i got this virus how do i get rid worm.win32.netboost

Welcome back Texaspete!

Just like last time (:D) please post a Hijackthis log and one of our experts will have a look at your log and give you instructions to fix your infection.

:)
 
i know i promise this be the last time i need help cheers

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:55, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\DOCUME~1\PETERD~1\LOCALS~1\Temp\setup_526_1_.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: mkrndofl - {4F6DD2F9-A353-484A-B35E-C4ED0211097F} - C:\WINDOWS\mkrndofl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [InstallProgram] C:\DOCUME~1\PETERD~1\LOCALS~1\Temp\setup_526_1_.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: wetkadmr - {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll
O21 - SSODL: tdomgafw - {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11818 bytes
 
Texaspete said:
i know i promise this be the last time i need help cheers
Click to expand...

Don't worry we're glad to help anyone, even more than one time :P

Ok some malware in your computer.

let's see what combofix comes up with:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
ComboFix 08-05-09.1 - Peter D Martin 2008-05-10 21:18:58.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.141 [GMT 1:00]
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\Peter D Martin\Desktop\Error Cleaner.url
C:\Documents and Settings\Peter D Martin\Desktop\Privacy Protector.url
C:\Documents and Settings\Peter D Martin\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Peter D Martin\Favorites\Error Cleaner.url
C:\Documents and Settings\Peter D Martin\Favorites\Privacy Protector.url
C:\Documents and Settings\Peter D Martin\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\hgGawTml.dll
C:\WINDOWS\system32\ljJAQKdb.dll
C:\WINDOWS\system32\lmTwaGgh.ini
C:\WINDOWS\system32\lmTwaGgh.ini2
C:\WINDOWS\system32\onobjaqs.dll
C:\WINDOWS\system32\pntpybhc.ini
C:\WINDOWS\system32\sqajbono.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-10 00:15 . 2008-05-10 00:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-08 22:56 . 2008-05-08 22:56 63 --a------ C:\WINDOWS\system32\41beda43
2008-05-08 22:54 . 2008-05-10 20:25 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\TmpRecentIcons
2008-05-08 20:59 . 2008-05-08 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-08 20:59 . 2008-05-08 20:20 258,048 --a------ C:\WINDOWS\wetkadmr.dll
2008-05-08 20:59 . 2008-05-08 20:20 225,280 --a------ C:\WINDOWS\tdomgafw.dll
2008-05-08 20:59 . 2008-05-08 20:21 217,088 --a------ C:\WINDOWS\qvlbodmnqse.dll
2008-05-08 20:59 . 2008-05-08 20:21 188,416 --a------ C:\WINDOWS\mkrndofl.dll
2008-05-08 20:59 . 2008-05-08 20:21 81,920 --a------ C:\WINDOWS\knxsrgte.exe
2008-05-08 20:59 . 2008-05-08 20:59 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 19:37 . 2008-05-08 19:37 <DIR> d-------- C:\My Videos
2008-05-06 19:36 . 2008-05-06 19:36 <DIR> d-------- C:\Program Files\Veoh Networks
2008-05-04 21:11 . 2008-05-04 21:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-04 21:07 . 2006-08-21 10:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-05-04 21:07 . 2006-08-21 10:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-05-04 21:07 . 2006-08-21 13:21 16,896 --a--c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-05-04 17:31 . 2007-07-09 14:09 584,192 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-04 14:04 . 2008-05-10 21:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 14:04 . 2008-05-04 14:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-04 13:49 . 2008-05-04 13:51 <DIR> d-------- C:\Program Files\iTunes
2008-05-04 13:20 . 2008-05-04 13:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-03 22:25 . 2008-05-03 22:25 <DIR> d-------- C:\Program Files\Bonjour
2008-05-03 22:04 . 2008-05-03 22:13 <DIR> d-------- C:\Program Files\QuickTime
2008-05-03 21:27 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-03 21:24 . 2008-05-03 21:24 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-03 20:02 . 2004-08-04 06:41 404,990 --a------ C:\WINDOWS\system32\drivers\slntamr.sys
2008-05-03 20:01 . 2004-08-04 08:56 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-05-03 20:00 . 2004-08-04 08:56 380,416 --a------ C:\WINDOWS\system32\irprops.cpl
