I felt that something was wrong when a program called msnmgr9.exe was trying to access network-rooterz.net, so i blocked the program. Heres a HJT log just to make sure nothing is wrong. PS i dont have MSN messenger installed.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:13:55 AM, on 5/30/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
D:\WINDOWS.000\System32\smss.exe
D:\WINDOWS.000\system32\winlogon.exe
D:\WINDOWS.000\system32\services.exe
D:\WINDOWS.000\system32\lsass.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS.000\system32\svchost.exe
D:\WINDOWS.000\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS.000\system32\svchost.exe
D:\WINDOWS.000\system32\hidserv.exe
D:\WINDOWS.000\system32\regsvc.exe
D:\WINDOWS.000\system32\MSTask.exe
D:\WINDOWS.000\system32\stisvc.exe
D:\WINDOWS.000\System32\WBEM\WinMgmt.exe
D:\WINDOWS.000\system32\svchost.exe
D:\WINDOWS.000\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Lexmark 2300 Series\lxcgmon.exe
D:\Program Files\Lexmark 2300 Series\ezprint.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\lotus\smartctr\suitest.exe
C:\Program Files\lotus\wordpro\ltsstart.exe
C:\Program Files\lotus\register\remind32.exe
D:\Program Files\OpenOffice.org 2.2\program\soffice.exe
D:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
D:\WINDOWS.000\system32\lxcgcoms.exe
D:\WINDOWS.000\msnmgr9.exe
D:\Program Files\AIM\aim.exe
D:\WINDOWS.000\system32\ntvdm.exe
D:\WINDOWS.000\system32\wuauclt.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\FrostWire\FrostWire.exe
D:\Documents and Settings\Howard\Desktop\HiJackThis_v2.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - D:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS.000\system32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCGCATS] rundll32 D:\WINDOWS.000\system32\spool\DRIVERS\W32X86\3\LXC Gtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "D:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MicrsoMsn] msnmgr9.exe
O4 - HKLM\..\RunServices: [MicrsoMsn] msnmgr9.exe
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Wireless Configuration Utility HW.51.lnk = D:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O4 - Startup: Lotus SuiteStart 97.lnk = C:\Program Files\lotus\smartctr\suitest.exe
O4 - Startup: Lotus QuickStart.lnk = C:\Program Files\lotus\wordpro\ltsstart.exe
O4 - Startup: OpenOffice.org 2.2.lnk = D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Lotus SmartSuite 97 Registration.lnk = C:\Program Files\lotus\register\remind32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - d:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176624841140
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS.000\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS.000\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINDOWS.000\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - D:\WINDOWS.000\system32\lxcgcoms.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6145 bytes

Applications & Security is the forum for HJT logs. Someone might move it.

Yep, that looks like an infection... Run some other scans:

Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware

* Click Scanner
* Click on the Scan tab
* Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot in Normal Mode.

Then:

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

and finally:

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log


Then post all the logs...

Okay. Im finishing up on my 2000 installation.

Since Me and 2000 have different kernels im thinking that Me isnt infected with what 2000's got. But wouldnt hurt to be sure.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:45:35 PM, on 5/30/2007
Platform: Windows ME (Win9x 4.90.3000)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\802.11 WIRELESS LAN\802.11G WIRELESS CARDBUS & PCI ADAPTER HW.51 V1.00\WLANCU.EXE
C:\PROGRAM FILES\FIREFOXPRELOADER\FIREFOXPRELOADER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_V2.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/subsequentfury
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKUS\.DEFAULT\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl (User 'Default user')
O4 - .DEFAULT Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe (User 'Default user')
O4 - .DEFAULT Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe (User 'Default user')
O4 - Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O4 - Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.6.0\BIN\SSV.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O13 - WWW. Prefix: http://
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SYSTEM\BROWSEUI.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SYSTEM\BROWSEUI.DLL

--
End of file - 5988 bytes

That one looks okay, but I wouldn't rely on that until we see how the other scans go and try a couple on WinME as well...

Could some please send me the combofix.exe in a zip file? My firewall will not let me dl it. Thanks

[email]tskelton69 AT gmail.com /email]

Could some please send me the combofix.exe in a zip file? My firewall will not let me dl it. Thanks

[email]tskelton69 AT gmail.com /email]

1st - Jumping into someone else's thread with your question is considered rude around here...

2nd - Using ComboFix or any number of other tools without knowing what you are doing is ill-advised and may cause more problems than it resolves...

3rd - Posting an email address in a public forum is an invitation to SPAMmers to overwhelm your mailbox with SPAM...

4th - Sending an email to someone who posts in a forum a request for emails in the first post is ill-advised and may lead to being added to a large number of SPAM lists...

5th - If you can't download the program, it is probably a problem with your firewall that needs to be fixed rather than just getting the program through an email...

If you wish to respond, please start your own thread...

ComboFix is saying that its only for 2000/XP and im in 2000. Why wont it work?

I don't know... Are you giving it time to unzip and then running it from the unzipped folder?? If so, are you giving it time to run, it can take a while to get going... If you start clicking things, it will abort...

Sorry. ComboFix wouldnt work for some reason or other.

I booted into Safe Mode and ran SDFix (catchme.exe, RunThis.bat just made a command prompt say Bad Command or File Name)

Catchme.exe gave me the following report.

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 D:\WINDOWS.000\system32\spool\DRIVERS\W32X86\3\LXC Gtime.dll,_RunDLLEntry@16????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Is D: your WinME or Win2K drive?? Please answer my questions about how you ran ComboFix so that I know if that was the problem... If you ran it properly, download a fresh copy and try it again... If none of those options work, we will try other tools... What happened with the AVG AS scan??

i just clicked on the icon for ComboFix.
AVG AS keeps comeing back with more. I tried GEMR to find rootkits... It came back with alot of results...
D:\ is my Win 2k drive

---- System - GMER 1.0.12 ----

SSDT \??\D:\WINDOWS.000\system32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT \??\D:\WINDOWS.000\system32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT \??\D:\WINDOWS.000\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT \??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\D:\WINDOWS.000\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT \??\D:\WINDOWS.000\system32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \??\D:\WINDOWS.000\system32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text tcpip.sys!IPTransmit + 43D7 BED31D0C 6 Bytes CALL BFF15E50 Teefer.sys
.text tcpip.sys!IPGetAddrType + 765 BED3668D 6 Bytes CALL BFF15E50 Teefer.sys
.text tcpip.sys!IPGetAddrType + 227A BED381A2 6 Bytes CALL BFF15E50 Teefer.sys
.text wanarp.sys EB7ECDFE 7 Bytes CALL BFF15FA0 Teefer.sys

