
C:\WINDOWS\system32\ffxwrlnn.exe
C:\WINDOWS\system32\fwyxsbqo.exe
C:\WINDOWS\system32\fyprkuap.dll
C:\WINDOWS\system32\gnffvkuk.exe
C:\WINDOWS\system32\gthuankl.exe
C:\WINDOWS\system32\gukgtvbd.exe
C:\WINDOWS\system32\gwhvwigx.exe
C:\WINDOWS\system32\hdkausaj.exe
C:\WINDOWS\system32\hivdpsor.exe
C:\WINDOWS\system32\hjqrpiyp.exe
C:\WINDOWS\system32\hpglwosd.exe
C:\WINDOWS\system32\hpjlghir.exe
C:\WINDOWS\system32\hrrvgreo.exe
C:\WINDOWS\system32\htidrvbh.exe
C:\WINDOWS\system32\ifkmdtrc.dll
C:\WINDOWS\system32\iorhvfnf.exe
C:\WINDOWS\system32\iotgfxgw.exe
C:\WINDOWS\system32\ivecfnli.exe
C:\WINDOWS\system32\iymavxpr.exe
C:\WINDOWS\system32\jbgnjrya.exe
C:\WINDOWS\system32\jfpuyadn.exe
C:\WINDOWS\system32\jlkmgtfp.exe
C:\WINDOWS\system32\jvmtnfrg.dll
C:\WINDOWS\system32\kawbpopi.exe
C:\WINDOWS\system32\kgykgwrm.exe
C:\WINDOWS\system32\lafbmicy.exe
C:\WINDOWS\system32\lggwptwe.dll
C:\WINDOWS\system32\lhjbhlfp.exe
C:\WINDOWS\system32\ljkloqhq.exe
C:\WINDOWS\system32\llqqcbvu.exe
C:\WINDOWS\system32\lnrrmilr.exe
C:\WINDOWS\system32\ltiwuyyn.exe
C:\WINDOWS\system32\lwihgymp.exe
C:\WINDOWS\system32\mkrrtouo.exe
C:\WINDOWS\system32\mloeihhr.exe
C:\WINDOWS\system32\niksmmiy.exe
C:\WINDOWS\system32\nuscpejk.exe
C:\WINDOWS\system32\nvfxevvf.exe
C:\WINDOWS\system32\nxnwjpbq.exe
C:\WINDOWS\system32\olimqoym.exe
C:\WINDOWS\system32\pbxuxmkb.exe
C:\WINDOWS\system32\pdmpdbbt.exe
C:\WINDOWS\system32\phhhwmtl.exe
C:\WINDOWS\system32\pstylvra.exe
C:\WINDOWS\system32\qdnopcuy.exe
C:\WINDOWS\system32\qdrycgpc.exe
C:\WINDOWS\system32\qfgrjnju.exe
C:\WINDOWS\system32\qfnavruv.exe
C:\WINDOWS\system32\qixphsbx.exe
C:\WINDOWS\system32\qmsswcjy.exe
C:\WINDOWS\system32\qnxyrova.exe
C:\WINDOWS\system32\qoexhoro.exe
C:\WINDOWS\system32\qulynkxg.dll
C:\WINDOWS\system32\qvbvvwwn.exe
C:\WINDOWS\system32\sieokesc.exe
C:\WINDOWS\system32\sjqdumwk.exe
C:\WINDOWS\system32\skukjhci.exe
C:\WINDOWS\system32\sogktnyb.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\svhhaoyj.exe
C:\WINDOWS\system32\tahwplmq.exe
C:\WINDOWS\system32\tbkrjhpv.exe
C:\WINDOWS\system32\tqklhylf.exe
C:\WINDOWS\system32\udyrkbjo.dll
C:\WINDOWS\system32\uhobdeyj.exe
C:\WINDOWS\system32\uodesthl.exe
C:\WINDOWS\system32\upcameex.dll
C:\WINDOWS\system32\upwxeqsm.exe
C:\WINDOWS\system32\uqjkwpap.exe
C:\WINDOWS\system32\vfabgukj.exe
C:\WINDOWS\system32\vnmvwpou.exe
C:\WINDOWS\system32\wxltudcq.exe
C:\WINDOWS\system32\xdlwmdwb.dll
C:\WINDOWS\system32\xpvpsurp.exe
C:\WINDOWS\system32\xqgfhjou.dll
C:\WINDOWS\system32\xrgfrtyv.exe
C:\WINDOWS\system32\ybijuama.exe
C:\WINDOWS\system32\yejqgvab.exe
C:\WINDOWS\system32\yshxynww.exe
C:\WINDOWS\system32\yvycietb.exe
C:\WINDOWS\xvideo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK


((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-24 17:43 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 06:55 <DIR> d-------- C:\VundoFix Backups
2007-10-23 11:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-23 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-23 11:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-23 08:11 <DIR> d-------- C:\Program Files\CCleaner
2007-10-21 13:21 <DIR> d-------- C:\Documents and Settings\Jerry.DFKZWZ81\Application Data\Move Networks
2007-10-10 04:34 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 20:36 <DIR> d-------- C:\Program Files\uTorrent
2007-10-08 20:36 <DIR> d-------- C:\Documents and Settings\Jerry.DFKZWZ81\Application Data\uTorrent
2007-10-05 18:41 18,688 C:\WINDOWS\system32\drivers\thwfiqqc.dat
2007-10-05 18:41 5,120 C:\WINDOWS\system32\drivers\zvlowdne.dat
2007-09-29 04:09 59,392 --a------ C:\WINDOWS\system32\dmcompo.dll
2007-09-28 04:08 59,392 --a------ C:\WINDOWS\system32\ccfg.dll
2007-09-27 13:27 59,392 --a------ C:\WINDOWS\system32\dpnhpas.dll
2007-09-27 13:19 59,392 --a------ C:\WINDOWS\system32\dbghel.dll
2007-09-26 06:44 57,344 --a------ C:\WINDOWS\system32\dmstyl.dll
2007-09-26 06:43 110,144 --a------ C:\WINDOWS\system32\cmprop.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 15:45 --------- d-----w C:\Program Files\City of Heroes
2007-10-23 20:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-23 13:43 --------- d-----w C:\Documents and Settings\Jerry.DFKZWZ81\Application Data\Lavasoft
2007-10-23 13:33 --------- d-----w C:\Program Files\VentSrv
2007-10-23 13:32 --------- d-----w C:\Program Files\Viewpoint
2007-10-23 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-23 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-23 13:25 --------- d-----w C:\Program Files\Yahoo!
2007-10-23 13:25 --------- d-----w C:\Documents and Settings\Jerry.DFKZWZ81\Application Data\Yahoo!
2007-10-23 13:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-23 13:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-23 11:53 --------- d-----w C:\Program Files\Java
2007-10-12 16:11 --------- d-----w C:\Documents and Settings\Jerry.DFKZWZ81\Application Data\Corel
2007-10-02 15:42 --------- d-----w C:\Program Files\PokerStars
2007-09-04 11:43 --------- d-----w C:\Program Files\WinUpdater
2007-08-29 02:02 --------- d-----w C:\Program Files\Picasa2
2007-08-28 01:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-13 19:43 456,272 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2006-11-23 14:40 0 -c--a-w C:\Program Files\Common Files\err.log
2007-07-16 03:16:29 88 --sh--r C:\WINDOWS\system32\1A32E8FCA0.sys
2006-10-11 23:10:48 104 --sh--r C:\WINDOWS\system32\A0FCE8321A.sys
2007-07-16 03:19:07 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 61,440 2005-12-12 15:08:38 C:\dell\bak\bldbubg.exe

-c--a-w 1,404,928 2004-10-15 01:42:54 C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe

-c--a-w 81,920 2005-06-10 16:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
----a-w 69,632 2003-09-19 19:26:10 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

-c--a-w 249,856 2005-06-10 16:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

-c--a-w 332,800 2005-05-15 08:04:12 C:\Program Files\Dell Support\bak\DSAgnt.exe

-c--a-w 278,528 2005-10-31 17:05:44 C:\Program Files\DIGStream\bak\digstream.exe

-c--a-w 101,888 2005-10-31 17:18:48 C:\Program Files\ESPNRunTime\bak\DIGServices.exe

-c--a-w 49,152 2005-05-12 05:12:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

-c--a-w 32,881 2003-11-19 23:48:14 C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe

-c--a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe

-c--a-w 356,352 2006-09-01 21:08:31 C:\Program Files\Micro Innovations\Optical Scroll\bak\mouse32a.exe

-c--a-w 98,304 2005-12-12 15:26:08 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-09-01 21:57:48 C:\Program Files\QuickTime\qttask.exe

-c--a-w 823,362 2005-08-30 22:30:26 C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe

-c--a-w 20,553 2005-08-16 01:38:50 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe

-c--a-w 77,824 2005-09-20 14:32:24 C:\WINDOWS\system32\bak\hkcmd.exe

-c--a-w 114,688 2005-09-20 14:36:20 C:\WINDOWS\system32\bak\igfxpers.exe

-c--a-w 94,208 2005-09-20 14:35:40 C:\WINDOWS\system32\bak\igfxtray.exe

-c--a-w 127,035 2004-12-06 07:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D00D130-05E3-496D-A235-70A2D6C7C1BE}]
C:\WINDOWS\Help\SBSI\smvcnifo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2784D530-4F37-43FD-B2C4-38DD075AC2F4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCB63CCF-D248-4504-8628-9C37C7A7C5Ca}]
C:\WINDOWS\system32\iwerskgy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2003-09-19 14:26]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" []
"ERS_check"="C:\Program Files\Common Files\ers_startupmon.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"WinUpdater"="C:\Program Files\WinUpdater\update.exe" [2007-07-29 13:20]

R0 amvwsirx;amvwsirx;C:\WINDOWS\system32\drivers\thwfiqqc.dat

.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 17:50:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:33 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomehomepage.com/newsletter.php?list=laughnetwork
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D00D130-05E3-496D-A235-70A2D6C7C1BE} - C:\WINDOWS\Help\SBSI\smvcnifo.dll (file missing)
O2 - BHO: (no name) - {2784D530-4F37-43FD-B2C4-38DD075AC2F4} - C:\WINDOWS\system32\cmprop.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BCB63CCF-D248-4504-8628-9C37C7A7C5Ca} - C:\WINDOWS\system32\iwerskgy.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140243586140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144096988906
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.fgnetbet.com/fg/fe/images/common/banner.jpg

--
End of file - 6687 bytes
 
Making progress.

Please run HijackThis and choose Do a System Scan Only.

Place a check next to the following entries:
  • R3 - URLSearchHook: (no name) - - (no file)
  • O2 - BHO: (no name) - {1D00D130-05E3-496D-A235-70A2D6C7C1BE} - C:\WINDOWS\Help\SBSI\smvcnifo.dll (file missing)
  • O2 - BHO: (no name) - {BCB63CCF-D248-4504-8628-9C37C7A7C5Ca} - C:\WINDOWS\system32\iwerskgy.dll (file missing)
  • O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
  • O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.exe" /background
  • O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
  • O15 - Trusted Zone: http://locator.cdn.imageservr.com

If you don't use MySearch, check the following entry as well:
  • R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
Please close all open windows except for HijackThis and choose Fix checked

Please delete the following file:
  • C:\Program Files\Common Files\ers_startupmon.exe

Please delete the following folder:
  • C:\Program Files\WinUpdate

Please reboot and post a new HijackThis log and a description of any problems that remain.
 
Thanks for your help so far!
Really appreciated!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:41 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://awesomehomepage.com/newsletter.php?list=laughnetwork
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2784D530-4F37-43FD-B2C4-38DD075AC2F4} - C:\WINDOWS\system32\cmprop.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140243586140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144096988906
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.fgnetbet.com/fg/fe/images/common/banner.jpg

--
End of file - 5818 bytes
 
No problems, your logfile now appears to be clean. Are you still having any problems?

I notice that you do not seem to be running antivirus software. This is somewhat suicidal in today's digital world. AVG makes an excellent free antivirus client, as do AntiVir or avast!. I strongly suggest downloading and installing one of these Antivirus programs, as without one you can all but guarantee that you will be reinfected.

Also, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or Outpost
 
Could someone help me with this Combo Fix log?

ComboFix 08-01-09.2 - Jake 2008-01-12 15:25:53.1 - NTFSx86

.