2008-05-03 19:59 . 2004-08-04 06:41 1,041,536 --a------ C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-03 19:58 . 2004-08-04 08:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-03 19:30 . 2004-08-04 08:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-03 19:30 . 2004-08-04 08:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-05-02 19:46 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-02 19:09 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-05-02 19:08 . 2008-05-02 19:08 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\Raxco
2008-05-02 19:07 . 2008-05-02 19:26 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\CA
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-05-02 19:00 . 2008-05-02 19:00 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\InstallShield
2008-05-02 18:55 . 2008-05-02 19:06 <DIR> d-------- C:\Program Files\Virgin Broadband
2008-05-02 11:09 . 2003-03-31 21:00 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2008-05-02 08:16 . 2008-05-02 08:16 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\Virgin Broadband
2008-05-02 08:16 . 2008-05-02 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-05-01 08:55 . 2004-06-17 21:48 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-01 08:43 . 2004-08-04 06:31 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-01 08:42 . 2003-03-31 21:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-05-01 08:41 . 2004-08-04 06:31 480,256 --a--c--- C:\WINDOWS\system32\dllcache\cintsetp.exe
2008-05-01 08:40 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-05-01 08:40 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll
2008-05-01 08:36 . 2004-08-04 08:56 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-01 08:35 . 2007-08-21 07:15 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-05-01 08:35 . 2004-08-04 08:56 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2008-05-01 08:35 . 2004-08-04 08:56 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2008-05-01 08:35 . 2004-08-04 08:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-05-01 08:35 . 2004-08-04 08:56 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2008-05-01 08:35 . 2003-03-31 21:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-05-01 08:35 . 2003-03-31 21:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-05-01 08:35 . 2003-03-31 21:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-01 08:20 . 2003-03-31 21:00 1,086,182 -ra------ C:\WINDOWS\SET265.tmp
2008-05-01 08:20 . 2003-03-31 21:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-05-01 08:20 . 2003-03-31 21:00 399,645 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-05-01 08:20 . 2003-03-31 21:00 37,484 --a--c--- C:\WINDOWS\system32\dllcache\MW770.CAT
2008-05-01 08:20 . 2003-03-31 21:00 13,608 -ra------ C:\WINDOWS\SET271.tmp
2008-05-01 08:20 . 2003-03-31 21:00 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-05-01 08:20 . 2003-03-31 21:00 8,574 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-05-01 08:20 . 2002-05-28 19:54 7,029 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-04-21 19:29 . 2008-04-21 19:29 <DIR> d-------- C:\WINDOWS\New Folder
2008-04-21 19:29 . 2008-04-21 19:29 8,704 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-21 19:24 . 2003-05-03 12:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-21 19:24 . 2003-05-03 11:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-21 19:24 . 2003-05-03 12:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-21 19:24 . 2008-04-21 19:24 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-21 19:24 . 2008-05-10 21:17 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-18 15:37 . 2008-04-18 15:44 62,706 --a------ C:\WINDOWS\setupapi.old
2008-04-16 17:36 . 2008-05-02 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 10:56 . 2008-04-13 10:56 <DIR> d-------- C:\b5972bbf697fdead40e53f083c0a
2008-04-10 16:29 . 2008-04-10 16:30 <DIR> d-------- C:\WINDOWS\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 18:58 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Apple Computer
2008-05-04 12:50 --------- d-----w C:\Program Files\iPod
2008-05-02 18:34 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-05-02 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-03 16:50 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:42 --------- d-----w C:\Program Files\Panicware
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:07 248 ----a-w C:\UnInstall.dat
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D33427A-2A9F-48DA-B4CC-819902B6A2C2}]
2008-05-08 20:21 217088 --a------ C:\WINDOWS\qvlbodmnqse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F6DD2F9-A353-484A-B35E-C4ED0211097F}"= "C:\WINDOWS\mkrndofl.dll" [2008-05-08 20:21 188416]