---- User code sections - GMER 1.0.12 ----

.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetProfilesDirectoryW + FFFB13A6 7C0F13AD 36 Bytes [ 33, FF, 3B, F7, 0F, 8C, F9, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetProfilesDirectoryW + FFFB13CB 7C0F13D2 12 Bytes CALL 7C05B7E1
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetProfilesDirectoryW + FFFB13D8 7C0F13DF 3 Bytes [ AA, 00, 01 ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetProfilesDirectoryW + FFFB13DC 7C0F13E3 8 Bytes [ 8B, F0, 3B, F7, 0F, 8C, C3, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetProfilesDirectoryW + FFFB13E6 7C0F13ED 5 Bytes [ FF, 75, FC, 6A, 64 ]
.text ...
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetUserProfileDirectoryW + 2 7C0F49F1 21 Bytes [ 75, 07, B8, 1E, 00, 03, 80, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetUserProfileDirectoryW + 18 7C0F4A07 28 Bytes [ F3, A5, 8B, C8, 83, E1, 03, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetUserProfileDirectoryW + 35 7C0F4A24 114 Bytes [ 45, 18, 89, 07, 33, C0, 5F, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetUserProfileDirectoryW + A8 7C0F4A97 3 Bytes [ 54, 1B, E3 ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetUserProfileDirectoryW + AC 7C0F4A9B 33 Bytes CALL 7C0DA180
.text ...
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetAllUsersProfileDirectoryW + C 7C0F4FA9 143 Bytes [ FF, 51, 08, 8B, CF, E8, 2F, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetAllUsersProfileDirectoryW + 9C 7C0F5039 24 Bytes [ 15, D4, 13, E2, 7C, 85, C0, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetAllUsersProfileDirectoryW + B5 7C0F5052 147 Bytes [ 89, 38, 33, C0, 5F, 5E, C2, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetDefaultUserProfileDirectoryW + D 7C0F50E6 58 Bytes [ 75, 17, 8B, 43, 10, 85, C0, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetDefaultUserProfileDirectoryW + 48 7C0F5121 54 Bytes [ 7D, F4, 6A, 08, AB, AB, 33, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetDefaultUserProfileDirectoryW + 7F 7C0F5158 15 Bytes [ 00, 8B, 75, 08, 8D, 4D, F4, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetDefaultUserProfileDirectoryW + 8F 7C0F5168 48 Bytes [ 50, 10, 8B, F8, 3B, FB, 74, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!GetDefaultUserProfileDirectoryW + C0 7C0F5199 12 Bytes [ 51, 1C, 8B, F8, 8D, 45, E8, ... ]
.text ...
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!DestroyEnvironmentBlock + 63 7C0F53C8 34 Bytes [ C0, 74, 13, 21, 70, 0C, 21, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!DestroyEnvironmentBlock + 86 7C0F53EB 14 Bytes [ 89, 5E, 0C, 89, 7E, 10, FF, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!DestroyEnvironmentBlock + 95 7C0F53FA 17 Bytes [ 00, EB, 07, 53, FF, 15, 64, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!DestroyEnvironmentBlock + A7 7C0F540C 83 Bytes [ 55, 8B, EC, 83, EC, 54, 66, ... ]
.text D:\WINDOWS.000\system32\lxcgcoms.exe[1716] USERENV.DLL!DestroyEnvironmentBlock + FB 7C0F5460 1 Byte [ 00 ]
.text ...

it says stuff like that over 20000 times.. i dont want to waste your time

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EB651220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EB651480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EB6515A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EB94C85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EB651220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EB651480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EB6515A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EB94C85A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [EB651220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [EB651480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [EB6515A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EB94C85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [EB651220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [EB651480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [EB6515A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EB94C85A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [EB651220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [EB651480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [EB6515A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [EB94C85A] avgtdi.sys

---- EOF - GMER 1.0.12 ----

Please answer all of my questions in as much detail as possible... I don't know how to interpret what you are telling me and the scans without knowing where your installs are and whether you followed all of the instructions...

D:\WINDOWS.000 is my Windows 2000 directory.

Otherwise C:\ is dedicated to Windows Millennium (Win ME installed at C:\WINDOWS)

I ran combofix like normal. Was in NORMAL mode and just double clicked on the icon. and it said that. The End.

I deleted the D:\WINDOWS.000\system32\lxcgcoms.exe because it was clearly just a virus. You have told me to do the same in the past, though i cannot remember the exact post.

I dont really know what else there is to say

I am not sure what icon you are talking about that you clicked on... The instructions are to double click on combofix.exe and then follow the prompts... When you click on it, it will open a folder and it will include all the combofix files... Give it a while to finish opening those files... If it doesn't give you a prompt, click on the combofix.bat file in that folder and wait for it to work... However, if you wait long enough, it will probably open and proceed with the scan... If it still doesn't work, try it in Safe Mode... If you don't give it time to finish decompressing the tool, it will probably fail... Don't do anything else while it is running unless it asks you to respond to something...

Simply deleting an infected file is unlikely to solve the general problems...

okay then. ill include pictures.

The ComboFix icon i click on.

http://i13.tinypic.com/63seadi.jpg

The prompt i get when i run Combofix.exe

http://i14.tinypic.com/62j22ah.jpg

I have asked the author of the tool to look in on this thread and we can see what he says... Meanwhile, try this:

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

sUBs, the author, came through with an answer already... He said:
I would say the machine may not have cmd.exe in the correct location.

Look in D:\WINDOWS\system32 to see if it is there...

its there.

http://i10.tinypic.com/6h793yx.jpg

Please click on Start > Run and type - cmd to bring up the command prompt

Then type ver

Does it say ... Microsoft Windows 2000 [Version 5.00.2195] ?

Yeah.

http://i14.tinypic.com/4mvt53k.jpg

There doesn't appear to be anything that could be hampering ComboFix. Let's see if an updated copy runs better. Please download it from here:

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Place it at the root of drive D. - D:\ComboFix.exe
Then doubleclick on it

If that fails, please download & run this analysis tool :

http://deckard.geekstogo.com/dss.exe

It's simple to use. Just doubleclick to run.

Errors! Everywhere!

ComboFix basically crashes my computer when i run it off the root of D:\

Dss.exe gives me this message

http://i11.tinypic.com/67i1gud.jpg

and now i go to task manager and 4 processes called ntvdm.exe are eating up my CPU process!

aah!:mad:

Please kill process on ntvdm.exe.

There's something wrong with your machine's configuration. Most of our tools simply wont run on it. I suspect that your environment variables may be messed up.

Go to Start > Run - copy/paste the single line command :

cmd.exe /c set >\a.txt & \a.txt

Then post the log it produces.

yeah that was my first reaction. i killed ntvdm.exe as soon as i saw how much it was taking up.

heres that log.

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Howard\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=V1Q7E3
ComSpec=D:\WINDOWS.000\system32\COMMAND.COM
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Howard
LOGONSERVER=\\V1Q7E3
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=D:\WINDOWS.000\system32\os2\dll;
Path=D:\WINDOWS.000;D:\WINDOWS.000\COMMAND;D:\WIND OWS;D:\WINDOWS\COMMAND;"D:\Program Files\Executive Software\DiskeeperLite\";D:\WINDOWS.000\system32;D:\WINDOWS.000\system32\W BEM;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=D:\Program Files
PROMPT=$p$g
QTJAVA=D:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SystemDrive=D:
SystemRoot=D:\WINDOWS.000
TEMP=D:\DOCUME~1\Howard\LOCALS~1\Temp
TMP=D:\DOCUME~1\Howard\LOCALS~1\Temp
USERDOMAIN=V1Q7E3
USERNAME=Howard
USERPROFILE=D:\Documents and Settings\Howard
winbootdir=D:\WINDOWS.000
windir=D:\WINDOWS.000

ComSpec=D:\WINDOWS.000\system32\COMMAND.COM

There's the error. The proper value should be

ComSpec=D:\WINDOWS.000\system32\Cmd.exe


--------------


To fix it, go to Control Panel > System

Under the Advanced tab, click Environment variables

Under System variables, select Comspec & click the edit button

Change it to D:\WINDOWS.000\system32\Cmd.exe


--------------


When that's done, run the previous command to check if it's okay

cmd.exe /c set >\a.txt & \a.txt


If okay, give DSS another run.