C:\check_LSA7.txt
C:\Documents and Settings\Jake\Application Data\AntiSpywareBot
C:\Documents and Settings\Jake\Application Data\AntiSpywareBot\Log\2007 Oct 02 - 08_53_54 PM_406.log
C:\Documents and Settings\Jake\Application Data\AntiSpywareBot\Log\2007 Oct 02 - 08_53_57 PM_546.log
C:\Documents and Settings\Jake\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\Jake\Application Data\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\Jake\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\Jake\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\Jake\Application Data\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\Jake\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\Jake\Application Data\AntiSpywareBot\Settings\Settings.stg
C:\Documents and Settings\Tomi\Application Data\SpamBlocker
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1.sdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1070524.sdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1418656.sdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\18255.sdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2884323.sdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2896152.sdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ASPL1.dat
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\domains.txt
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\hstat\333a.dat
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\10807
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17025
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\18721
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\19650
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\26664
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27503
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29115
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\3009
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\33697
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\455513
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\45833
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\567746
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61837
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64414
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\66836
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67226
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\68021
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\73905
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\75013
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83216
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\86379
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\93921
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\333a.dat
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans1.dat
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Bidz.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip
C:\Documents and Settings\Tomi\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aeaqjifg.dll
C:\WINDOWS\system32\apmcumtj.ini
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\awtsp.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\aydshnmn.dll
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bfubvfxf.dll
C:\WINDOWS\system32\byxvtts.dll
C:\WINDOWS\system32\byxwurr.dll
C:\WINDOWS\system32\byxwxyx.dll
C:\WINDOWS\system32\byxywvu.dll
C:\WINDOWS\system32\byxyxwt.dll
C:\WINDOWS\system32\cbxuvtr.dll
C:\WINDOWS\system32\cbxvvtu.dll
C:\WINDOWS\system32\cbxwuro.dll
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.bak2
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cfhkj.bak1
C:\WINDOWS\system32\cfhkj.bak2
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cicihkix.ini
C:\WINDOWS\system32\dcadflup.ini
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\ddayw.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\ddcywts.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\eatrtcjo.ini
C:\WINDOWS\system32\efcayaa.dll
C:\WINDOWS\system32\efccyxv.dll
C:\WINDOWS\system32\efcddaw.dll
C:\WINDOWS\system32\efcyxyw.dll
C:\WINDOWS\system32\elpgiqvd.ini
C:\WINDOWS\system32\fcccdab.dll
C:\WINDOWS\system32\fcccyaa.dll
C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\fhhkj.bak1
C:\WINDOWS\system32\fhhkj.bak2
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fpjmboor.dll
C:\WINDOWS\system32\fwahjwom.dll
C:\WINDOWS\system32\fxfvbufb.ini
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\gebywwu.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.bak2
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.bak2
C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\gxsfnbgu.ini
C:\WINDOWS\system32\hggefec.dll
C:\WINDOWS\system32\hhovbjot.dll
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkmp.bak1
C:\WINDOWS\system32\hjkmp.bak2
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hvsbmlrj.ini
C:\WINDOWS\system32\ifvwlnnw.dll
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\iifddby.dll
C:\WINDOWS\system32\iifedde.dll
C:\WINDOWS\system32\ijjlm.bak1
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jjkkj.tmp
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\jkkll.dll
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\khffccb.dll
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak2
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\kubgnuev.ini
C:\WINDOWS\system32\ljjgecd.dll
C:\WINDOWS\system32\ljjhfge.dll
C:\WINDOWS\system32\ljjhhff.dll
C:\WINDOWS\system32\ljjjkkh.dll
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\llkkj.ini
C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.bak2
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\ltkgdhuy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgtjgikp.ini
C:\WINDOWS\system32\mhjecaxt.ini
C:\WINDOWS\system32\mljhijh.dll
C:\WINDOWS\system32\mljijkh.dll
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mowjhawf.ini
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mprwyjqu.dll
C:\WINDOWS\system32\ngxrhoyn.ini
C:\WINDOWS\system32\nmllm.bak1
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nnnligf.dll
C:\WINDOWS\system32\nnnlmjj.dll
C:\WINDOWS\system32\nnnomji.dll
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\opnkhge.dll
C:\WINDOWS\system32\opnkiih.dll
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.bak2
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\opqss.ini2
C:\WINDOWS\system32\opqss.tmp
C:\WINDOWS\system32\oqtss.bak1
C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\pdyollil.ini
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmnkigd.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlklk.dll
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnmjkj.dll
C:\WINDOWS\system32\pmnnllm.dll
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\pqtwa.ini2
C:\WINDOWS\system32\pqtwa.tmp
C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pulfdacd.dll
C:\WINDOWS\system32\qgorrory.dll
C:\WINDOWS\system32\qomkljj.dll
C:\WINDOWS\system32\qomligf.dll
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\qqstv.ini
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qttss.bak1
C:\WINDOWS\system32\qttss.bak2
C:\WINDOWS\system32\qttss.ini
C:\WINDOWS\system32\qwmwfnbp.ini
C:\WINDOWS\system32\rerovsdv.ini
C:\WINDOWS\system32\rqrpomj.dll
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.bak2
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rwdmjnsk.ini
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\srutv.bak2
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\ssqonlj.dll
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\ssqqnmn.dll
C:\WINDOWS\system32\ssqqnno.dll
C:\WINDOWS\system32\ssqqqnk.dll
C:\WINDOWS\system32\ssqrrsp.dll
C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\sstqo.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\tuvsrol.dll
C:\WINDOWS\system32\tuvsrop.dll
C:\WINDOWS\system32\tuvsrqr.dll
C:\WINDOWS\system32\tuvvuvw.dll
C:\WINDOWS\system32\txacejhm.dll
C:\WINDOWS\system32\uqjywrpm.ini
C:\WINDOWS\system32\urqpmlk.dll
C:\WINDOWS\system32\urqpmmm.dll
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\uvdcvrso.ini
C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak2
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\veungbuk.dll
C:\WINDOWS\system32\vmijdtgs.dll
C:\WINDOWS\system32\voottwbn.ini
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vtusstq.dll
C:\WINDOWS\system32\vtustqr.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\wegfskre.ini
C:\WINDOWS\system32\wjhwlqej.dll
C:\WINDOWS\system32\wvutqqq.dll
C:\WINDOWS\system32\wvuurqn.dll
C:\WINDOWS\system32\wyadd.bak2
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbeeg.bak1
C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xxyaxuu.dll
C:\WINDOWS\system32\xxyvtts.dll
C:\WINDOWS\system32\xxyvwww.dll
C:\WINDOWS\system32\xxyyyax.dll
C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak2
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\yanrxbfe.ini
C:\WINDOWS\system32\yayvwur.dll
C:\WINDOWS\system32\yaywvvv.dll
C:\WINDOWS\system32\ybadd.bak2
C:\WINDOWS\system32\ydfoscrd.ini
C:\WINDOWS\system32\yrorrogq.ini
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 15:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 14:20 . 2008-01-12 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-05 02:50 . 2008-01-05 02:50 52,435 --a------ C:\WINDOWS\system32\mxiibyup.dll
2007-12-15 08:55 . 2007-12-15 08:56 <DIR> d-------- C:\DOOM1
2007-12-15 04:40 . 2007-12-15 08:54 <DIR> d-------- C:\DOOM
2007-12-15 04:31 . 2007-12-15 04:39 <DIR> d-------- C:\DOOMS
2007-12-15 03:21 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-15 03:21 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-15 03:21 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-15 03:21 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-15 03:21 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-15 03:19 . 2007-12-15 03:19 324 --a------ C:\WINDOWS\game.ini
2007-12-15 03:14 . 2007-12-15 03:14 <DIR> d-------- C:\Program Files\Activision
2007-12-15 01:48 . 2007-12-15 02:06 <DIR> d-------- C:\Program Files\DOSBox-0.72
 