[HKEY_CLASSES_ROOT\clsid\{4f6dd2f9-a353-484a-b35e-c4ed0211097f}]
[HKEY_CLASSES_ROOT\mkrndofl.1]
[HKEY_CLASSES_ROOT\TypeLib\{0C160D60-88B7-42DF-8B36-F0EB59EEE1EC}]
[HKEY_CLASSES_ROOT\mkrndofl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 12:10 536576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-10 20:44 1026560]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 14:09 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 03:33 188416]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 08:00 44032]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 14:09 61168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 06:59 44544]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wetkadmr"= {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll [2008-05-08 20:20 258048]
"tdomgafw"= {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll [2008-05-08 20:20 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 21:39:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????Qj?w^k?w?@???? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
.
**************************************************************************
.
Completion time: 2008-05-10 21:53:58 - machine was rebooted [Peter D Martin]
ComboFix-quarantined-files.txt 2008-05-10 20:53:29

Pre-Run: 10,535,129,088 bytes free
Post-Run: 10,492,182,528 bytes free

267 --- E O F --- 2008-05-09 22:36:31
 
Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Files to delete:
C:\WINDOWS\wetkadmr.dll
C:\WINDOWS\tdomgafw.dll
C:\WINDOWS\qvlbodmnqse.dll
C:\WINDOWS\mkrndofl.dll
C:\WINDOWS\knxsrgte.exe
C:\WINDOWS\system32\kr_done1de
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.

After that, please post a fresh HJT log.

How is your computer running now?
 
hi punk still running slow and also got the walworrier software pop up wanting to go to there site an buy it. heres hijack

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\wetkadmr.dll" deleted successfully.
File "C:\WINDOWS\tdomgafw.dll" deleted successfully.
File "C:\WINDOWS\qvlbodmnqse.dll" deleted successfully.
File "C:\WINDOWS\mkrndofl.dll" deleted successfully.
File "C:\WINDOWS\knxsrgte.exe" deleted successfully.
File "C:\WINDOWS\system32\kr_done1de" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 
Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 
SmitFraudFix v2.309

Scan done at 17:06:13.70, 12/05/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Peter D Martin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Peter D Martin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PETERD~1\FAVORI~1

C:\DOCUME~1\PETERD~1\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\PETERD~1\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\PETERD~1\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\PETERD~1\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\PETERD~1\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\PETERD~1\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 194.168.4.100
DNS Server Search Order: 194.168.8.100

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Hello Texaspete!

Please run option 2 now on Smitfraudfix.

Please post a fresh Hijackthis log after you've done that along with a fresh combofix log. How is your computer running now?
 
still running the same, poo!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:31, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: DVA First - {1D33427A-2A9F-48DA-B4CC-819902B6A2C2} - C:\WINDOWS\qvlbodmnqse.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: mkrndofl - {4F6DD2F9-A353-484A-B35E-C4ED0211097F} - C:\WINDOWS\mkrndofl.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: wetkadmr - {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll (file missing)
O21 - SSODL: tdomgafw - {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13020 bytes
 
combo log

ComboFix 08-05-09.1 - Peter D Martin 2008-05-13 21:03:23.9 - NTFSx86
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\rs.txt