Deckard's System Scanner v20070603.47
Run by Howard on 2007-06-08 at 10:30:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Howard.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:30:56 AM, on 6/8/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS.000\System32\smss.exe
D:\WINDOWS.000\system32\winlogon.exe
D:\WINDOWS.000\system32\services.exe
D:\WINDOWS.000\system32\lsass.exe
D:\Program Files\Sygate\SPF\smc.exe
D:\WINDOWS.000\system32\svchost.exe
D:\WINDOWS.000\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS.000\system32\svchost.exe
D:\WINDOWS.000\system32\hidserv.exe
D:\WINDOWS.000\system32\regsvc.exe
D:\WINDOWS.000\system32\MSTask.exe
D:\WINDOWS.000\system32\stisvc.exe
D:\WINDOWS.000\System32\WBEM\WinMgmt.exe
D:\WINDOWS.000\system32\svchost.exe
D:\WINDOWS.000\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Lexmark 2300 Series\ezprint.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Program Files\lotus\register\remind32.exe
D:\WINDOWS.000\system32\wuauclt.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Howard\Desktop\dss.exe
D:\PROGRA~1\HIJACK~1\Howard.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - D:\PROGRAM FILES\AOL\AOL TOOLBAR 2.0\AOLTB.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS.000\system32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCGCATS] rundll32 D:\WINDOWS.000\system32\spool\DRIVERS\W32X86\3\LXC Gtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "D:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [combofix] D:\WINDOWS.000\system32\COMMAND.COM /c Combobatch.bat
O4 - HKLM\..\RunServices: [MicrsoMsn] msnmgr9.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Wireless Configuration Utility HW.51.lnk = D:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O4 - Startup: Lotus SmartSuite 97 Registration.lnk = C:\Program Files\lotus\register\remind32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &AOL Toolbar Search - d:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176624841140
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINDOWS.000\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - Unknown owner - D:\WINDOWS.000\system32\lxcgcoms.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - d:\windows.000\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 oreans32 - d:\windows.000\system32\drivers\oreans32.sys
R1 PQNTDrv - d:\windows.000\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 wpsdrvnt - d:\windows.000\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 CDRPDACC (Quinnware CDDA Driver (by InfinaDyne)) - d:\program files\quintessential player\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R3 W8335PCI (IEEE 802.11g Wireless Cardbus/PCI Adapter HW51) - d:\windows.000\system32\drivers\mrv8000c.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 lxcg_device - d:\windows.000\system32\lxcgcoms.exe -service (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-06-08 09:02:02 366 --a------ D:\WINDOWS.000\Tasks\PCHealth Scheduler for Data Collection.job
2007-06-06 23:00:02 502 --a------ D:\WINDOWS.000\Tasks\Tune-up Application Start.job
2007-06-06 17:18:04 284 --a------ D:\WINDOWS.000\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-05-08 and 2007-06-08 -----------------------------

2087-04-23 01:15:00 56832 -----n--- D:\WINDOWS.000\system32\iyvu9_32.dll
2087-04-23 01:15:00 143872 -----n--- D:\WINDOWS.000\system32\iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-06-08 01:15:23 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_4f0.dat
2007-06-08 00:53:51 0 d-------- D:\Program Files\Safer Networking
2007-06-08 00:19:13 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_334.dat
2007-06-07 01:41:34 741290 ---h----- D:\WINDOWS.000\ShellIconCache
2007-06-07 00:53:04 1084066 --a------ D:\ComboFix(2).exe
2007-06-07 00:45:16 664 --a------ D:\WINDOWS.000\system32\d3d9caps.dat
2007-06-07 00:22:15 0 d-------- D:\WINDOWS.000\system32\DirectX
2007-06-07 00:22:04 1227776 --a------ D:\WINDOWS.000\system32\quartz.dll
2007-06-07 00:22:04 733184 --a------ D:\WINDOWS.000\system32\qedwipes.dll
2007-06-07 00:22:04 1798144 --a------ D:\WINDOWS.000\system32\qedit.dll
2007-06-07 00:22:04 324096 --a------ D:\WINDOWS.000\system32\mswebdvd.dll <Not Verified; Microsoft Corporation; DirectShow>
2007-06-07 00:22:04 13312 --a------ D:\WINDOWS.000\system32\msdmo.dll
2007-06-07 00:22:04 18944 --a------ D:\WINDOWS.000\system32\encapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:04 18432 --a------ D:\WINDOWS.000\system32\dswave.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:04 76800 --a------ D:\WINDOWS.000\system32\dmscript.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:04 664576 --a------ D:\WINDOWS.000\system32\dinput8.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:04 1634304 --a------ D:\WINDOWS.000\system32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 1675264 --a------ D:\WINDOWS.000\system32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 1189888 --a------ D:\WINDOWS.000\system32\dx8vb.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 491520 --a------ D:\WINDOWS.000\system32\dsdmoprp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 186880 --a------ D:\WINDOWS.000\system32\dsdmo.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 112128 --a------ D:\WINDOWS.000\system32\dpvvox.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 80896 --a------ D:\WINDOWS.000\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 381952 --a------ D:\WINDOWS.000\system32\dpvoice.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 19968 --a------ D:\WINDOWS.000\system32\dpvacm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 16896 --a------ D:\WINDOWS.000\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 3072 --a------ D:\WINDOWS.000\system32\dpnlobby.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 68096 --a------ D:\WINDOWS.000\system32\dpnhupnp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 32768 --a------ D:\WINDOWS.000\system32\dpnhpast.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 723968 --a------ D:\WINDOWS.000\system32\dpnet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 3072 --a------ D:\WINDOWS.000\system32\dpnaddr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 44032 --a------ D:\WINDOWS.000\system32\dimap.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 459264 --a------ D:\WINDOWS.000\system32\diactfrm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 7168 --a------ D:\WINDOWS.000\system32\d3d8thk.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:22:03 1177600 --a------ D:\WINDOWS.000\system32\d3d8.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-07 00:10:56 0 d-------- D:\Program Files\DAEMON Tools
2007-06-06 23:24:53 0 d-------- D:\Documents and Settings\Howard\DoctorWeb
2007-06-04 23:20:20 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_55c.dat
2007-06-04 22:57:36 0 d-------- D:\FOUND.022
2007-06-03 14:56:36 0 d-------- D:\FOUND.021
2007-06-03 01:07:49 0 d-------- D:\Documents and Settings\Howard\Application Data\Quintessential Player
2007-06-03 01:07:22 0 d-------- D:\Program Files\Quintessential Player
2007-06-03 00:22:27 0 d-------- D:\Documents and Settings\Howard\.tuxguitar
2007-06-02 15:39:34 0 d-------- D:\Program Files\tuxguitar-0.9.1-update1
2007-05-30 20:41:37 0 d-------- D:\Documents and Settings\Howard\Application Data\Talkback
2007-05-30 15:16:00 0 d-------- D:\FOUND.020
2007-05-28 19:40:25 33952 --a------ D:\WINDOWS.000\system32\drivers\oreans32.sys
2007-05-28 19:39:26 36864 --a------ D:\WINDOWS.000\system32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2007-05-28 19:39:26 20480 --a------ D:\WINDOWS.000\system32\wbload.dll
2007-05-28 19:39:22 0 d-------- D:\Program Files\Stardock
2007-05-24 19:34:38 0 d-------- D:\Program Files\MagicISO
2007-05-24 17:13:19 0 d-------- D:\Documents and Settings\Howard\Application Data\Viewpoint
2007-05-24 15:12:55 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_408.dat
2007-05-24 14:52:32 0 d-------- D:\FOUND.019
2007-05-23 23:03:56 68252 --a------ D:\WINDOWS.000\system32\drivers\StMp3Rec.sys <Not Verified; Microsoft Corporation; >
2007-05-23 23:03:50 0 d-------- D:\Program Files\Philips Firmware Manager
2007-05-23 23:03:49 180224 --a------ D:\WINDOWS.000\system32\cximagecrt.dll <Not Verified; Pizzolato Davide; cximage>
2007-05-22 16:52:31 0 d-------- D:\Documents and Settings\Howard\Application Data\LimeWire
2007-05-22 16:43:16 0 d-------- D:\Program Files\MorpheusBar
2007-05-22 16:42:20 0 d-------- D:\Program Files\Morpheus
2007-05-20 22:32:13 221184 --a------ D:\WINDOWS.000\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-05-16 22:33:55 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_564.dat
2007-05-14 17:21:09 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_518.dat
2007-05-14 00:03:02 0 d-------- D:\FOUND.018
2007-05-09 00:04:37 0 d-------- D:\Documents and Settings\Howard\Application Data\Jasc
2007-05-09 00:03:03 0 d-------- D:\Program Files\Common Files\Jasc Software Inc
2007-05-09 00:02:42 0 d-------- D:\Program Files\Jasc Software Inc
2007-05-09 00:02:42 0 d-------- D:\Documents and Settings\Howard\Application Data\Jasc Software Inc
2007-05-08 15:13:40 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_12c.dat