Your ComboFix log is cut off. Could you please either post it over multiple posts, or go to http://savefile.com and upload the file there. There is no need to register, just click the UPLOAD MY FILE button. After you upload the file, please post the link to the file. That way, anyone on the board can see the log almost as easily as if it were posted here.

Please post a HijackThis log as well.
 
ceewi1 said:
Your ComboFix log is cut off. Could you please either post it over multiple posts, or go to http://savefile.com and upload the file there. There is no need to register, just click the UPLOAD MY FILE button. After you upload the file, please post the link to the file. That way, anyone on the board can see the log almost as easily as if it were posted here.

Please post a HijackThis log as well.
Click to expand...


ComboFix Log


HiJackThis Log



Thanks for all your help.
 
Do you know this file?: http://myspace-419.vo.llnwd.net/00488/91/40/488510419_l.jpg

If not, please run HijackThis and choose Do a system scan only.

Place a check next to the following entry:Please close all open windows except for HijackThis and choose Fix checked

-----------------------------------------------------------------------

Please do the following:
  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\system32\hgpckksb.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\ellwyqpw.dll
C:\WINDOWS\system32\xhvdvjwm.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\vtutr.dll
C:\WINDOWS\system32\tyvpwjvo.dll
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\ehhkj.bak1
C:\WINDOWS\system32\ehhkj.bak2
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.bak2
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\kjkmp.bak1
C:\WINDOWS\system32\oqstv.bak1
C:\WINDOWS\system32\oqstv.bak2
C:\WINDOWS\system32\rtvwa.bak1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20711649-8472-469e-90cc-c5edee55dd12}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B324AD5-3B09-417A-888D-0A0568D7A73D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E81A9D2-447B-4E36-B6AE-06337B9A57EB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59AF0001-5641-4A95-9D2C-88BE7EAA0D08}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mpbqirz"=-
"a0533eb2"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqoml]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqopo]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuttq]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuvwt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbbcd]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgdbb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkllj]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmjjj]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomlihf]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvuvvw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqrpqp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtustrp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxyxv]
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. How is your PC running now?
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.
 
You must log in or register to reply here.
Back
Top