.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-13 20:23 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-12 17:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-12 17:06 . 2008-05-13 20:23 5,516 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-10 00:15 . 2008-05-10 00:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-08 22:56 . 2008-05-08 22:56 63 --a------ C:\WINDOWS\system32\41beda43
2008-05-08 22:54 . 2008-05-10 20:25 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\TmpRecentIcons
2008-05-08 20:59 . 2008-05-08 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-08 19:37 . 2008-05-08 19:37 <DIR> d-------- C:\My Videos
2008-05-06 19:36 . 2008-05-06 19:36 <DIR> d-------- C:\Program Files\Veoh Networks
2008-05-04 21:11 . 2008-05-04 21:11 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-04 21:07 . 2006-08-21 10:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-05-04 21:07 . 2006-08-21 10:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-05-04 21:07 . 2006-08-21 13:21 16,896 --a--c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-05-04 17:31 . 2007-07-09 14:09 584,192 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-04 14:04 . 2008-05-13 20:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 14:04 . 2008-05-04 14:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-04 13:49 . 2008-05-04 13:51 <DIR> d-------- C:\Program Files\iTunes
2008-05-04 13:20 . 2008-05-04 13:20 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-03 22:25 . 2008-05-03 22:25 <DIR> d-------- C:\Program Files\Bonjour
2008-05-03 22:04 . 2008-05-03 22:13 <DIR> d-------- C:\Program Files\QuickTime
2008-05-03 21:27 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-05-03 21:24 . 2008-05-03 21:24 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-03 20:02 . 2004-08-04 06:41 404,990 --a------ C:\WINDOWS\system32\drivers\slntamr.sys
2008-05-03 20:01 . 2004-08-04 08:56 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-05-03 20:00 . 2004-08-04 08:56 380,416 --a------ C:\WINDOWS\system32\irprops.cpl
2008-05-03 19:59 . 2004-08-04 06:41 1,041,536 --a------ C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-03 19:58 . 2004-08-04 08:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-05-03 19:30 . 2004-08-04 08:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-05-03 19:30 . 2004-08-04 08:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-05-02 19:46 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-05-02 19:09 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-05-02 19:08 . 2008-05-02 19:08 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\Raxco
2008-05-02 19:07 . 2008-05-02 19:26 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Program Files\CA
2008-05-02 19:07 . 2008-05-02 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-05-02 19:00 . 2008-05-02 19:00 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\InstallShield
2008-05-02 18:55 . 2008-05-02 19:06 <DIR> d-------- C:\Program Files\Virgin Broadband
2008-05-02 11:09 . 2003-03-31 21:00 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2008-05-02 08:16 . 2008-05-02 08:16 <DIR> d-------- C:\Documents and Settings\Peter D Martin\Application Data\Virgin Broadband
2008-05-02 08:16 . 2008-05-02 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-05-01 08:55 . 2004-06-17 21:48 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-01 08:43 . 2004-08-04 06:31 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-01 08:42 . 2003-03-31 21:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-05-01 08:41 . 2004-08-04 06:31 480,256 --a--c--- C:\WINDOWS\system32\dllcache\cintsetp.exe
2008-05-01 08:40 . 2001-08-17 22:36 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2008-05-01 08:40 . 2001-08-17 22:36 175,104 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpadm.dll
2008-05-01 08:36 . 2004-08-04 08:56 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-01 08:36 . 2008-05-01 08:36 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-01 08:35 . 2007-08-21 07:15 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-05-01 08:35 . 2004-08-04 08:56 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2008-05-01 08:35 . 2004-08-04 08:56 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2008-05-01 08:35 . 2004-08-04 08:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-05-01 08:35 . 2004-08-04 08:56 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2008-05-01 08:35 . 2003-03-31 21:00 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe
2008-05-01 08:35 . 2003-03-31 21:00 61,440 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll
2008-05-01 08:35 . 2003-03-31 21:00 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll
2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-01 08:21 . 2003-03-31 21:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-01 08:21 . 2003-03-31 21:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-05-01 08:20 . 2003-03-31 21:00 1,086,182 -ra------ C:\WINDOWS\SET265.tmp
2008-05-01 08:20 . 2003-03-31 21:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-05-01 08:20 . 2003-03-31 21:00 399,645 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-05-01 08:20 . 2003-03-31 21:00 37,484 --a--c--- C:\WINDOWS\system32\dllcache\MW770.CAT
2008-05-01 08:20 . 2003-03-31 21:00 13,608 -ra------ C:\WINDOWS\SET271.tmp
2008-05-01 08:20 . 2003-03-31 21:00 13,472 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2008-05-01 08:20 . 2003-03-31 21:00 8,574 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT
2008-05-01 08:20 . 2002-05-28 19:54 7,029 --a--c--- C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2008-04-21 19:29 . 2008-04-21 19:29 <DIR> d-------- C:\WINDOWS\New Folder
2008-04-21 19:29 . 2008-04-21 19:29 8,704 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-21 19:24 . 2003-05-03 12:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-21 19:24 . 2003-05-03 11:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-04-21 19:24 . 2003-05-03 12:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-21 19:24 . 2008-04-21 19:24 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-21 19:24 . 2008-05-10 21:17 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-18 15:37 . 2008-04-18 15:44 62,706 --a------ C:\WINDOWS\setupapi.old
2008-04-16 17:36 . 2008-05-02 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-13 18:52 . 2008-04-13 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-13 10:56 . 2008-04-13 10:56 <DIR> d-------- C:\b5972bbf697fdead40e53f083c0a