-- Find3M Report ---------------------------------------------------------------

2007-06-07 00:38:30 43520 --a------ D:\WINDOWS.000\system32\CmdLineExt03.dll
2007-05-08 15:33:22 445 --a------ D:\WINDOWS.000\EntPack.dat
2007-05-06 22:40:04 0 d-------- D:\Program Files\Cosmo Bots
2007-05-06 22:30:58 274417 --a------ D:\WINDOWS.000\Tetris Game Gold Uninstaller.exe
2007-05-06 22:30:56 0 d-------- D:\Program Files\Tetris Game Gold
2007-05-06 21:39:42 0 d-------- D:\Program Files\QuickTime
2007-05-03 20:20:52 0 d-------- D:\Program Files\PowerQuest
2007-05-01 21:11:20 0 d-------- D:\Program Files\Audacity
2007-05-01 20:29:44 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_4e4.dat
2007-04-28 00:14:14 0 d-------- D:\Program Files\Microsoft Virtual PC
2007-04-28 00:12:08 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_560.dat
2007-04-24 16:36:34 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_558.dat
2007-04-23 20:22:10 0 d-------- D:\Documents and Settings\Howard\Application Data\OpenOffice.org2
2007-04-22 00:34:40 0 d-------- D:\Program Files\McFunSoft Video Solution
2007-04-21 12:57:18 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_534.dat
2007-04-17 19:09:12 0 d-------- D:\Documents and Settings\Howard\Application Data\Identities
2007-04-17 16:47:06 0 d-------- D:\Program Files\Banner Maker Pro 6
2007-04-17 16:38:58 0 d-------- D:\Documents and Settings\Howard\Application Data\uTorrent
2007-04-17 16:27:20 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_3a0.dat
2007-04-16 20:35:44 0 d-------- D:\Documents and Settings\Howard\Application Data\Help
2007-04-16 17:14:52 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_514.dat
2007-04-16 16:47:30 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_504.dat
2007-04-15 22:15:16 0 d-------- D:\Documents and Settings\Howard\Application Data\Lavasoft
2007-04-15 21:59:08 16384 --a------ D:\WINDOWS.000\system32\Perflib_Perfdata_5e8.dat
2007-04-15 21:38:14 0 d-------- D:\Documents and Settings\Howard\Application Data\FrostWire
2007-04-15 21:37:50 0 d-------- D:\Documents and Settings\Howard\Application Data\Sun
2007-04-15 21:37:44 2277 --a------ D:\WINDOWS.000\mozver.dat
2007-04-15 21:33:24 0 d-------- D:\Documents and Settings\Howard\Application Data\vlc
2007-04-15 21:31:28 0 d-------- D:\Documents and Settings\Howard\Application Data\dvdcss
2007-04-15 12:55:32 0 d-------- D:\Documents and Settings\Howard\Application Data\Apple Computer
2007-04-15 12:55:26 0 d-------- D:\Program Files\iPod
2007-04-15 12:55:22 0 d-------- D:\Program Files\iTunes
2007-04-15 12:54:36 0 d-------- D:\Program Files\Apple Software Update
2007-04-15 12:26:16 0 d-------- D:\Documents and Settings\Howard\Application Data\Audacity
2007-04-15 12:26:12 0 d-------- D:\Program Files\Audacity 1.3 Beta (Unicode)
2007-04-15 01:26:22 0 d-------- D:\Program Files\UnzipThemAll
2007-04-15 01:22:24 0 d-------- D:\Documents and Settings\Howard\Application Data\WinRAR
2007-04-15 01:18:00 0 d-------- D:\Documents and Settings\Howard\Application Data\GetRightToGo
2007-04-15 01:14:06 0 d-------- D:\Documents and Settings\Howard\Application Data\AVG7
2007-04-15 01:12:02 2048 --a------ D:\WINDOWS.000\system32\Tr_sttool.dat
2007-04-15 01:06:18 0 d-------- D:\Program Files\Bulent's Screen Recorder
2007-04-15 01:05:10 0 d-------- D:\Documents and Settings\Howard\Application Data\Macromedia
2007-04-15 01:03:30 0 d-------- D:\Program Files\Deskshare
2007-04-15 01:02:08 0 d-------- D:\Documents and Settings\Howard\Application Data\Mozilla
2007-04-15 01:01:44 0 d-------- D:\Documents and Settings\Howard\Application Data\Aim
2007-04-15 00:29:00 714000 --a------ D:\WINDOWS.000\system32\migicons.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-04-15 00:27:06 15020 --a------ D:\WINDOWS.000\system32\emptyregdb.dat
2007-04-14 23:21:52 29215 --ah----- D:\WINDOWS.000\ttfCache
2007-04-14 22:38:34 24744 --a------ D:\WINDOWS.000\system32\SIntfNT.dll
2007-04-14 22:38:34 20016 --a------ D:\WINDOWS.000\system32\SIntf32.dll
2007-04-14 13:29:44 1241120 -rah----- D:\WINDOWS.000\USER.DAT
2007-04-14 13:29:44 2568224 -rah----- D:\WINDOWS.000\SYSTEM.DAT
2007-04-13 12:59:14 0 d-------- D:\Program Files\Sygate
2007-04-11 11:39:04 0 d-------- D:\Program Files\DAMN NFO Viewer
2007-04-11 10:58:20 1157 --a------ D:\WINDOWS.000\command.PIF
2007-04-10 22:58:46 0 d-------- D:\Program Files\Common Files\Nullsoft
2007-04-10 20:55:46 0 d-------- D:\Program Files\GameSpy Arcade
2007-04-10 18:04:16 0 d-------- D:\Program Files\Clock
2007-04-09 16:36:12 0 d-------- D:\Program Files\FrostWire
2007-04-09 13:14:36 0 d-------- D:\Program Files\Gaim
2007-04-06 01:27:00 72812 --a------ D:\WINDOWS.000\unins000.exe <Not Verified; Jordan Russell; >
2007-04-06 01:27:00 1122 --a------ D:\WINDOWS.000\unins000.dat
2007-04-06 01:12:32 129096 -r-h----- D:\WINDOWS.000\LOGOW.SYS
2007-04-05 20:39:24 31027 --a------ D:\WINDOWS.000\nsreg.dat
2007-04-01 16:26:02 139264 --a------ D:\WINDOWS.000\javaws.exe <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6>
2007-04-01 16:26:02 135168 --a------ D:\WINDOWS.000\javaw.exe <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6>
2007-04-01 16:26:02 135168 --a------ D:\WINDOWS.000\java.exe <Not Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6>
2007-03-27 14:56:42 18939 --a------ D:\WINDOWS.000\SETVER.EXE
2007-03-16 15:14:12 69632 --a------ D:\WINDOWS.000\uinst001.exe
2007-03-16 12:41:42 98304 --a------ D:\WINDOWS.000\system32\qttask.exe <Not Verified; Apple Computer, Inc.; QuickTime>
2007-03-11 22:58:04 352288 -r-h----- D:\WINDOWS.000\HWINFO.DAT


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"SystemTray"="SysTray.Exe"
"Synchronization Manager"="mobsync.exe /logon"
"SmcService"="D:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"AVG7_CC"="D:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"LXCGCATS"="rundll32 D:\\WINDOWS.000\\system32\\spool\\DRIVERS\\W32X86\ \3\\LXCGtime.dll,_RunDLLEntry@16"
"lxcgmon.exe"="\"D:\\Program Files\\Lexmark 2300 Series\\lxcgmon.exe\""
"EzPrint"="\"D:\\Program Files\\Lexmark 2300 Series\\ezprint.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"combofix"="D:\\WINDOWS.000\\system32\\COMMAND.COM /c Combobatch.bat"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"FreeRAM XP"="\"D:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"DAEMON Tools"="\"D:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices]
"MicrsoMsn"="msnmgr9.exe"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"^SetupICWDesktop"="D:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
"Printing Migration"="rundll32.exe D:\\WINDOWS.000\\system32\\spool\\migrate.dll,Proc essWin9xNetworkPrinters"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000
"CDRAutoRun"=hex:00,00,00,00
@=hex:00,00,00,00
"ClearRecentDocsOnExit"=hex:01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000
"CDRAutoRun"=hex:00,00,00,00
@=hex:00,00,00,00
"ClearRecentDocsOnExit"=hex:01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"AIM"="D:\\PROGRAM FILES\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0



-- End of Deckard's System Scanner: finished at 2007-06-08 at 10:31:47 ---------

Deckard's System Scanner v20070603.47
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 511.43 MiB / 200.1 MiB
Pagefile Memory (total/avail): 1245.57 MiB / 904.26 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1984.52 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 81.67 GiB total, 56.65 GiB free.
D: is Fixed (FAT32) - 30.06 GiB total, 4.1 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Howard\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=V1Q7E3
ComSpec=D:\WINDOWS.000\system32\Cmd.exe
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Howard
LOGONSERVER=\\V1Q7E3
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=D:\WINDOWS.000\system32\os2\dll;
Path=D:\WINDOWS.000;D:\WINDOWS.000\COMMAND;D:\WIND OWS;D:\WINDOWS\COMMAND;"D:\Program Files\Executive Software\DiskeeperLite\";D:\WINDOWS.000\system32;D:\WINDOWS.000\system32\W BEM;D:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=D:\Program Files
PROMPT=$p$g
QTJAVA=D:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SystemDrive=D:
SystemRoot=D:\WINDOWS.000
TEMP=D:\DOCUME~1\Howard\LOCALS~1\Temp
TMP=D:\DOCUME~1\Howard\LOCALS~1\Temp
USERDOMAIN=V1Q7E3
USERNAME=Howard
USERPROFILE=D:\Documents and Settings\Howard
winbootdir=D:\WINDOWS.000
windir=D:\WINDOWS.000


-- User Profiles ---------------------------------------------------------------

Howard (admin)


-- Add/Remove Programs ---------------------------------------------------------

Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> D:\WINDOWS.000\system32\Macromed\Flash\FlashUtil9c .exe -uninstallUnlock
Adobe Flash Player Plugin --> D:\WINDOWS.000\system32\Macromed\Flash\uninstall_p lugin.exe
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Audacity 1.2.6 --> "D:\Program Files\Audacity\unins000.exe"
Audacity 1.3.2 (Unicode) --> "D:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVG 7.5 --> D:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> D:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Banner Maker Pro Version 6 --> "D:\Program Files\Banner Maker Pro 6\unins000.exe"
Bulent's Screen Recorder 3 --> D:\Program Files\Bulent's Screen Recorder\Uninstall Screen Recorder 3.exe
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
Cosmo Bots 1.05 --> "D:\Program Files\Cosmo Bots\unins000.exe"
Dial-Up Scripting Tool --> RunDll setupx.dll,InstallHinfSection MS_CSLIP_Uninstall 4 rnaplus.inf
DirectX 9 Hotfix - KB839643 --> D:\WINDOWS.000\$NtUninstallKB839643-DirectX9$\spuninst\spuninst.exe
IEEE 802.11g Wireless Cardbus/PCI Adapter --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{29F15D3F-5B37-44DB-BB89-390B3AD1404E}
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Leisure Suit Larry - Magna Cum Laude --> D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A31289C6-04EF-4437-A35B-7CC96167145C}
Lexmark 2300 Series --> D:\WINDOWS.000\system32\spool\DRIVERS\W32X86\3\lxc gUNST.EXE -NOLICENSE
LimeWire 4.12.11 --> "D:\Program Files\LimeWire\uninstall.exe"
Lotus SmartSuite 97 --> D:\WINDOWS.000\lunin10.exe /T SmartSuite /V 97.0 /I "c:\program files\lotus\suit.inf" /C "c:\program files\lotus\cinstall.ini" /O /L EN
Magic ISO Maker v5.4 (build 0239) --> D:\PROGRA~1\MAGICISO\UNWISE.EXE D:\PROGRA~1\MAGICISO\INSTALL.LOG
McFunSoft Video Solution Trial Version (English) 7.9.9.9 --> "D:\Program Files\McFunSoft Video Solution\unins000.exe"
Microsoft Internet Explorer 6 SP1 --> rundll32 D:\WINDOWS.000\system32\setupwbv.dll,IE6Maintenanc e D:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Virtual PC 2004 --> MsiExec.exe /X{CCCAFDDE-ECEC-4AE4-BD97-047076BBD4A9}
Mozilla Firefox (2.0.0.4) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
OpenOffice.org 2.2 --> MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB}
Philips Firmware Manager --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{97AFE669-5F73-4159-A8D6-777778AFBE6A}\setup.exe" -l0x9 -removeonly
PowerQuest PartitionMagic 8.0 --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\ID river.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Quintessential Player --> "D:\Program Files\Quintessential Player\uninst.exe"
RunAlyzer --> "D:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Security Update for Windows 2000 (KB904706) -->
Security Update for Windows 2000 (KB923689) --> "D:\WINDOWS.000\$NtUninstallKB923689$\spuninst\spun inst.exe"
Sony USB Driver --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy 1.4 --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Tetris Game Gold --> D:\WINDOWS.000\Tetris Game Gold Uninstaller.exe
UnzipThemAll 1.3 --> "D:\Program Files\UnzipThemAll\unins000.exe"
Viewpoint Media Player --> D:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WindowBlinds --> D:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\UNWISE.EXE D:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Player system update (9 Series) --> D:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinImage --> "C:\Program Files\WinImage\winimage.exe" /uninstall
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
XPilot5 --> "C:\Program Files\XPilot5\uninstall.exe"