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 18:58 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Apple Computer
2008-05-04 12:50 --------- d-----w C:\Program Files\iPod
2008-05-02 18:34 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-05-02 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 15:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-03 16:50 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-02 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-28 22:19 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-26 07:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:42 --------- d-----w C:\Program Files\Panicware
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:07 248 ----a-w C:\UnInstall.dat
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-10_21.52.58.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 20:38:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 19:56:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2308\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2308\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2308\_fusion.dll
+ 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2308\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2308\_mscorlib.dll
+ 2003-02-20 21:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2308\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2308\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2308\_mscorwks.dll
+ 2003-02-21 06:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2308\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2308\_PerfCounter.dll
+ 2004-07-15 00:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3816\_aspnet_isapi.dll
+ 2004-07-14 23:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3816\_CORPerfMonExt.dll
+ 2004-07-14 23:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3816\_fusion.dll
+ 2004-07-14 23:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3816\_mscorjit.dll
+ 2004-07-15 13:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3816\_mscorlib.dll
+ 2003-02-20 21:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3816\_mscorsn.dll
+ 2004-07-14 23:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3816\_mscorsvr.dll
+ 2004-07-14 23:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3816\_mscorwks.dll
+ 2003-02-21 06:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3816\_msvcr71.dll
+ 2004-07-14 23:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3816\_PerfCounter.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D33427A-2A9F-48DA-B4CC-819902B6A2C2}]
C:\WINDOWS\qvlbodmnqse.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F6DD2F9-A353-484A-B35E-C4ED0211097F}"= "C:\WINDOWS\mkrndofl.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{4f6dd2f9-a353-484a-b35e-c4ed0211097f}]
[HKEY_CLASSES_ROOT\mkrndofl.1]
[HKEY_CLASSES_ROOT\TypeLib\{0C160D60-88B7-42DF-8B36-F0EB59EEE1EC}]
[HKEY_CLASSES_ROOT\mkrndofl]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 12:10 536576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3628080]
"MalWarrior"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" [2008-05-10 20:44 1026560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 03:33 188416]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 08:00 44032]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 06:59 44544]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wetkadmr"= {FC82C371-41B2-408F-ABE7-3C5558439226} - C:\WINDOWS\wetkadmr.dll [ ]
"tdomgafw"= {1EDBC2B6-A4B9-4E61-A4B4-DC7CDB86BA80} - C:\WINDOWS\tdomgafw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOLService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 21:10:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????6?4?1?0??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-13 21:14:15
ComboFix-quarantined-files.txt 2008-05-13 20:14:05
ComboFix2.txt 2008-05-10 20:54:00

Pre-Run: 10,817,732,608 bytes free
Post-Run: 10,802,827,264 bytes free

247 --- E O F --- 2008-05-13 19:42:39
 
I'm looking at your Combofix log right now.

Did you run option 2 with simtfraudfix? If so, can you please post the log?
 
SmitFraudFix v2.320

Scan done at 17:54:23.60, 14/05/2008
Run from C:\Documents and Settings\Peter D Martin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{2CD15553-59BF-4BE7-B269-E96CBA23C351}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning not selected.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 
OK

I'm still looking at your combofix log, I will post later on tonight (France time).
 
You must log in or register to reply here.
Back
Top