-- End of Deckard's System Scanner: finished at 2007-06-08 at 10:31:47 ---------

That's very good.

I had you run DSS first because it's diagnostic tool. Wanted to make sure everything was okay before we re-attempt ComboFix.

Let's run ComboFix now.

"Howard" - 2007-06-08 11:43:26 Service Pack 4
ComboFix 07-06-06 - Running from: ""


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\WINDOWS.000\start.exe


((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))


2007-06-08 10:31 16,384 --a----t- D:\WINDOWS.000\SYSTEM32\Perflib_Perfdata_304.dat
2007-06-08 01:15 16,384 --a------ D:\WINDOWS.000\SYSTEM32\Perflib_Perfdata_4f0.dat
2007-06-08 00:53 <DIR> d-------- D:\Program Files\Safer Networking
2007-06-08 00:19 16,384 --a------ D:\WINDOWS.000\SYSTEM32\Perflib_Perfdata_334.dat
2007-06-08 00:14 <DIR> d-------- D:\Deckard
2007-06-07 00:53 1,084,066 --a------ D:\ComboFix(2).exe
2007-06-07 00:45 664 --a------ D:\WINDOWS.000\SYSTEM32\d3d9caps.dat
2007-06-07 00:22 98,816 --a------ D:\WINDOWS.000\SYSTEM32\dmstyle.dll
2007-06-07 00:22 937,984 --a------ D:\WINDOWS.000\SYSTEM32\dxdiag.exe
2007-06-07 00:22 83,968 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\nabtsfec.sys
2007-06-07 00:22 80,896 --a------ D:\WINDOWS.000\SYSTEM32\dpvsetup.exe
2007-06-07 00:22 797,184 --a------ D:\WINDOWS.000\SYSTEM32\d3dim700.dll
2007-06-07 00:22 77,824 --a------ D:\WINDOWS.000\SYSTEM32\dpmodemx.dll
2007-06-07 00:22 76,800 --a------ D:\WINDOWS.000\SYSTEM32\dmscript.dll
2007-06-07 00:22 733,184 --a------ D:\WINDOWS.000\SYSTEM32\qedwipes.dll
2007-06-07 00:22 723,968 --a------ D:\WINDOWS.000\SYSTEM32\dpnet.dll
2007-06-07 00:22 7,424 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\mskssrv.sys
2007-06-07 00:22 7,168 --a------ D:\WINDOWS.000\SYSTEM32\d3d8thk.dll
2007-06-07 00:22 68,096 --a------ D:\WINDOWS.000\SYSTEM32\dpnhupnp.dll
2007-06-07 00:22 664,576 --a------ D:\WINDOWS.000\SYSTEM32\dinput8.dll
2007-06-07 00:22 645,120 --a------ D:\WINDOWS.000\SYSTEM32\dinput.dll
2007-06-07 00:22 64,512 --a------ D:\WINDOWS.000\SYSTEM32\amstream.dll
2007-06-07 00:22 602,624 --a------ D:\WINDOWS.000\SYSTEM32\dx7vb.dll
2007-06-07 00:22 58,368 --a------ D:\WINDOWS.000\SYSTEM32\dmcompos.dll
2007-06-07 00:22 56,832 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\msdv.sys
2007-06-07 00:22 5,504 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\mstee.sys
2007-06-07 00:22 5,248 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\mspclock.sys
2007-06-07 00:22 491,520 --a------ D:\WINDOWS.000\SYSTEM32\dsdmoprp.dll
2007-06-07 00:22 480,256 --a------ D:\WINDOWS.000\SYSTEM32\msvidctl.dll
2007-06-07 00:22 47,104 --a------ D:\WINDOWS.000\SYSTEM32\wstdecod.dll
2007-06-07 00:22 459,264 --a------ D:\WINDOWS.000\SYSTEM32\diactfrm.dll
2007-06-07 00:22 45,696 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\stream.sys
2007-06-07 00:22 449,024 --a------ D:\WINDOWS.000\SYSTEM32\qdvd.dll
2007-06-07 00:22 44,544 --a------ D:\WINDOWS.000\SYSTEM32\dxdllreg.exe
2007-06-07 00:22 44,032 --a------ D:\WINDOWS.000\SYSTEM32\dimap.dll
2007-06-07 00:22 4,096 --a------ D:\WINDOWS.000\SYSTEM32\ksuser.dll
2007-06-07 00:22 4,096 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\swenum.sys
2007-06-07 00:22 381,952 --a------ D:\WINDOWS.000\SYSTEM32\dpvoice.dll
2007-06-07 00:22 355,328 --a------ D:\WINDOWS.000\SYSTEM32\dsound.dll
2007-06-07 00:22 354,816 --a------ D:\WINDOWS.000\SYSTEM32\psisdecd.dll
2007-06-07 00:22 34,304 --a------ D:\WINDOWS.000\SYSTEM32\mciqtz32.dll
2007-06-07 00:22 33,280 --a------ D:\WINDOWS.000\SYSTEM32\dmloader.dll
2007-06-07 00:22 324,096 --a------ D:\WINDOWS.000\SYSTEM32\mswebdvd.dll
2007-06-07 00:22 32,768 --a------ D:\WINDOWS.000\SYSTEM32\dpnhpast.dll
2007-06-07 00:22 311,808 --a------ D:\WINDOWS.000\SYSTEM32\qdv.dll
2007-06-07 00:22 31,744 --a------ D:\WINDOWS.000\SYSTEM32\pid.dll
2007-06-07 00:22 3,072 --a------ D:\WINDOWS.000\SYSTEM32\dpnlobby.dll
2007-06-07 00:22 3,072 --a------ D:\WINDOWS.000\SYSTEM32\dpnaddr.dll
2007-06-07 00:22 284,160 --a------ D:\WINDOWS.000\SYSTEM32\ddraw.dll
2007-06-07 00:22 28,160 --a------ D:\WINDOWS.000\SYSTEM32\dplaysvr.exe
2007-06-07 00:22 27,136 --a------ D:\WINDOWS.000\SYSTEM32\dmband.dll
2007-06-07 00:22 257,024 --a------ D:\WINDOWS.000\SYSTEM32\qcap.dll
2007-06-07 00:22 206,336 --a------ D:\WINDOWS.000\SYSTEM32\gcdef.dll
2007-06-07 00:22 19,968 --a------ D:\WINDOWS.000\SYSTEM32\dpvacm.dll
2007-06-07 00:22 186,880 --a------ D:\WINDOWS.000\SYSTEM32\dsdmo.dll
2007-06-07 00:22 18,944 --a------ D:\WINDOWS.000\SYSTEM32\encapi.dll
2007-06-07 00:22 18,688 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\wstcodec.sys
2007-06-07 00:22 18,432 --a------ D:\WINDOWS.000\SYSTEM32\dswave.dll
2007-06-07 00:22 171,520 --a------ D:\WINDOWS.000\SYSTEM32\dmime.dll
2007-06-07 00:22 16,896 --a------ D:\WINDOWS.000\SYSTEM32\msyuv.dll
2007-06-07 00:22 16,896 --a------ D:\WINDOWS.000\SYSTEM32\dpnsvr.exe
2007-06-07 00:22 16,384 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\ccdecode.sys
2007-06-07 00:22 15,104 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\mpe.sys
2007-06-07 00:22 14,976 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\streamip.sys
2007-06-07 00:22 132,608 --a------ D:\WINDOWS.000\SYSTEM32\devenum.dll
2007-06-07 00:22 130,304 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\ks.sys
2007-06-07 00:22 13,312 --a------ D:\WINDOWS.000\SYSTEM32\msdmo.dll
2007-06-07 00:22 116,736 --a------ D:\WINDOWS.000\SYSTEM32\dmusic.dll
2007-06-07 00:22 112,128 --a------ D:\WINDOWS.000\SYSTEM32\dpvvox.dll
2007-06-07 00:22 11,392 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\bdasup.sys
2007-06-07 00:22 100,864 --a------ D:\WINDOWS.000\SYSTEM32\dmsynth.dll
2007-06-07 00:22 10,880 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\slip.sys
2007-06-07 00:22 10,112 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\ndisip.sys
2007-06-07 00:22 1,798,144 --a------ D:\WINDOWS.000\SYSTEM32\qedit.dll
2007-06-07 00:22 1,675,264 --a------ D:\WINDOWS.000\SYSTEM32\dxdiagn.dll
2007-06-07 00:22 1,634,304 --a------ D:\WINDOWS.000\SYSTEM32\d3d9.dll
2007-06-07 00:22 1,294,336 --a------ D:\WINDOWS.000\SYSTEM32\dsound3d.dll
2007-06-07 00:22 1,227,776 --a------ D:\WINDOWS.000\SYSTEM32\quartz.dll
2007-06-07 00:22 1,189,888 --a------ D:\WINDOWS.000\SYSTEM32\dx8vb.dll
2007-06-07 00:22 1,177,600 --a------ D:\WINDOWS.000\SYSTEM32\d3d8.dll
2007-06-07 00:22 <DIR> d-------- D:\WINDOWS.000\SYSTEM32\DirectX
2007-06-07 00:10 <DIR> d-------- D:\Program Files\DAEMON Tools
2007-06-07 00:01 682,232 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\sptd.sys
2007-06-06 23:24 <DIR> d-------- D:\DOCUME~1\Howard\DoctorWeb
2007-06-04 23:20 16,384 --a------ D:\WINDOWS.000\SYSTEM32\Perflib_Perfdata_55c.dat
2007-06-04 22:57 <DIR> d-------- D:\FOUND.022
2007-06-03 14:56 <DIR> d-------- D:\FOUND.021
2007-06-03 01:07 <DIR> d-------- D:\Program Files\Quintessential Player
2007-06-03 01:07 <DIR> d-------- D:\DOCUME~1\Howard\APPLIC~1\Quintessential Player
2007-06-03 00:22 <DIR> d-------- D:\DOCUME~1\Howard\.tuxguitar
2007-06-02 15:39 <DIR> d-------- D:\Program Files\tuxguitar-0.9.1-update1
2007-05-30 20:41 <DIR> d-------- D:\DOCUME~1\Howard\APPLIC~1\Talkback
2007-05-30 15:16 <DIR> d-------- D:\FOUND.020
2007-05-30 10:52 3,968 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-05-28 19:40 33,952 --a------ D:\WINDOWS.000\SYSTEM32\DRIVERS\oreans32.sys
2007-05-28 19:39 36,864 --a------ D:\WINDOWS.000\SYSTEM32\wbsys.dll
2007-05-28 19:39 20,480 --a------ D:\WINDOWS.000\SYSTEM32\wbload.dll
2007-05-28 19:39 <DIR> d-------- D:\Program Files\Stardock
2007-05-24 19:34 <DIR> d-------- D:\Program Files\MagicISO
2007-05-24 17:13 <DIR> d-------- D:\DOCUME~1\Howard\APPLIC~1\Viewpoint

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2087-04-23 08:15:00 56,832 ------w D:\WINDOWS.000\system32\iyvu9_32.dll
2087-04-23 08:15:00 143,872 ------w D:\WINDOWS.000\system32\iacenc.dll
2007-06-07 07:38:30 43,520 ----a-w D:\WINDOWS.000\system32\CmdLineExt03.dll
2007-05-08 22:33:22 445 ----a-w D:\WINDOWS.000\EntPack.dat
2007-05-07 05:40:04 -------- d-----w D:\Program Files\Cosmo Bots
2007-05-07 05:30:58 274,417 ----a-w D:\WINDOWS.000\Tetris Game Gold Uninstaller.exe
2007-05-07 05:30:56 -------- d-----w D:\Program Files\Tetris Game Gold
2007-05-07 04:39:42 -------- d-----w D:\Program Files\QuickTime
2007-05-04 03:20:52 -------- d-----w D:\Program Files\PowerQuest
2007-05-02 04:11:20 -------- d-----w D:\Program Files\Audacity
2007-05-02 03:29:44 16,384 ----a-w D:\WINDOWS.000\system32\Perflib_Perfdata_4e4.dat
2007-04-28 07:14:14 -------- d-----w D:\Program Files\Microsoft Virtual PC
2007-04-28 07:12:08 16,384 ----a-w D:\WINDOWS.000\system32\Perflib_Perfdata_560.dat
2007-04-24 23:36:34 16,384 ----a-w D:\WINDOWS.000\system32\Perflib_Perfdata_558.dat
2007-04-24 03:22:10 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\OpenOffice.org2
2007-04-22 07:34:40 -------- d-----w D:\Program Files\McFunSoft Video Solution
2007-04-21 19:57:18 16,384 ----a-w D:\WINDOWS.000\system32\Perflib_Perfdata_534.dat
2007-04-17 23:47:06 -------- d-----w D:\Program Files\Banner Maker Pro 6
2007-04-17 23:38:58 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\uTorrent
2007-04-17 23:27:20 16,384 ----a-w D:\WINDOWS.000\system32\Perflib_Perfdata_3a0.dat
2007-04-17 03:35:44 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\Help
2007-04-17 00:14:52 16,384 ----a-w D:\WINDOWS.000\system32\Perflib_Perfdata_514.dat
2007-04-16 23:47:30 16,384 ----a-w D:\WINDOWS.000\system32\Perflib_Perfdata_504.dat
2007-04-16 05:24:04 26,944 ----a-w D:\WINDOWS.000\system32\drivers\avg7rsnt.sys
2007-04-16 05:15:16 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\Lavasoft
2007-04-16 04:59:08 16,384 ----a-w D:\WINDOWS.000\system32\Perflib_Perfdata_5e8.dat
2007-04-16 04:38:14 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\FrostWire
2007-04-16 04:37:44 2,277 ----a-w D:\WINDOWS.000\mozver.dat
2007-04-16 04:33:24 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\vlc
2007-04-16 04:31:28 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\dvdcss
2007-04-15 19:55:32 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\Apple Computer
2007-04-15 19:55:26 -------- d-----w D:\Program Files\iPod
2007-04-15 19:55:22 -------- d-----w D:\Program Files\iTunes
2007-04-15 19:54:36 -------- d-----w D:\Program Files\Apple Software Update
2007-04-15 19:26:16 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\Audacity
2007-04-15 19:26:12 -------- d-----w D:\Program Files\Audacity 1.3 Beta (Unicode)
2007-04-15 08:26:22 -------- d-----w D:\Program Files\UnzipThemAll
2007-04-15 08:22:24 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\WinRAR
2007-04-15 08:18:00 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\GetRightToGo
2007-04-15 08:12:02 2,048 ----a-w D:\WINDOWS.000\system32\Tr_sttool.dat
2007-04-15 08:06:18 -------- d-----w D:\Program Files\Bulent's Screen Recorder
2007-04-15 08:03:30 -------- d-----w D:\Program Files\Deskshare
2007-04-15 08:01:44 -------- d-----w D:\DOCUME~1\Howard\APPLIC~1\Aim
2007-04-15 07:29:00 714,000 ----a-w D:\WINDOWS.000\system32\migicons.exe
2007-04-15 07:27:06 15,020 ----a-w D:\WINDOWS.000\system32\emptyregdb.dat
2007-04-15 05:38:34 24,744 ----a-w D:\WINDOWS.000\system32\SIntfNT.dll
2007-04-15 05:38:34 20,016 ----a-w D:\WINDOWS.000\system32\SIntf32.dll
2007-04-14 20:29:44 2,568,224 ---ha-r D:\WINDOWS.000\SYSTEM.DAT
2007-04-14 20:29:44 1,241,120 ---ha-r D:\WINDOWS.000\USER.DAT
2007-04-13 19:59:14 -------- d-----w D:\Program Files\Sygate
2007-04-11 18:39:04 -------- d-----w D:\Program Files\DAMN NFO Viewer
2007-04-11 17:58:20 1,157 ----a-w D:\WINDOWS.000\command.PIF
2007-04-11 05:58:46 -------- d-----w D:\Program Files\Common Files\Nullsoft
2007-04-11 03:55:46 -------- d-----w D:\Program Files\GameSpy Arcade
2007-04-11 01:04:16 -------- d-----w D:\Program Files\Clock
2007-04-09 23:36:12 -------- d-----w D:\Program Files\FrostWire
2007-04-09 20:14:36 -------- d-----w D:\Program Files\Gaim
2007-04-08 05:17:18 -------- d-----w D:\Program Files\InterActual
2007-04-06 08:27:00 72,812 ----a-w D:\WINDOWS.000\unins000.exe
2007-04-06 08:27:00 1,122 ----a-w D:\WINDOWS.000\unins000.dat
2007-04-06 08:12:32 129,096 ---h--r D:\WINDOWS.000\LOGOW.SYS
2007-04-06 03:39:24 31,027 ----a-w D:\WINDOWS.000\nsreg.dat
2007-04-05 07:17:40 2,854,400 ----a-w D:\WINDOWS.000\system32\msi.dll
2007-04-02 04:39:10 26,112 ----a-w D:\WINDOWS.000\nircmd.exe
2007-04-01 23:26:02 139,264 ----a-w D:\WINDOWS.000\javaws.exe
2007-04-01 23:26:02 135,168 ----a-w D:\WINDOWS.000\javaw.exe
2007-04-01 23:26:02 135,168 ----a-w D:\WINDOWS.000\java.exe
2007-03-27 21:56:42 18,939 ----a-w D:\WINDOWS.000\SETVER.EXE
2007-03-16 22:14:12 69,632 ----a-w D:\WINDOWS.000\uinst001.exe
2007-03-16 19:41:42 98,304 ----a-w D:\WINDOWS.000\system32\qttask.exe
2007-03-13 09:44:50 245,520 ----a-w D:\WINDOWS.000\system32\WINSRV.DLL
2007-03-12 05:58:04 352,288 ---h--r D:\WINDOWS.000\HWINFO.DAT
2003-07-04 11:00:00 1,251,328 --sh--r D:\WINDOWS.000\msnmgr9.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=D:\Program Files\Spybot - Search & Destroy\SDHelper.dll [05-05-31 01:04 ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [07-03-14 03:43 ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SystemTray"="SysTray.Exe" [03-07-04 04:00 D:\WINDOWS.000\SYSTEM32\systray.exe]
"Synchronization Manager"="mobsync.exe" [03-07-04 04:00 D:\WINDOWS.000\SYSTEM32\mobsync.exe]
"SmcService"="D:\PROGRA~1\Sygate\SPF\smc.exe" [04-10-15 19:40 ]
"Tweak UI"="TWEAKUI.CPL" [00-06-18 14:03 D:\WINDOWS.000\SYSTEM32\TWEAKUI.CPL]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [07-03-14 19:05 ]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-04-20 14:49 ]
"lxcgmon.exe"="D:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [05-07-21 02:07 ]
"EzPrint"="D:\Program Files\Lexmark 2300 Series\ezprint.exe" [05-08-01 08:05 ]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06-10-07 05:20 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"FreeRAM XP"="D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" []
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [07-04-03 15:29 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runservices]
"MicrsoMsn"=msnmgr9.exe

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"^SetupICWDesktop"=D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"Printing Migration"=rundll32.exe D:\WINDOWS.000\system32\spool\migrate.dll,ProcessW in9xNetworkPrinters

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoClose"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoFileMenu"=0 (0x0)
@=00000000
"ClearRecentDocsOnExit"=01000000

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoFileMenu"=0 (0x0)
@=00000000
"ClearRecentDocsOnExit"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [06-09-28 07:13 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"AIM"=D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-07 06:00:02 D:\WINDOWS.000\tasks\Tune-up Application Start.job
2007-06-08 18:32:02 D:\WINDOWS.000\tasks\PCHealth Scheduler for Data Collection.job
2007-06-07 00:18:04 D:\WINDOWS.000\tasks\AppleSoftwareUpdate.job

************************************************** ************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-08 11:44:55
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

cmd.exe [1616]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Files hidden from API:
D:\WINDOWS.000\.limewire

Completion time: 2007-06-08 11:46:14
D:\ComboFix-quarantined-files.txt ... 07-06-08 11:45

--- E O F ---

I'll be back later to help you sort out the rest of the bad files in there... It takes too long to do it for right now...

Okay, find and delete these:

D:\WINDOWS.000\msnmgr9.exe
D:\WINDOWS.000\system32\CmdLineExt03.dll

Use Safe Mode if needed...

Then run this:

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

It would be a good idea to print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.